Skip to content

Commit

Permalink
PR: 1629
Browse files Browse the repository at this point in the history 
Submitted by: Kaspar Brand <ossl-rt@velox.ch>
Approved by: steve@openssl.org

Don't use extensions if using SSLv3: this chokes some broken servers.
  • Loading branch information
@snhenson
snhenson committed Apr 28, 2009
1 parent 376bbb5 commit 18f8258
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions ssl/t1_lib.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -275,6 +275,10 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
int extdatalen=0;
unsigned char *ret = p;

/* don't add extensions for SSLv3 */
if (s->client_version == SSL3_VERSION)
return p;

ret+=2;

if (ret>=limit) return NULL; /* this really never occurs, but ... */
Expand Down Expand Up @@ -472,6 +476,10 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
int extdatalen=0;
unsigned char *ret = p;

/* don't add extensions for SSLv3 */
if (s->version == SSL3_VERSION)
return p;

ret+=2;
if (ret>=limit) return NULL; /* this really never occurs, but ... */

Expand Down

0 comments on commit 18f8258

Please sign in to comment.