Loading CHANGES +5 −3 Original line number Diff line number Diff line Loading @@ -4,9 +4,11 @@ Changes between 0.9.5a and 0.9.6 [xx XXX 2000] *) Fix SSL 2.0 rollback checking: The previous implementation of the test was never triggered due to an off-by-one error in RSA_padding_check_SSLv23(). *) Fix SSL 2.0 rollback checking: Due to an off-by-one error in RSA_padding_check_SSLv23(), special padding was never detected and thus the SSL 3.0/TLS 1.0 countermeasure against protocol version rollback attacks was not effective. In s23_clnt.c, don't use special rollback-attack detection padding (RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the client; similarly, in s23_srvr.c, don't do the rollback check if Loading ssl/s23_clnt.c +1 −0 Original line number Diff line number Diff line Loading @@ -367,6 +367,7 @@ static int ssl23_get_server_hello(SSL *s) s->state=SSL2_ST_GET_SERVER_HELLO_A; if (!(s->client_version == SSL2_VERSION)) /* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */ s->s2->ssl2_rollback=1; /* setup the 5 bytes we have read so we get them from Loading ssl/s23_srvr.c +2 −0 Original line number Diff line number Diff line Loading @@ -499,6 +499,8 @@ int ssl23_get_client_hello(SSL *s) (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)) s->s2->ssl2_rollback=0; else /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 * (SSL 3.0 draft/RFC 2246, App. E.2) */ s->s2->ssl2_rollback=1; /* setup the n bytes we have read so we get them from Loading Loading
CHANGES +5 −3 Original line number Diff line number Diff line Loading @@ -4,9 +4,11 @@ Changes between 0.9.5a and 0.9.6 [xx XXX 2000] *) Fix SSL 2.0 rollback checking: The previous implementation of the test was never triggered due to an off-by-one error in RSA_padding_check_SSLv23(). *) Fix SSL 2.0 rollback checking: Due to an off-by-one error in RSA_padding_check_SSLv23(), special padding was never detected and thus the SSL 3.0/TLS 1.0 countermeasure against protocol version rollback attacks was not effective. In s23_clnt.c, don't use special rollback-attack detection padding (RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the client; similarly, in s23_srvr.c, don't do the rollback check if Loading
ssl/s23_clnt.c +1 −0 Original line number Diff line number Diff line Loading @@ -367,6 +367,7 @@ static int ssl23_get_server_hello(SSL *s) s->state=SSL2_ST_GET_SERVER_HELLO_A; if (!(s->client_version == SSL2_VERSION)) /* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */ s->s2->ssl2_rollback=1; /* setup the 5 bytes we have read so we get them from Loading
ssl/s23_srvr.c +2 −0 Original line number Diff line number Diff line Loading @@ -499,6 +499,8 @@ int ssl23_get_client_hello(SSL *s) (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)) s->s2->ssl2_rollback=0; else /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 * (SSL 3.0 draft/RFC 2246, App. E.2) */ s->s2->ssl2_rollback=1; /* setup the n bytes we have read so we get them from Loading
