Loading CHANGES +9 −0 Original line number Diff line number Diff line Loading @@ -12,6 +12,15 @@ *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 +) applies to 0.9.7 only *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when faced with a pathologically small ClientHello fragment that does not contain client_version: Instead of aborting with an error, simply choose the highest available protocol version (i.e., TLS 1.0 unless it is disabled). In practice, ClientHello messages are never sent like this, but this change gives us strictly correct behaviour at least for TLS. [Bodo Moeller] +) Change all functions with names starting with des_ to be starting with DES_ instead. This because there are increasing clashes with libdes and other des libraries that are currently used by other Loading ssl/s23_srvr.c +12 −7 Original line number Diff line number Diff line Loading @@ -232,9 +232,9 @@ int ssl23_accept(SSL *s) } } end: s->in_handshake--; if (cb != NULL) cb(s,SSL_CB_ACCEPT_EXIT,ret); s->in_handshake--; return(ret); } Loading Loading @@ -339,16 +339,21 @@ int ssl23_get_client_hello(SSL *s) /* We must look at client_version inside the Client Hello message * to get the correct minor version. * However if we have only a pathologically small fragment of the * Client Hello message, this would be difficult, we'd have * to read at least one additional record to find out. * This doesn't usually happen in real life, so we just complain * for now. */ * Client Hello message, this would be difficult, and we'd have * to read more records to find out. * No known SSL 3.0 client fragments ClientHello like this, * so we simply assume TLS 1.0 to avoid protocol version downgrade * attacks. */ if (p[3] == 0 && p[4] < 6) { #if 0 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL); goto err; #else v[1] = TLS1_VERSION_MINOR; #endif } else v[1]=p[10]; /* minor version according to client_version */ if (v[1] >= TLS1_VERSION_MINOR) { Loading Loading
CHANGES +9 −0 Original line number Diff line number Diff line Loading @@ -12,6 +12,15 @@ *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 +) applies to 0.9.7 only *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when faced with a pathologically small ClientHello fragment that does not contain client_version: Instead of aborting with an error, simply choose the highest available protocol version (i.e., TLS 1.0 unless it is disabled). In practice, ClientHello messages are never sent like this, but this change gives us strictly correct behaviour at least for TLS. [Bodo Moeller] +) Change all functions with names starting with des_ to be starting with DES_ instead. This because there are increasing clashes with libdes and other des libraries that are currently used by other Loading
ssl/s23_srvr.c +12 −7 Original line number Diff line number Diff line Loading @@ -232,9 +232,9 @@ int ssl23_accept(SSL *s) } } end: s->in_handshake--; if (cb != NULL) cb(s,SSL_CB_ACCEPT_EXIT,ret); s->in_handshake--; return(ret); } Loading Loading @@ -339,16 +339,21 @@ int ssl23_get_client_hello(SSL *s) /* We must look at client_version inside the Client Hello message * to get the correct minor version. * However if we have only a pathologically small fragment of the * Client Hello message, this would be difficult, we'd have * to read at least one additional record to find out. * This doesn't usually happen in real life, so we just complain * for now. */ * Client Hello message, this would be difficult, and we'd have * to read more records to find out. * No known SSL 3.0 client fragments ClientHello like this, * so we simply assume TLS 1.0 to avoid protocol version downgrade * attacks. */ if (p[3] == 0 && p[4] < 6) { #if 0 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL); goto err; #else v[1] = TLS1_VERSION_MINOR; #endif } else v[1]=p[10]; /* minor version according to client_version */ if (v[1] >= TLS1_VERSION_MINOR) { Loading
