From 491ee839bffb03a4e183d29374785ee713f1ffc2 Mon Sep 17 00:00:00 2001
From: brad <>
Date: Wed, 12 Oct 2005 21:39:08 +0000
Subject: MFC: Fix by markus@

fix potential SSL 2.0 rollback (http://www.openssl.org//news/secadv_20051011.txt)
from http://www.openssl.org/news/patch-CAN-2005-2969.txt
---
 src/lib/libssl/src/ssl/s23_srvr.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/lib/libssl/src/ssl/s23_srvr.c b/src/lib/libssl/src/ssl/s23_srvr.c
index c5404ca0bc..0367cd2920 100644
--- a/src/lib/libssl/src/ssl/s23_srvr.c
+++ b/src/lib/libssl/src/ssl/s23_srvr.c
@@ -519,9 +519,7 @@ int ssl23_get_client_hello(SSL *s)
 			}
 
 		s->state=SSL2_ST_GET_CLIENT_HELLO_A;
-		if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) ||
-			use_sslv2_strong ||
-			(s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3))
+		if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
 			s->s2->ssl2_rollback=0;
 		else
 			/* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
-- 
cgit v1.2.3-55-g6feb