The message header for fake SSL 3.0/TLS 1.0 client hellos created from SSL 2.0 client hellos added with the previous commit was totally wrong -- it must start with the message type, not the protocol version. (Not that this particular header is actually used anywhere ...)
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index 342d145..563531f 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c
@@ -365,12 +365,11 @@ goto err; } - /* record header: version ... */ - *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */ - *(d++) = v[1]; + /* record header: msg_type ... */ + *(d++) = SSL3_MT_CLIENT_HELLO; /* ... and length (actual value will be written later) */ - d_len = d++; - d++; + d_len = d; + d += 3; /* client_version */ *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */ @@ -404,7 +403,7 @@ *(d++)=0; i=(d-(unsigned char *)s->init_buf->data); - s2n(i, d_len); + l2n3((long)i, d_len); /* get the data reused from the init_buf */ s->s3->tmp.reuse_message=1;