diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2009-11-18 15:08:49 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2009-11-18 15:08:49 +0000 |
commit | 7f5448e3a83164ff1be1e57aefe4462db9b30c76 (patch) | |
tree | 157b60e27712afcc38dd77da3e0f344ab6f4ba3d /ssl | |
parent | 5d965f0783713cee4b62794d2fcacebf49d0654e (diff) |
Servers can't end up talking SSLv2 with legacy renegotiation disabled
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s23_srvr.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index ba06e7ae2e..73b7e610e0 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -486,6 +486,11 @@ int ssl23_get_client_hello(SSL *s) SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); goto err; #else + if (!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) + { + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); + goto err; + } /* we are talking sslv2 */ /* we need to clean up the SSLv3/TLSv1 setup and put in the * sslv2 stuff. */ |