From 48e0f6667b86cade6e7b7afa83c7006ab7e8c2d1 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Tue, 17 Apr 2012 14:47:14 +0000
Subject: [PATCH] Additional workaround for PR#2771

If OPENSSL_MAX_TLS1_2_CIPHER_LENGTH is set then limit the size of client
ciphersuites to this value. A value of 50 should be sufficient.

Document workarounds in CHANGES.
---
 CHANGES        | 13 +++++++++++++
 ssl/s23_clnt.c |  9 +++++++++
 ssl/s3_clnt.c  |  9 +++++++++
 3 files changed, 31 insertions(+)

diff --git a/CHANGES b/CHANGES
index 2945371cb7..eee88aeab3 100644
--- a/CHANGES
+++ b/CHANGES
@@ -54,6 +54,19 @@
 
  Changes between 1.0.1 and 1.0.1a [xx XXX xxxx]
 
+  *) Workarounds for some broken servers that "hang" if a client hello
+     record length exceeds 255 bytes:
+ 
+     1. Do not use record version number > TLS 1.0 in initial client
+        hello: some (but not all) hanging servers will now work.
+     2. If we set OPENSSL_MAX_TLS1_2_CIPHER_LENGTH this will truncate
+        the number of ciphers sent in the client hello. This should be
+        set to an even number, such as 50, for example by passing:
+        -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 to config or Configure.
+        Most broken servers should now work.
+     3. If all else fails setting OPENSSL_NO_TLS1_2_CLIENT will disable
+        TLS 1.2 client support entirely.
+
   *) Fix SEGV in Vector Permutation AES module observed in OpenSSH.
      [Andy Polyakov]
 
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index 299af0f03a..a76eb46908 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -467,6 +467,15 @@ static int ssl23_client_hello(SSL *s)
 				SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
 				return -1;
 				}
+#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH
+			/* Some servers hang if client hello > 256 bytes
+			 * as hack workaround chop number of supported ciphers
+			 * to keep it well below this if we use TLS v1.2
+			 */
+			if (TLS1_get_version(s) >= TLS1_2_VERSION
+				&& i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
+				i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
+#endif
 			s2n(i,p);
 			p+=i;
 
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 3d8246c4cb..c00ace1598 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -755,6 +755,15 @@ int ssl3_client_hello(SSL *s)
 			SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
 			goto err;
 			}
+#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH
+			/* Some servers hang if client hello > 256 bytes
+			 * as hack workaround chop number of supported ciphers
+			 * to keep it well below this if we use TLS v1.2
+			 */
+			if (TLS1_get_version(s) >= TLS1_2_VERSION
+				&& i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
+				i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
+#endif
 		s2n(i,p);
 		p+=i;
 
-- 
2.34.1