Fix bug that caused version number to be wrong in SSL3 client hellos

when restarting an SSL3 (not TLS) session.  (no bug number)

1 files changed, 10 insertions, 0 deletions

diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c
index f8e173d8f..a80da28fe 100644
--- a/security/nss/lib/ssl/ssl3con.c
+++ b/security/nss/lib/ssl/ssl3con.c
@@ -2515,6 +2515,7 @@ ssl3_SendClientHello(sslSocket *ss)
 {
     sslSecurityInfo *sec = ss->sec;
     sslSessionID *   sid;
+    ssl3CipherSpec * cwSpec;
     SECStatus        rv;
     int              i;
     int              length;
@@ -2626,6 +2627,7 @@ ssl3_SendClientHello(sslSocket *ss)
 
 	PRINT_BUF(4, (ss, "client, found session-id:", sid->u.ssl3.sessionID,
 		      sid->u.ssl3.sessionIDLength));
+
 	ss->ssl3->policy = sid->u.ssl3.policy;
     } else {
 	++ssl3stats.sch_sid_cache_misses;
@@ -2640,6 +2642,14 @@ ssl3_SendClientHello(sslSocket *ss)
         }
     }
 
+    ssl_GetSpecWriteLock(ss);
+    cwSpec = ss->ssl3->cwSpec;
+    if (cwSpec->mac_def->mac == mac_null) {
+	/* SSL records are not being MACed. */
+	cwSpec->version = ss->version;
+    }
+    ssl_ReleaseSpecWriteLock(ss);
+
     if (sec->ci.sid != NULL) {
 	ssl_FreeSID(sec->ci.sid);	/* decrement ref count, free if zero */
     }