[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Matt Caswell matt at openssl.org
Thu Jun 4 08:19:26 UTC 2015

The branch OpenSSL_1_0_2-stable has been updated
       via  af3aa2b5ef741a35394c92872cbdbab4d46b9c90 (commit)
      from  adba3b3bf1e82b9fe38c986baa7d3c9366a81fab (commit)

- Log -----------------------------------------------------------------
commit af3aa2b5ef741a35394c92872cbdbab4d46b9c90
Author: Matt Caswell <matt at openssl.org>
Date:   Wed May 6 11:40:06 2015 +0100

    Fix DTLS session resumption
    The session object on the client side is initially created during
    construction of the ClientHello. If the client is DTLS1.2 capable then it
    will store 1.2 as the version for the session. However if the server is only
    DTLS1.0 capable then when the ServerHello comes back the client switches to
    using DTLS1.0 from then on. However the session version does not get
    updated. Therefore when the client attempts to resume that session the
    server throws an alert because of an incorrect protocol version.
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (cherry picked from commit 7322abf5cefdeb47c7d61f3b916c428bf2cd69b6)


Summary of changes:
 ssl/s3_clnt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index feb1e3b..609b005 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -958,7 +958,7 @@ int ssl3_get_server_hello(SSL *s)
             al = SSL_AD_PROTOCOL_VERSION;
             goto f_err;
-        s->version = s->method->version;
+        s->session->ssl_version = s->version = s->method->version;
     if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) {

More information about the openssl-commits mailing list