diff options
| author | jsing <> | 2017-08-13 16:25:19 +0000 |
|---|---|---|
| committer | jsing <> | 2017-08-13 16:25:19 +0000 |
| commit | b5324a99854885ccd0a9dd62023c992d3fae050b (patch) | |
| tree | 590087886e154baafbba496aaad2f51b3dd74170 /src/lib/libssl/ssl.h | |
| parent | d14932b0913ef6f21bc09535d4eb1863708fefb6 (diff) | |
| download | openbsd-b5324a99854885ccd0a9dd62023c992d3fae050b.tar.gz openbsd-b5324a99854885ccd0a9dd62023c992d3fae050b.tar.bz2 openbsd-b5324a99854885ccd0a9dd62023c992d3fae050b.zip | |
Nuke SSL_OP_CRYPTOPRO_TLSEXT_BUG.
This was a workaround for a server that needed to talk GOST to old/broken
CryptoPro clients. This has no impact on TLS clients that are using GOST.
ok bcook@ beck@ doug@
Diffstat (limited to 'src/lib/libssl/ssl.h')
| -rw-r--r-- | src/lib/libssl/ssl.h | 12 |
1 files changed, 3 insertions, 9 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index e816dec83c..1a6f28911b 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl.h,v 1.130 2017/08/10 17:18:38 jsing Exp $ */ | 1 | /* $OpenBSD: ssl.h,v 1.131 2017/08/13 16:25:19 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -518,21 +518,15 @@ struct ssl_session_st { | |||
| 518 | #define SSL_OP_NO_TLSv1_2 0x08000000L | 518 | #define SSL_OP_NO_TLSv1_2 0x08000000L |
| 519 | #define SSL_OP_NO_TLSv1_1 0x10000000L | 519 | #define SSL_OP_NO_TLSv1_1 0x10000000L |
| 520 | 520 | ||
| 521 | /* Make server add server-hello extension from early version of | ||
| 522 | * cryptopro draft, when GOST ciphersuite is negotiated. | ||
| 523 | * Required for interoperability with CryptoPro CSP 3.x | ||
| 524 | */ | ||
| 525 | #define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000L | ||
| 526 | |||
| 527 | /* SSL_OP_ALL: various bug workarounds that should be rather harmless. */ | 521 | /* SSL_OP_ALL: various bug workarounds that should be rather harmless. */ |
| 528 | #define SSL_OP_ALL \ | 522 | #define SSL_OP_ALL \ |
| 529 | (SSL_OP_LEGACY_SERVER_CONNECT | \ | 523 | (SSL_OP_LEGACY_SERVER_CONNECT | \ |
| 530 | SSL_OP_TLSEXT_PADDING | \ | 524 | SSL_OP_TLSEXT_PADDING) |
| 531 | SSL_OP_CRYPTOPRO_TLSEXT_BUG) | ||
| 532 | 525 | ||
| 533 | /* Obsolete flags kept for compatibility. No sane code should use them. */ | 526 | /* Obsolete flags kept for compatibility. No sane code should use them. */ |
| 534 | #define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0 | 527 | #define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0 |
| 535 | #define SSL_OP_CISCO_ANYCONNECT 0x0 | 528 | #define SSL_OP_CISCO_ANYCONNECT 0x0 |
| 529 | #define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x0 | ||
| 536 | #define SSL_OP_EPHEMERAL_RSA 0x0 | 530 | #define SSL_OP_EPHEMERAL_RSA 0x0 |
| 537 | #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x0 | 531 | #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x0 |
| 538 | #define SSL_OP_MICROSOFT_SESS_ID_BUG 0x0 | 532 | #define SSL_OP_MICROSOFT_SESS_ID_BUG 0x0 |