diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2010-02-16 15:21:11 +0100 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2010-02-16 15:21:11 +0100 |
| commit | 8d934c2585b2938344af328799286fd2526b579d (patch) | |
| tree | 060f31650cbd529d71cc2d6b6ec430ddb3a89c42 /ssl | |
| parent | The "block length" for CFB mode was incorrectly coded as 1 all the time. It (diff) | |
| download | openssl-8d934c2585b2938344af328799286fd2526b579d.tar.xz openssl-8d934c2585b2938344af328799286fd2526b579d.zip | |
PR: 2171
Submitted by: Tomas Mraz <tmraz@redhat.com>
Since SSLv2 doesn't support renegotiation at all don't reject it if
legacy renegotiation isn't enabled.
Also can now use SSL2 compatible client hello because RFC5746 supports it.
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/s23_clnt.c | 3 | ||||
| -rw-r--r-- | ssl/s23_srvr.c | 5 |
2 files changed, 0 insertions, 8 deletions
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index b2a3eb02fb..e6f9bf952a 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -311,9 +311,6 @@ static int ssl23_client_hello(SSL *s) ssl2_compat = 0; if (s->tlsext_status_type != -1) ssl2_compat = 0; - if (!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) - ssl2_compat = 0; - #ifdef TLSEXT_TYPE_opaque_prf_input if (s->ctx->tlsext_opaque_prf_input_callback != 0 || s->tlsext_opaque_prf_input != NULL) ssl2_compat = 0; diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index 05e4e0b47b..390b99bf56 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -509,11 +509,6 @@ int ssl23_get_client_hello(SSL *s) SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); goto err; #else - if (!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) - { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); - goto err; - } /* we are talking sslv2 */ /* we need to clean up the SSLv3/TLSv1 setup and put in the * sslv2 stuff. */ |