From 56a3e20d1e41c02e4afd069925ec512ebb40b905 Mon Sep 17 00:00:00 2001
From: doug <>
Date: Sat, 12 Sep 2015 16:10:08 +0000
Subject: Remove most of the SSLv3 version checks and a few TLS v1.0.

We can now assume >= TLS v1.0 since SSL2_VERSION, SSL3_VERSION and
DTLS1_BAD_VER support was removed.

"reads ok" miod@
---
 src/lib/libssl/s3_pkt.c | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

(limited to 'src/lib/libssl/s3_pkt.c')

diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index 33fee732d1..153b37612f 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_pkt.c,v 1.56 2015/07/24 02:39:43 doug Exp $ */
+/* $OpenBSD: s3_pkt.c,v 1.57 2015/09/12 16:10:07 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1074,7 +1074,6 @@ start:
 	if (s->server &&
 	    SSL_is_init_finished(s) &&
 	    !s->s3->send_connection_binding &&
-	    (s->version > SSL3_VERSION) &&
 	    (s->s3->handshake_fragment_len >= 4) &&
 	    (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
 	    (s->session != NULL) && (s->session->cipher != NULL)) {
@@ -1339,10 +1338,6 @@ ssl3_send_alert(SSL *s, int level, int desc)
 {
 	/* Map tls/ssl alert value to correct one */
 	desc = s->method->ssl3_enc->alert_value(desc);
-	if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION) {
-		/* SSL 3.0 does not have protocol_version alerts */
-		desc = SSL_AD_HANDSHAKE_FAILURE;
-	}
 	if (desc < 0)
 		return -1;
 	/* If a fatal one, remove from cache */
-- 
cgit v1.2.3-55-g6feb