Index: ssl/d1_clnt.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/d1_clnt.c,v
retrieving revision 1.3.2.6
diff -u -p -r1.3.2.6 d1_clnt.c
--- ssl/d1_clnt.c	5 Dec 2005 17:32:19 -0000	1.3.2.6
+++ ssl/d1_clnt.c	28 Sep 2008 23:49:54 -0000
@@ -214,8 +214,6 @@ int dtls1_connect(SSL *s)
 
 			/* don't push the buffering BIO quite yet */
 
-			ssl3_init_finished_mac(s);
-
 			s->state=SSL3_ST_CW_CLNT_HELLO_A;
 			s->ctx->stats.sess_connect++;
 			s->init_num=0;
@@ -225,6 +223,10 @@ int dtls1_connect(SSL *s)
 		case SSL3_ST_CW_CLNT_HELLO_B:
 
 			s->shutdown=0;
+
+			/* HelloVerifyRequest resets Finished MAC */
+			ssl3_init_finished_mac(s);
+
 			ret=dtls1_client_hello(s);
 			if (ret <= 0) goto end;
 
Index: ssl/t1_enc.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/t1_enc.c,v
retrieving revision 1.35.2.3
diff -u -p -r1.35.2.3 t1_enc.c
--- ssl/t1_enc.c	16 Feb 2007 20:40:07 -0000	1.35.2.3
+++ ssl/t1_enc.c	29 Sep 2008 06:08:23 -0000
@@ -738,15 +738,26 @@ int tls1_mac(SSL *ssl, unsigned char *md
 	md_size=EVP_MD_size(hash);
 
 	buf[0]=rec->type;
-	buf[1]=TLS1_VERSION_MAJOR;
-	buf[2]=TLS1_VERSION_MINOR;
+	buf[1]=(unsigned char)(ssl->version >> 8);
+	buf[2]=(unsigned char)(ssl->version & 0xff);
 	buf[3]=rec->length>>8;
 	buf[4]=rec->length&0xff;
 
 	/* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
 	HMAC_CTX_init(&hmac);
 	HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL);
-	HMAC_Update(&hmac,seq,8);
+
+	if (ssl->version == DTLS1_VERSION)
+		{
+		unsigned char dtlsseq[8],*p=dtlsseq;
+			
+		s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);
+		memcpy (p,&seq[2],6);
+			
+		HMAC_Update(&hmac,dtlsseq,8);
+		}
+	else
+		HMAC_Update(&hmac,seq,8);
 	HMAC_Update(&hmac,buf,5);
 	HMAC_Update(&hmac,rec->input,rec->length);
 	HMAC_Final(&hmac,md,&md_size);