diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2009-11-18 14:45:48 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2009-11-18 14:45:48 +0000 |
commit | 4d09323a632e285966c06f69281c72ecc02d196c (patch) | |
tree | 06a4f71dd33ba334947c4c8f4593c727dd374ffe /ssl/s23_clnt.c | |
parent | 64abf5e65794c2756fafef0089b85cab571e526a (diff) | |
download | openssl-4d09323a632e285966c06f69281c72ecc02d196c.tar.gz |
Don't use SSLv2 compatible client hello if we don't tolerate legacy renegotiation
Diffstat (limited to 'ssl/s23_clnt.c')
-rw-r--r-- | ssl/s23_clnt.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 20cde4f20f..53e080ee8e 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -305,6 +305,8 @@ static int ssl23_client_hello(SSL *s) ssl2_compat = 0; if (s->tlsext_status_type != -1) ssl2_compat = 0; + if (!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) + ssl2_compat = 0; #ifdef TLSEXT_TYPE_opaque_prf_input if (s->ctx->tlsext_opaque_prf_input_callback != 0 || s->tlsext_opaque_prf_input != NULL) |