From cd08fd7b7f7dd206dc05c7e18941b10aef11ab9a Mon Sep 17 00:00:00 2001
From: beck <>
Date: Wed, 16 Apr 2014 18:05:55 +0000
Subject: Thanks to the knobs in http://tools.ietf.org/html/rfc5746, we have a
 knob to say "allow this connection to negotiate insecurely". de-fang the code
 that respects this option to ignore it. ok miod@

---
 src/lib/libssl/s3_srvr.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'src/lib/libssl/s3_srvr.c')

diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 93510cb58a..1a924f828e 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -269,9 +269,7 @@ ssl3_accept(SSL *s)
 				ssl3_init_finished_mac(s);
 				s->state = SSL3_ST_SR_CLNT_HELLO_A;
 				s->ctx->stats.sess_accept++;
-			} else if (!s->s3->send_connection_binding &&
-			    !(s->options &
-			    SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
+			} else if (!s->s3->send_connection_binding) {
 				/*
 				 * Server attempting to renegotiate with
 				 * client that doesn't support secure
-- 
cgit v1.2.3-55-g6feb