Don't use SSLv2 compatible client hello if we don't tolerate legacy renegotiation

author: Dr. Stephen Henson <steve@openssl.org> 2009-11-18 14:43:27 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2009-11-18 14:43:27 +0000
commit: 5d965f0783713cee4b62794d2fcacebf49d0654e (patch)
tree: 085de77aa1f04e6281602bbd8ac5faf58991a2b3 /ssl/s23_clnt.c
parent: b14713c231be252894ce6f0573ee2eff0694fc07 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index de0238935a..70425997df 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -235,6 +235,8 @@ static int ssl23_client_hello(SSL *s)
 			ssl2_compat = 0;
 		if (s->tlsext_status_type != -1)
 			ssl2_compat = 0;
+		if (!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
+			ssl2_compat = 0;
 		}
 #endif
author	Dr. Stephen Henson <steve@openssl.org>	2009-11-18 14:43:27 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2009-11-18 14:43:27 +0000
commit	5d965f0783713cee4b62794d2fcacebf49d0654e (patch)
tree	085de77aa1f04e6281602bbd8ac5faf58991a2b3 /ssl/s23_clnt.c
parent	b14713c231be252894ce6f0573ee2eff0694fc07 (diff)