Assume TLS 1.0 when ClientHello fragment is too short.

commit: ba1c602281ebe05087b8441b51cf9cf63c066a8c [log] [tgz]
author: Bodo Möller <bodo@openssl.org> Thu Oct 25 06:09:51 2001 +0000
committer: Bodo Möller <bodo@openssl.org> Thu Oct 25 06:09:51 2001 +0000
tree: 636ce664abda9e507893b077e3b0ad128e5c93d8
parent: cfc781be6e1362108ad836062f559d5afaff3a64 [diff] [blame]
diff --git a/CHANGES b/CHANGES
index 755efea..99d9dd0 100644
--- a/CHANGES
+++ b/CHANGES

@@ -12,6 +12,15 @@
          *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
          +) applies to 0.9.7 only
 
+  *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when
+     faced with a pathologically small ClientHello fragment that does
+     not contain client_version: Instead of aborting with an error,
+     simply choose the highest available protocol version (i.e.,
+     TLS 1.0 unless it is disabled).  In practice, ClientHello
+     messages are never sent like this, but this change gives us
+     strictly correct behaviour at least for TLS.
+     [Bodo Moeller]
+
   +) Change all functions with names starting with des_ to be starting
      with DES_ instead.  This because there are increasing clashes with
      libdes and other des libraries that are currently used by other
commit	ba1c602281ebe05087b8441b51cf9cf63c066a8c	[log] [tgz]
author	Bodo Möller <bodo@openssl.org>	Thu Oct 25 06:09:51 2001 +0000
committer	Bodo Möller <bodo@openssl.org>	Thu Oct 25 06:09:51 2001 +0000
tree	636ce664abda9e507893b077e3b0ad128e5c93d8
parent	cfc781be6e1362108ad836062f559d5afaff3a64 [diff] [blame]