Blame SOURCES/openssl-fips-0.9.8e-tls-version.patch

5820f5
diff -up openssl-fips-0.9.8e/ssl/s23_srvr.c.tlsver openssl-fips-0.9.8e/ssl/s23_srvr.c
5820f5
--- openssl-fips-0.9.8e/ssl/s23_srvr.c.tlsver	2007-03-22 01:39:13.000000000 +0100
5820f5
+++ openssl-fips-0.9.8e/ssl/s23_srvr.c	2011-04-04 15:36:45.000000000 +0200
5820f5
@@ -315,7 +315,7 @@ int ssl23_get_client_hello(SSL *s)
5820f5
 			 (p[1] == SSL3_VERSION_MAJOR) &&
5820f5
 			 (p[5] == SSL3_MT_CLIENT_HELLO) &&
5820f5
 			 ((p[3] == 0 && p[4] < 5 /* silly record length? */)
5820f5
-				|| (p[9] == p[1])))
5820f5
+				|| (p[9] >= p[1])))
5820f5
 			{
5820f5
 			/*
5820f5
 			 * SSLv3 or tls1 header
5820f5
@@ -339,6 +339,13 @@ int ssl23_get_client_hello(SSL *s)
5820f5
 				v[1] = TLS1_VERSION_MINOR;
5820f5
 #endif
5820f5
 				}
5820f5
+			/* if major version number > 3 set minor to a value
5820f5
+			 * which will use the highest version 3 we support.
5820f5
+			 * If TLS 2.0 ever appears we will need to revise
5820f5
+			 * this....
5820f5
+			 */
5820f5
+			else if (p[9] > SSL3_VERSION_MAJOR)
5820f5
+				v[1]=0xff;
5820f5
 			else
5820f5
 				v[1]=p[10]; /* minor version according to client_version */
5820f5
 			if (v[1] >= TLS1_VERSION_MINOR)