Continuing TLS v1.2 support: add support for server parsing of

signature algorithms extension and correct signature format for server key exchange. All ciphersuites should now work on the server but no client support and no client certificate support yet.
author: Dr. Stephen Henson <steve@openssl.org> 2011-05-06 13:00:07 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-05-06 13:00:07 +0000
commit: 6b7be581e52761b2a0dc5dcf35214ff813b9f9f0 (patch)
tree: 7dddced56537e33ca1f45aa60d17edaee899ed3d /apps
parent: c1847111248cc71091e169311e0f8ba4b9acf8f3 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/apps/s_server.c b/apps/s_server.c
index de481f7794..56362aa95c 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1526,6 +1526,9 @@ bad:
 	SSL_CTX_set_quiet_shutdown(ctx,1);
 	if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);
 	if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
+	/* HACK while TLS v1.2 is disabled by default */
+	if (!(off & SSL_OP_NO_TLSv1_2))
+		SSL_CTX_clear_options(ctx, SSL_OP_NO_TLSv1_2);
 	SSL_CTX_set_options(ctx,off);
 	/* DTLS: partial reads end up discarding unread UDP bytes :-( 
 	 * Setting read ahead solves this problem.
author	Dr. Stephen Henson <steve@openssl.org>	2011-05-06 13:00:07 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-05-06 13:00:07 +0000
commit	6b7be581e52761b2a0dc5dcf35214ff813b9f9f0 (patch)
tree	7dddced56537e33ca1f45aa60d17edaee899ed3d /apps
parent	c1847111248cc71091e169311e0f8ba4b9acf8f3 (diff)