summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarkus Friedl <markus@cvs.openbsd.org>2005-10-11 14:49:23 +0000
committerMarkus Friedl <markus@cvs.openbsd.org>2005-10-11 14:49:23 +0000
commit614c8ab9c7e37350d96daf62e7f5f67e22c2ca6c (patch)
tree5b9f5412c2f5de2340e654fc990be01f9f7857c3
parentadbfdf018b53d0421677d543fb19cbf727d97adc (diff)
fix potential SSL 2.0 rollback (http://www.openssl.org//news/secadv_20051011.txt)
from http://www.openssl.org/news/patch-CAN-2005-2969.txt
Diffstat
-rw-r--r--lib/libssl/src/ssl/s23_srvr.c4
1 files changed, 1 insertions, 3 deletions
diff --git a/lib/libssl/src/ssl/s23_srvr.c b/lib/libssl/src/ssl/s23_srvr.c
index 92f3391f601..e9edc34328e 100644
--- a/lib/libssl/src/ssl/s23_srvr.c
+++ b/lib/libssl/src/ssl/s23_srvr.c
@@ -528,9 +528,7 @@ int ssl23_get_client_hello(SSL *s)
}
s->state=SSL2_ST_GET_CLIENT_HELLO_A;
- if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) ||
- use_sslv2_strong ||
- (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3))
+ if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
s->s2->ssl2_rollback=0;
else
/* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-02 03:14:50 +0000