From 13c662ccd1d22d856f1f2defeea26dd18c0af043 Mon Sep 17 00:00:00 2001
From: djm <>
Date: Mon, 5 Jan 2009 21:36:39 +0000
Subject: update to openssl-0.9.8i; tested by several, especially krw@

---
 src/lib/libssl/s23_srvr.c | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'src/lib/libssl/s23_srvr.c')

diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
index 6637bb9549..ba06e7ae2e 100644
--- a/src/lib/libssl/s23_srvr.c
+++ b/src/lib/libssl/s23_srvr.c
@@ -386,6 +386,15 @@ int ssl23_get_client_hello(SSL *s)
 			}
 		}
 
+#ifdef OPENSSL_FIPS
+	if (FIPS_mode() && (s->version < TLS1_VERSION))
+		{
+		SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
+					SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+		goto err;
+		}
+#endif
+
 	if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
 		{
 		/* we have SSLv3/TLSv1 in an SSLv2 header
-- 
cgit v1.2.3-55-g6feb