narenas
/
opengnsys_ipxe
mirror of https://github.com/ipxe/ipxe.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[tls] Always send maximum supported version in ClientHello 

Always send the maximum supported version in our ClientHello message,
even when performing renegotiation (in which case the current version
may already be lower than the maximum supported version).

This is permitted by the specification, and allows the ClientHello to
be reconstructed verbatim at the point of selecting the handshake
digest algorithm in tls_new_server_hello().

Signed-off-by: Michael Brown <mcb30@ipxe.org>
pull/801/head
Michael Brown 2022-11-09 14:01:15 +00:00
parent 54d83e92f0
commit 51ecc05490
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/net/tls.c
View File

@ -1134,7 +1134,7 @@ static int tls_send_client_hello ( struct tls_connection *tls ) {
hello.type_length = ( cpu_to_le32 ( TLS_CLIENT_HELLO ) |
htonl ( sizeof ( hello ) -
sizeof ( hello.type_length ) ) );
hello.version = htons ( tls->version );
hello.version = htons ( TLS_VERSION_MAX );
memcpy ( &hello.random, &tls->client_random, sizeof ( hello.random ) );
hello.session_id_len = tls->session_id_len;
memcpy ( hello.session_id, tls->session_id,