Skip to content
Permalink
Browse files

MDEV-12190 YASSL isn't able to negotiate TLS version correctly

Backport from 10.2
  • Loading branch information...
vaintroub committed Mar 14, 2018
1 parent 926edd4 commit 0943b33de3daa0fcbf58803be8e991941de63218
Showing with 10 additions and 0 deletions.
  1. +10 −0 extra/yassl/src/handshake.cpp
@@ -787,6 +787,16 @@ int DoProcessReply(SSL& ssl)
needHdr = true;
else {
buffer >> hdr;
/*
According to RFC 4346 (see "7.4.1.3. Server Hello"), the Server Hello
packet needs to specify the highest supported TLS version, but not
higher than what client requests. YaSSL highest supported version is
TLSv1.1 (=3.2) - if the client requests a higher version, downgrade it
here to 3.2.
See also Appendix E of RFC 5246 (TLS 1.2)
*/
if (hdr.version_.major_ == 3 && hdr.version_.minor_ > 2)
hdr.version_.minor_ = 2;
ssl.verifyState(hdr);
}

0 comments on commit 0943b33

Please sign in to comment.
You can’t perform that action at this time.