diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2005-10-11 14:49:23 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2005-10-11 14:49:23 +0000 |
| commit | 8358661a16ad1abe23f9e94da1727ca1f7de5582 (patch) | |
| tree | 6825365d26918771a97298ab65a37ccb84f902eb /lib | |
| parent | a0752d41200cc9638c9657ee59a03f056138a2ac (diff) | |
fix potential SSL 2.0 rollback (http://www.openssl.org//news/secadv_20051011.txt)
from http://www.openssl.org/news/patch-CAN-2005-2969.txt
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libssl/s23_srvr.c | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/lib/libssl/s23_srvr.c b/lib/libssl/s23_srvr.c index 92f3391f601..e9edc34328e 100644 --- a/lib/libssl/s23_srvr.c +++ b/lib/libssl/s23_srvr.c @@ -528,9 +528,7 @@ int ssl23_get_client_hello(SSL *s) } s->state=SSL2_ST_GET_CLIENT_HELLO_A; - if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) || - use_sslv2_strong || - (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)) + if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3) s->s2->ssl2_rollback=0; else /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 |