9 files changed, 131 insertions, 99 deletions
diff --git a/lib/ssl/src/ssl.app.src b/lib/ssl/src/ssl.app.src
index 1a2bf90ccf..937a3b1bd1 100644
--- a/lib/ssl/src/ssl.app.src
+++ b/lib/ssl/src/ssl.app.src
@@ -54,7 +54,7 @@
     {applications, [crypto, public_key, kernel, stdlib]},
     {env, []},
     {mod, {ssl_app, []}},
-    {runtime_dependencies, ["stdlib-2.0","public_key-1.0","kernel-3.0",
+    {runtime_dependencies, ["stdlib-3.0","public_key-1.0","kernel-3.0",
 			    "erts-7.0","crypto-3.3", "inets-5.10.7"]}]}.
 
 
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index 33d5c1c6d6..0058e5ec9a 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -732,7 +732,8 @@ handle_options(Opts0, Role) ->
 										     false, Role)),
 					     client, Role),
 		    crl_check = handle_option(crl_check, Opts, false),
-		    crl_cache = handle_option(crl_cache, Opts, {ssl_crl_cache, {internal, []}})
+		    crl_cache = handle_option(crl_cache, Opts, {ssl_crl_cache, {internal, []}}),
+		    v2_hello_compatible = handle_option(v2_hello_compatible, Opts, false)
 		   },
 
     CbInfo  = proplists:get_value(cb_info, Opts, {gen_tcp, tcp, tcp_closed, tcp_error}),
@@ -747,7 +748,7 @@ handle_options(Opts0, Role) ->
 		  alpn_preferred_protocols, next_protocols_advertised,
 		  client_preferred_next_protocols, log_alert,
 		  server_name_indication, honor_cipher_order, padding_check, crl_check, crl_cache,
-		  fallback, signature_algs, beast_mitigation],
+		  fallback, signature_algs, beast_mitigation, v2_hello_compatible],
 
     SockOpts = lists:foldl(fun(Key, PropList) ->
 				   proplists:delete(Key, PropList)
@@ -991,6 +992,8 @@ validate_option(beast_mitigation, Value) when Value == one_n_minus_one orelse
                                               Value == zero_n orelse
                                               Value == disabled ->
   Value;
+validate_option(v2_hello_compatible, Value) when is_boolean(Value)  ->
+    Value;
 validate_option(Opt, Value) ->
     throw({error, {options, {Opt, Value}}}).
 
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index 22d107ff9c..90e0810241 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -465,6 +465,14 @@ certify(internal, #certificate{asn1_certificates = []},
 	Connection:next_record(State0#state{client_certificate_requested = false}),
     Connection:next_event(certify, Record, State);
 
+certify(internal, #certificate{},
+	#state{role = server,
+	       negotiated_version = Version,
+	       ssl_options = #ssl_options{verify = verify_none}} =
+	    State, Connection) ->
+    Alert =  ?ALERT_REC(?FATAL,?UNEXPECTED_MESSAGE, unrequested_certificate),
+    Connection:handle_own_alert(Alert, Version, certify, State);
+
 certify(internal, #certificate{} = Cert,
         #state{negotiated_version = Version,
 	       role = Role,
@@ -786,12 +794,24 @@ downgrade(Type, Event, State, Connection) ->
 %% Event handling functions called by state functions to handle
 %% common or unexpected events for the state.
 %%--------------------------------------------------------------------
+handle_common_event(internal, {handshake, {#hello_request{} = Handshake, _}}, connection = StateName,  
+		    #state{role = client} = State, _) ->
+    %% Should not be included in handshake history
+    {next_state, StateName, State#state{renegotiation = {true, peer}}, [{next_event, internal, Handshake}]};
+handle_common_event(internal, {handshake, {#hello_request{}, _}}, StateName, #state{role = client}, _) 
+  when StateName =/= connection ->
+    {keep_state_and_data};
+handle_common_event(internal, {handshake, {Handshake, Raw}}, StateName, 
+		    #state{tls_handshake_history = Hs0} = State0, Connection) ->
+    %% This function handles client SNI hello extension when Handshake is
+    %% a client_hello, which needs to be determined by the connection callback.
+    %% In other cases this is a noop
+    State = Connection:handle_sni_extension(Handshake, State0),
+    HsHist = ssl_handshake:update_handshake_history(Hs0, Raw),
+    {next_state, StateName, State#state{tls_handshake_history = HsHist}, 
+     [{next_event, internal, Handshake}]};
 handle_common_event(internal, {tls_record, TLSRecord}, StateName, State, Connection) -> 
     Connection:handle_common_event(internal, TLSRecord, StateName, State);
-handle_common_event(internal, #hello_request{}, StateName, #state{role = client} = State0, Connection)
-  when StateName =:= connection ->
-    {Record, State} = Connection:next_record(State0),
-    Connection:next_event(StateName, Record, State);
 handle_common_event(timeout, hibernate, _, _, _) ->
     {keep_state_and_data, [hibernate]};
 handle_common_event(internal, {application_data, Data}, StateName, State0, Connection) ->
diff --git a/lib/ssl/src/ssl_handshake.hrl b/lib/ssl/src/ssl_handshake.hrl
index e7b118de10..fde92035a2 100644
--- a/lib/ssl/src/ssl_handshake.hrl
+++ b/lib/ssl/src/ssl_handshake.hrl
@@ -53,7 +53,8 @@
 -define(NUM_OF_SESSION_ID_BYTES, 32).  % TSL 1.1 & SSL 3
 -define(NUM_OF_PREMASTERSECRET_BYTES, 48).
 -define(DEFAULT_DIFFIE_HELLMAN_GENERATOR, 2).
--define(DEFAULT_DIFFIE_HELLMAN_PRIME,  16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF).
+-define(DEFAULT_DIFFIE_HELLMAN_PRIME,
+	16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%% Handsake protocol - RFC 4346 section 7.4
diff --git a/lib/ssl/src/ssl_internal.hrl b/lib/ssl/src/ssl_internal.hrl
index dddcbdeeda..c19c1787ff 100644
--- a/lib/ssl/src/ssl_internal.hrl
+++ b/lib/ssl/src/ssl_internal.hrl
@@ -139,7 +139,8 @@
 	  fallback = false           :: boolean(),
 	  crl_check                  :: boolean() | peer | best_effort, 
 	  crl_cache,
-	  signature_algs
+	  signature_algs,
+	  v2_hello_compatible        :: boolean()
 	  }).
 
 -record(socket_options,
diff --git a/lib/ssl/src/ssl_manager.erl b/lib/ssl/src/ssl_manager.erl
index 60b4fbe995..c7dcbaabe9 100644
--- a/lib/ssl/src/ssl_manager.erl
+++ b/lib/ssl/src/ssl_manager.erl
@@ -67,6 +67,7 @@
 -define(CLEAN_SESSION_DB, 60000).
 -define(CLEAN_CERT_DB, 500).
 -define(DEFAULT_MAX_SESSION_CACHE, 1000).
+-define(LOAD_MITIGATION, 10).
 
 %%====================================================================
 %% API
@@ -196,10 +197,12 @@ register_session(Port, Session) ->
 %%--------------------------------------------------------------------
 -spec invalidate_session(host(), inet:port_number(), #session{}) -> ok.
 invalidate_session(Host, Port, Session) ->
+    load_mitigation(),
     cast({invalidate_session, Host, Port, Session}).
 
 -spec invalidate_session(inet:port_number(), #session{}) -> ok.
 invalidate_session(Port, Session) ->
+    load_mitigation(),
     cast({invalidate_session, Port, Session}).
 
 -spec invalidate_pem(File::binary()) -> ok.
@@ -719,3 +722,11 @@ invalidate_session_cache(undefined, CacheCb, Cache) ->
     start_session_validator(Cache, CacheCb, {invalidate_before, erlang:monotonic_time()}, undefined);
 invalidate_session_cache(Pid, _CacheCb, _Cache) ->
     Pid.
+
+load_mitigation() ->
+    MSec = rand:uniform(?LOAD_MITIGATION),
+    receive 
+    after 
+	MSec ->
+	    continue
+    end.
diff --git a/lib/ssl/src/ssl_tls_dist_proxy.erl b/lib/ssl/src/ssl_tls_dist_proxy.erl
index 2e308a15b7..a920f54ed2 100644
--- a/lib/ssl/src/ssl_tls_dist_proxy.erl
+++ b/lib/ssl/src/ssl_tls_dist_proxy.erl
@@ -402,6 +402,18 @@ ssl_options(server, ["server_verify", Value|T]) ->
     [{verify, atomize(Value)} | ssl_options(server,T)];
 ssl_options(client, ["client_verify", Value|T]) ->
     [{verify, atomize(Value)} | ssl_options(client,T)];
+ssl_options(server, ["server_verify_fun", Value|T]) ->
+    [{verify_fun, verify_fun(Value)} | ssl_options(server,T)];
+ssl_options(client, ["client_verify_fun", Value|T]) ->
+    [{verify_fun, verify_fun(Value)} | ssl_options(client,T)];
+ssl_options(server, ["server_crl_check", Value|T]) ->
+    [{crl_check, atomize(Value)} | ssl_options(server,T)];
+ssl_options(client, ["client_crl_check", Value|T]) ->
+    [{crl_check, atomize(Value)} | ssl_options(client,T)];
+ssl_options(server, ["server_crl_cache", Value|T]) ->
+    [{crl_cache, termify(Value)} | ssl_options(server,T)];
+ssl_options(client, ["client_crl_cache", Value|T]) ->
+    [{crl_cache, termify(Value)} | ssl_options(client,T)];
 ssl_options(server, ["server_reuse_sessions", Value|T]) ->
     [{reuse_sessions, atomize(Value)} | ssl_options(server,T)];
 ssl_options(client, ["client_reuse_sessions", Value|T]) ->
@@ -426,14 +438,28 @@ ssl_options(server, ["server_dhfile", Value|T]) ->
     [{dhfile, Value} | ssl_options(server,T)];
 ssl_options(server, ["server_fail_if_no_peer_cert", Value|T]) ->
     [{fail_if_no_peer_cert, atomize(Value)} | ssl_options(server,T)];
-ssl_options(_,_) ->
-    exit(malformed_ssl_dist_opt).
+ssl_options(Type, Opts) ->
+    error(malformed_ssl_dist_opt, [Type, Opts]).
 
 atomize(List) when is_list(List) ->
     list_to_atom(List);
 atomize(Atom) when is_atom(Atom) ->
     Atom.
 
+termify(String) when is_list(String) ->
+    {ok, Tokens, _} = erl_scan:string(String ++ "."),
+    {ok, Term} = erl_parse:parse_term(Tokens),
+    Term.
+
+verify_fun(Value) ->
+    case termify(Value) of
+	{Mod, Func, State} when is_atom(Mod), is_atom(Func) ->
+	    Fun = fun Mod:Func/3,
+	    {Fun, State};
+	_ ->
+	    error(malformed_ssl_dist_opt, [Value])
+    end.
+
 flush_old_controller(Pid, Socket) ->
     receive
 	{tcp, Socket, Data} ->
diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl
index 91903b4a1f..eaf2dd002d 100644
--- a/lib/ssl/src/tls_connection.erl
+++ b/lib/ssl/src/tls_connection.erl
@@ -50,7 +50,7 @@
 
 %% Handshake handling
 -export([renegotiate/2, send_handshake/2, send_change_cipher/2,
-	reinit_handshake_data/1]).
+	reinit_handshake_data/1, handle_sni_extension/2]).
 
 %% Alert and close handling
 -export([send_alert/2, handle_own_alert/4, handle_close_alert/3,
@@ -228,16 +228,16 @@ error(_, _, _) ->
 		   gen_statem:state_function_result().
 %%--------------------------------------------------------------------
 hello(internal, #client_hello{client_version = ClientVersion,
-			      extensions = #hello_extensions{ec_point_formats = EcPointFormats,
-							     elliptic_curves = EllipticCurves}} = Hello,
-      State = #state{connection_states = ConnectionStates0,
-		     port = Port, session = #session{own_certificate = Cert} = Session0,
-		     renegotiation = {Renegotiation, _},
-		     session_cache = Cache,
-		     session_cache_cb = CacheCb,
-		     negotiated_protocol = CurrentProtocol,
-		     key_algorithm = KeyExAlg,
-		     ssl_options = SslOpts}) ->
+			       extensions = #hello_extensions{ec_point_formats = EcPointFormats,
+							      elliptic_curves = EllipticCurves}} = Hello,
+      #state{connection_states = ConnectionStates0,
+	     port = Port, session = #session{own_certificate = Cert} = Session0,
+	     renegotiation = {Renegotiation, _},
+	     session_cache = Cache,
+	     session_cache_cb = CacheCb,
+	     negotiated_protocol = CurrentProtocol,
+	     key_algorithm = KeyExAlg,
+	     ssl_options = SslOpts} = State) ->
 
     case tls_handshake:hello(Hello, SslOpts, {Port, Session0, Cache, CacheCb,
 					      ConnectionStates0, Cert, KeyExAlg}, Renegotiation) of
@@ -311,7 +311,7 @@ cipher(Type, Event, State) ->
 connection(info, Event, State) ->
     handle_info(Event, connection, State);
 connection(internal, #hello_request{},
-	   #state{host = Host, port = Port,
+	   #state{role = client, host = Host, port = Port,
 		  session = #session{own_certificate = Cert} = Session0,
 		  session_cache = Cache, session_cache_cb = CacheCb,
 		  ssl_options = SslOpts,
@@ -326,14 +326,16 @@ connection(internal, #hello_request{},
 						  = Hello#client_hello.session_id}}),
     next_event(hello, Record, State);
 connection(internal, #client_hello{} = Hello, 
-	   #state{role = server, allow_renegotiate = true} = State) ->
+	   #state{role = server, allow_renegotiate = true} = State0) ->
     %% Mitigate Computational DoS attack
     %% http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html
     %% http://www.thc.org/thc-ssl-dos/ Rather than disabling client
     %% initiated renegotiation we will disallow many client initiated
     %% renegotiations immediately after each other.
     erlang:send_after(?WAIT_TO_ALLOW_RENEGOTIATION, self(), allow_renegotiate),
-    {next_state, hello, State#state{allow_renegotiate = false}, [{next_event, internal, Hello}]};
+    {Record, State} = next_record(State0#state{allow_renegotiate = false,
+					       renegotiation = {true, peer}}),
+    next_event(hello, Record, State,  [{next_event, internal, Hello}]);
 connection(internal, #client_hello{}, 
 	   #state{role = server, allow_renegotiate = false} = State0) ->
     Alert = ?ALERT_REC(?WARNING, ?NO_RENEGOTIATION),
@@ -397,40 +399,14 @@ handle_common_event(internal, #alert{} = Alert, StateName,
 handle_common_event(internal,  #ssl_tls{type = ?HANDSHAKE, fragment = Data}, 
 		    StateName, #state{protocol_buffers =
 					  #protocol_buffers{tls_handshake_buffer = Buf0} = Buffers,
-				      negotiated_version = Version} = State0) ->
-    
-    Handle = 
-   	fun({#hello_request{} = Packet, _}, {connection, HState}) ->
-   		%% This message should not be included in handshake
-   		%% message hashes. Starts new handshake (renegotiation)
-		Hs0 = ssl_handshake:init_handshake_history(),
-		{HState#state{tls_handshake_history = Hs0,
-			      renegotiation = {true, peer}}, 
-		 {next_event, internal, Packet}};
-   	   ({#hello_request{}, _}, {next_state, _SName, HState}) ->
-   		%% This message should not be included in handshake
-   		%% message hashes. Already in negotiation so it will be ignored!
-		{HState, []};
-	   ({#client_hello{} = Packet, Raw}, {connection, HState0}) ->
-		HState = handle_sni_extension(Packet, HState0),
-		Version = Packet#client_hello.client_version,
-		Hs0 = ssl_handshake:init_handshake_history(),
-		Hs1 = ssl_handshake:update_handshake_history(Hs0, Raw),
-		{HState#state{tls_handshake_history = Hs1,
-			      renegotiation = {true, peer}}, 
-		 {next_event, internal, Packet}};
-	   
-	   ({Packet, Raw}, {_SName, HState0 = #state{tls_handshake_history=Hs0}}) ->
-		HState = handle_sni_extension(Packet, HState0),
-		Hs1 = ssl_handshake:update_handshake_history(Hs0, Raw),
-		{HState#state{tls_handshake_history=Hs1}, {next_event, internal, Packet}}
-   	end,
+				      negotiated_version = Version,
+				      ssl_options = Options} = State0) ->
     try
-	{Packets, Buf} = tls_handshake:get_tls_handshake(Version,Data,Buf0),
-	State1 = State0#state{protocol_buffers =
-				  Buffers#protocol_buffers{tls_packets = Packets,
-							   tls_handshake_buffer = Buf}},
-	{State, Events} = tls_handshake_events(Handle, StateName, State1, []),
+	{Packets, Buf} = tls_handshake:get_tls_handshake(Version,Data,Buf0, Options),
+	State =
+	    State0#state{protocol_buffers =
+			     Buffers#protocol_buffers{tls_handshake_buffer = Buf}},
+	Events = tls_handshake_events(Packets),
 	case StateName of
 	    connection ->
 		ssl_connection:hibernate_after(StateName, State, Events);
@@ -779,24 +755,12 @@ send_or_reply(_, Pid, _From, Data) ->
 send_user(Pid, Msg) ->
     Pid ! Msg.
 
-tls_handshake_events(Handle, StateName,
-  		     #state{protocol_buffers =
-  				#protocol_buffers{tls_packets = [Packet]} = Buffers} = State0, Acc) ->
-    {State, Event} = Handle(Packet, {StateName, 
-				     State0#state{protocol_buffers =
-						      Buffers#protocol_buffers{tls_packets = []}}}),
-    {State, lists:reverse([Event |Acc])};
-tls_handshake_events(Handle, StateName,
- 		     #state{protocol_buffers =
- 				#protocol_buffers{tls_packets = 
-						      [Packet | Packets]} = Buffers} = State0, Acc) ->    
-    {State, Event} = Handle(Packet, {StateName, State0#state{protocol_buffers =
-								 Buffers#protocol_buffers{tls_packets =
-											      Packets}}}),
-    tls_handshake_events(Handle, StateName, State, [Event | Acc]);
-
-tls_handshake_events(_Handle, _, #state{}, _) ->
-     throw(?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE)).
+tls_handshake_events([]) ->
+    throw(?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE, malformed_handshake));
+tls_handshake_events(Packets) ->
+    lists:map(fun(Packet) ->
+		      {next_event, internal, {handshake, Packet}}
+	      end, Packets).
 
 write_application_data(Data0, From, 
 		       #state{socket = Socket,
@@ -1065,5 +1029,5 @@ handle_sni_extension(#client_hello{extensions = HelloExtensions}, State0) ->
 		     }
 	    end
     end;
-handle_sni_extension(_, State0) ->
-    State0.
+handle_sni_extension(_, State) ->
+    State.
diff --git a/lib/ssl/src/tls_handshake.erl b/lib/ssl/src/tls_handshake.erl
index 871eb970eb..397f963ad5 100644
--- a/lib/ssl/src/tls_handshake.erl
+++ b/lib/ssl/src/tls_handshake.erl
@@ -33,7 +33,7 @@
 -include_lib("public_key/include/public_key.hrl").
 
 -export([client_hello/8, hello/4,
-	 get_tls_handshake/3, encode_handshake/2, decode_handshake/3]).
+	 get_tls_handshake/4, encode_handshake/2, decode_handshake/4]).
 
 -type tls_handshake() :: #client_hello{} | ssl_handshake:ssl_handshake().
 
@@ -133,17 +133,17 @@ encode_handshake(Package, Version) ->
     [MsgType, ?uint24(Len), Bin].
 
 %%--------------------------------------------------------------------
--spec get_tls_handshake(tls_record:tls_version(), binary(), binary() | iolist()) ->
+-spec get_tls_handshake(tls_record:tls_version(), binary(), binary() | iolist(), #ssl_options{}) ->
      {[tls_handshake()], binary()}.
 %%
 %% Description: Given buffered and new data from ssl_record, collects
 %% and returns it as a list of handshake messages, also returns leftover
 %% data.
 %%--------------------------------------------------------------------
-get_tls_handshake(Version, Data, <<>>) ->
-    get_tls_handshake_aux(Version, Data, []);
-get_tls_handshake(Version, Data, Buffer) ->
-    get_tls_handshake_aux(Version, list_to_binary([Buffer, Data]), []).
+get_tls_handshake(Version, Data, <<>>, Options) ->
+    get_tls_handshake_aux(Version, Data, Options, []);
+get_tls_handshake(Version, Data, Buffer, Options) ->
+    get_tls_handshake_aux(Version, list_to_binary([Buffer, Data]), Options, []).
 
 %%--------------------------------------------------------------------
 %%% Internal functions
@@ -184,24 +184,24 @@ handle_client_hello(Version, #client_hello{session_id = SugesstedId,
     end.
 
 get_tls_handshake_aux(Version, <<?BYTE(Type), ?UINT24(Length),
-			Body:Length/binary,Rest/binary>>, Acc) ->
+				 Body:Length/binary,Rest/binary>>, #ssl_options{v2_hello_compatible = V2Hello} = Opts,  Acc) ->
     Raw = <<?BYTE(Type), ?UINT24(Length), Body/binary>>,
-    Handshake = decode_handshake(Version, Type, Body),
-    get_tls_handshake_aux(Version, Rest, [{Handshake,Raw} | Acc]);
-get_tls_handshake_aux(_Version, Data, Acc) ->
+    Handshake = decode_handshake(Version, Type, Body, V2Hello),
+    get_tls_handshake_aux(Version, Rest, Opts, [{Handshake,Raw} | Acc]);
+get_tls_handshake_aux(_Version, Data, _, Acc) ->
     {lists:reverse(Acc), Data}.
 
-decode_handshake(_, ?HELLO_REQUEST, <<>>) ->
+decode_handshake(_, ?HELLO_REQUEST, <<>>, _) ->
     #hello_request{};
 
 %% Client hello v2.
 %% The server must be able to receive such messages, from clients that
 %% are willing to use ssl v3 or higher, but have ssl v2 compatibility.
 decode_handshake(_Version, ?CLIENT_HELLO, <<?BYTE(Major), ?BYTE(Minor),
-				  ?UINT16(CSLength), ?UINT16(0),
-				  ?UINT16(CDLength),
-				  CipherSuites:CSLength/binary,
-				  ChallengeData:CDLength/binary>>) ->
+					    ?UINT16(CSLength), ?UINT16(0),
+					    ?UINT16(CDLength),
+					    CipherSuites:CSLength/binary,
+					    ChallengeData:CDLength/binary>>, true) ->
     #client_hello{client_version = {Major, Minor},
 		  random = ssl_v2:client_random(ChallengeData, CDLength),
 		  session_id = 0,
@@ -209,12 +209,18 @@ decode_handshake(_Version, ?CLIENT_HELLO, <<?BYTE(Major), ?BYTE(Minor),
 		  compression_methods = [?NULL],
 		  extensions = #hello_extensions{}
 		 };
+decode_handshake(_Version, ?CLIENT_HELLO, <<?BYTE(_), ?BYTE(_),
+					    ?UINT16(CSLength), ?UINT16(0),
+					    ?UINT16(CDLength),
+					    _CipherSuites:CSLength/binary,
+					    _ChallengeData:CDLength/binary>>, false) ->
+    throw(?ALERT_REC(?FATAL, ?PROTOCOL_VERSION, ssl_v2_client_hello_no_supported));
 decode_handshake(_Version, ?CLIENT_HELLO, <<?BYTE(Major), ?BYTE(Minor), Random:32/binary,
-		       ?BYTE(SID_length), Session_ID:SID_length/binary,
-		       ?UINT16(Cs_length), CipherSuites:Cs_length/binary,
-		       ?BYTE(Cm_length), Comp_methods:Cm_length/binary,
-		       Extensions/binary>>) ->
-
+					    ?BYTE(SID_length), Session_ID:SID_length/binary,
+					    ?UINT16(Cs_length), CipherSuites:Cs_length/binary,
+					    ?BYTE(Cm_length), Comp_methods:Cm_length/binary,
+					    Extensions/binary>>, _) ->
+    
     DecodedExtensions = ssl_handshake:decode_hello_extensions({client, Extensions}),
 
     #client_hello{
@@ -226,7 +232,7 @@ decode_handshake(_Version, ?CLIENT_HELLO, <<?BYTE(Major), ?BYTE(Minor), Random:3
        extensions = DecodedExtensions
       };
 
-decode_handshake(Version, Tag, Msg) ->
+decode_handshake(Version, Tag, Msg, _) ->
     ssl_handshake:decode_handshake(Version, Tag, Msg).
 
 enc_handshake(#hello_request{}, _Version) ->