1 files changed, 4 insertions, 48 deletions
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
index 4877849013..836dd1f1cf 100644
--- a/src/lib/libssl/s23_srvr.c
+++ b/src/lib/libssl/s23_srvr.c
@@ -115,9 +115,6 @@
 #include <openssl/rand.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 static const SSL_METHOD *ssl23_get_server_method(int ver);
 int ssl23_get_client_hello(SSL *s);
@@ -131,10 +128,6 @@ static const SSL_METHOD *ssl23_get_server_method(int ver)
                return(SSLv3_server_method());
        else if (ver == TLS1_VERSION)
                return(TLSv1_server_method());
-        else if (ver == TLS1_1_VERSION)
-                return(TLSv1_1_server_method());
-        else if (ver == TLS1_2_VERSION)
-                return(TLSv1_2_server_method());
        else
                return(NULL);
        }
@@ -290,20 +283,7 @@ int ssl23_get_client_hello(SSL *s)
                                /* SSLv3/TLSv1 */
                                if (p[4] >= TLS1_VERSION_MINOR)
                                        {
-                                        if (p[4] >= TLS1_2_VERSION_MINOR &&
+                                        if (!(s->options & SSL_OP_NO_TLSv1))
-                                           !(s->options & SSL_OP_NO_TLSv1_2))
-                                                {
-                                                s->version=TLS1_2_VERSION;
-                                                s->state=SSL23_ST_SR_CLNT_HELLO_B;
-                                                }
-                                        else if (p[4] >= TLS1_1_VERSION_MINOR &&
-                                           !(s->options & SSL_OP_NO_TLSv1_1))
-                                                {
-                                                s->version=TLS1_1_VERSION;
-                                                /* type=2; */ /* done later to survive restarts */
-                                                s->state=SSL23_ST_SR_CLNT_HELLO_B;
-                                                }
-                                        else if (!(s->options & SSL_OP_NO_TLSv1))
                                                {
                                                s->version=TLS1_VERSION;
                                                /* type=2; */ /* done later to survive restarts */
@@ -370,19 +350,7 @@ int ssl23_get_client_hello(SSL *s)
                                v[1]=p[10]; /* minor version according to client_version */
                        if (v[1] >= TLS1_VERSION_MINOR)
                                {
-                                if (v[1] >= TLS1_2_VERSION_MINOR &&
+                                if (!(s->options & SSL_OP_NO_TLSv1))
-                                        !(s->options & SSL_OP_NO_TLSv1_2))
-                                        {
-                                        s->version=TLS1_2_VERSION;
-                                        type=3;
-                                        }
-                                else if (v[1] >= TLS1_1_VERSION_MINOR &&
-                                        !(s->options & SSL_OP_NO_TLSv1_1))
-                                        {
-                                        s->version=TLS1_1_VERSION;
-                                        type=3;
-                                        }
-                                else if (!(s->options & SSL_OP_NO_TLSv1))
                                        {
                                        s->version=TLS1_VERSION;
                                        type=3;
@@ -425,15 +393,6 @@ int ssl23_get_client_hello(SSL *s)
                        }
                }
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && (s->version < TLS1_VERSION))
-                {
-                SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
-                                        SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
-                goto err;
-                }
-#endif
        if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
                {
                /* we have SSLv3/TLSv1 in an SSLv2 header
@@ -608,11 +567,8 @@ int ssl23_get_client_hello(SSL *s)
                        s->s3->rbuf.left=0;
                        s->s3->rbuf.offset=0;
                        }
-                if (s->version == TLS1_2_VERSION)
-                        s->method = TLSv1_2_server_method();
+                if (s->version == TLS1_VERSION)
-                else if (s->version == TLS1_1_VERSION)
-                        s->method = TLSv1_1_server_method();
-                else if (s->version == TLS1_VERSION)
                        s->method = TLSv1_server_method();
                else
                        s->method = SSLv3_server_method();

diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c index 4877849013..836dd1f1cf 100644 --- a/src/lib/libssl/s23_srvr.c +++ b/src/lib/libssl/s23_srvr.c
@@ -115,9 +115,6 @@
115	#include <openssl/rand.h>	115	#include <openssl/rand.h>
116	#include <openssl/objects.h>	116	#include <openssl/objects.h>
117	#include <openssl/evp.h>	117	#include <openssl/evp.h>
118	#ifdef OPENSSL_FIPS
119	#include <openssl/fips.h>
120	#endif
121		118
122	static const SSL_METHOD *ssl23_get_server_method(int ver);	119	static const SSL_METHOD *ssl23_get_server_method(int ver);
123	int ssl23_get_client_hello(SSL *s);	120	int ssl23_get_client_hello(SSL *s);
@@ -131,10 +128,6 @@ static const SSL_METHOD *ssl23_get_server_method(int ver)
131	return(SSLv3_server_method());	128	return(SSLv3_server_method());
132	else if (ver == TLS1_VERSION)	129	else if (ver == TLS1_VERSION)
133	return(TLSv1_server_method());	130	return(TLSv1_server_method());
134	else if (ver == TLS1_1_VERSION)
135	return(TLSv1_1_server_method());
136	else if (ver == TLS1_2_VERSION)
137	return(TLSv1_2_server_method());
138	else	131	else
139	return(NULL);	132	return(NULL);
140	}	133	}
@@ -290,20 +283,7 @@ int ssl23_get_client_hello(SSL *s)
290	/* SSLv3/TLSv1 */	283	/* SSLv3/TLSv1 */
291	if (p[4] >= TLS1_VERSION_MINOR)	284	if (p[4] >= TLS1_VERSION_MINOR)
292	{	285	{
293	if (p[4] >= TLS1_2_VERSION_MINOR &&	286	if (!(s->options & SSL_OP_NO_TLSv1))
294	!(s->options & SSL_OP_NO_TLSv1_2))
295	{
296	s->version=TLS1_2_VERSION;
297	s->state=SSL23_ST_SR_CLNT_HELLO_B;
298	}
299	else if (p[4] >= TLS1_1_VERSION_MINOR &&
300	!(s->options & SSL_OP_NO_TLSv1_1))
301	{
302	s->version=TLS1_1_VERSION;
303	/* type=2; / / done later to survive restarts */
304	s->state=SSL23_ST_SR_CLNT_HELLO_B;
305	}
306	else if (!(s->options & SSL_OP_NO_TLSv1))
307	{	287	{
308	s->version=TLS1_VERSION;	288	s->version=TLS1_VERSION;
309	/* type=2; / / done later to survive restarts */	289	/* type=2; / / done later to survive restarts */
@@ -370,19 +350,7 @@ int ssl23_get_client_hello(SSL *s)
370	v[1]=p[10]; /* minor version according to client_version */	350	v[1]=p[10]; /* minor version according to client_version */
371	if (v[1] >= TLS1_VERSION_MINOR)	351	if (v[1] >= TLS1_VERSION_MINOR)
372	{	352	{
373	if (v[1] >= TLS1_2_VERSION_MINOR &&	353	if (!(s->options & SSL_OP_NO_TLSv1))
374	!(s->options & SSL_OP_NO_TLSv1_2))
375	{
376	s->version=TLS1_2_VERSION;
377	type=3;
378	}
379	else if (v[1] >= TLS1_1_VERSION_MINOR &&
380	!(s->options & SSL_OP_NO_TLSv1_1))
381	{
382	s->version=TLS1_1_VERSION;
383	type=3;
384	}
385	else if (!(s->options & SSL_OP_NO_TLSv1))
386	{	354	{
387	s->version=TLS1_VERSION;	355	s->version=TLS1_VERSION;
388	type=3;	356	type=3;
@@ -425,15 +393,6 @@ int ssl23_get_client_hello(SSL *s)
425	}	393	}
426	}	394	}
427		395
428	#ifdef OPENSSL_FIPS
429	if (FIPS_mode() && (s->version < TLS1_VERSION))
430	{
431	SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
432	SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
433	goto err;
434	}
435	#endif
436
437	if (s->state == SSL23_ST_SR_CLNT_HELLO_B)	396	if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
438	{	397	{
439	/* we have SSLv3/TLSv1 in an SSLv2 header	398	/* we have SSLv3/TLSv1 in an SSLv2 header
@@ -608,11 +567,8 @@ int ssl23_get_client_hello(SSL *s)
608	s->s3->rbuf.left=0;	567	s->s3->rbuf.left=0;
609	s->s3->rbuf.offset=0;	568	s->s3->rbuf.offset=0;
610	}	569	}
611	if (s->version == TLS1_2_VERSION)	570
612	s->method = TLSv1_2_server_method();	571	if (s->version == TLS1_VERSION)
613	else if (s->version == TLS1_1_VERSION)
614	s->method = TLSv1_1_server_method();
615	else if (s->version == TLS1_VERSION)
616	s->method = TLSv1_server_method();	572	s->method = TLSv1_server_method();
617	else	573	else
618	s->method = SSLv3_server_method();	574	s->method = SSLv3_server_method();