1 files changed, 6 insertions, 6 deletions

diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index b1efcbb857..5d6428a4e0 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -1548,24 +1548,24 @@ server_certify_and_key_exchange(State0, Connection) ->
 
 certify_client_key_exchange(#encrypted_premaster_secret{premaster_secret= EncPMS},
 			    #state{private_key = Key, client_hello_version = {Major, Minor} = Version} = State, Connection) ->
-
+    FakeSecret = make_premaster_secret(Version, rsa),
     %% Countermeasure for Bleichenbacher attack always provide some kind of premaster secret
     %% and fail handshake later.RFC 5246 section 7.4.7.1.
     PremasterSecret =
         try ssl_handshake:premaster_secret(EncPMS, Key) of
             Secret when erlang:byte_size(Secret) == ?NUM_OF_PREMASTERSECRET_BYTES ->
                 case Secret of
-                    <<?BYTE(Major), ?BYTE(Minor), _/binary>> -> %% Correct
-                        Secret;
+                    <<?BYTE(Major), ?BYTE(Minor), Rest/binary>> -> %% Correct
+                        <<?BYTE(Major), ?BYTE(Minor), Rest/binary>>;
                     <<?BYTE(_), ?BYTE(_), Rest/binary>> -> %% Version mismatch
                         <<?BYTE(Major), ?BYTE(Minor), Rest/binary>>
                 end;
             _ -> %% erlang:byte_size(Secret) =/= ?NUM_OF_PREMASTERSECRET_BYTES
-                make_premaster_secret(Version, rsa)
+                FakeSecret
         catch 
             #alert{description = ?DECRYPT_ERROR} ->
-                make_premaster_secret(Version, rsa)     
-        end,        
+                FakeSecret
+        end,    
     calculate_master_secret(PremasterSecret, State, Connection, certify, cipher);
 certify_client_key_exchange(#client_diffie_hellman_public{dh_public = ClientPublicDhKey},
 			    #state{diffie_hellman_params = #'DHParameter'{} = Params,