openssl/ssl/s3_srvr.c

53  * The licence and distribution terms for any publically available version or
267             if ((s->version >> 8) != 3) {
1003      * 2 bytes for client version, SSL3_RANDOM_SIZE bytes for random, 1 byte
1013      * use version from inside client hello, not from record header (may
1019     if ((s->version == DTLS1_VERSION && s->client_version > s->version) ||
1020         (s->version != DTLS1_VERSION && s->client_version < s->version)) {
1025              * similar to ssl3_get_record, send alert using remote version
1028             s->version = s->client_version;
1088          * Only resume if the session's version matches the negotiated
1089          * version.
1091          * with a different protocol version. It doesn't forbid it but
1093          * In practice, clients do not accept a version mismatch and
1096         if (i == 1 && s->version == s->session->ssl_version) { /* previous
1110     if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) {
1266     if (s->version >= SSL3_VERSION) {
1293     if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb) {
1481      * ssl version is set   - sslv3
1488     if (s->version >= SSL3_VERSION) {
1528         *(p++) = s->version >> 8;
1529         *(p++) = s->version & 0xff;
2245         if (s->version > SSL3_VERSION && s->version != DTLS1_BAD_VER) {
2299          * If the version in the decrypted pre-master secret is correct then
2302          * (http://eprint.iacr.org/2003/052/) exploits the version number
2303          * check as a "bad version oracle". Thus version checks are done in
2312          * The premaster secret must contain the same version number as the
2313          * ClientHello to detect version rollback attacks (strangely, the
2316          * version instead if the server does not support the requested
2317          * protocol version. If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such
2323                 constant_time_eq_8(p[0], (unsigned)(s->version >> 8));
2325                 constant_time_eq_8(p[1], (unsigned)(s->version & 0xff));
2330          * Both decryption and version must be good for decrypt_good to
2555              * The premaster secret must contain the same version number as
2556              * the ClientHello to detect version rollback attacks (strangely,
2559              * bytes instead of the protocol version. If
3192         if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request) {
3257         if (s->version == SSL3_VERSION) {