Forbid extended master secret with SSLv3

commit: b575b54cb9fc211b5fc03bff36d62fa138ca9d98 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Oct 24 15:12:31 2014 +0200
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed Nov 05 16:00:50 2014 +0100
tree: 887e3efefdc52a2cf670e5376e022a6183af114c
parent: dd4592774b9f40e8068f5620ca4a801840307e00 [diff] [blame]
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index d7b16b8..c40d62e 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c

@@ -365,7 +365,8 @@
 {
     unsigned char *p = buf;
 
-    if( ssl->extended_ms == SSL_EXTENDED_MS_DISABLED )
+    if( ssl->extended_ms == SSL_EXTENDED_MS_DISABLED ||
+        ssl->max_minor_ver == SSL_MINOR_VERSION_0 )
     {
         *olen = 0;
         return;
@@ -816,6 +817,7 @@
                                          size_t len )
 {
     if( ssl->extended_ms == SSL_EXTENDED_MS_DISABLED ||
+        ssl->minor_ver == SSL_MINOR_VERSION_0 ||
         len != 0 )
     {
         return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
commit	b575b54cb9fc211b5fc03bff36d62fa138ca9d98	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Fri Oct 24 15:12:31 2014 +0200
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Wed Nov 05 16:00:50 2014 +0100
tree	887e3efefdc52a2cf670e5376e022a6183af114c
parent	dd4592774b9f40e8068f5620ca4a801840307e00 [diff] [blame]