[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Matt Caswell matt at openssl.org
Tue Jan 9 22:13:55 UTC 2018

The branch OpenSSL_1_1_0-stable has been updated
       via  32859f608c2fe876c418e94e3883ab04083cac75 (commit)
      from  bda1af6d5f6f275c78d3145a03a208d8bc056553 (commit)

- Log -----------------------------------------------------------------
commit 32859f608c2fe876c418e94e3883ab04083cac75
Author: Matt Caswell <matt at openssl.org>
Date:   Fri Jan 5 10:12:29 2018 +0000

    Tolerate DTLS alerts with an incorrect version number
    In the case of a protocol version alert being sent by a peer the record
    version number may not be what we are expecting. In DTLS records with an
    unexpected version number are silently discarded. This probably isn't
    appropriate for alerts, so we tolerate a mismatch in the minor version
    This resolves an issue reported on openssl-users where an OpenSSL server
    chose DTLS1.0 but the client was DTLS1.2 only and sent a protocol_version
    alert with a 1.2 record number. This was silently ignored by the server.
    Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/5018)
    (cherry picked from commit 08455bc9b0e69ed5f25c16fc30cc2db57cdca842)


Summary of changes:
 ssl/record/ssl3_record.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index a189092..6c74ea5 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -1530,8 +1530,11 @@ int dtls1_get_record(SSL *s)
         n2s(p, rr->length);
-        /* Lets check version */
-        if (!s->first_packet) {
+        /*
+         * Lets check the version. We tolerate alerts that don't have the exact
+         * version number (e.g. because of protocol version errors)
+         */
+        if (!s->first_packet && rr->type != SSL3_RT_ALERT) {
             if (version != s->version) {
                 /* unexpected version, silently discard */
                 rr->length = 0;

More information about the openssl-commits mailing list