diff options
author | Matt Caswell <matt@openssl.org> | 2023-04-25 14:57:02 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2023-05-05 15:25:37 +0100 |
commit | 861cd8964bfeb955408e93048d118e1826e12d0c (patch) | |
tree | ad9892893b9f8ba9d1c408a2cbf8d0f8149b3157 /ssl/statem | |
parent | e89f9ef424548f0c9153f8bbb4a0beb1208e357e (diff) | |
download | openssl-new-861cd8964bfeb955408e93048d118e1826e12d0c.tar.gz |
Be more accurate about what we accept as a valid DTLS version
We accepted more version numbers as valid DTLS then we really should do.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20830)
Diffstat (limited to 'ssl/statem')
-rw-r--r-- | ssl/statem/statem_lib.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 4b498cd76f..c2fca8bb12 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -2049,8 +2049,10 @@ int ssl_set_version_bound(int method_version, int version, int *bound) valid_tls = version >= SSL3_VERSION && version <= TLS_MAX_VERSION_INTERNAL; valid_dtls = - DTLS_VERSION_LE(version, DTLS_MAX_VERSION_INTERNAL) && - DTLS_VERSION_GE(version, DTLS1_BAD_VER); + /* We support client side pre-standardisation version of DTLS */ + (version == DTLS1_BAD_VER) + || (DTLS_VERSION_LE(version, DTLS_MAX_VERSION_INTERNAL) + && DTLS_VERSION_GE(version, DTLS1_VERSION)); if (!valid_tls && !valid_dtls) return 0; |