- Added ssl_set_max_version() to set the client's maximum sent version number

ChangeLog

@@ -5,6 +5,9 @@ Features
    * Added ssl_session_reset() to allow better multi-connection pools of
      SSL contexts without needing to set all non-connection-specific
 	 data and pointers again. Adapted ssl_server to use this functionality.
+   * Added ssl_set_max_version() to allow clients to offer a lower maximum
+     supported version to a server to help buggy server implementations.
+	 (Closes ticket #36)
 
 = Version 1.0.0 released on 2011-07-27
 Features

include/polarssl/ssl.h

@@ -564,6 +564,16 @@ int ssl_set_dh_param_ctx( ssl_context *ssl, dhm_context *dhm_ctx );
  */
 int ssl_set_hostname( ssl_context *ssl, const char *hostname );
 
+/**
+ * \brief          Set the maximum supported version sent from the client side
+ * 
+ * \param ssl      SSL context
+ * \param major    Major version number (only SSL_MAJOR_VERSION_3 supported)
+ * \param minor    Minor version number (SSL_MINOR_VERSION_0,
+ *                 SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2 supported)
+ */
+void ssl_set_max_version( ssl_context *ssl, int major, int minor );
+
 /**
  * \brief          Return the number of data bytes available to read
  *

library/ssl_cli.c

@@ -51,8 +51,11 @@ static int ssl_write_client_hello( ssl_context *ssl )
     ssl->major_ver = SSL_MAJOR_VERSION_3;
     ssl->minor_ver = SSL_MINOR_VERSION_0;
 
-    ssl->max_major_ver = SSL_MAJOR_VERSION_3;
+    if( ssl->max_major_ver == 0 && ssl->max_minor_ver == 0 )
-    ssl->max_minor_ver = SSL_MINOR_VERSION_2;
+    {
+        ssl->max_major_ver = SSL_MAJOR_VERSION_3;
+        ssl->max_minor_ver = SSL_MINOR_VERSION_2;
+    }
 
     /*
      *     0  .   0   handshake type

library/ssl_tls.c

@@ -1920,6 +1920,12 @@ int ssl_set_hostname( ssl_context *ssl, const char *hostname )
     return( 0 );
 }
 
+void ssl_set_max_version( ssl_context *ssl, int major, int minor )
+{
+    ssl->max_major_ver = major;
+    ssl->max_minor_ver = minor;
+}
+
 /*
  * SSL get accessors
  */