From 6b7be581e52761b2a0dc5dcf35214ff813b9f9f0 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Fri, 6 May 2011 13:00:07 +0000
Subject: Continuing TLS v1.2 support: add support for server parsing of
 signature algorithms extension and correct signature format for server key
 exchange.

All ciphersuites should now work on the server but no client support and
no client certificate support yet.
---
 apps/s_server.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'apps')

diff --git a/apps/s_server.c b/apps/s_server.c
index de481f7794..56362aa95c 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1526,6 +1526,9 @@ bad:
 	SSL_CTX_set_quiet_shutdown(ctx,1);
 	if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);
 	if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
+	/* HACK while TLS v1.2 is disabled by default */
+	if (!(off & SSL_OP_NO_TLSv1_2))
+		SSL_CTX_clear_options(ctx, SSL_OP_NO_TLSv1_2);
 	SSL_CTX_set_options(ctx,off);
 	/* DTLS: partial reads end up discarding unread UDP bytes :-( 
 	 * Setting read ahead solves this problem.
-- 
cgit v1.2.3