Remove Microsoft Server Gated Crypto.

Another relic due to the old US crypto policy. From OpenSSL commit 63eab8a620944a990ab3985620966ccd9f48d681 and 95275599399e277e71d064790a1f828a99fc661a. ok jsing@ miod@
author: doug <> 2015-06-18 22:51:05 +0000
committer: doug <> 2015-06-18 22:51:05 +0000
commit: 0c8481527354cd5324e6b474cbd1cbe8e36ef4e2 (patch)
tree: 5729e1b2f86afcffeade0b5863becbbfffc58a44 /src/lib/libssl/ssl3.h
parent: 5bf33d31cf897321ff72591b1f9aea4ad011305a (diff)
download: openbsd-0c8481527354cd5324e6b474cbd1cbe8e36ef4e2.tar.gz
openbsd-0c8481527354cd5324e6b474cbd1cbe8e36ef4e2.tar.bz2
openbsd-0c8481527354cd5324e6b474cbd1cbe8e36ef4e2.zip
1 files changed, 1 insertions, 12 deletions
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
index 61f600c55d..265d18810e 100644
--- a/src/lib/libssl/ssl3.h
+++ b/src/lib/libssl/ssl3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl3.h,v 1.36 2015/02/22 15:54:27 jsing Exp $ */
+/* $OpenBSD: ssl3.h,v 1.37 2015/06/18 22:51:05 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -356,17 +356,6 @@ typedef struct ssl3_buffer_st {
 #define TLS1_FLAGS_KEEP_HANDSHAKE               0x0020
 #define SSL3_FLAGS_CCS_OK                       0x0080
-/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
- * restart a handshake because of MS SGC and so prevents us
- * from restarting the handshake in a loop. It's reset on a
- * renegotiation, so effectively limits the client to one restart
- * per negotiation. This limits the possibility of a DDoS
- * attack where the client handshakes in a loop using SGC to
- * restart. Servers which permit renegotiation can still be
- * effected, but we can't prevent that.
- */
-#define SSL3_FLAGS_SGC_RESTART_DONE             0x0040
 #ifndef OPENSSL_NO_SSL_INTERN
 typedef struct ssl3_state_st {
author	doug <>	2015-06-18 22:51:05 +0000
committer	doug <>	2015-06-18 22:51:05 +0000
commit	0c8481527354cd5324e6b474cbd1cbe8e36ef4e2 (patch)
tree	5729e1b2f86afcffeade0b5863becbbfffc58a44 /src/lib/libssl/ssl3.h
parent	5bf33d31cf897321ff72591b1f9aea4ad011305a (diff)
download	openbsd-0c8481527354cd5324e6b474cbd1cbe8e36ef4e2.tar.gz openbsd-0c8481527354cd5324e6b474cbd1cbe8e36ef4e2.tar.bz2 openbsd-0c8481527354cd5324e6b474cbd1cbe8e36ef4e2.zip

diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h index 61f600c55d..265d18810e 100644 --- a/src/lib/libssl/ssl3.h +++ b/src/lib/libssl/ssl3.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl3.h,v 1.36 2015/02/22 15:54:27 jsing Exp $ */	1	/* $OpenBSD: ssl3.h,v 1.37 2015/06/18 22:51:05 doug Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -356,17 +356,6 @@ typedef struct ssl3_buffer_st {
356	#define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020	356	#define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020
357	#define SSL3_FLAGS_CCS_OK 0x0080	357	#define SSL3_FLAGS_CCS_OK 0x0080
358		358
359	/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
360	* restart a handshake because of MS SGC and so prevents us
361	* from restarting the handshake in a loop. It's reset on a
362	* renegotiation, so effectively limits the client to one restart
363	* per negotiation. This limits the possibility of a DDoS
364	* attack where the client handshakes in a loop using SGC to
365	* restart. Servers which permit renegotiation can still be
366	* effected, but we can't prevent that.
367	*/
368	#define SSL3_FLAGS_SGC_RESTART_DONE 0x0040
369
370	#ifndef OPENSSL_NO_SSL_INTERN	359	#ifndef OPENSSL_NO_SSL_INTERN
371		360
372	typedef struct ssl3_state_st {	361	typedef struct ssl3_state_st {