diff -ur openssl-orig/ssl/d1_srvr.c openssl-work/ssl/d1_srvr.c
--- openssl-orig/ssl/d1_srvr.c	2012-03-31 21:03:02.000000000 +0300
+++ openssl-work/ssl/d1_srvr.c	2012-06-27 14:15:45.139119274 +0300
@@ -217,7 +217,8 @@
 			s->server=1;
 			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
 
-			if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00))
+			if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00) &&
+			    (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00))
 				{
 				SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);
 				return -1;
@@ -337,8 +338,7 @@
 			s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
 
 			/* HelloVerifyRequest resets Finished MAC */
-			if (s->version != DTLS1_BAD_VER)
-				ssl3_init_finished_mac(s);
+			ssl3_init_finished_mac(s);
 			break;
 			
 #ifndef OPENSSL_NO_SCTP
@@ -969,7 +969,8 @@
 #endif
 
 #ifndef OPENSSL_NO_TLSEXT
-		if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
+		if (s->version != DTLS1_BAD_VER &&
+		    (p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
 			{
 			SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);
 			return -1;