Mark J Cox wrote:
> In going through our internal code I came across some changes that we
> should look at putting into OpenSSL. I've attached a large DIFF against
> the current CVS tree (all changes in the /ssl/ directory).
>
> "This patch is a fix so that the version number in the master secret, when
> passed via RSA, checks that if TLS was proposed, but we roll back to
> SSLv3 (because the server will not accept higher), that the version
> number is 0x03,0x01, not 0x03,0x00"
I had a look at the DIFF, and it appears that the client version is based on
the version in the record containing the ClientHello, not the client_version
contained in the ClientHello message itself. (There is actually a line in
ssl3_get_client_hello() in s3_srvr.c which uses the client_version field,
but it is commented out). Is there any reasoning behind this? The protocol
spec seems pretty clear that the client_version in the ClientHello is to be
used.
This is related to a previous post of mine about version negotiation itself
being broken in SSLeay/OpenSSL for the same reason, i.e., the server
code uses the version in the record structure and ignores the client_version
in the ClientHello, contrary to what is stated in the spec. I didn't get a
definitive response. Anyone care to comment?
Thanks,
-Roland
S/MIME Cryptographic Signature
