From f7683aaf36341dc65672ac2ccdbfd4a232e3626d Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Mon, 2 Mar 2015 16:20:15 +0000 Subject: [PATCH] Wrong SSL version in DTLS1_BAD_VER ClientHello Since commit 741c9959 ("DTLS revision."), we put the wrong protocol version into our ClientHello for DTLS1_BAD_VER. The old DTLS code which used ssl->version was replaced by the more generic SSL3 code which uses ssl->client_version. The Cisco ASA no longer likes our ClientHello. RT#3711 Reviewed-by: Rich Salz --- ssl/d1_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 4ca6bb31a9..626cecbcbf 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -273,7 +273,7 @@ void dtls1_clear(SSL *s) ssl3_clear(s); if (s->options & SSL_OP_CISCO_ANYCONNECT) - s->version = DTLS1_BAD_VER; + s->client_version = s->version = DTLS1_BAD_VER; else if (s->method->version == DTLS_ANY_VERSION) s->version = DTLS1_2_VERSION; else -- 2.40.0