Hello All, We observed that the current implementation contains a client that can communicate with a DTLS1_BAD_VER server but does not contains the server that can communicate with a DTLS1_BAD_VER client, so we wrote a patch that enables OpenSSL to negotiate DTLS1_BAD_VER with itself.
Changes (all in [d1_srvr.c] ) : 1. The server accepts a ClientHello from a client that uses DTLS1_BAD_VER. 2. The server responds to a client that uses DTLS1_BAD_VER. 3. Disable sending TLS extensions to DTLS1_BAD_VER clients. Is there interest in this patch ? Thanks, Ghennadi
dtls1_bad_ver-server.patch
Description: dtls1_bad_ver-server.patch
