Don't change version number if session established When sending an invalid version number alert don't change the version number to the client version if a session is already established. Thanks to Marek Majkowski for additional analysis of this issue. PR#3191

commit: b77b58a398c8b9b4113f3fb6b48e162a3b8d4527 [log] [tgz]
author: Dr. Stephen Henson <steve@openssl.org> Tue Dec 24 18:17:00 2013 +0000
committer: Dr. Stephen Henson <steve@openssl.org> Thu Jan 02 15:05:44 2014 +0000
tree: d9b6f28c6763e40f396e40ed35587bdf2e76c162
parent: f6dfbeed3c82e3bfc9cda2f4cd80f1e1b5515ba9 [diff] [blame]
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index a6fd3bf..c3a061d 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c

@@ -348,7 +348,7 @@
 			if (version != s->version)
 				{
 				SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
-                                if ((s->version & 0xFF00) == (version & 0xFF00))
+                                if ((s->version & 0xFF00) == (version & 0xFF00) && !s->enc_write_ctx && !s->write_hash)
                                 	/* Send back error using their minor version number :-) */
 					s->version = (unsigned short)version;
 				al=SSL_AD_PROTOCOL_VERSION;
commit	b77b58a398c8b9b4113f3fb6b48e162a3b8d4527	[log] [tgz]
author	Dr. Stephen Henson <steve@openssl.org>	Tue Dec 24 18:17:00 2013 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	Thu Jan 02 15:05:44 2014 +0000
tree	d9b6f28c6763e40f396e40ed35587bdf2e76c162
parent	f6dfbeed3c82e3bfc9cda2f4cd80f1e1b5515ba9 [diff] [blame]