Remove most of the SSLv3 version checks and a few TLS v1.0.

We can now assume >= TLS v1.0 since SSL2_VERSION, SSL3_VERSION and
DTLS1_BAD_VER support was removed.

"reads ok" miod@

1 files changed, 2 insertions, 11 deletions

diff --git a/lib/libssl/src/ssl/t1_lib.c b/lib/libssl/src/ssl/t1_lib.c
index fc54fe1e6dd..f3522a02bec 100644
--- a/lib/libssl/src/ssl/t1_lib.c
+++ b/lib/libssl/src/ssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.84 2015/09/01 13:38:27 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.85 2015/09/12 16:10:08 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -659,11 +659,6 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
 		}
 	}
 
-	/* don't add extensions for SSLv3 unless doing secure renegotiation */
-	if (s->client_version == SSL3_VERSION &&
-	    !s->s3->send_connection_binding)
-		return p;
-
 	ret += 2;
 
 	if (ret >= limit)
@@ -973,10 +968,6 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
 	    alg_a & SSL_aECDSA) &&
 	    s->session->tlsext_ecpointformatlist != NULL;
 
-	/* don't add extensions for SSLv3, unless doing secure renegotiation */
-	if (s->version == SSL3_VERSION && !s->s3->send_connection_binding)
-		return p;
-
 	ret += 2;
 	if (ret >= limit)
 		return NULL; /* this really never occurs, but ... */
@@ -2048,7 +2039,7 @@ tls1_process_ticket(SSL *s, const unsigned char *session, int session_len,
 	 */
 	if (SSL_get_options(s) & SSL_OP_NO_TICKET)
 		return 0;
-	if (s->version <= SSL3_VERSION || !limit)
+	if (!limit)
 		return 0;
 
 	if (limit < session)