summaryrefslogtreecommitdiff
path: root/thirdparty/openssl/ssl/s23_clnt.c
diff options
context:
space:
mode:
Diffstat (limited to 'thirdparty/openssl/ssl/s23_clnt.c')
-rw-r--r--thirdparty/openssl/ssl/s23_clnt.c30
1 files changed, 30 insertions, 0 deletions
diff --git a/thirdparty/openssl/ssl/s23_clnt.c b/thirdparty/openssl/ssl/s23_clnt.c
index b80d1fd8ce..add8c9916c 100644
--- a/thirdparty/openssl/ssl/s23_clnt.c
+++ b/thirdparty/openssl/ssl/s23_clnt.c
@@ -735,7 +735,37 @@ static int ssl23_get_server_hello(SSL *s)
s->version = TLS1_2_VERSION;
s->method = TLSv1_2_client_method();
} else {
+ /*
+ * Unrecognised version, we'll send a protocol version alert using
+ * our preferred version.
+ */
+ switch(s->client_version) {
+ default:
+ /*
+ * Shouldn't happen
+ * Fall through
+ */
+ case TLS1_2_VERSION:
+ s->version = TLS1_2_VERSION;
+ s->method = TLSv1_2_client_method();
+ break;
+ case TLS1_1_VERSION:
+ s->version = TLS1_1_VERSION;
+ s->method = TLSv1_1_client_method();
+ break;
+ case TLS1_VERSION:
+ s->version = TLS1_VERSION;
+ s->method = TLSv1_client_method();
+ break;
+#ifndef OPENSSL_NO_SSL3
+ case SSL3_VERSION:
+ s->version = SSL3_VERSION;
+ s->method = SSLv3_client_method();
+ break;
+#endif
+ }
SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_PROTOCOL_VERSION);
goto err;
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-03-07 05:50:00 +0000