use client version when eliminating TLS v1.2 ciphersuites in client hello

[openssl.git] / ssl / d1_clnt.c

diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index 5bc9eb6603f2f800e61c0e210385a900383f2163..887e3244e772363ddc0eebce5f2f0bc43c15399c 100644 (file)
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -114,6 +114,7 @@
  */
 
 #include <stdio.h>
+#include <openssl/crypto.h>
 #include "ssl_locl.h"
 #ifndef OPENSSL_NO_KRB5
 #include "kssl_lcl.h"
@@ -171,7 +172,7 @@ int dtls1_connect(SSL *s)
                switch(s->state)
                        {
                case SSL_ST_RENEGOTIATE:
-                       s->new_session=1;
+                       s->renegotiate=1;
                        s->state=SSL_ST_CONNECT;
                        s->ctx->stats.sess_connect_renegotiate++;
                        /* break */
@@ -407,7 +408,8 @@ int dtls1_connect(SSL *s)
 
                case SSL3_ST_CW_CHANGE_A:
                case SSL3_ST_CW_CHANGE_B:
-                       dtls1_start_timer(s);
+                       if (!s->hit)
+                               dtls1_start_timer(s);
                        ret=dtls1_send_change_cipher_spec(s,
                                SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
                        if (ret <= 0) goto end;
@@ -442,7 +444,8 @@ int dtls1_connect(SSL *s)
 
                case SSL3_ST_CW_FINISHED_A:
                case SSL3_ST_CW_FINISHED_B:
-                       dtls1_start_timer(s);
+                       if (!s->hit)
+                               dtls1_start_timer(s);
                        ret=dtls1_send_finished(s,
                                SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
                                s->method->ssl3_enc->client_finished_label,
@@ -539,6 +542,7 @@ int dtls1_connect(SSL *s)
                        /* else do it later in ssl3_write */
 
                        s->init_num=0;
+                       s->renegotiate=0;
                        s->new_session=0;
 
                        ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);