When TLS is enabled and we restart an SSL3 session with an SSL3-only server, the version number in the first record sent by the client does not match the protocol version number in the client hello message. This prevents SSL3 session restart from working with some "TLS intolerant" servers.
Fixed in ssl3con.c in version 1.20 on trunk, and version 126.96.36.199 on the NSS_3_2_BRANCH. Note that this is not a general fix for the entire problem of "TLS intolerant servers". It only fixes _restart_ of a succesfully established SSL 3.0 session. It doesn't address the problems with establishing the SSL 3.0 session in the first place.
Status: NEW → RESOLVED
Last Resolved: 17 years ago
Priority: -- → P1
Resolution: --- → FIXED
Target Milestone: --- → 3.2.2
This fix is not in 3.2.2 but is in 3.3 and the 3.2 branch. Since we are not planning to make any new 3.2.x releases, I am setting the target milestone to 3.3.
Target Milestone: 3.2.2 → 3.3
You need to log in before you can comment on or make changes to this bug.