In a reneg use the same client_version we used last time

In 1.0.2 and below we always send the same client_version in a reneg ClientHello that we sent the first time around, regardless of what version eventually gets negotiated. According to a comment in statem_clnt.c this is a workaround for some buggy servers that choked if we changed the version used in the RSA encrypted premaster secret. In 1.1.0+ this behaviour no longer occurs. This restores the original behaviour. Fixes #1651 Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6059)

In a reneg use the same client_version we used last time
In 1.0.2 and below we always send the same client_version in a reneg ClientHello that we sent the first time around, regardless of what version eventually gets negotiated. According to a comment in statem_clnt.c this is a workaround for some buggy servers that choked if we changed the version used in the RSA encrypted premaster secret. In 1.1.0+ this behaviour no longer occurs. This restores the original behaviour. Fixes #1651 Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6059)
447cc0ad · Matt Caswell · ac98d386 · 447cc0ad
隐藏空白更改
内联并排

Showing with 7 addition and 0 deletion

ssl/statem/statem_lib.c ssl/statem/statem_lib.c +7 -0

未找到文件。
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -2004,6 +2004,13 @@ int ssl_set_client_hello_version(SSL *s)
 {
    int ver_min, ver_max, ret;

+    /*
+     * In a renegotiation we always send the same client_version that we sent
+     * last time, regardless of which version we eventually negotiated.
+     */
+    if (!SSL_IS_FIRST_HANDSHAKE(s))
+        return 0;
+
    ret = ssl_get_min_max_version(s, &ver_min, &ver_max);

    if (ret != 0)