Set first_packet for TLS clients (81fc390f) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Version negotiation was broken (one of the late changes in the review process broke it). The problem is that TLS clients do not set first_packet, whereas TLS/DTLS servers and DTLS clients do. The simple fix is to set first_packet for TLS clients too. Reviewed-by:

Kurt Roeckx <kurt@openssl.org>

ssl/s3_clnt.c

+2 −3

Original line number	Diff line number	Diff line
		@@ -947,7 +947,6 @@ int ssl3_get_server_hello(SSL *s)
		* Hello verify request and/or server hello version may not match so set
		* first packet if we're negotiating version.
		*/
		if (SSL_IS_DTLS(s))
		s->first_packet = 1;

		n = s->method->ssl_get_message(s,
		@@ -957,8 +956,8 @@ int ssl3_get_server_hello(SSL *s)
		if (!ok)
		return ((int)n);

		if (SSL_IS_DTLS(s)) {
		s->first_packet = 0;
		if (SSL_IS_DTLS(s)) {
		if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
		if (s->d1->send_cookie == 0) {
		s->s3->tmp.reuse_message = 1;

Admin message