SSLv2 compat ciphers: clarify comment

author Emilia Kasper <emilia@openssl.org>

Tue, 6 Oct 2015 15:27:35 +0000 (17:27 +0200)

committer Emilia Kasper <emilia@openssl.org>

Tue, 6 Oct 2015 16:03:51 +0000 (18:03 +0200)
author Emilia Kasper <emilia@openssl.org>
Tue, 6 Oct 2015 15:27:35 +0000 (17:27 +0200)
committer Emilia Kasper <emilia@openssl.org>
Tue, 6 Oct 2015 16:03:51 +0000 (18:03 +0200)
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c

index 82162d8566577de7d1252a1ef10e9978aa5f3466..5f05b9f21fe39848236218589f125c99d6bee849 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -3494,10 +3494,9 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,
  
      while (PACKET_copy_bytes(cipher_suites, cipher, n)) {
          /*
-         * We only support SSLv2 format ciphers in SSLv3+ using a
-         * SSLv2 backward compatible ClientHello. In this case the first
-         * byte is always 0 for SSLv3 compatible ciphers. Anything else
-         * is an SSLv2 cipher and we ignore it
+         * SSLv3 ciphers wrapped in an SSLv2-compatible ClientHello have the
+         * first byte set to zero, while true SSLv2 ciphers have a non-zero
+         * first byte. We don't support any true SSLv2 ciphers, so skip them.
           */
          if (sslv2format && cipher[0] != '\0')
                  continue;
author	Emilia Kasper <emilia@openssl.org>
	Tue, 6 Oct 2015 15:27:35 +0000 (17:27 +0200)
committer	Emilia Kasper <emilia@openssl.org>
	Tue, 6 Oct 2015 16:03:51 +0000 (18:03 +0200)