Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Tolerate a bad record version in TLSv1.3 plaintext records
When a server responds to a second TLSv1.3 ClientHello it is required to set the legacy_record_version to 0x0303 (TLSv1.2). The client is required to ignore that field even if it is wrong. The recent changes to the read record layer in PR #18132 made the record layer stricter and it was checking that the legacy_record_version was the correct value. This caused connection failures when talking to buggy servers that set the wrong legacy_record_version value. We make us more tolerant again. Fixes #19051 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #19058)
- Loading branch information