diff options
| author |   jsing <jsing@openbsd.org> | 2015-03-31 13:17:48 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2015-03-31 13:17:48 +0000 |
| commit | 727b8ee240a7d1e869bec66c6935e77a5be62a50 (patch) | |
| tree | 3fd810c8f24203cd9c0f41958f5e77871e06e0f6 /lib/libssl/src | |
| parent | Add tests to check the permissions of the created out file. (diff) | |
| download | wireguard-openbsd-727b8ee240a7d1e869bec66c6935e77a5be62a50.tar.xz wireguard-openbsd-727b8ee240a7d1e869bec66c6935e77a5be62a50.zip | |
Nuke the OPENSSL_MAX_TLS1_2_CIPHER_LENGTH hack - this has to be enabled at
compile time, which we do not do and are unlikely to ever do. Additionally,
there are two runtime configurable alternatives that exist.
ok bcook@ doug@
Diffstat (limited to 'lib/libssl/src')
| -rw-r--r-- | lib/libssl/src/ssl/s23_clnt.c | 12 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/s3_clnt.c | 12 |
2 files changed, 2 insertions, 22 deletions
diff --git a/lib/libssl/src/ssl/s23_clnt.c b/lib/libssl/src/ssl/s23_clnt.c index 0ab56fa38d4..30d97683a7e 100644 --- a/lib/libssl/src/ssl/s23_clnt.c +++ b/lib/libssl/src/ssl/s23_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s23_clnt.c,v 1.37 2015/03/27 12:29:54 jsing Exp $ */ +/* $OpenBSD: s23_clnt.c,v 1.38 2015/03/31 13:17:48 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -358,16 +358,6 @@ ssl23_client_hello(SSL *s) SSL_R_NO_CIPHERS_AVAILABLE); return -1; } -#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH - /* - * Some servers hang if client hello > 256 bytes - * as hack workaround chop number of supported ciphers - * to keep it well below this if we use TLS v1.2 - */ - if (TLS1_get_version(s) >= TLS1_2_VERSION && - i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) - i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1; -#endif s2n(i, p); p += i; diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c index 07d2eb583a7..8a137056bef 100644 --- a/lib/libssl/src/ssl/s3_clnt.c +++ b/lib/libssl/src/ssl/s3_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_clnt.c,v 1.110 2015/03/27 12:29:54 jsing Exp $ */ +/* $OpenBSD: s3_clnt.c,v 1.111 2015/03/31 13:17:48 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -710,16 +710,6 @@ ssl3_client_hello(SSL *s) SSL_R_NO_CIPHERS_AVAILABLE); goto err; } -#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH - /* - * Some servers hang if client hello > 256 bytes - * as hack workaround chop number of supported ciphers - * to keep it well below this if we use TLS v1.2 - */ - if (TLS1_get_version(s) >= TLS1_2_VERSION && - i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) - i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1; -#endif s2n(i, p); p += i; |