The message header for fake SSL 3.0/TLS 1.0 client hellos created from
SSL 2.0 client hellos added with the previous commit was totally wrong --
it must start with the message type, not the protocol version.
(Not that this particular header is actually used anywhere ...)
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index 342d145..563531f 100644
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -365,12 +365,11 @@
 			goto err;
 			}
 
-		/* record header: version ... */
-		*(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
-		*(d++) = v[1];
+		/* record header: msg_type ... */
+		*(d++) = SSL3_MT_CLIENT_HELLO;
 		/* ... and length (actual value will be written later) */
-		d_len = d++;
-		d++;
+		d_len = d;
+		d += 3;
 
 		/* client_version */
 		*(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
@@ -404,7 +403,7 @@
 		*(d++)=0;
 		
 		i=(d-(unsigned char *)s->init_buf->data);
-		s2n(i, d_len);
+		l2n3((long)i, d_len);
 
 		/* get the data reused from the init_buf */
 		s->s3->tmp.reuse_message=1;