diff options
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/t1_lib.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index ce24f89746..8b53112770 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -705,8 +705,8 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in * which doesn't support RI so for the immediate future tolerate RI * absence on initial connect only. */ - if (!renegotiate_seen && - (s->new_session || !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)) + if (!renegotiate_seen + && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT) && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) { *al = SSL_AD_HANDSHAKE_FAILURE; |