d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Correct a man-in-the-middle SSL version rollback vulnerability.

Browse Source 
Security:	FreeBSD-SA-05:21.openssl
This commit is contained in:
Colin Percival 2005-10-11 11:50:36 +00:00
parent 547faba51c
commit 51ce0d091c
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=151233
1 changed files with 1 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
crypto/openssl/ssl/s23_srvr.c
View File

@ -268,9 +268,6 @@ int ssl23_get_client_hello(SSL *s)
int n=0,j;
int type=0;
int v[2];
#ifndef OPENSSL_NO_RSA
int use_sslv2_strong=0;
#endif
if (s->state == SSL23_ST_SR_CLNT_HELLO_A)
{
@ -519,9 +516,7 @@ int ssl23_get_client_hello(SSL *s)
}
s->state=SSL2_ST_GET_CLIENT_HELLO_A;
if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) ||
use_sslv2_strong ||
(s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3))
if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
s->s2->ssl2_rollback=0;
else
/* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0