Wrong SSL version in DTLS1_BAD_VER ClientHello

Since commit 741c9959 ("DTLS revision."), we put the wrong protocol version into our ClientHello for DTLS1_BAD_VER. The old DTLS code which used ssl->version was replaced by the more generic SSL3 code which uses ssl->client_version. The Cisco ASA no longer likes our ClientHello. RT#3711 Reviewed-by: N Rich Salz <rsalz@openssl.org>

Wrong SSL version in DTLS1_BAD_VER ClientHello
Since commit 741c9959 ("DTLS revision."), we put the wrong protocol version into our ClientHello for DTLS1_BAD_VER. The old DTLS code which used ssl->version was replaced by the more generic SSL3 code which uses ssl->client_version. The Cisco ASA no longer likes our ClientHello. RT#3711 Reviewed-by: N Rich Salz <rsalz@openssl.org>
f7683aaf · David Woodhouse · Matt Caswell · 5178a16c · f7683aaf
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

ssl/d1_lib.c ssl/d1_lib.c +1 -1

未找到文件。
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -273,7 +273,7 @@ void dtls1_clear(SSL *s)

    ssl3_clear(s);
    if (s->options & SSL_OP_CISCO_ANYCONNECT)
-        s->version = DTLS1_BAD_VER;
+        s->client_version = s->version = DTLS1_BAD_VER;
    else if (s->method->version == DTLS_ANY_VERSION)
        s->version = DTLS1_2_VERSION;
    else