summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbrad <>2005-10-12 21:39:08 +0000
committerbrad <>2005-10-12 21:39:08 +0000
commit491ee839bffb03a4e183d29374785ee713f1ffc2 (patch)
tree46a121264fd449df0617273657f4ceae60049d70
parentab475d6c082063be3cdaf2f91789c785c1b95f57 (diff)
downloadopenbsd-OPENBSD_3_7.tar.gz
openbsd-OPENBSD_3_7.tar.bz2
openbsd-OPENBSD_3_7.zip
Fix by markus@ fix potential SSL 2.0 rollback (http://www.openssl.org//news/secadv_20051011.txt) from http://www.openssl.org/news/patch-CAN-2005-2969.txt
-rw-r--r--src/lib/libssl/src/ssl/s23_srvr.c4
1 files changed, 1 insertions, 3 deletions
diff --git a/src/lib/libssl/src/ssl/s23_srvr.c b/src/lib/libssl/src/ssl/s23_srvr.c
index c5404ca0bc..0367cd2920 100644
--- a/src/lib/libssl/src/ssl/s23_srvr.c
+++ b/src/lib/libssl/src/ssl/s23_srvr.c
@@ -519,9 +519,7 @@ int ssl23_get_client_hello(SSL *s)
519 } 519 }
520 520
521 s->state=SSL2_ST_GET_CLIENT_HELLO_A; 521 s->state=SSL2_ST_GET_CLIENT_HELLO_A;
522 if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) || 522 if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
523 use_sslv2_strong ||
524 (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3))
525 s->s2->ssl2_rollback=0; 523 s->s2->ssl2_rollback=0;
526 else 524 else
527 /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 525 /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0