summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbrad <>2005-10-12 18:48:46 +0000
committerbrad <>2005-10-12 18:48:46 +0000
commit09032cb2999644f9028e37f6e9576b0e5280b4ad (patch)
treea27788e6b330e8f3cd90baf7c950642f35ec05fe
parent57c88ebf46d31b87749269e606ed255343bd530f (diff)
downloadopenbsd-OPENBSD_3_6.tar.gz
openbsd-OPENBSD_3_6.tar.bz2
openbsd-OPENBSD_3_6.zip
Fix by markus@ fix potential SSL 2.0 rollback (http://www.openssl.org//news/secadv_20051011.txt) from http://www.openssl.org/news/patch-CAN-2005-2969.txt
-rw-r--r--src/lib/libssl/src/ssl/s23_srvr.c4
1 files changed, 1 insertions, 3 deletions
diff --git a/src/lib/libssl/src/ssl/s23_srvr.c b/src/lib/libssl/src/ssl/s23_srvr.c
index c5404ca0bc..0367cd2920 100644
--- a/src/lib/libssl/src/ssl/s23_srvr.c
+++ b/src/lib/libssl/src/ssl/s23_srvr.c
@@ -519,9 +519,7 @@ int ssl23_get_client_hello(SSL *s)
519 } 519 }
520 520
521 s->state=SSL2_ST_GET_CLIENT_HELLO_A; 521 s->state=SSL2_ST_GET_CLIENT_HELLO_A;
522 if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) || 522 if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
523 use_sslv2_strong ||
524 (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3))
525 s->s2->ssl2_rollback=0; 523 s->s2->ssl2_rollback=0;
526 else 524 else
527 /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 525 /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0