projects
/
oweals
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Additional workaround for PR#2771
[oweals/openssl.git]
/
ssl
/
s3_pkt.c
diff --git
a/ssl/s3_pkt.c
b/ssl/s3_pkt.c
index 3c56a86933ffd5d69b829362c30f30a0369d12da..adf8c387cc0a504801211bfeece83e46b60b5f98 100644
(file)
--- a/
ssl/s3_pkt.c
+++ b/
ssl/s3_pkt.c
@@
-664,10
+664,14
@@
static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
if ( (sess == NULL) ||
(s->enc_write_ctx == NULL) ||
(EVP_MD_CTX_md(s->write_hash) == NULL))
if ( (sess == NULL) ||
(s->enc_write_ctx == NULL) ||
(EVP_MD_CTX_md(s->write_hash) == NULL))
+ {
+#if 1
+ clear=s->enc_write_ctx?0:1; /* must be AEAD cipher */
+#else
clear=1;
clear=1;
-
- if (clear)
+#endif
mac_size=0;
mac_size=0;
+ }
else
{
mac_size=EVP_MD_CTX_size(s->write_hash);
else
{
mac_size=EVP_MD_CTX_size(s->write_hash);
@@
-736,7
+740,14
@@
static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
wr->type=type;
*(p++)=(s->version>>8);
wr->type=type;
*(p++)=(s->version>>8);
- *(p++)=s->version&0xff;
+ /* Some servers hang if iniatial client hello is larger than 256
+ * bytes and record version number > TLS 1.0
+ */
+ if (s->state == SSL3_ST_CW_CLNT_HELLO_B
+ && TLS1_get_version(s) > TLS1_VERSION)
+ *(p++) = 0x1;
+ else
+ *(p++)=s->version&0xff;
/* field where we are to write out packet length */
plen=p;
/* field where we are to write out packet length */
plen=p;