diff options
| author | brad <> | 2005-10-12 18:48:46 +0000 |
|---|---|---|
| committer | brad <> | 2005-10-12 18:48:46 +0000 |
| commit | 09032cb2999644f9028e37f6e9576b0e5280b4ad (patch) | |
| tree | a27788e6b330e8f3cd90baf7c950642f35ec05fe | |
| parent | 57c88ebf46d31b87749269e606ed255343bd530f (diff) | |
| download | openbsd-OPENBSD_3_6.tar.gz openbsd-OPENBSD_3_6.tar.bz2 openbsd-OPENBSD_3_6.zip | |
MFC:OPENBSD_3_6
Fix by markus@
fix potential SSL 2.0 rollback (http://www.openssl.org//news/secadv_20051011.txt)
from http://www.openssl.org/news/patch-CAN-2005-2969.txt
| -rw-r--r-- | src/lib/libssl/src/ssl/s23_srvr.c | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/src/lib/libssl/src/ssl/s23_srvr.c b/src/lib/libssl/src/ssl/s23_srvr.c index c5404ca0bc..0367cd2920 100644 --- a/src/lib/libssl/src/ssl/s23_srvr.c +++ b/src/lib/libssl/src/ssl/s23_srvr.c | |||
| @@ -519,9 +519,7 @@ int ssl23_get_client_hello(SSL *s) | |||
| 519 | } | 519 | } |
| 520 | 520 | ||
| 521 | s->state=SSL2_ST_GET_CLIENT_HELLO_A; | 521 | s->state=SSL2_ST_GET_CLIENT_HELLO_A; |
| 522 | if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) || | 522 | if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3) |
| 523 | use_sslv2_strong || | ||
| 524 | (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)) | ||
| 525 | s->s2->ssl2_rollback=0; | 523 | s->s2->ssl2_rollback=0; |
| 526 | else | 524 | else |
| 527 | /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 | 525 | /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 |