nfqws,tpws: allow client hello with version SSL 3.0 from very old libraries

8 months ago · 8d066b2dcb
2 changed files with 2 additions and 2 deletions
--- a/nfq/protocol.c
+++ b/nfq/protocol.c
@ -177,7 +177,7 @@ bool IsTLSRecordFull(const uint8_t *data, size_t len)
 }
 bool IsTLSClientHello(const uint8_t *data, size_t len, bool bPartialIsOK)
 {
-	return len >= 6 && data[0] == 0x16 && data[1] == 0x03 && data[2] >= 0x01 && data[2] <= 0x03 && data[5] == 0x01 && (bPartialIsOK || TLSRecordLen(data) <= len);
+	return len >= 6 && data[0] == 0x16 && data[1] == 0x03 && data[2] <= 0x03 && data[5] == 0x01 && (bPartialIsOK || TLSRecordLen(data) <= len);
 }

 size_t TLSHandshakeLen(const uint8_t *data)
--- a/tpws/protocol.c
+++ b/tpws/protocol.c
@ -178,7 +178,7 @@ bool IsTLSRecordFull(const uint8_t *data, size_t len)
 }
 bool IsTLSClientHello(const uint8_t *data, size_t len, bool bPartialIsOK)
 {
-	return len >= 6 && data[0] == 0x16 && data[1] == 0x03 && data[2] >= 0x01 && data[2] <= 0x03 && data[5] == 0x01 && (bPartialIsOK || TLSRecordLen(data) <= len);
+	return len >= 6 && data[0] == 0x16 && data[1] == 0x03 && data[2] <= 0x03 && data[5] == 0x01 && (bPartialIsOK || TLSRecordLen(data) <= len);
 }

 // bPartialIsOK=true - accept partial packets not containing the whole TLS message