Document rollback issues.

author: Bodo Möller <bodo@openssl.org> 2000-07-29 19:27:20 +0000
committer: Bodo Möller <bodo@openssl.org> 2000-07-29 19:27:20 +0000
commit: aa826d88e196ec13e1df4aeb2a55b8ea579aba60 (patch)
tree: 560c4c0734d7d996d611971774528a64782924ae /ssl
parent: 37569e64e8012014a4b027d896da6c6cdf372507 (diff)
download: openssl-aa826d88e196ec13e1df4aeb2a55b8ea579aba60.tar.gz
2 files changed, 3 insertions, 0 deletions
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index 99a4358255..5050a13ef2 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -367,6 +367,7 @@ static int ssl23_get_server_hello(SSL *s)
 
 		s->state=SSL2_ST_GET_SERVER_HELLO_A;
 		if (!(s->client_version == SSL2_VERSION))
+			/* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */
 			s->s2->ssl2_rollback=1;
 
 		/* setup the 5 bytes we have read so we get them from
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index cbf2f5d836..a81544a1b6 100644
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -499,6 +499,8 @@ int ssl23_get_client_hello(SSL *s)
 			(s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3))
 			s->s2->ssl2_rollback=0;
 		else
+			/* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
+			 * (SSL 3.0 draft/RFC 2246, App. E.2) */
 			s->s2->ssl2_rollback=1;
 
 		/* setup the n bytes we have read so we get them from
author	Bodo Möller <bodo@openssl.org>	2000-07-29 19:27:20 +0000
committer	Bodo Möller <bodo@openssl.org>	2000-07-29 19:27:20 +0000
commit	aa826d88e196ec13e1df4aeb2a55b8ea579aba60 (patch)
tree	560c4c0734d7d996d611971774528a64782924ae /ssl
parent	37569e64e8012014a4b027d896da6c6cdf372507 (diff)
download	openssl-aa826d88e196ec13e1df4aeb2a55b8ea579aba60.tar.gz