---------------------------------------- > Date: Thu, 10 Apr 2014 15:22:43 +0200 > From: [email protected] > To: [email protected] > CC: [email protected] > Subject: Re: Query regarding extracting ssl hello sni. > > On Thu, Apr 10, 2014 at 06:30:26PM +0530, Pravin Tatti wrote: >> I think you still didn't understood the problem. There are two versions in >> SSL one is record layer hello version and the client hello version. Any >> application that support TLS versions 1.0, 1.1, 1.3 or SSLv3 (client hello >> version) may contain SSL 3.0 as the record layer version number and the >> once the negotiation is done the record layer version is updated. >> The problem is not with SSLv3 alone the problem is with all the TLS >> versions 1.0, 1.1, 1.3 or SSLv3 who has the record layer version as SSLv3 >> for client hello packet. > > OK thanks for clarifying.
Basically we just need to relax the record layer check to SSLv3 - and leave
the clienthello check as is, right?
Does the attached diff do the job for you correctly, Pravin?
Regards,
Lukas
sslv3-record-layer-sni.diff
Description: Binary data
