Switch for RFC-compliant version encoding in DTLS. From HEAD with a twist:

			s->session->master_key_length=sizeof tmp_buf;

			q=p;

			/* Fix buf for TLS and beyond */

			/* Fix buf for TLS and [incidentally] DTLS */

			if (s->version > SSL3_VERSION)

				p+=2;

			n=RSA_public_encrypt(sizeof tmp_buf,

				goto err;

				}

			/* Fix buf for TLS and beyond */

			/* Fix buf for TLS and [incidentally] DTLS */

			if (s->version > SSL3_VERSION)

				{

				s2n(n,q);

	SSL3_RECORD *rr;

	SSL_SESSION *sess;

	unsigned char *p;

	short version;

	unsigned short version;

	DTLS1_BITMAP *bitmap;

	unsigned int is_next_epoch;

		/* Lets check version */

		if (!s->first_packet)

			{

			if (version != s->version)

			if (version != s->version && version != DTLS1_BAD_VER)

				{

				SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);

				/* Send back error using their

				}

			}

		if ((version & 0xff00) != (DTLS1_VERSION & 0xff00))

		if ((version & 0xff00) != (DTLS1_VERSION & 0xff00) &&

		    (version & 0xff00) != (DTLS1_BAD_VER & 0xff00))

			{

			SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);

			goto err;

	*(p++)=type&0xff;

	wr->type=type;

	*(p++)=(s->version>>8);

	if (s->client_version == DTLS1_BAD_VER)

		*(p++) = DTLS1_BAD_VER>>8,

		*(p++) = DTLS1_BAD_VER&0xff;

	else

		*(p++)=(s->version>>8),

		*(p++)=s->version&0xff;

	/* field where we are to write out packet epoch, seq num and len */

		buf = (unsigned char *)s->init_buf->data;

		msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]);

		*(p++) = s->version >> 8;

		if (s->client_version == DTLS1_BAD_VER)

			*(p++) = DTLS1_BAD_VER>>8,

			*(p++) = DTLS1_BAD_VER&0xff;

		else

			*(p++) = s->version >> 8,

			*(p++) = s->version & 0xFF;

		*(p++) = (unsigned char) s->d1->cookie_len;

		if (s->ctx->app_gen_cookie_cb != NULL &&

		    s->ctx->app_gen_cookie_cb(s, s->d1->cookie, 

		    &(s->d1->cookie_len)) == 0)

		/* Do the message type and length last */

		d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);

		*(p++)=s->version>>8;

		if (s->client_version == DTLS1_BAD_VER)

			*(p++)=DTLS1_BAD_VER>>8,

			*(p++)=DTLS1_BAD_VER&0xff;

		else

			*(p++)=s->version>>8,

			*(p++)=s->version&0xff;

		/* Random stuff */

extern "C" {

#endif

#define DTLS1_VERSION			0x0100

#define DTLS1_VERSION_MAJOR		0x01

#define DTLS1_VERSION_MINOR		0x00

#define DTLS1_VERSION			0xFEFF

#define DTLS1_BAD_VER			0x0100

#define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE    110

	s->client_version=(((int)p[0])<<8)|(int)p[1];

	p+=2;

	if (s->client_version < s->version)

	if ((s->version == DTLS1_VERSION && s->client_version > s->version) ||

	    (s->version != DTLS1_VERSION && s->client_version < s->version))

		{

		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);

		if ((s->client_version>>8) == SSL3_VERSION_MAJOR) 

	p+=j;

	if (SSL_version(s) == DTLS1_VERSION)

	if (s->version == DTLS1_VERSION)

		{

		/* cookie stuff */

		cookie_len = *(p++);

			rsa=pkey->pkey.rsa;

			}

		/* TLS */

		if (s->version > SSL3_VERSION)

		/* TLS and [incidentally] DTLS, including pre-0.9.8f */

		if (s->version > SSL3_VERSION &&

		    s->client_version != DTLS1_BAD_VER)

			{

			n2s(p,i);

			if (n != i+2)