Skip adding tls extensions to client hello when protocol version is not TLS. diff -up openssl-0.9.8g/ssl/t1_lib.c.no-extssl openssl-0.9.8g/ssl/t1_lib.c --- openssl-0.9.8g/ssl/t1_lib.c.no-extssl 2007-10-19 09:44:10.000000000 +0200 +++ openssl-0.9.8g/ssl/t1_lib.c 2007-12-13 17:22:10.000000000 +0100 @@ -132,6 +132,11 @@ unsigned char *ssl_add_clienthello_tlsex int extdatalen=0; unsigned char *ret = p; + if (s->client_version != TLS1_VERSION && s->client_version != DTLS1_VERSION) + { + return ret; + } + ret+=2; if (ret>=limit) return NULL; /* this really never occurs, but ... */