Attached is a patch for the problem reported earlier. Please let
me know whether the patch is ok.
> (starttls to connect to mail.stalker.com, using OpenSSL 0.9.5a)
>
> ! According to the SSL/TLS standard, the first 2 bytes of that secret
> ! should be the protocol version. Since CgatePro insists on TLSv0 (aka
> ! SSL 3.0), the OpenSSL correctly switches to that protocol. But - forgets
> ! about it in the premaster secret: the first 2 bytes there show "3" "1",
> ! instead of "3" "0".
>
> ! Everywhere within the *protocol* itself, OpenSSL
> ! properly switches to SSL v3 and uses 3.0 everywhere. BUT. There is a thing
> ! called "premaster secret". NOT the protocol block that exchange that secret -
> ! that block correctly contains the 3.0 version tag. The "premaster secret"
> ! itself (when decoded) is a 48 byte "random" number. But this number should
> ! have 2 first bytes fixed. And those bytes should be 3 and 0 - i.e. the same as
> ! the version bytes in the protocol blocks.
>
> The problem is in s3_clnt.c around line 1345:
> tmp_buf[0]=s->client_version>>8;
> tmp_buf[1]=s->client_version&0xff;
> in function ssl3_send_client_key_exchange(SSL *s)
>
> s->client_version has the value 0x0301, but it should have 0x0300
> according to Stalker.
--- s3_clnt.c.orig Mon May 22 16:25:01 2000
+++ s3_clnt.c Mon May 22 16:27:50 2000
@@ -1341,6 +1341,7 @@
EVP_PKEY_free(pkey);
}
+ s->client_version=s->version;
tmp_buf[0]=s->client_version>>8;
tmp_buf[1]=s->client_version&0xff;
if (RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2) <= 0)
