diff options
author | Simon Josefsson <simon@josefsson.org> | 2006-10-30 09:55:21 +0000 |
---|---|---|
committer | Simon Josefsson <simon@josefsson.org> | 2006-10-30 09:55:21 +0000 |
commit | 49a028aa404e624f5f7bbb0d0b7ae217cb69daf3 (patch) | |
tree | 5d3e10cc636cbf59648f70984c4864356b9338a8 | |
parent | 467ad95a431c79349215e4a757f14680e0c494de (diff) | |
download | gnutls-49a028aa404e624f5f7bbb0d0b7ae217cb69daf3.tar.gz |
Have SSLv2 ClientHello's for unknown versions negotiate the highest
version we support, instead of the lowest. Reported by
Pasi.Eronen@nokia.com.
-rw-r--r-- | lib/gnutls_v2_compat.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/lib/gnutls_v2_compat.c b/lib/gnutls_v2_compat.c index 0cabf1e4e6..26fcec7091 100644 --- a/lib/gnutls_v2_compat.c +++ b/lib/gnutls_v2_compat.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2001, 2004, 2005 Free Software Foundation + * Copyright (C) 2001, 2004, 2005, 2006 Free Software Foundation * * Author: Nikos Mavroyanopoulos * @@ -117,11 +117,21 @@ _gnutls_read_client_hello_v2 (gnutls_session_t session, opaque * data, version = _gnutls_version_get (data[pos], data[pos + 1]); - /* if we do not support that version + /* if we do not support that version */ if (_gnutls_version_is_supported (session, version) == 0) { - ver = _gnutls_version_lowest (session); + /* If he requested something we do not support + * then we send him the highest we support. + */ + ver = _gnutls_version_max (session); + if (ver == GNUTLS_VERSION_UNKNOWN) + { + /* this check is not really needed. + */ + gnutls_assert (); + return GNUTLS_E_UNKNOWN_CIPHER_SUITE; + } } else { |