From 447cc0ad732858f3ab80b2dc52f15fd045b25363 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 23 Apr 2018 17:14:47 +0100 Subject: [PATCH] In a reneg use the same client_version we used last time In 1.0.2 and below we always send the same client_version in a reneg ClientHello that we sent the first time around, regardless of what version eventually gets negotiated. According to a comment in statem_clnt.c this is a workaround for some buggy servers that choked if we changed the version used in the RSA encrypted premaster secret. In 1.1.0+ this behaviour no longer occurs. This restores the original behaviour. Fixes #1651 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6059) --- ssl/statem/statem_lib.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 269ba85997..49b44433f9 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -2004,6 +2004,13 @@ int ssl_set_client_hello_version(SSL *s) { int ver_min, ver_max, ret; + /* + * In a renegotiation we always send the same client_version that we sent + * last time, regardless of which version we eventually negotiated. + */ + if (!SSL_IS_FIRST_HANDSHAKE(s)) + return 0; + ret = ssl_get_min_max_version(s, &ver_min, &ver_max); if (ret != 0) -- 2.25.1