wrong version number in SSL3 client hello record

RESOLVED FIXED in 3.3

Status

NSS
Libraries
P1
normal
RESOLVED FIXED
17 years ago
17 years ago

People

(Reporter: Nelson Bolyard (seldom reads bugmail), Assigned: Nelson Bolyard (seldom reads bugmail))

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

When TLS is enabled and we restart an SSL3 session with an SSL3-only
server, the version number in the first record sent by the client
does not match the protocol version number in the client hello message.
This prevents SSL3 session restart from working with some 
"TLS intolerant" servers.
(Assignee)

Comment 1

17 years ago
Fixed in ssl3con.c in version 1.20 on trunk, and version 1.16.2.1 on the 
NSS_3_2_BRANCH.  

Note that this is not a general fix for the entire problem of 
"TLS intolerant servers".  It only fixes _restart_ of a succesfully
established SSL 3.0 session.  It doesn't address the problems with 
establishing the SSL 3.0 session in the first place.
Blocks: 59321
Status: NEW → RESOLVED
Last Resolved: 17 years ago
Priority: -- → P1
Resolution: --- → FIXED
Target Milestone: --- → 3.2.2

Comment 2

17 years ago
This fix is not in 3.2.2 but is in 3.3 and the 3.2 branch.
Since we are not planning to make any new 3.2.x releases,
I am setting the target milestone to 3.3.
Target Milestone: 3.2.2 → 3.3
You need to log in before you can comment on or make changes to this bug.