X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fs23_srvr.c;h=48778490135eb01130dcf009c3dda7534ffb341b;hb=2d4c9ab51898c3773a9f4138b3c3d47a5016c464;hp=b21c57a1170a322bfb208cac16af295918c3082a;hpb=9472baae0d17ddf425f891a3154057356217af08;p=oweals%2Fopenssl.git

diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index b21c57a117..4877849013 100644
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -115,6 +115,9 @@
 #include <openssl/rand.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 
 static const SSL_METHOD *ssl23_get_server_method(int ver);
 int ssl23_get_client_hello(SSL *s);
@@ -422,6 +425,15 @@ int ssl23_get_client_hello(SSL *s)
 			}
 		}
 
+#ifdef OPENSSL_FIPS
+	if (FIPS_mode() && (s->version < TLS1_VERSION))
+		{
+		SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
+					SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+		goto err;
+		}
+#endif
+
 	if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
 		{
 		/* we have SSLv3/TLSv1 in an SSLv2 header