net: don't send resumption ClientHello records with versions > 0x0301.

net/third_party/nss/ssl/ssl3con.c

 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
 /*
  * SSL3 Protocol
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */
 
@@ skipping 2852 matching lines @@
  *    all ciphertext into the pending ciphertext buffer.
  * ssl_SEND_FLAG_USE_EPOCH (for DTLS)
  *    Forces the use of the provided epoch
  * ssl_SEND_FLAG_CAP_RECORD_VERSION
  *    Caps the record layer version number of TLS ClientHello to { 3, 1 }
  *    (TLS 1.0). Some TLS 1.0 servers (which seem to use F5 BIG-IP) ignore 
  *    ClientHello.client_version and use the record layer version number
  *    (TLSPlaintext.version) instead when negotiating protocol versions. In
  *    addition, if the record layer version number of ClientHello is { 3, 2 }
  *    (TLS 1.1) or higher, these servers reset the TCP connections. Set this
  *    flag to work around such servers.

[wtc, 2013/10/07 17:55:39]

Please review this paragraph and make sure it is still accurate, given our new
understanding of this BIG-IP bug. We can do this in a separate CL.

I think this sentence:
  Some TLS 1.0 servers (which seem to use F5 BIG-IP) ignore
  ClientHello.client_version and use the record layer version
  number (TLSPlaintext.version) instead when negotiating
  protocol versions.
describes an older variant of this bug, if the server in this bug can do TLS
1.2.

  */
 PRInt32
 ssl3_SendRecord(   sslSocket *        ss,
                    DTLSEpoch          epoch, /* DTLS only */
                    SSL3ContentType    type,
                    const SSL3Opaque * pIn,   /* input buffer */
                    PRInt32            nIn,   /* bytes of input */
                    PRInt32            flags)
 {
     sslBuffer      *          wrBuf       = &ss->sec.writeBuf;
@@ skipping 2472 matching lines @@
         PORT_Assert(!maxBytes);
     } 
     if (ss->ssl3.hs.sendingSCSV) {
         /* Since we sent the SCSV, pretend we sent empty RI extension. */
         TLSExtensionData *xtnData = &ss->xtnData;
         xtnData->advertised[xtnData->numAdvertised++] = 
             ssl_renegotiation_info_xtn;
     }
 
     flags = 0;
-    if (!ss->firstHsDone && !requestingResume && !IS_DTLS(ss)) {
+    if (!ss->firstHsDone && !IS_DTLS(ss)) {

[wtc, 2013/10/07 17:55:39]

This change seems to imply that F5 BIG-IP does not terminate the SSL connection,
and that the destination server supports TLS 1.2.

         flags |= ssl_SEND_FLAG_CAP_RECORD_VERSION;
     }
     rv = ssl3_FlushHandshake(ss, flags);
     if (rv != SECSuccess) {
         return rv;      /* error code set by ssl3_FlushHandshake */
     }
 
     ss->ssl3.hs.ws = wait_server_hello;
     return rv;
 }
@@ skipping 7091 matching lines @@
             PORT_Free(ss->ssl3.hs.recvdFragments.buf);
         }
     }
 
     ss->ssl3.initialized = PR_FALSE;
 
     SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);
 }
 
 /* End of ssl3con.c */