From 7b523f064366f2cde76cf1f3d6f67d0e0dd8735a Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Mon, 8 Apr 2019 22:29:47 +0000
Subject: [PATCH] Don't try to reconnect SSLv2 over DTLS (UDP). Fixes #1543

---
 CHANGELOG              | 3 +++
 nsock/src/nsock_core.c | 3 ++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index 13a6b6ede..417c99686 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,8 @@
 #Nmap Changelog ($Id$); -*-text-*-
 
+o [Nsock][GH#1543] Avoid a crash (Protocol not supported) caused by trying to
+  reconnect with SSLv2 when an error occurs during DTLS connect. [Daniel Miller]
+
 o [NSE][GH#1016][GH#1082] New script http-hp-ilo-info to extract information
   from HP Integrated Lights-Out (iLO) servers. [rajeevrmenon97]
 
diff --git a/nsock/src/nsock_core.c b/nsock/src/nsock_core.c
index 117e0aa7e..2c40dab08 100644
--- a/nsock/src/nsock_core.c
+++ b/nsock/src/nsock_core.c
@@ -459,7 +459,8 @@ void handle_connect_result(struct npool *ms, struct nevent *nse, enum nse_status
         nse->sslinfo.ssl_desire = sslerr;
         socket_count_write_inc(iod);
         update_events(iod, ms, nse, EV_WRITE, EV_NONE);
-      } else if (!(options & SSL_OP_NO_SSLv2)) {
+      } else if (iod->lastproto != IPPROTO_UDP && !(options & SSL_OP_NO_SSLv2)) {
+        /* SSLv2 does not apply to DTLS, so ensure lastproto was not UDP. */
         int saved_ev;
 
         /* SSLv3-only and TLSv1-only servers can't be connected to when the