subject:"\[openssl.org #2984\] OpenSSL 1.0.0k, 1.0.1.d, 1.0.1e fail handshake with DTLS1_BAD_VER"

[openssl.org #2984] OpenSSL 1.0.0k, 1.0.1.d, 1.0.1e fail handshake with DTLS1_BAD_VER

2013-02-12 Thread Stephen Henson via RT

On Tue Feb 12 15:20:48 2013, dw...@infradead.org wrote: > Since commit a693ead6 in HEAD, 820988a0 in 1.0.2, 014265eb in 1.0.1 and > f852b6079 in 1.0.0, DTLS_BAD_VER (needed for Cisco AnyConnect > compatibility) has been broken. > Applied now. Thanks for the report. Steve. -- Dr Stephen N. Henson.

[openssl.org #2984] OpenSSL 1.0.0k, 1.0.1.d, 1.0.1e fail handshake with DTLS1_BAD_VER

2013-02-12 Thread David Woodhouse via RT

Since commit a693ead6 in HEAD, 820988a0 in 1.0.2, 014265eb in 1.0.1 and f852b6079 in 1.0.0, DTLS_BAD_VER (needed for Cisco AnyConnect compatibility) has been broken. The check 's->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION' is redundant anyway since DTLS1_VERSION (0xfeff) is greater