diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2012-03-29 19:08:54 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2012-03-29 19:08:54 +0000 |
| commit | 418044cbab5720dbefe6182c8db377102ac61f74 (patch) | |
| tree | 6527dc3fbe3f8c9a3b9f2ba21312510ae5896d47 /ssl/s23_clnt.c | |
| parent | 8c67b13407b06dd9d2c3449356e9348925e79d0c (diff) | |
Experimental workaround to large client hello issue (see PR#2771).
If OPENSSL_NO_TLS1_2_CLIENT is set then TLS v1.2 is disabled for clients
only.
Diffstat (limited to 'ssl/s23_clnt.c')
| -rw-r--r-- | ssl/s23_clnt.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index b3c48232d7..13412f26aa 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -287,12 +287,14 @@ static int ssl23_client_hello(SSL *s) if (ssl2_compat && ssl23_no_ssl2_ciphers(s)) ssl2_compat = 0; - +#ifndef OPENSSL_NO_TLS1_2_CLIENT if (!(s->options & SSL_OP_NO_TLSv1_2)) { version = TLS1_2_VERSION; } - else if (!(s->options & SSL_OP_NO_TLSv1_1)) + else +#endif + if (!(s->options & SSL_OP_NO_TLSv1_1)) { version = TLS1_1_VERSION; } |