-/* $OpenBSD: s23_srvr.c,v 1.46 2015/10/25 15:49:04 doug Exp $ */
+/* $OpenBSD: s23_srvr.c,v 1.47 2016/07/16 04:42:35 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
/* we have SSLv3/TLSv1 in an SSLv2 header
* (other cases skip this state) */
+ /*
+ * Limit the support of "backward compatible" headers
+ * only to "backward" versions of TLS. If we have moved
+ * on to modernity, just say no.
+ */
+ if (s->options & SSL_OP_NO_TLSv1)
+ goto unsupported;
+
type = 2;
p = s->packet;
v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
-/* $OpenBSD: s23_srvr.c,v 1.46 2015/10/25 15:49:04 doug Exp $ */
+/* $OpenBSD: s23_srvr.c,v 1.47 2016/07/16 04:42:35 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
/* we have SSLv3/TLSv1 in an SSLv2 header
* (other cases skip this state) */
+ /*
+ * Limit the support of "backward compatible" headers
+ * only to "backward" versions of TLS. If we have moved
+ * on to modernity, just say no.
+ */
+ if (s->options & SSL_OP_NO_TLSv1)
+ goto unsupported;
+
type = 2;
p = s->packet;
v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
projects / openbsd / commitdiff