aboutsummaryrefslogtreecommitdiffstats
path: root/src/ssl
diff options
context:
space:
mode:
authorlloyd <[email protected]>2010-03-30 13:48:57 +0000
committerlloyd <[email protected]>2010-03-30 13:48:57 +0000
commit9378baca4d4b2eb1f8d36177ada4dfc4015d46e8 (patch)
treef73124ff03ecd8da06dc0994fb24e17f10d34554 /src/ssl
parent0aca16849d1fa72597b1a05c69f858d31c152200 (diff)
Don't fail simply because the client sent a version code that we don't
know about; just continue and the server will choose either whatever the client supports, if it knows about it, or else the latest version it supports. So for instance if a client attempts to negotiate TLS 1.2, we'll not know about that version and return a ServerHello for 1.1 instead.
Diffstat (limited to 'src/ssl')
-rw-r--r--src/ssl/hello.cpp6
1 files changed, 0 insertions, 6 deletions
diff --git a/src/ssl/hello.cpp b/src/ssl/hello.cpp
index 28574ad6c..413215eb2 100644
--- a/src/ssl/hello.cpp
+++ b/src/ssl/hello.cpp
@@ -118,12 +118,6 @@ void Client_Hello::deserialize(const MemoryRegion<byte>& buf)
throw Decoding_Error("Client_Hello: Packet corrupted");
c_version = static_cast<Version_Code>(make_u16bit(buf[0], buf[1]));
-
- if(c_version != SSL_V3 && c_version != TLS_V10 && c_version != TLS_V11)
- {
- throw TLS_Exception(PROTOCOL_VERSION, "Client_Hello: Bad version code");
- }
-
c_random.set(buf + 2, 32);
u32bit session_id_len = buf[34];