I've had zero response on this. Isn't anyone interested that OpenSSL
implements the protocol incorrectly?
-Roland
Roland Mechler wrote:
> Mark J Cox wrote:
>
> > In going through our internal code I came across some changes that we
> > should look at putting into OpenSSL. I've attached a large DIFF against
> > the current CVS tree (all changes in the /ssl/ directory).
> >
> > "This patch is a fix so that the version number in the master secret, when
> > passed via RSA, checks that if TLS was proposed, but we roll back to
> > SSLv3 (because the server will not accept higher), that the version
> > number is 0x03,0x01, not 0x03,0x00"
>
> I had a look at the DIFF, and it appears that the client version is based on
> the version in the record containing the ClientHello, not the client_version
> contained in the ClientHello message itself. (There is actually a line in
> ssl3_get_client_hello() in s3_srvr.c which uses the client_version field,
> but it is commented out). Is there any reasoning behind this? The protocol
> spec seems pretty clear that the client_version in the ClientHello is to be
> used.
>
> This is related to a previous post of mine about version negotiation itself
> being broken in SSLeay/OpenSSL for the same reason, i.e., the server
> code uses the version in the record structure and ignores the client_version
> in the ClientHello, contrary to what is stated in the spec. I didn't get a
> definitive response. Anyone care to comment?
>
> Thanks,
>
> -Roland
S/MIME Cryptographic Signature
