From 9aa350fda47654255da340793da9ac9b2422db9c Mon Sep 17 00:00:00 2001
From: tedu <tedu@openbsd.org>
Date: Tue, 15 Apr 2014 19:42:56 +0000
Subject: remove FIPS mode support. people who require FIPS can buy something
 that meets their needs, but dumping it in here only penalizes the rest of us.
 ok miod

---
 lib/libssl/src/ssl/ssl_lib.c | 7 -------
 1 file changed, 7 deletions(-)

(limited to 'lib/libssl/src/ssl/ssl_lib.c')

diff --git a/lib/libssl/src/ssl/ssl_lib.c b/lib/libssl/src/ssl/ssl_lib.c
index 98764b82aa1..b5ba0f4aac5 100644
--- a/lib/libssl/src/ssl/ssl_lib.c
+++ b/lib/libssl/src/ssl/ssl_lib.c
@@ -1708,13 +1708,6 @@ SSL_CTX
 		return (NULL);
 	}
 
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && (meth->version < TLS1_VERSION)) {
-		SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
-		return NULL;
-	}
-#endif
-
 	if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
 		SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
 		goto err;
-- 
cgit v1.2.3-59-g8ed1b