From 8d066b2dcbaf6bb3738040c9e5223c52475b2487 Mon Sep 17 00:00:00 2001 From: bol-van Date: Tue, 20 Aug 2024 15:15:48 +0300 Subject: [PATCH] nfqws,tpws: allow client hello with version SSL 3.0 from very old libraries --- nfq/protocol.c | 2 +- tpws/protocol.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/nfq/protocol.c b/nfq/protocol.c index 8c6470c..b688980 100644 --- a/nfq/protocol.c +++ b/nfq/protocol.c @@ -177,7 +177,7 @@ bool IsTLSRecordFull(const uint8_t *data, size_t len) } bool IsTLSClientHello(const uint8_t *data, size_t len, bool bPartialIsOK) { - return len >= 6 && data[0] == 0x16 && data[1] == 0x03 && data[2] >= 0x01 && data[2] <= 0x03 && data[5] == 0x01 && (bPartialIsOK || TLSRecordLen(data) <= len); + return len >= 6 && data[0] == 0x16 && data[1] == 0x03 && data[2] <= 0x03 && data[5] == 0x01 && (bPartialIsOK || TLSRecordLen(data) <= len); } size_t TLSHandshakeLen(const uint8_t *data) diff --git a/tpws/protocol.c b/tpws/protocol.c index 9043dc1..0787064 100644 --- a/tpws/protocol.c +++ b/tpws/protocol.c @@ -178,7 +178,7 @@ bool IsTLSRecordFull(const uint8_t *data, size_t len) } bool IsTLSClientHello(const uint8_t *data, size_t len, bool bPartialIsOK) { - return len >= 6 && data[0] == 0x16 && data[1] == 0x03 && data[2] >= 0x01 && data[2] <= 0x03 && data[5] == 0x01 && (bPartialIsOK || TLSRecordLen(data) <= len); + return len >= 6 && data[0] == 0x16 && data[1] == 0x03 && data[2] <= 0x03 && data[5] == 0x01 && (bPartialIsOK || TLSRecordLen(data) <= len); } // bPartialIsOK=true - accept partial packets not containing the whole TLS message