Use have_version in clamping TLS record-layer version to 1.0.

Match the DTLS code. Rather than sniffing the handshake state, use the
have_version bit.

Change-Id: I40e92f187647417c34b4cfdc3ad258f5562e781b
Reviewed-on: https://boringssl-review.googlesource.com/2588
Reviewed-by: Adam Langley <agl@google.com>

1 files changed, 11 insertions, 9 deletions

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index e3c9393..e980cdc 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -736,16 +736,18 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
 	*(p++)=type&0xff;
 	wr->type=type;
 
-	*(p++)=(s->version>>8);
-	/* Some servers hang if iniatial client hello is larger than 256
-	 * bytes and record version number > TLS 1.0
-	 */
-	if (s->state == SSL3_ST_CW_CLNT_HELLO_B
-				&& !s->renegotiate
-				&& TLS1_get_version(s) > TLS1_VERSION)
-		*(p++) = 0x1;
+	/* Some servers hang if initial ClientHello is larger than 256
+	 * bytes and record version number > TLS 1.0. */
+	if (!s->s3->have_version && s->version > SSL3_VERSION)
+		{
+		*(p++) = TLS1_VERSION >> 8;
+		*(p++) = TLS1_VERSION & 0xff;
+		}
 	else
-		*(p++)=s->version&0xff;
+		{
+		*(p++) = s->version >> 8;
+		*(p++) = s->version & 0xff;
+		}
 
 	/* field where we are to write out packet length */
 	plen=p;