diff options
Diffstat (limited to 'src/lib/libssl/s3_srvr.c')
| -rw-r--r-- | src/lib/libssl/s3_srvr.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index 92f73b6681..61ee0a3e42 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c | |||
| @@ -985,6 +985,10 @@ int ssl3_get_client_hello(SSL *s) | |||
| 985 | break; | 985 | break; |
| 986 | } | 986 | } |
| 987 | } | 987 | } |
| 988 | /* Disabled because it can be used in a ciphersuite downgrade | ||
| 989 | * attack: CVE-2010-4180. | ||
| 990 | */ | ||
| 991 | #if 0 | ||
| 988 | if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1)) | 992 | if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1)) |
| 989 | { | 993 | { |
| 990 | /* Special case as client bug workaround: the previously used cipher may | 994 | /* Special case as client bug workaround: the previously used cipher may |
| @@ -999,6 +1003,7 @@ int ssl3_get_client_hello(SSL *s) | |||
| 999 | j = 1; | 1003 | j = 1; |
| 1000 | } | 1004 | } |
| 1001 | } | 1005 | } |
| 1006 | #endif | ||
| 1002 | if (j == 0) | 1007 | if (j == 0) |
| 1003 | { | 1008 | { |
| 1004 | /* we need to have the cipher in the cipher | 1009 | /* we need to have the cipher in the cipher |