From aa826d88e196ec13e1df4aeb2a55b8ea579aba60 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bodo=20M=C3=B6ller?= <bodo@openssl.org>
Date: Sat, 29 Jul 2000 19:27:20 +0000
Subject: Document rollback issues.

---
 ssl/s23_clnt.c | 1 +
 ssl/s23_srvr.c | 2 ++
 2 files changed, 3 insertions(+)

(limited to 'ssl')

diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index 99a4358255..5050a13ef2 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -367,6 +367,7 @@ static int ssl23_get_server_hello(SSL *s)
 
 		s->state=SSL2_ST_GET_SERVER_HELLO_A;
 		if (!(s->client_version == SSL2_VERSION))
+			/* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */
 			s->s2->ssl2_rollback=1;
 
 		/* setup the 5 bytes we have read so we get them from
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index cbf2f5d836..a81544a1b6 100644
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -499,6 +499,8 @@ int ssl23_get_client_hello(SSL *s)
 			(s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3))
 			s->s2->ssl2_rollback=0;
 		else
+			/* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
+			 * (SSL 3.0 draft/RFC 2246, App. E.2) */
 			s->s2->ssl2_rollback=1;
 
 		/* setup the n bytes we have read so we get them from
-- 
cgit v1.2.3