Commit c3b13033 authored May 11, 2012 by Dr. Stephen Henson

PR: 2811

Reported by: Phil Pennock <openssl-dev@spodhuis.org>

Make renegotiation work for TLS 1.2, 1.1 by not using a lower record
version client hello workaround if renegotiating.

parent 5762f777

CHANGES

+7 −2

Original line number	Original line	Diff line number	Diff line
	@@ -289,8 +289,13 @@
	whose return value is often ignored.		whose return value is often ignored.
	[Steve Henson]		[Steve Henson]

			Changes between 1.0.1c and 1.0.1d [xx XXX xxxx]

	Changes between 1.0.1b and 1.0.1c [xx XXX xxxx]		*) Don't use TLS 1.0 record version number in initial client hello
			if renegotiating.
			[Steve Henson]

			Changes between 1.0.1b and 1.0.1c [10 May 2012]

	*) Sanity check record length before skipping explicit IV in TLS		*) Sanity check record length before skipping explicit IV in TLS
	1.2, 1.1 and DTLS to avoid DoS attack.		1.2, 1.1 and DTLS to avoid DoS attack.

ssl/s3_pkt.c

+1 −0

Original line number	Original line	Diff line number	Diff line
	@@ -744,6 +744,7 @@ static int do_ssl3_write(SSL s, int type, const unsigned char buf,
	* bytes and record version number > TLS 1.0		* bytes and record version number > TLS 1.0
	*/		*/
	if (s->state == SSL3_ST_CW_CLNT_HELLO_B		if (s->state == SSL3_ST_CW_CLNT_HELLO_B
			&& !s->renegotiate
	&& TLS1_get_version(s) > TLS1_VERSION)		&& TLS1_get_version(s) > TLS1_VERSION)
	*(p++) = 0x1;		*(p++) = 0x1;
	else		else