summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ssl/t1_lib.c6
1 files changed, 2 insertions, 4 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 26b8bf98cc..4eb6d13840 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -971,8 +971,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
if (!renegotiate_seen && s->new_session &&
!(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
{
- /* FIXME: Spec currently doesn't give alert to use */
- *al = SSL_AD_ILLEGAL_PARAMETER;
+ *al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT,
SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
return 0;
@@ -1161,8 +1160,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
(s->new_session || !(s->options & SSL_OP_LEGACY_SERVER_CONNECT))
&& !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
{
- /* FIXME: Spec currently doesn't give alert to use */
- *al = SSL_AD_ILLEGAL_PARAMETER;
+ *al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT,
SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
return 0;
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-30 22:19:12 +0000