mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-23 14:42:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

Don't use SSLv2 compatible client hello if we don't tolerate legacy renegotiation

Browse Source
This commit is contained in:
Dr. Stephen Henson 2009-11-18 14:45:48 +00:00
parent 64abf5e657
commit 4d09323a63
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ssl/s23_clnt.c
View File

@ -305,6 +305,8 @@ static int ssl23_client_hello(SSL *s)
ssl2_compat = 0;
if (s->tlsext_status_type != -1)
ssl2_compat = 0;
if (!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
ssl2_compat = 0;
#ifdef TLSEXT_TYPE_opaque_prf_input
if (s->ctx->tlsext_opaque_prf_input_callback != 0 || s->tlsext_opaque_prf_input != NULL)