From 8dc154ff7125d6b2c7e7b2ba9a9956417f99b3bd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mois=C3=A9s=20Guimar=C3=A3es?= <moises@wolfssl.com>
Date: Tue, 27 Oct 2015 16:05:36 -0300
Subject: [PATCH] adds support for TLS downgrading against buggy TLS servers.

reference: RFC 5246 - TLS 1.2 - Appendix E.1:

   Note: some server implementations are known to implement version
   negotiation incorrectly.  For example, there are buggy TLS 1.0
   servers that simply close the connection when the client offers a
   version newer than TLS 1.0.  Also, it is known that some servers will
   refuse the connection if any TLS extensions are included in
   ClientHello.  Interoperability with such buggy servers is a complex
   topic beyond the scope of this document, and may require multiple
   connection attempts by the client.

   Earlier versions of the TLS specification were not fully clear on
   what the record layer version number (TLSPlaintext.version) should
   contain when sending ClientHello (i.e., before it is known which
   version of the protocol will be employed).  Thus, TLS servers
   compliant with this specification MUST accept any value {03,XX} as
   the record layer version number for ClientHello.

   TLS clients that wish to negotiate with older servers MAY send any
   value {03,XX} as the record layer version number.  Typical values
   would be {03,00}, the lowest version number supported by the client,
   and the value of ClientHello.client_version.  No single value will
   guarantee interoperability with all old servers, but this is a
   complex topic beyond the scope of this document.
---
 src/internal.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/internal.c b/src/internal.c
index d0c2258fc..c20a92f33 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -2843,6 +2843,14 @@ static void AddRecordHeader(byte* output, word32 length, byte type, WOLFSSL* ssl
     rl->pvMajor = ssl->version.major;       /* type and version same in each */
     rl->pvMinor = ssl->version.minor;
 
+#ifdef WOLFSSL_ALTERNATIVE_DOWNGRADE
+    if (ssl->options.side == WOLFSSL_CLIENT_END
+    &&  ssl->options.connectState == CONNECT_BEGIN
+    && !ssl->options.resuming)
+        rl->pvMinor = ssl->options.downgrade ? ssl->options.minDowngrade
+                                             : ssl->version.minor;
+#endif
+
     if (!ssl->options.dtls)
         c16toa((word16)length, rl->length);
     else {