PR: 2171

Submitted by: Tomas Mraz <tmraz@redhat.com> Since SSLv2 doesn't support renegotiation at all don't reject it if legacy renegotiation isn't enabled. Also can now use SSL2 compatible client hello because RFC5746 supports it.
author: Dr. Stephen Henson <steve@openssl.org> 2010-02-16 14:20:40 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2010-02-16 14:20:40 +0000
commit: 45d6a15ae97fce06d50a5b33d403a44c39d89ff8 (patch)
tree: 3f3be619b0ef42e1f027fbbafc156b89aee4888b /ssl/s23_clnt.c
parent: 6c6ca18664c05abaeca483e60696baa59523b317 (diff)
1 files changed, 0 insertions, 3 deletions
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index 53e080ee8e..c4d8bf2eb3 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -305,9 +305,6 @@ static int ssl23_client_hello(SSL *s)
 			ssl2_compat = 0;
 		if (s->tlsext_status_type != -1)
 			ssl2_compat = 0;
-		if (!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
-			ssl2_compat = 0;
-		
 #ifdef TLSEXT_TYPE_opaque_prf_input
 		if (s->ctx->tlsext_opaque_prf_input_callback != 0 || s->tlsext_opaque_prf_input != NULL)
 			ssl2_compat = 0;
author	Dr. Stephen Henson <steve@openssl.org>	2010-02-16 14:20:40 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2010-02-16 14:20:40 +0000
commit	45d6a15ae97fce06d50a5b33d403a44c39d89ff8 (patch)
tree	3f3be619b0ef42e1f027fbbafc156b89aee4888b /ssl/s23_clnt.c
parent	6c6ca18664c05abaeca483e60696baa59523b317 (diff)