root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Don't use SSLv2 compatible client hello if we don't tolerate legacy renegotiation

This commit is contained in:
Dr. Stephen Henson 2009-11-18 14:45:32 +00:00
parent 3c44e92bcb
commit 5ddbb8f41a
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ssl/s23_clnt.c
View File

@ -305,6 +305,8 @@ static int ssl23_client_hello(SSL *s)
ssl2_compat = 0;
if (s->tlsext_status_type != -1)
ssl2_compat = 0;
if (!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
ssl2_compat = 0;
#ifdef TLSEXT_TYPE_opaque_prf_input
if (s->ctx->tlsext_opaque_prf_input_callback != 0 || s->tlsext_opaque_prf_input != NULL)