Fix DTLS_ANY_VERSION and add tests.

This fixes bugs that kept the tests from working:

- Resolve DTLS version and cookie before the session.

- In DTLS_ANY_VERSION, ServerHello should be read with first_packet = 1. This
  is a regression from f2fedefdcaf62f10b566f55858c25f35112072ea. We'll want to
  do the same for TLS, but first let's change this to a boolean has_version in a

Things not yet fixed:

- DTLS code is not EVP_AEAD-aware. Those ciphers are disabled for now.

- On the client, DTLS_ANY_VERSION creates SSL_SESSIONs with the wrong
  ssl_version. The tests pass because we no longer enforce the match as of
  e37216f56009fbf48c3a1e733b7a546ca6dfc2af. (In fact, we've gone from the server
  ignoring ssl_version and client enforcing to the client mostly ignoring
  ssl_version and the server enforcing.)

- ssl3_send_client_hello's ssl_version check checks for equality against
  s->version rather than >.

Change-Id: I5a0dde221b2009413df9b9443882b9bf3b29519c
Reviewed-by: Adam Langley <>
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 66f32d5..6f47e95 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -805,6 +805,11 @@
 	uint8_t compression_method;
 	unsigned long mask_ssl;
+	/* DTLS_ANY_VERSION does not sniff the version ahead of time,
+	 * so disable the version check. */
+	if (SSL_IS_DTLS(s))
+		s->first_packet = 1;
@@ -813,6 +818,9 @@
+	if (SSL_IS_DTLS(s))
+		s->first_packet = 0;
 	if (!ok) return((int)n);
 	CBS_init(&server_hello, s->init_msg, n);