/*
* Create the connection. We use "create_bare_ssl_connection" here so that
- * we can force the connection to not do "SSL_read" once partly conencted.
+ * we can force the connection to not do "SSL_read" once partly connected.
* We don't want to accidentally read the dummy records we injected because
* they will fail to decrypt.
*/
#define CLI_TO_SRV_EPOCH_0_RECS 3
#define CLI_TO_SRV_EPOCH_1_RECS 1
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
-# define SRV_TO_CLI_EPOCH_0_RECS 12
+# define SRV_TO_CLI_EPOCH_0_RECS 10
#else
/*
* In this case we have no ServerKeyExchange message, because we don't have