diff options
| author | Michael Brown <mcb30@ipxe.org> | 2022-11-09 14:01:15 +0000 |
|---|---|---|
| committer | Michael Brown <mcb30@ipxe.org> | 2022-11-09 14:49:42 +0000 |
| commit | 51ecc054906eb0b1738c9d5541c7c4dfc15ec5fe (patch) | |
| tree | e9e7681a23f0314607666a3135acc47e23ed7d08 | |
| parent | 54d83e92f0989ca612c82e1a22d3be205a04ead9 (diff) | |
| download | ipxe-51ecc054906eb0b1738c9d5541c7c4dfc15ec5fe.zip ipxe-51ecc054906eb0b1738c9d5541c7c4dfc15ec5fe.tar.gz ipxe-51ecc054906eb0b1738c9d5541c7c4dfc15ec5fe.tar.bz2 | |
[tls] Always send maximum supported version in ClientHello
Always send the maximum supported version in our ClientHello message,
even when performing renegotiation (in which case the current version
may already be lower than the maximum supported version).
This is permitted by the specification, and allows the ClientHello to
be reconstructed verbatim at the point of selecting the handshake
digest algorithm in tls_new_server_hello().
Signed-off-by: Michael Brown <mcb30@ipxe.org>
| -rw-r--r-- | src/net/tls.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/net/tls.c b/src/net/tls.c index 0e3e68b..af310a5 100644 --- a/src/net/tls.c +++ b/src/net/tls.c @@ -1134,7 +1134,7 @@ static int tls_send_client_hello ( struct tls_connection *tls ) { hello.type_length = ( cpu_to_le32 ( TLS_CLIENT_HELLO ) | htonl ( sizeof ( hello ) - sizeof ( hello.type_length ) ) ); - hello.version = htons ( tls->version ); + hello.version = htons ( TLS_VERSION_MAX ); memcpy ( &hello.random, &tls->client_random, sizeof ( hello.random ) ); hello.session_id_len = tls->session_id_len; memcpy ( hello.session_id, tls->session_id, |