Commit ba2fd950 authored Apr 23, 2018 by Matt Caswell

In a reneg use the same client_version we used last time



In 1.0.2 and below we always send the same client_version in a reneg
ClientHello that we sent the first time around, regardless of what
version eventually gets negotiated. According to a comment in
statem_clnt.c this is a workaround for some buggy servers that choked if
we changed the version used in the RSA encrypted premaster secret.

In 1.1.0+ this behaviour no longer occurs. This restores the original
behaviour.

Fixes #1651

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6060)

parent 0abb903b

ssl/ssl_locl.h

+3 −0

Original line number	Diff line number	Diff line
		@@ -347,6 +347,9 @@

		/* we have used 0000003f - 26 bits left to go */

		# define SSL_IS_FIRST_HANDSHAKE(S) ((s)->s3->tmp.finish_md_len == 0 \
		\|\| (s)->s3->tmp.peer_finish_md_len == 0)

		/* Check if an SSL structure is using DTLS */
		# define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
		/* See if we need explicit IV */

ssl/statem/statem_lib.c

+7 −0

Original line number	Diff line number	Diff line
		@@ -1073,6 +1073,13 @@ int ssl_set_client_hello_version(SSL *s)
		{
		int ver_min, ver_max, ret;

		/*
		* In a renegotiation we always send the same client_version that we sent
		* last time, regardless of which version we eventually negotiated.
		*/
		if (!SSL_IS_FIRST_HANDSHAKE(s))
		return 0;

		ret = ssl_get_client_min_max_version(s, &ver_min, &ver_max);

		if (ret != 0)