diff options
author | cperciva <cperciva@FreeBSD.org> | 2005-10-11 11:50:36 +0000 |
---|---|---|
committer | cperciva <cperciva@FreeBSD.org> | 2005-10-11 11:50:36 +0000 |
commit | 45ad6564568cab2c885a1f988888acea3affb183 (patch) | |
tree | e5afbde9137908c4400bdb5e707342f07d9f1e4b /crypto/openssl | |
parent | af96d0663a5a01aa1e67fc0d3a54cba6f2f594b0 (diff) | |
download | FreeBSD-src-45ad6564568cab2c885a1f988888acea3affb183.zip FreeBSD-src-45ad6564568cab2c885a1f988888acea3affb183.tar.gz |
Correct a man-in-the-middle SSL version rollback vulnerability.
Security: FreeBSD-SA-05:21.openssl
Diffstat (limited to 'crypto/openssl')
-rw-r--r-- | crypto/openssl/ssl/s23_srvr.c | 7 |
1 files changed, 1 insertions, 6 deletions
diff --git a/crypto/openssl/ssl/s23_srvr.c b/crypto/openssl/ssl/s23_srvr.c index c5404ca..5139477 100644 --- a/crypto/openssl/ssl/s23_srvr.c +++ b/crypto/openssl/ssl/s23_srvr.c @@ -268,9 +268,6 @@ int ssl23_get_client_hello(SSL *s) int n=0,j; int type=0; int v[2]; -#ifndef OPENSSL_NO_RSA - int use_sslv2_strong=0; -#endif if (s->state == SSL23_ST_SR_CLNT_HELLO_A) { @@ -519,9 +516,7 @@ int ssl23_get_client_hello(SSL *s) } s->state=SSL2_ST_GET_CLIENT_HELLO_A; - if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) || - use_sslv2_strong || - (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)) + if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3) s->s2->ssl2_rollback=0; else /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 |