1 files changed, 18 insertions, 11 deletions

diff --git a/src/ssl/tls_server.cpp b/src/ssl/tls_server.cpp
index 47902a71c..a4cfcf7de 100644
--- a/src/ssl/tls_server.cpp
+++ b/src/ssl/tls_server.cpp
@@ -43,7 +43,7 @@ void server_check_state(Handshake_Type new_msg, Handshake_State* state)
             Unexpected_Message("State transition error from " + err) {}
       };
 
-   if(new_msg == CLIENT_HELLO)
+   if(new_msg == CLIENT_HELLO || new_msg == CLIENT_HELLO_SSLV2)
       {
       if(state->server_hello)
          throw State_Transition_Error("ClientHello");
@@ -325,23 +325,30 @@ void TLS_Server::read_handshake(byte rec_type,
 void TLS_Server::process_handshake_msg(Handshake_Type type,
                                        const MemoryRegion<byte>& contents)
    {
+   rng.add_entropy(&contents[0], contents.size());
+
    if(state == 0)
       throw Unexpected_Message("Unexpected handshake message");
 
    if(type != HANDSHAKE_CCS && type != FINISHED)
       {
-      state->hash.update(static_cast<byte>(type));
-      u32bit record_length = contents.size();
-      for(u32bit j = 0; j != 3; j++)
-         state->hash.update(get_byte(j+1, record_length));
+
+      if(type != CLIENT_HELLO_SSLV2)
+         {
+         state->hash.update(static_cast<byte>(type));
+         u32bit record_length = contents.size();
+         for(u32bit j = 0; j != 3; j++)
+            state->hash.update(get_byte(j+1, record_length));
+         }
+
       state->hash.update(contents);
       }
 
-   if(type == CLIENT_HELLO)
+   if(type == CLIENT_HELLO || type == CLIENT_HELLO_SSLV2)
       {
       server_check_state(type, state);
 
-      state->client_hello = new Client_Hello(contents);
+      state->client_hello = new Client_Hello(contents, type);
 
       client_requested_hostname = state->client_hello->hostname();
 
@@ -358,7 +365,7 @@ void TLS_Server::process_handshake_msg(Handshake_Type type,
 
       state->suite = CipherSuite(state->server_hello->ciphersuite());
 
-      if(state->suite.sig_type() != CipherSuite::NO_SIG)
+      if(state->suite.sig_type() != TLS_ALGO_SIGNER_ANON)
          {
          // FIXME: should choose certs based on sig type
          state->server_certs = new Certificate(writer, cert_chain,
@@ -366,14 +373,14 @@ void TLS_Server::process_handshake_msg(Handshake_Type type,
          }
 
       state->kex_priv = PKCS8::copy_key(*private_key, rng);
-      if(state->suite.kex_type() != CipherSuite::NO_KEX)
+      if(state->suite.kex_type() != TLS_ALGO_KEYEXCH_NOKEX)
          {
-         if(state->suite.kex_type() == CipherSuite::RSA_KEX)
+         if(state->suite.kex_type() == TLS_ALGO_KEYEXCH_RSA)
             {
             state->kex_priv = new RSA_PrivateKey(rng,
                                                  policy->rsa_export_keysize());
             }
-         else if(state->suite.kex_type() == CipherSuite::DH_KEX)
+         else if(state->suite.kex_type() == TLS_ALGO_KEYEXCH_DH)
             {
             state->kex_priv = new DH_PrivateKey(rng, policy->dh_group());
             }