[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Mon Feb 19 14:09:20 UTC 2018 

The branch master has been updated
       via  5f7470df83cb179f793026a5950c1446866c9cab (commit)
      from  b761ff4e77f74f91d8694964039af24ead3c2467 (commit)


- Log -----------------------------------------------------------------
commit 5f7470df83cb179f793026a5950c1446866c9cab
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Feb 15 14:29:45 2018 +0000

    The record version for ClientHello2 should be TLS1.2
    
    According to TLSv1.3 draft-24 the record version for ClientHello2 should
    be TLS1.2, and not TLS1.0 as it is now.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/5377)

-----------------------------------------------------------------------

Summary of changes:
 ssl/record/rec_layer_s3.c | 4 +++-
 test/tls13ccstest.c       | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index ea70258..0953d2b 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -839,7 +839,9 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
          * and record version number > TLS 1.0
          */
         if (SSL_get_state(s) == TLS_ST_CW_CLNT_HELLO
-            && !s->renegotiate && TLS1_get_version(s) > TLS1_VERSION)
+                && !s->renegotiate
+                && TLS1_get_version(s) > TLS1_VERSION
+                && s->hello_retry_request == SSL_HRR_NONE)
             version = TLS1_VERSION;
 
         maxcomplen = pipelens[j];
diff --git a/test/tls13ccstest.c b/test/tls13ccstest.c
index c51c2ce..db9bfe5 100644
--- a/test/tls13ccstest.c
+++ b/test/tls13ccstest.c
@@ -118,7 +118,7 @@ static int watchccs_write(BIO *bio, const char *in, int inl)
                 return 0;
             if (msgtype == SSL3_MT_CLIENT_HELLO) {
                 chseen++;
-                expectedrecvers = TLS1_VERSION;
+
                 /*
                  * Skip legacy_version (2 bytes) and Random (32 bytes) to read
                  * session_id.
@@ -128,6 +128,8 @@ static int watchccs_write(BIO *bio, const char *in, int inl)
                     return 0;
 
                 if (chseen == 1) {
+                    expectedrecvers = TLS1_VERSION;
+
                     /* Save the session id for later */
                     chsessidlen = PACKET_remaining(&sessionid);
                     if (!PACKET_copy_bytes(&sessionid, chsessid, chsessidlen))

More information about the openssl-commits mailing list