Have SSLv2 ClientHello's for unknown versions negotiate the highest

version we support, instead of the lowest. Reported by Pasi.Eronen@nokia.com.
author: Simon Josefsson <simon@josefsson.org> 2006-11-06 11:16:50 +0000
committer: Simon Josefsson <simon@josefsson.org> 2006-11-06 11:16:50 +0000
commit: 11ace04e1ff128297af32aff3dffd906c7a6093e (patch)
tree: 708b93868d64d0f03658b09cfa1a1ad0f864a6b8
parent: d8c55e651912e193138fae575eb5e5214ddc3999 (diff)
download: gnutls-11ace04e1ff128297af32aff3dffd906c7a6093e.tar.gz
1 files changed, 13 insertions, 3 deletions
diff --git a/lib/gnutls_v2_compat.c b/lib/gnutls_v2_compat.c
index 0cabf1e4e6..26fcec7091 100644
--- a/lib/gnutls_v2_compat.c
+++ b/lib/gnutls_v2_compat.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2001, 2004, 2005 Free Software Foundation
+ * Copyright (C) 2001, 2004, 2005, 2006 Free Software Foundation
  *
  * Author: Nikos Mavroyanopoulos
  *
@@ -117,11 +117,21 @@ _gnutls_read_client_hello_v2 (gnutls_session_t session, opaque * data,
 
   version = _gnutls_version_get (data[pos], data[pos + 1]);
 
-  /* if we do not support that version  
+  /* if we do not support that version
    */
   if (_gnutls_version_is_supported (session, version) == 0)
     {
-      ver = _gnutls_version_lowest (session);
+      /* If he requested something we do not support
+       * then we send him the highest we support.
+       */
+      ver = _gnutls_version_max (session);
+      if (ver == GNUTLS_VERSION_UNKNOWN)
+	{
+	  /* this check is not really needed.
+	   */
+	  gnutls_assert ();
+	  return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
+	}
     }
   else
     {
author	Simon Josefsson <simon@josefsson.org>	2006-11-06 11:16:50 +0000
committer	Simon Josefsson <simon@josefsson.org>	2006-11-06 11:16:50 +0000
commit	11ace04e1ff128297af32aff3dffd906c7a6093e (patch)
tree	708b93868d64d0f03658b09cfa1a1ad0f864a6b8
parent	d8c55e651912e193138fae575eb5e5214ddc3999 (diff)
download	gnutls-11ace04e1ff128297af32aff3dffd906c7a6093e.tar.gz