Don't resume sessions if the negotiated version doesn't match.
All of NSS, upstream OpenSSL, SChannel, and Secure Transport require, on the
client, that the ServerHello version match the session's version on resumption.
OpenSSL's current behavior is incompatible with all of these. Fall back to a
full handshake on the server instead of mismatch.
Add a comment on the client for why we are, as of
30ddb434bfb845356fbacb6b2bd51f8814c7043c, not currently enforcing the same in
Reviewed-by: Adam Langley <firstname.lastname@example.org>
3 files changed