From e23e95b70f14a01a428a6d966e2cb510a4bf1cd6 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Tue, 31 Mar 2015 13:17:48 +0000
Subject: Nuke the OPENSSL_MAX_TLS1_2_CIPHER_LENGTH hack - this has to be
 enabled at compile time, which we do not do and are unlikely to ever do.
 Additionally, there are two runtime configurable alternatives that exist.

ok bcook@ doug@
---
 src/lib/libssl/s3_clnt.c | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

(limited to 'src/lib/libssl/s3_clnt.c')

diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 07d2eb583a..8a137056be 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.110 2015/03/27 12:29:54 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.111 2015/03/31 13:17:48 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -710,16 +710,6 @@ ssl3_client_hello(SSL *s)
 			    SSL_R_NO_CIPHERS_AVAILABLE);
 			goto err;
 		}
-#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH
-			/*
-			 * Some servers hang if client hello > 256 bytes
-			 * as hack workaround chop number of supported ciphers
-			 * to keep it well below this if we use TLS v1.2
-			 */
-		if (TLS1_get_version(s) >= TLS1_2_VERSION &&
-		    i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
-			i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
-#endif
 		s2n(i, p);
 		p += i;
 
-- 
cgit v1.2.3-55-g6feb