PR: 2811

author Dr. Stephen Henson <steve@openssl.org>

Fri, 11 May 2012 13:34:29 +0000 (13:34 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Fri, 11 May 2012 13:34:29 +0000 (13:34 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Fri, 11 May 2012 13:34:29 +0000 (13:34 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Fri, 11 May 2012 13:34:29 +0000 (13:34 +0000)
diff --git a/CHANGES b/CHANGES

index 2656e6616e0f45297f8c6166e0b75405be295736..4baace1e624d72c597c31bb9b847e80b4299ed09 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -289,8 +289,13 @@
       whose return value is often ignored. 
       [Steve Henson]
  
- 
- Changes between 1.0.1b and 1.0.1c [xx XXX xxxx]
+ Changes between 1.0.1c and 1.0.1d [xx XXX xxxx]
+
+  *) Don't use TLS 1.0 record version number in initial client hello
+     if renegotiating.
+     [Steve Henson]
+
+ Changes between 1.0.1b and 1.0.1c [10 May 2012]
  
    *) Sanity check record length before skipping explicit IV in TLS
       1.2, 1.1 and DTLS to avoid DoS attack.
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c

index 2d569cc1cedc5aa2bb0d0e7f876a22468e77950e..dca345865a10a5fae10741e009676731181fc60d 100644 (file)
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -744,6 +744,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
          * bytes and record version number > TLS 1.0
          */
         if (s->state == SSL3_ST_CW_CLNT_HELLO_B
+                               && !s->renegotiate
                                 && TLS1_get_version(s) > TLS1_VERSION)
                 *(p++) = 0x1;
         else
author	Dr. Stephen Henson <steve@openssl.org>
	Fri, 11 May 2012 13:34:29 +0000 (13:34 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Fri, 11 May 2012 13:34:29 +0000 (13:34 +0000)
CHANGES		patch \| blob \| history
ssl/s3_pkt.c		patch \| blob \| history