Fix non compliance SSLv3 in server extension handling.

The server code parses the client hello extensions even when the
protocol is SSLv3 and this behaviour is non compliant with rfc6101.
Also the server sends extensions in the server hello and omitting
them may prevent interoperability problems.

ChangeLog

@@ -18,6 +18,8 @@ Changes
      don't use the optimized assembly for bignum multiplication. This removes
      the need to pass -fomit-frame-pointer to avoid a build error with -O0.
    * Disabled SSLv3 in the default configuration.
+   * Fix non-compliance server extension handling. Extensions for SSLv3 are now
+     ignored, as required by RFC6101.
 
 = mbed TLS 1.3.16 released 2016-01-05
 

library/ssl_srv.c

@@ -1564,6 +1564,12 @@ static int ssl_parse_client_hello( ssl_context *ssl )
     }
 #endif /* POLARSSL_SSL_FALLBACK_SCSV */
 
+    /* Do not parse the extensions if the protocol is SSLv3 */
+#if defined(POLARSSL_SSL_PROTO_SSL3)
+    if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) )
+    {
+#endif
+
         ext = buf + 44 + sess_len + ciph_len + comp_len;
 
         while( ext_len )
@@ -1713,6 +1719,10 @@ static int ssl_parse_client_hello( ssl_context *ssl )
             }
         }
 
+#if defined(POLARSSL_SSL_PROTO_SSL3)
+    }
+#endif
+
     /*
      * Renegotiation security checks
      */