diff options
| -rw-r--r-- | lib/libssl/ssl_pkt.c | 15 |
1 files changed, 2 insertions, 13 deletions
diff --git a/lib/libssl/ssl_pkt.c b/lib/libssl/ssl_pkt.c index 728ac141e5f..2c33c45386d 100644 --- a/lib/libssl/ssl_pkt.c +++ b/lib/libssl/ssl_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_pkt.c,v 1.65 2022/11/26 16:08:56 tb Exp $ */ +/* $OpenBSD: ssl_pkt.c,v 1.66 2023/07/11 17:02:47 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -536,7 +536,6 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len) SSL_SESSION *sess = s->session; int need_empty_fragment = 0; size_t align, out_len; - uint16_t version; CBB cbb; int ret; @@ -569,16 +568,6 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len) return 0; /* - * Some servers hang if initial client hello is larger than 256 - * bytes and record version number > TLS 1.0. - */ - version = s->version; - if (s->s3->hs.state == SSL3_ST_CW_CLNT_HELLO_B && - !s->renegotiate && - s->s3->hs.our_max_tls_version > TLS1_VERSION) - version = TLS1_VERSION; - - /* * Countermeasure against known-IV weakness in CBC ciphersuites * (see http://www.openssl.org/~bodo/tls-cbc.txt). Note that this * is unnecessary for AEAD. @@ -604,7 +593,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len) if (!CBB_init_fixed(&cbb, wb->buf + align, wb->len - align)) goto err; - tls12_record_layer_set_version(s->rl, version); + tls12_record_layer_set_version(s->rl, s->version); if (need_empty_fragment) { if (!tls12_record_layer_seal_record(s->rl, type, |