From ea717df2f3c9582198e1e40e6d5a566a33974039 Mon Sep 17 00:00:00 2001
From: tedu <>
Date: Tue, 15 Apr 2014 19:42:56 +0000
Subject: remove FIPS mode support. people who require FIPS can buy something
 that meets their needs, but dumping it in here only penalizes the rest of us.
 ok miod

---
 src/lib/libssl/s23_srvr.c | 11 -----------
 1 file changed, 11 deletions(-)

(limited to 'src/lib/libssl/s23_srvr.c')

diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
index 2aad21e93c..ca95d4e636 100644
--- a/src/lib/libssl/s23_srvr.c
+++ b/src/lib/libssl/s23_srvr.c
@@ -115,9 +115,6 @@
 #include <openssl/rand.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 
 static const SSL_METHOD *ssl23_get_server_method(int ver);
 int ssl23_get_client_hello(SSL *s);
@@ -388,14 +385,6 @@ ssl23_get_client_hello(SSL *s)
 		}
 	}
 
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && (s->version < TLS1_VERSION)) {
-		SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
-		    SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
-		goto err;
-	}
-#endif
-
 	if (s->state == SSL23_ST_SR_CLNT_HELLO_B) {
 		/* we have SSLv3/TLSv1 in an SSLv2 header
 		 * (other cases skip this state) */
-- 
cgit v1.2.3-55-g6feb