From 32859f608c2fe876c418e94e3883ab04083cac75 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 5 Jan 2018 10:12:29 +0000 Subject: [PATCH] Tolerate DTLS alerts with an incorrect version number In the case of a protocol version alert being sent by a peer the record version number may not be what we are expecting. In DTLS records with an unexpected version number are silently discarded. This probably isn't appropriate for alerts, so we tolerate a mismatch in the minor version number. This resolves an issue reported on openssl-users where an OpenSSL server chose DTLS1.0 but the client was DTLS1.2 only and sent a protocol_version alert with a 1.2 record number. This was silently ignored by the server. Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/5018) (cherry picked from commit 08455bc9b0e69ed5f25c16fc30cc2db57cdca842) --- ssl/record/ssl3_record.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index a189092254..6c74ea5689 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -1530,8 +1530,11 @@ int dtls1_get_record(SSL *s) n2s(p, rr->length); - /* Lets check version */ - if (!s->first_packet) { + /* + * Lets check the version. We tolerate alerts that don't have the exact + * version number (e.g. because of protocol version errors) + */ + if (!s->first_packet && rr->type != SSL3_RT_ALERT) { if (version != s->version) { /* unexpected version, silently discard */ rr->length = 0; -- 2.25.1