From 7ef8905652aa9dcf78e015261c6423b664a2ca1b Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Fri, 8 Jul 2016 16:44:14 +0200
Subject: ssl, dtls: Disable V2 compatibility clause from
 ssl_handshake:update_handshake_history

This proably a much bigger problem for DTLS than TLS, but should be
disabled for both unless explicitly configured for TLS.
---
 lib/ssl/src/dtls_connection.erl | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'lib/ssl/src/dtls_connection.erl')

diff --git a/lib/ssl/src/dtls_connection.erl b/lib/ssl/src/dtls_connection.erl
index 559eafbfec..5ff3b8b86b 100644
--- a/lib/ssl/src/dtls_connection.erl
+++ b/lib/ssl/src/dtls_connection.erl
@@ -397,7 +397,9 @@ format_status(Type, Data) ->
 encode_handshake(Handshake, Version, ConnectionStates0, Hist0) ->
     {Seq, ConnectionStates} = sequence(ConnectionStates0),
     {EncHandshake, Frag} = dtls_handshake:encode_handshake(Handshake, Version, Seq),
-    Hist = ssl_handshake:update_handshake_history(Hist0, EncHandshake),
+    %% DTLS does not have an equivalent version to SSLv2. So v2 hello compatibility
+    %% will always be false
+    Hist = ssl_handshake:update_handshake_history(Hist0, EncHandshake, false),
     {Frag, ConnectionStates, Hist}.
 
 encode_change_cipher(#change_cipher_spec{}, Version, ConnectionStates) ->
-- 
cgit v1.2.3