Don't change version number if session established When sending an invalid version number alert don't change the version number to the client version if a session is already established. Thanks to Marek Majkowski for additional analysis of this issue. PR#3191
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index a6fd3bf..c3a061d 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c
@@ -348,7 +348,7 @@ if (version != s->version) { SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); - if ((s->version & 0xFF00) == (version & 0xFF00)) + if ((s->version & 0xFF00) == (version & 0xFF00) && !s->enc_write_ctx && !s->write_hash) /* Send back error using their minor version number :-) */ s->version = (unsigned short)version; al=SSL_AD_PROTOCOL_VERSION;
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 5d0432f..41a5ba5 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c
@@ -978,12 +978,13 @@ s->client_version=(((int)p[0])<<8)|(int)p[1]; p+=2; - if ((SSL_IS_DTLS(s) && s->client_version > s->version - && s->method->version != DTLS_ANY_VERSION) || - (!SSL_IS_DTLS(s) && s->client_version < s->version)) + if (SSL_IS_DTLS(s) ? (s->client_version > s->version && + s->method->version != DTLS_ANY_VERSION) + : (s->client_version < s->version)) { SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER); - if ((s->client_version>>8) == SSL3_VERSION_MAJOR) + if ((s->client_version>>8) == SSL3_VERSION_MAJOR && + !s->enc_write_ctx && !s->write_hash) { /* similar to ssl3_get_record, send alert using remote version number */ s->version = s->client_version;