Closed Bug 84078 Opened 23 years ago Closed 23 years ago

wrong version number in SSL3 client hello record

Categories

(NSS :: Libraries, defect, P1)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: nelson, Assigned: nelson)

References

(
URL
)

Details

When TLS is enabled and we restart an SSL3 session with an SSL3-only
server, the version number in the first record sent by the client
does not match the protocol version number in the client hello message.
This prevents SSL3 session restart from working with some 
"TLS intolerant" servers.
Fixed in ssl3con.c in version 1.20 on trunk, and version 1.16.2.1 on the 
NSS_3_2_BRANCH.  

Note that this is not a general fix for the entire problem of 
"TLS intolerant servers".  It only fixes _restart_ of a succesfully
established SSL 3.0 session.  It doesn't address the problems with 
establishing the SSL 3.0 session in the first place.
Blocks: 59321
Status: NEW → RESOLVED
Closed: 23 years ago
Priority: -- → P1
Resolution: --- → FIXED
Target Milestone: --- → 3.2.2
This fix is not in 3.2.2 but is in 3.3 and the 3.2 branch.
Since we are not planning to make any new 3.2.x releases,
I am setting the target milestone to 3.3.
Target Milestone: 3.2.2 → 3.3
You need to log in before you can comment on or make changes to this bug.