diff options
-rw-r--r-- | ssl/s23_clnt.c | 3 | ||||
-rw-r--r-- | ssl/s23_srvr.c | 5 |
2 files changed, 0 insertions, 8 deletions
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 53e080ee8e..c4d8bf2eb3 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -305,9 +305,6 @@ static int ssl23_client_hello(SSL *s) ssl2_compat = 0; if (s->tlsext_status_type != -1) ssl2_compat = 0; - if (!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) - ssl2_compat = 0; - #ifdef TLSEXT_TYPE_opaque_prf_input if (s->ctx->tlsext_opaque_prf_input_callback != 0 || s->tlsext_opaque_prf_input != NULL) ssl2_compat = 0; diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index fe479fcbcb..836dd1f1cf 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -495,11 +495,6 @@ int ssl23_get_client_hello(SSL *s) SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); goto err; #else - if (!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) - { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); - goto err; - } /* we are talking sslv2 */ /* we need to clean up the SSLv3/TLSv1 setup and put in the * sslv2 stuff. */ |