diff options
| author | Ted Unangst <tedu@cvs.openbsd.org> | 2014-04-17 23:35:41 +0000 |
|---|---|---|
| committer | Ted Unangst <tedu@cvs.openbsd.org> | 2014-04-17 23:35:41 +0000 |
| commit | eb74fae5997a015328501cbe38bdcaaca56a4eaa (patch) | |
| tree | 58b670ebaa103259ed10a9b2e474ef78f0d5054f /lib/libssl/s3_srvr.c | |
| parent | f4e07dfcc44f54f9ad150dc673707ca42457574a (diff) | |
whack a bunch of disabled code. ok beck lteo
Diffstat (limited to 'lib/libssl/s3_srvr.c')
| -rw-r--r-- | lib/libssl/s3_srvr.c | 18 |
1 files changed, 0 insertions, 18 deletions
diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c index 19e0495fe63..79b89d7e958 100644 --- a/lib/libssl/s3_srvr.c +++ b/lib/libssl/s3_srvr.c @@ -1129,24 +1129,6 @@ ssl3_get_client_hello(SSL *s) break; } } -/* - * Disabled because it can be used in a ciphersuite downgrade - * attack: CVE-2010-4180. - */ -#if 0 - if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1)) { - /* Special case as client bug workaround: the previously used cipher may - * not be in the current list, the client instead might be trying to - * continue using a cipher that before wasn't chosen due to server - * preferences. We'll have to reject the connection if the cipher is not - * enabled, though. */ - c = sk_SSL_CIPHER_value(ciphers, 0); - if (sk_SSL_CIPHER_find(SSL_get_ciphers(s), c) >= 0) { - s->session->cipher = c; - j = 1; - } - } -#endif if (j == 0) { /* we need to have the cipher in the cipher * list if we are asked to reuse it */ |