From b37080f8c99df04c4b553dc5777080245aabb844 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Tue, 25 Mar 2014 10:50:51 +0100 Subject: [PATCH] tls: Include TLS version announced in Client Hello in encrypted premaster While a hardcoded 1.2 version is fine when we offer that in Client Hello, we should include the actually offered version if it has been reduced before starting the exchange. --- src/libtls/tls_peer.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/libtls/tls_peer.c b/src/libtls/tls_peer.c index b429da300..a95b40f55 100644 --- a/src/libtls/tls_peer.c +++ b/src/libtls/tls_peer.c @@ -79,6 +79,11 @@ struct private_tls_peer_t { */ peer_state_t state; + /** + * TLS version we offered in hello + */ + tls_version_t hello_version; + /** * Hello random data selected by client */ @@ -724,6 +729,7 @@ static status_t send_client_hello(private_tls_peer_t *this, /* TLS version */ version = this->tls->get_version(this->tls); + this->hello_version = version; writer->write_uint16(writer, version); writer->write_data(writer, chunk_from_thing(this->client_random)); @@ -917,7 +923,7 @@ static status_t send_key_exchange_encrypt(private_tls_peer_t *this, return NEED_MORE; } rng->destroy(rng); - htoun16(premaster, TLS_1_2); + htoun16(premaster, this->hello_version); if (!this->crypto->derive_secrets(this->crypto, chunk_from_thing(premaster), this->session, this->server,