From b50ef8b21668c8fbd83771808f2c102b966d3408 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 16 Feb 2010 14:19:42 +0000 Subject: [PATCH] PR: 2171 Submitted by: Tomas Mraz Since SSLv2 doesn't support renegotiation at all don't reject it if legacy renegotiation isn't enabled. Also can now use SSL2 compatible client hello because RFC5746 supports it. --- ssl/s23_clnt.c | 2 -- ssl/s23_srvr.c | 5 ----- 2 files changed, 7 deletions(-) diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 70425997df..de0238935a 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -235,8 +235,6 @@ static int ssl23_client_hello(SSL *s) ssl2_compat = 0; if (s->tlsext_status_type != -1) ssl2_compat = 0; - if (!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) - ssl2_compat = 0; } #endif diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index a3fc34d64a..be05911e96 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -493,11 +493,6 @@ int ssl23_get_client_hello(SSL *s) SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); goto err; #else - if (!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) - { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); - goto err; - } /* we are talking sslv2 */ /* we need to clean up the SSLv3/TLSv1 setup and put in the * sslv2 stuff. */ -- 2.25.1