From bf9f912b291ca80e96dfadced5c5b85e9c2a5d01 Mon Sep 17 00:00:00 2001
From: Tesfa Mael <tesfa@wolfssl.com>
Date: Thu, 9 May 2019 17:01:36 -0700
Subject: [PATCH] send handshake failure alert to a server

---
 src/internal.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/internal.c b/src/internal.c
index 5a92c78e8..9b8dcaf34 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -7257,6 +7257,10 @@ static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             WOLFSSL_MSG("DTLS handshake, skip RH version number check");
         else {
             WOLFSSL_MSG("SSL version error");
+            /* send alert per RFC 5246 Section 7.2.1 */
+            if(ssl->options.side == WOLFSSL_CLIENT_END) {
+                SendAlert(ssl, alert_fatal, handshake_failure);
+            }
             return VERSION_ERROR;              /* only use requested version */
         }
     }