The branch master has been updated
via 08455bc9b0e69ed5f25c16fc30cc2db57cdca842 (commit)
from 225f980d22dfe66aa3945c21609042c32284e61c (commit)
- Log -----------------------------------------------------------------
commit 08455bc9b0e69ed5f25c16fc30cc2db57cdca842
Author: Matt Caswell <[email protected]>
Date: Fri Jan 5 10:12:29 2018 +0000
Tolerate DTLS alerts with an incorrect version number
In the case of a protocol version alert being sent by a peer the record
version number may not be what we are expecting. In DTLS records with an
unexpected version number are silently discarded. This probably isn't
appropriate for alerts, so we tolerate a mismatch in the minor version
number.
This resolves an issue reported on openssl-users where an OpenSSL server
chose DTLS1.0 but the client was DTLS1.2 only and sent a protocol_version
alert with a 1.2 record number. This was silently ignored by the server.
Reviewed-by: Viktor Dukhovni <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/5018)
-----------------------------------------------------------------------
Summary of changes:
ssl/record/ssl3_record.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index 28ee2cc..a08230d 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -1875,8 +1875,11 @@ int dtls1_get_record(SSL *s)
n2s(p, rr->length);
- /* Lets check version */
- if (!s->first_packet) {
+ /*
+ * Lets check the version. We tolerate alerts that don't have the exact
+ * version number (e.g. because of protocol version errors)
+ */
+ if (!s->first_packet && rr->type != SSL3_RT_ALERT) {
if (version != s->version) {
/* unexpected version, silently discard */
rr->length = 0;
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
