openwrt_NSS_ACW/package/libs/cyassl/patches/200-SSL_accept-handle-hello-garbage.patch

--- a/src/internal.c
+++ b/src/internal.c
@@ -6353,6 +6353,10 @@ int ProcessReply(CYASSL* ssl)
                 b1 =
                 ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++];
                 ssl->curSize = (word16)(((b0 & 0x7f) << 8) | b1);
+
+                /* does not appear to a be a SSLv2 client hello */
+                if ( ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx] != 1 )
+                    return UNKNOWN_HANDSHAKE_TYPE;
             }
             else {
                 ssl->options.processReply = getRecordLayerHeader;