OLD | NEW |
| (Empty) |
1 diff --git a/lib/ssl/ssl3ext.c b/lib/ssl/ssl3ext.c | |
2 index 2ffe77b..3b48c9e 100644 | |
3 --- a/lib/ssl/ssl3ext.c | |
4 +++ b/lib/ssl/ssl3ext.c | |
5 @@ -336,10 +336,14 @@ static const ssl3HelloExtensionSender clientHelloSendersTL
S[SSL_MAX_EXTENSIONS] | |
6 { ssl_use_srtp_xtn, &ssl3_ClientSendUseSRTPXtn }, | |
7 { ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn }, | |
8 { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, | |
9 - { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }, | |
10 { ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn }, | |
11 { ssl_signed_cert_timestamp_xtn, &ssl3_ClientSendSignedCertTimestampXtn }
, | |
12 { ssl_tls13_key_share_xtn, &tls13_ClientSendKeyShareXtn }, | |
13 + /* Some servers (e.g. WebSphere Application Server 7.0 and Tomcat) will | |
14 + * time out or terminate the connection if the last extension in the | |
15 + * client hello is empty. They are not intolerant of TLS 1.2, so list | |
16 + * signature_algorithms at the end. See bug 1243641. */ | |
17 + { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }, | |
18 /* any extra entries will appear as { 0, NULL } */ | |
19 }; | |
20 | |
21 @@ -2690,9 +2694,11 @@ ssl3_CalculatePaddingExtensionLength(unsigned int clientH
elloLength) | |
22 } | |
23 | |
24 extensionLength = 512 - recordLength; | |
25 - /* Extensions take at least four bytes to encode. */ | |
26 - if (extensionLength < 4) { | |
27 - extensionLength = 4; | |
28 + /* Extensions take at least four bytes to encode. Always include at least | |
29 + * one byte of data if including the extension. WebSphere Application | |
30 + * Server 7.0 is intolerant to the last extension being zero-length. */ | |
31 + if (extensionLength < 4 + 1) { | |
32 + extensionLength = 4 + 1; | |
33 } | |
34 | |
35 return extensionLength; | |
OLD | NEW |