summaryrefslogtreecommitdiffstats
path: root/crypto/openssl/ssl/s3_srvr.c
diff options
context:
space:
mode:
authorsimon <simon@FreeBSD.org>2010-12-03 22:59:54 +0000
committersimon <simon@FreeBSD.org>2010-12-03 22:59:54 +0000
commit2e755187682578966c1ec502dbfe70c798a908b4 (patch)
tree001121d5a23a0b1561ac01281edf7c5f1cb0972a /crypto/openssl/ssl/s3_srvr.c
parent477858ee257a6cd5108309ebe5f2cc80ab26c5e1 (diff)
parentae03beb758270fb19d741c93f7bfde88a6635612 (diff)
downloadFreeBSD-src-2e755187682578966c1ec502dbfe70c798a908b4.zip
FreeBSD-src-2e755187682578966c1ec502dbfe70c798a908b4.tar.gz
Merge OpenSSL 0.9.8q into head.
Security: CVE-2010-4180 Security: http://www.openssl.org/news/secadv_20101202.txt MFC after: 3 days
Diffstat (limited to 'crypto/openssl/ssl/s3_srvr.c')
-rw-r--r--crypto/openssl/ssl/s3_srvr.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/crypto/openssl/ssl/s3_srvr.c b/crypto/openssl/ssl/s3_srvr.c
index e696450..e2d570f 100644
--- a/crypto/openssl/ssl/s3_srvr.c
+++ b/crypto/openssl/ssl/s3_srvr.c
@@ -927,6 +927,10 @@ int ssl3_get_client_hello(SSL *s)
break;
}
}
+/* Disabled because it can be used in a ciphersuite downgrade
+ * attack: CVE-2010-4180.
+ */
+#if 0
if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1))
{
/* Special case as client bug workaround: the previously used cipher may
@@ -941,6 +945,7 @@ int ssl3_get_client_hello(SSL *s)
j = 1;
}
}
+#endif
if (j == 0)
{
/* we need to have the cipher in the cipher
OpenPOWER on IntegriCloud