Bug 923696: don't send resumption ClientHello records with versions > 0x0301.
authorAdam Langley <agl@chromium.org>
Mon, 07 Oct 2013 14:26:14 -0700
changeset 10860 fc6df00517093e85d5e27da260ce7c9f7a4d458f
parent 10859 dec241b62016119d86e88f80782534b4cae8d889
child 10861 bfc9085d067603c4638c7d9e6b047a3aa4b46619
push id166
push userwtc@google.com
push dateMon, 07 Oct 2013 21:26:34 +0000
bugs923696
Bug 923696: don't send resumption ClientHello records with versions > 0x0301. Best we can tell, F5 BIG-IP devices with firmware < 10.2.4 hang the connection when a ClientHello record is received with version > 0x0301 and is longer than 255 bytes. r=wtc.
lib/ssl/ssl3con.c
--- a/lib/ssl/ssl3con.c
+++ b/lib/ssl/ssl3con.c
@@ -2702,21 +2702,23 @@ ssl3_CompressMACEncryptRecord(ssl3Cipher
  *    bytes are used.
  * ssl_SEND_FLAG_FORCE_INTO_BUFFER
  *    As above, except this suppresses all write attempts, and forces
  *    all ciphertext into the pending ciphertext buffer.
  * ssl_SEND_FLAG_USE_EPOCH (for DTLS)
  *    Forces the use of the provided epoch
  * ssl_SEND_FLAG_CAP_RECORD_VERSION
  *    Caps the record layer version number of TLS ClientHello to { 3, 1 }
- *    (TLS 1.0). Some TLS 1.0 servers (which seem to use F5 BIG-IP) ignore 
+ *    (TLS 1.0). Some TLS 1.0 servers (which seem to use F5 BIG-IP) ignore
  *    ClientHello.client_version and use the record layer version number
  *    (TLSPlaintext.version) instead when negotiating protocol versions. In
  *    addition, if the record layer version number of ClientHello is { 3, 2 }
- *    (TLS 1.1) or higher, these servers reset the TCP connections. Set this
+ *    (TLS 1.1) or higher, these servers reset the TCP connections. Lastly,
+ *    some F5 BIG-IP servers hang if a record containing a ClientHello has a
+ *    version greater than { 3, 1 } and a length greater than 255. Set this
  *    flag to work around such servers.
  */
 PRInt32
 ssl3_SendRecord(   sslSocket *        ss,
                    DTLSEpoch          epoch, /* DTLS only */
                    SSL3ContentType    type,
 		   const SSL3Opaque * pIn,   /* input buffer */
 		   PRInt32            nIn,   /* bytes of input */
@@ -5151,17 +5153,17 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
     if (ss->ssl3.hs.sendingSCSV) {
 	/* Since we sent the SCSV, pretend we sent empty RI extension. */
 	TLSExtensionData *xtnData = &ss->xtnData;
 	xtnData->advertised[xtnData->numAdvertised++] = 
 	    ssl_renegotiation_info_xtn;
     }
 
     flags = 0;
-    if (!ss->firstHsDone && !requestingResume && !IS_DTLS(ss)) {
+    if (!ss->firstHsDone && !IS_DTLS(ss)) {
 	flags |= ssl_SEND_FLAG_CAP_RECORD_VERSION;
     }
     rv = ssl3_FlushHandshake(ss, flags);
     if (rv != SECSuccess) {
 	return rv;	/* error code set by ssl3_FlushHandshake */
     }
 
     ss->ssl3.hs.ws = wait_server_hello;