From bf9f912b291ca80e96dfadced5c5b85e9c2a5d01 Mon Sep 17 00:00:00 2001
From: Tesfa Mael <tesfa@wolfssl.com>
Date: Thu, 9 May 2019 17:01:36 -0700
Subject: [PATCH 1/3] send handshake failure alert to a server

---
 src/internal.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/internal.c b/src/internal.c
index 5a92c78e8..9b8dcaf34 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -7257,6 +7257,10 @@ static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             WOLFSSL_MSG("DTLS handshake, skip RH version number check");
         else {
             WOLFSSL_MSG("SSL version error");
+            /* send alert per RFC 5246 Section 7.2.1 */
+            if(ssl->options.side == WOLFSSL_CLIENT_END) {
+                SendAlert(ssl, alert_fatal, handshake_failure);
+            }
             return VERSION_ERROR;              /* only use requested version */
         }
     }

From 295dd4ff2198120a8fe493c2bb74181db149af9e Mon Sep 17 00:00:00 2001
From: Tesfa Mael <tesfa@wolfssl.com>
Date: Tue, 21 May 2019 16:08:25 -0700
Subject: [PATCH 2/3] send protocol_version fatal alert message

---
 src/internal.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 9b8dcaf34..6c042ca7d 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -7257,9 +7257,9 @@ static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             WOLFSSL_MSG("DTLS handshake, skip RH version number check");
         else {
             WOLFSSL_MSG("SSL version error");
-            /* send alert per RFC 5246 Section 7.2.1 */
-            if(ssl->options.side == WOLFSSL_CLIENT_END) {
-                SendAlert(ssl, alert_fatal, handshake_failure);
+            /* send alert per RFC5246 Appendix E. Backward Compatibility */
+            if (ssl->options.side == WOLFSSL_CLIENT_END) {
+                SendAlert(ssl, alert_fatal, protocol_version);
             }
             return VERSION_ERROR;              /* only use requested version */
         }

From ec4dad76e25dc4aad39e11bb96579437ca6c998a Mon Sep 17 00:00:00 2001
From: Tesfa Mael <tesfa@wolfssl.com>
Date: Tue, 21 May 2019 16:15:27 -0700
Subject: [PATCH 3/3] send protocol_version fatal alert message

---
 src/internal.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/internal.c b/src/internal.c
index 6c042ca7d..4c38cfbf2 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -7259,7 +7259,11 @@ static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             WOLFSSL_MSG("SSL version error");
             /* send alert per RFC5246 Appendix E. Backward Compatibility */
             if (ssl->options.side == WOLFSSL_CLIENT_END) {
+#ifdef WOLFSSL_MYSQL_COMPATIBLE
+                SendAlert(ssl, alert_fatal, wc_protocol_version);
+#else
                 SendAlert(ssl, alert_fatal, protocol_version);
+#endif
             }
             return VERSION_ERROR;              /* only use requested version */
         }