From 37569e64e8012014a4b027d896da6c6cdf372507 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Sat, 29 Jul 2000 18:50:41 +0000 Subject: Fix SSL 2.0 rollback checking: The previous implementation of the test was never triggered due to an off-by-one error. In s23_clnt.c, don't use special rollback-attack detection padding (RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the client; similarly, in s23_srvr.c, don't do the rollback check if SSL 2.0 is the only protocol enabled in the server. --- ssl/s23_clnt.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'ssl/s23_clnt.c') diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index aaedf6a9bb..99a4358255 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -366,7 +366,8 @@ static int ssl23_get_server_hello(SSL *s) } s->state=SSL2_ST_GET_SERVER_HELLO_A; - s->s2->ssl2_rollback=1; + if (!(s->client_version == SSL2_VERSION)) + s->s2->ssl2_rollback=1; /* setup the 5 bytes we have read so we get them from * the sslv2 buffer */ -- cgit v1.2.3