2 files changed, 3 insertions, 7 deletions

diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c
index 93510cb58ae..1a924f828e5 100644
--- a/lib/libssl/s3_srvr.c
+++ b/lib/libssl/s3_srvr.c
@@ -269,9 +269,7 @@ ssl3_accept(SSL *s)
 				ssl3_init_finished_mac(s);
 				s->state = SSL3_ST_SR_CLNT_HELLO_A;
 				s->ctx->stats.sess_accept++;
-			} else if (!s->s3->send_connection_binding &&
-			    !(s->options &
-			    SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
+			} else if (!s->s3->send_connection_binding) {
 				/*
 				 * Server attempting to renegotiate with
 				 * client that doesn't support secure
diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c
index 417b90381b5..c4eeb7a41d2 100644
--- a/lib/libssl/t1_lib.c
+++ b/lib/libssl/t1_lib.c
@@ -1296,8 +1296,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
 
 	/* Need RI if renegotiating */
 
-	if (!renegotiate_seen && s->renegotiate &&
-		!(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
+	if (!renegotiate_seen && s->renegotiate) {
 		*al = SSL_AD_HANDSHAKE_FAILURE;
 		SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT,
 		SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
@@ -1533,8 +1532,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n,
 	 * absence on initial connect only.
 	 */
 	if (!renegotiate_seen
-		&& !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)
-	&& !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
+	    && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)) {
 		*al = SSL_AD_HANDSHAKE_FAILURE;
 		SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT,
 		SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);