Experimental workaround to large client hello issue (see PR#2771).

author Dr. Stephen Henson <steve@openssl.org>

Thu, 29 Mar 2012 19:08:54 +0000 (19:08 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Thu, 29 Mar 2012 19:08:54 +0000 (19:08 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Thu, 29 Mar 2012 19:08:54 +0000 (19:08 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Thu, 29 Mar 2012 19:08:54 +0000 (19:08 +0000)
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c

index b3c48232d7bec748e659d295eb9f7b272696674a..13412f26aab9acac4bed0ab60b9296c81f6e1d79 100644 (file)
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -287,12 +287,14 @@ static int ssl23_client_hello(SSL *s)
  
         if (ssl2_compat && ssl23_no_ssl2_ciphers(s))
                 ssl2_compat = 0;
-
+#ifndef OPENSSL_NO_TLS1_2_CLIENT
         if (!(s->options & SSL_OP_NO_TLSv1_2))
                 {
                 version = TLS1_2_VERSION;
                 }
-       else if (!(s->options & SSL_OP_NO_TLSv1_1))
+       else
+#endif
+       if (!(s->options & SSL_OP_NO_TLSv1_1))
                 {
                 version = TLS1_1_VERSION;
                 }
author	Dr. Stephen Henson <steve@openssl.org>
	Thu, 29 Mar 2012 19:08:54 +0000 (19:08 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Thu, 29 Mar 2012 19:08:54 +0000 (19:08 +0000)