fix potential SSL 2.0 rollback (http://www.openssl.org//news/secadv_20051011.txt)

from http://www.openssl.org/news/patch-CAN-2005-2969.txt
author: markus <markus@openbsd.org> 2005-10-11 14:49:22 +0000
committer: markus <markus@openbsd.org> 2005-10-11 14:49:22 +0000
commit: bf2edcbf9cbc569653de048e18bc689d8ec724b0 (patch)
tree: c4473bf7c7fc938df42b6a0463547adb1fc9ee5a /lib/libssl/src
parent: correctly set the filename by setting the diff_file variable; (diff)
download: wireguard-openbsd-bf2edcbf9cbc569653de048e18bc689d8ec724b0.tar.xz
wireguard-openbsd-bf2edcbf9cbc569653de048e18bc689d8ec724b0.zip
1 files changed, 1 insertions, 3 deletions
diff --git a/lib/libssl/src/ssl/s23_srvr.c b/lib/libssl/src/ssl/s23_srvr.c
index 92f3391f601..e9edc34328e 100644
--- a/lib/libssl/src/ssl/s23_srvr.c
+++ b/lib/libssl/src/ssl/s23_srvr.c
@@ -528,9 +528,7 @@ int ssl23_get_client_hello(SSL *s)
 			}
 
 		s->state=SSL2_ST_GET_CLIENT_HELLO_A;
-		if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) ||
-			use_sslv2_strong ||
-			(s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3))
+		if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
 			s->s2->ssl2_rollback=0;
 		else
 			/* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
author	markus <markus@openbsd.org>	2005-10-11 14:49:22 +0000
committer	markus <markus@openbsd.org>	2005-10-11 14:49:22 +0000
commit	bf2edcbf9cbc569653de048e18bc689d8ec724b0 (patch)
tree	c4473bf7c7fc938df42b6a0463547adb1fc9ee5a /lib/libssl/src
parent	correctly set the filename by setting the diff_file variable; (diff)
download	wireguard-openbsd-bf2edcbf9cbc569653de048e18bc689d8ec724b0.tar.xz wireguard-openbsd-bf2edcbf9cbc569653de048e18bc689d8ec724b0.zip