diff options
| author | Matt Caswell <matt@openssl.org> | 2015-02-05 17:13:46 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-02-26 23:22:46 +0000 |
| commit | 7a4dadc3a6a487db92619622b820eb4f7be512c9 (patch) | |
| tree | 7f8a5a041266e8781afbb537a60c44700b75f8f6 /ssl | |
| parent | f7812493a0da6b740274135ce340ff7505027057 (diff) | |
Removed support for SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG. Also removed
the "-hack" option from s_server that set this option.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/s3_srvr.c | 25 | ||||
| -rw-r--r-- | ssl/ssl.h | 3 |
2 files changed, 3 insertions, 25 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 8819fed777..6adf4dc2a0 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -148,7 +148,6 @@ * OTHERWISE. */ -#define REUSE_CIPHER_BUG #define NETSCAPE_HANG_BUG #include <stdio.h> @@ -1384,29 +1383,7 @@ int ssl3_get_client_hello(SSL *s) s->tlsext_ticket_expected = 0; } else { /* Session-id reuse */ -#ifdef REUSE_CIPHER_BUG - STACK_OF(SSL_CIPHER) *sk; - SSL_CIPHER *nc = NULL; - SSL_CIPHER *ec = NULL; - - if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG) { - sk = s->session->ciphers; - for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { - c = sk_SSL_CIPHER_value(sk, i); - if (c->algorithm_enc & SSL_eNULL) - nc = c; - if (SSL_C_IS_EXPORT(c)) - ec = c; - } - if (nc != NULL) - s->s3->tmp.new_cipher = nc; - else if (ec != NULL) - s->s3->tmp.new_cipher = ec; - else - s->s3->tmp.new_cipher = s->session->cipher; - } else -#endif - s->s3->tmp.new_cipher = s->session->cipher; + s->s3->tmp.new_cipher = s->session->cipher; } if (!SSL_USE_SIGALGS(s) || !(s->verify_mode & SSL_VERIFY_PEER)) { @@ -480,7 +480,8 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, /* Removed as of OpenSSL 1.1.0 */ # define SSL_OP_NETSCAPE_CA_DN_BUG 0x0 -# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L +/* Removed as of OpenSSL 1.1.0 */ +# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x0L /* * Make server add server-hello extension from early version of cryptopro * draft, when GOST ciphersuite is negotiated. Required for interoperability |