From: Emilia Kasper Date: Tue, 6 Oct 2015 15:27:35 +0000 (+0200) Subject: SSLv2 compat ciphers: clarify comment X-Git-Tag: OpenSSL_1_1_0-pre1~459 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=20218b58b51b55189ada91807459d6bd64f5c986;p=oweals%2Fopenssl.git SSLv2 compat ciphers: clarify comment Reviewed-by: Matt Caswell --- diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 82162d8566..5f05b9f21f 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -3494,10 +3494,9 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, while (PACKET_copy_bytes(cipher_suites, cipher, n)) { /* - * We only support SSLv2 format ciphers in SSLv3+ using a - * SSLv2 backward compatible ClientHello. In this case the first - * byte is always 0 for SSLv3 compatible ciphers. Anything else - * is an SSLv2 cipher and we ignore it + * SSLv3 ciphers wrapped in an SSLv2-compatible ClientHello have the + * first byte set to zero, while true SSLv2 ciphers have a non-zero + * first byte. We don't support any true SSLv2 ciphers, so skip them. */ if (sslv2format && cipher[0] != '\0') continue;