When connecting to pool of diverse servers (both TLS1.0 and TLS1.2), a following scenario may happen:
1. Connect to TLS1.2 server, receive new session 2. Store this session 3. Attempt to reuse it later when connecting to server 4. Connect to different server from the pool, which speaks only TLS1.0 5. Get `SSL_R_WRONG_VERSION_NUMBER` error Expected behavior would be scrapping off the session, and allowing server to downgrade to supported protocol version the way it would do it if no client session would be supplied. This issue was discovered while working on following node.js bug: https://github.com/nodejs/node/issues/3692 --- ssl/s3_pkt.c | 39 +++++++++++++++++++++++++++++++++++++++ ssl/ssltest.c | 22 +++++++++++++++++++++- test/testssl | 6 ++++++ 3 files changed, 66 insertions(+), 1 deletion(-)
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJWrTMxAAoJENcGPM4Zt+iQ+GMQAILay2nyh47kVAv1wV3QBgfw 403IrqpoGqLCklZg0SL7zgce+gfOXMydtqbLbK6wtpFNawLPTkbDvLSVyPyixDwy 56UD+neByBXtIuOSs75qVjmAZcuT5GQMoQlIPrX2zGoaRdJls0w4TCrqcoXTDVlL 4QKbaage+EeymPyadEOKmNX2vZmoLRE+t+cMC5gLAtk7ykpAHMWmEZlwhdryP847 uJA8dI1HjvEDcUJvwSsnZLj/wZSrZcC5+QEVsEba8zlKszFYMalygPBZAneZ6zWT GOp5oqUEEyXMlZB8VCTZcMIdEx79otpOYURYGwxNU0P6reZngc1syfgZQYYGqZ0s ohKcWCvbKgZMfI3Vh/LhKVCho0n2G4Uy0k32vOtotmg3zyQjCaUCHdiiWPSiNYDm BlIunymx2ZvCdIZgy/JnAOE2zXe2Hi9qlw+v6wnNH5xowVQvOf0fOgR/R3qhIdrN 6ZFMDY4Ldq0hOFwplAyQRBJZqnHxA6z43lTr5Uk8mad0kIngciFUjvmaBLpiw0r/ R8FT2uVbpDVHf6HUHGobA4cIWZ4nOYBL/mnOfp81gcG3Sd727dV0/dP0K4nyfbim aaF5VuM2nZWlLTJZnMNZJYDGm7lM1BhkCuniD/t+ycrAHS9cdoT9H/HvcAIBnmMn GrIf2pe3UbMmidg/TAtb =Ci8J -----END PGP SIGNATURE-----
0001-Allow-downgrading-when-reusing-sessions-on-client.patch
Description: Binary data
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev