A fix for bug 192. First, when renegotiating in the client, attempt to

renegotiate using our currently negotiated version instead of our
preferred version. It turns out that neither OpenSSL nor GnuTLS like
clients changing the version between negotiations, both send a
protocol_version alert. So we probably want to avoid doing that.

On the server side, handle a client sending inconsistent versions as
best we can. If the client attmepts to renegotiate a session using a
later version, return a server hello with their original version (this
is what OpenSSL does). If they attempt to renegotiate using an earlier
version, send a fatal alert and close the connection, since this seems
like a dubious thing to do.

Also, fix the situation where we as a TLS v1.0 server (because of
configuration) are talking to a TLS v1.2 client. We would still use
their signature_algorithms extension and send a SHA-256 (or whatever)
signature!

1 files changed, 1 insertions, 1 deletions

diff --git a/src/tls/c_kex.cpp b/src/tls/c_kex.cpp
index e687ff98a..2981cbaed 100644
--- a/src/tls/c_kex.cpp
+++ b/src/tls/c_kex.cpp
@@ -295,7 +295,7 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector<byte>& contents,
          }
       catch(...)
          {
-         // Randomize the hide timing channel
+         // Randomize to hide timing channel
          pre_master = rng.random_vec(48);
          pre_master[0] = client_version.major_version();
          pre_master[1] = client_version.minor_version();