From 18f8258a87bd3b4099f5ab6f788c7bc2bfa00f9c Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Tue, 28 Apr 2009 22:01:53 +0000
Subject: [PATCH] PR: 1629 Submitted by: Kaspar Brand <ossl-rt@velox.ch>
 Approved by: steve@openssl.org

Don't use extensions if using SSLv3: this chokes some broken servers.
---
 ssl/t1_lib.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 3c6907f608..bd849ac593 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -275,6 +275,10 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
 	int extdatalen=0;
 	unsigned char *ret = p;
 
+	/* don't add extensions for SSLv3 */
+	if (s->client_version == SSL3_VERSION)
+		return p;
+
 	ret+=2;
 
 	if (ret>=limit) return NULL; /* this really never occurs, but ... */
@@ -472,6 +476,10 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
 	int extdatalen=0;
 	unsigned char *ret = p;
 
+	/* don't add extensions for SSLv3 */
+	if (s->version == SSL3_VERSION)
+		return p;
+	
 	ret+=2;
 	if (ret>=limit) return NULL; /* this really never occurs, but ... */
 
-- 
2.25.1