Don't set client_version to the ServerHello version.

The client_version needs to be preserved for the RSA key exchange. This change also means that renegotiation will, like TLS, repeat the old client_version rather than advertise only the final version. (Either way, version change on renego is not allowed.) This is necessary in TLS to work around an SChannel bug, but it's not strictly necessary in DTLS. (From BoringSSL) Reviewed-by: N Emilia Käsper <emilia@openssl.org>

Don't set client_version to the ServerHello version.
The client_version needs to be preserved for the RSA key exchange. This change also means that renegotiation will, like TLS, repeat the old client_version rather than advertise only the final version. (Either way, version change on renego is not allowed.) This is necessary in TLS to work around an SChannel bug, but it's not strictly necessary in DTLS. (From BoringSSL) Reviewed-by: N Emilia Käsper <emilia@openssl.org>
ec1af3c4 · Adam Langley · Matt Caswell · db812f2d · ec1af3c4
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

ssl/s3_clnt.c ssl/s3_clnt.c +1 -1

未找到文件。
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -944,7 +944,7 @@ int ssl3_get_server_hello(SSL *s)
 			al = SSL_AD_PROTOCOL_VERSION;
 			goto f_err;
 			}
-		s->version = s->client_version = s->method->version;
+		s->version = s->method->version;
 		}

 	if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff)))