Since commit 741c9959 ("DTLS revision."), we put the wrong protocol version into our ClientHello and potentially other packets. The old DTLS code which used ssl->version was replaced by the more generic SSL3 code which uses ssl->client_version. The Cisco ASA no longer likes our ClientHello.
A patch which fixes this is below. I think it's correct not to set s->client_version in any of the other adjacent cases, as it would be redundant. In the s->method->version==DTLS_ANY_VERSION case seen in the context of the patch, we know that s->client_version is going to be set in ssl3_client_hello(). And in the 'else' case that is just off the end of the context of the patch, we're setting it to s->method->version which is what SSL_clear() already did anyway. In fact, I think those other cases are *entirely* redundant; even the setting of s->version. diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 4ca6bb3..626cecb 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -273,7 +273,7 @@ void dtls1_clear(SSL *s) ssl3_clear(s); if (s->options & SSL_OP_CISCO_ANYCONNECT) - s->version = DTLS1_BAD_VER; + s->client_version = s->version = DTLS1_BAD_VER; else if (s->method->version == DTLS_ANY_VERSION) s->version = DTLS1_2_VERSION; else -- David Woodhouse Open Source Technology Centre david.woodho...@intel.com Intel Corporation
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev