diff options
author | brad <> | 2005-10-12 21:39:08 +0000 |
---|---|---|
committer | brad <> | 2005-10-12 21:39:08 +0000 |
commit | 491ee839bffb03a4e183d29374785ee713f1ffc2 (patch) | |
tree | 46a121264fd449df0617273657f4ceae60049d70 | |
parent | ab475d6c082063be3cdaf2f91789c785c1b95f57 (diff) | |
download | openbsd-OPENBSD_3_7.tar.gz openbsd-OPENBSD_3_7.tar.bz2 openbsd-OPENBSD_3_7.zip |
MFC:OPENBSD_3_7
Fix by markus@
fix potential SSL 2.0 rollback (http://www.openssl.org//news/secadv_20051011.txt)
from http://www.openssl.org/news/patch-CAN-2005-2969.txt
-rw-r--r-- | src/lib/libssl/src/ssl/s23_srvr.c | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/src/lib/libssl/src/ssl/s23_srvr.c b/src/lib/libssl/src/ssl/s23_srvr.c index c5404ca0bc..0367cd2920 100644 --- a/src/lib/libssl/src/ssl/s23_srvr.c +++ b/src/lib/libssl/src/ssl/s23_srvr.c | |||
@@ -519,9 +519,7 @@ int ssl23_get_client_hello(SSL *s) | |||
519 | } | 519 | } |
520 | 520 | ||
521 | s->state=SSL2_ST_GET_CLIENT_HELLO_A; | 521 | s->state=SSL2_ST_GET_CLIENT_HELLO_A; |
522 | if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) || | 522 | if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3) |
523 | use_sslv2_strong || | ||
524 | (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)) | ||
525 | s->s2->ssl2_rollback=0; | 523 | s->s2->ssl2_rollback=0; |
526 | else | 524 | else |
527 | /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 | 525 | /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 |