diff options
author | Kurt Roeckx <kurt@roeckx.be> | 2014-11-30 15:35:22 +0100 |
---|---|---|
committer | Kurt Roeckx <kurt@roeckx.be> | 2014-12-04 11:55:03 +0100 |
commit | 45f55f6a5bdcec411ef08a6f8aae41d5d3d234ad (patch) | |
tree | 56dba3e74061df914c5d4fa2faf89e7a24c6457c /ssl/ssl_cert.c | |
parent | 616f71e486d693991b594439c884ec624b32c2d4 (diff) |
Remove SSLv2 support
The only support for SSLv2 left is receiving a SSLv2 compatible client hello.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'ssl/ssl_cert.c')
-rw-r--r-- | ssl/ssl_cert.c | 9 |
1 files changed, 0 insertions, 9 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 6264fe93c7..f214bafe4a 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -1389,9 +1389,6 @@ static int ssl_security_default_callback(SSL *s, SSL_CTX *ctx, int op, int bits, /* No ciphers below security level */ if (bits < minbits) return 0; - /* No SSLv2 ciphers */ - if ((SSL_CIPHER_get_id(c) >> 24) == 0x2) - return 0; /* No unauthenticated ciphersuites */ if (c->algorithm_auth & SSL_aNULL) return 0; @@ -1410,9 +1407,6 @@ static int ssl_security_default_callback(SSL *s, SSL_CTX *ctx, int op, int bits, break; } case SSL_SECOP_VERSION: - /* SSLv2 allowed only on level zero */ - if (nid == SSL2_VERSION) - return 0; /* SSLv3 not allowed on level 2 */ if (nid <= SSL3_VERSION && level >= 2) return 0; @@ -1432,9 +1426,6 @@ static int ssl_security_default_callback(SSL *s, SSL_CTX *ctx, int op, int bits, if (level >= 3) return 0; break; - case SSL_SECOP_SSL2_COMPAT: - /* SSLv2 compatible client hello only for level zero */ - return 0; default: if (bits < minbits) return 0; |