> OpenSSL 0.9.8g SSLv3 only client (with tlsext support compiled in) is
> broken when communicating with some servers.
This is due to the fact that when compiled with enable-tlsext, OpenSSL
will currently also include TLS extensions in an SSLv3 ClientHello. In
the example shown, it's actually the session ticket TLS extension which
confuses irc.mozilla.org (turning it off with "-no_ticket" will make the
problem with this particular site go away).
While it's not a protocol violation to include extensions in an SSLv3
hello message, strictly speaking (the SSLv3 specification permits "to
include extra data after the compression methods"), I don't think it's
of any real use.
To improve interoperability, I would recommend to not add any TLS
extensions when speaking SSLv3 - as implemented by the attached patch
(against HEAD, but also applies cleanly to openssl_0_9_8-stable).
Kaspar
Index: ssl/t1_lib.c
===================================================================
RCS file: /home/ossl-cvs/openssl/ssl/t1_lib.c,v
retrieving revision 1.51
diff -p -u -r1.51 t1_lib.c
--- ssl/t1_lib.c 26 Oct 2007 12:06:35 -0000 1.51
+++ ssl/t1_lib.c 26 Feb 2008 18:02:50 -0000
@@ -267,6 +267,10 @@ unsigned char *ssl_add_clienthello_tlsex
int extdatalen=0;
unsigned char *ret = p;
+ /* don't add extensions for SSLv3 */
+ if (s->client_version == SSL3_VERSION)
+ return p;
+
ret+=2;
if (ret>=limit) return NULL; /* this really never occurs, but ... */
@@ -448,6 +452,10 @@ unsigned char *ssl_add_serverhello_tlsex
int extdatalen=0;
unsigned char *ret = p;
+ /* don't add extensions for SSLv3 */
+ if (s->version == SSL3_VERSION)
+ return p;
+
ret+=2;
if (ret>=limit) return NULL; /* this really never occurs, but ... */
