Remove workaround for TLS padding bug from SSLeay days.

OpenSSL doesn't remember which clients were impacted and the
functionality has been broken in their stable releases for 2 years.

Based on OpenSSL commit a8e4ac6a2fe67c19672ecf0c6aeafa15801ce3a5.

ok jsing@

1 files changed, 2 insertions, 3 deletions

diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h
index c47ae4632fe..84154a51765 100644
--- a/lib/libssl/ssl.h
+++ b/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.87 2015/06/20 12:29:39 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.88 2015/07/17 07:04:41 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -522,7 +522,6 @@ struct ssl_session_st {
 #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER		0x00000020L
 #define SSL_OP_SAFARI_ECDHE_ECDSA_BUG			0x00000040L
 #define SSL_OP_TLS_D5_BUG				0x00000100L
-#define SSL_OP_TLS_BLOCK_PADDING_BUG			0x00000200L
 
 /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
  * in OpenSSL 0.9.6d.  Usually (depending on the application protocol)
@@ -578,7 +577,6 @@ struct ssl_session_st {
      SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER | \
      SSL_OP_SAFARI_ECDHE_ECDSA_BUG | \
      SSL_OP_TLS_D5_BUG | \
-     SSL_OP_TLS_BLOCK_PADDING_BUG | \
      SSL_OP_CRYPTOPRO_TLSEXT_BUG)
 
 /* Obsolete flags kept for compatibility. No sane code should use them. */
@@ -594,6 +592,7 @@ struct ssl_session_st {
 #define SSL_OP_PKCS1_CHECK_2				0x0
 #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG			0x0
 #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG		0x0
+#define SSL_OP_TLS_BLOCK_PADDING_BUG			0x0
 
 /* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
  * when just a single record has been written): */