ssl: Avoid SSL/TLS hello format confusion

Valid SSL 3.0 or TLS hellos might accidentally match SSL 2.0 format
(and sometimes the other way around before inspecting data)
so we need to match SSL 3.0 and TLS first and only match SSL 2.0
hellos when flag to support it is set.

1 files changed, 9 insertions, 0 deletions

diff --git a/lib/ssl/test/ssl_handshake_SUITE.erl b/lib/ssl/test/ssl_handshake_SUITE.erl
index 74b14145dd..0a50c98a28 100644
--- a/lib/ssl/test/ssl_handshake_SUITE.erl
+++ b/lib/ssl/test/ssl_handshake_SUITE.erl
@@ -33,6 +33,7 @@
 %% Common Test interface functions -----------------------------------
 %%--------------------------------------------------------------------
 all() -> [decode_hello_handshake,
+          decode_hello_handshake_version_confusion,
 	  decode_single_hello_extension_correctly,
 	  decode_supported_elliptic_curves_hello_extension_correctly,
 	  decode_unknown_hello_extension_correctly,
@@ -106,6 +107,14 @@ decode_hello_handshake(_Config) ->
     #renegotiation_info{renegotiated_connection = <<0>>}
 	= (Hello#server_hello.extensions)#hello_extensions.renegotiation_info.
 
+
+decode_hello_handshake_version_confusion(_) -> 
+    HelloPacket = <<3,3,0,0,0,0,0,63,210,235,149,6,244,140,108,13,177,74,16,218,33,108,219,41,73,228,3,82,132,123,73,144,118,100,0,0,32,192,4,0,10,192,45,192,38,0,47,192,18,0,163,0,22,0,165,192,29,192,18,192,30,0,103,0,57,192,48,0,47,1,0>>,
+    Version = {3,3},
+    ClientHello = 1, 
+    Hello = tls_handshake:decode_handshake({3,3}, ClientHello, HelloPacket, false),
+    Hello = tls_handshake:decode_handshake({3,3}, ClientHello, HelloPacket, true).
+
 decode_single_hello_extension_correctly(_Config) -> 
     Renegotiation = <<?UINT16(?RENEGOTIATION_EXT), ?UINT16(1), 0>>,
     Extensions = ssl_handshake:decode_hello_extensions(Renegotiation),