Update from 1.0.0-stable

author: Dr. Stephen Henson <steve@openssl.org> 2009-04-08 16:16:35 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2009-04-08 16:16:35 +0000
commit: 22c98d4aad76f39ab19e5b63e1448c7d28ca7617 (patch)
tree: 5fbd0b38a159c7b210b3456707ae7c0f44ca8b06 /ssl/s23_clnt.c
parent: cc7399e79cbe45ad363d2a67dd04cb599f9481eb (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index 0912528f89..a71311e716 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -250,6 +250,20 @@ end:
 	return(ret);
 	}
 
+static int ssl23_no_ssl2_ciphers(SSL *s)
+	{
+	SSL_CIPHER *cipher;
+	STACK_OF(SSL_CIPHER) *ciphers;
+	int i;
+	ciphers = SSL_get_ciphers(s);
+	for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++)
+		{
+		cipher = sk_SSL_CIPHER_value(ciphers, i);
+		if (cipher->algorithm_ssl == SSL_SSLV2)
+			return 0;
+		}
+	return 1;
+	}
 
 static int ssl23_client_hello(SSL *s)
 	{
@@ -264,6 +278,9 @@ static int ssl23_client_hello(SSL *s)
 
 	ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1;
 
+	if (ssl2_compat && ssl23_no_ssl2_ciphers(s))
+		ssl2_compat = 0;
+
 	if (!(s->options & SSL_OP_NO_TLSv1))
 		{
 		version = TLS1_VERSION;
author	Dr. Stephen Henson <steve@openssl.org>	2009-04-08 16:16:35 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2009-04-08 16:16:35 +0000
commit	22c98d4aad76f39ab19e5b63e1448c7d28ca7617 (patch)
tree	5fbd0b38a159c7b210b3456707ae7c0f44ca8b06 /ssl/s23_clnt.c
parent	cc7399e79cbe45ad363d2a67dd04cb599f9481eb (diff)