generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Experimental workaround to large client hello issue (see PR#2771).

Browse Source 
If OPENSSL_NO_TLS1_2_CLIENT is set then TLS v1.2 is disabled for clients
only.
This commit is contained in:
Dr. Stephen Henson 2012-03-29 19:08:54 +00:00
parent 8c67b13407
commit 418044cbab
1 changed files with 4 additions and 2 deletions

6
ssl/s23_clnt.c

@ -287,12 +287,14 @@ static int ssl23_client_hello(SSL *s)
if (ssl2_compat && ssl23_no_ssl2_ciphers(s)) if (ssl2_compat && ssl23_no_ssl2_ciphers(s))
ssl2_compat = 0; ssl2_compat = 0;
#ifndef OPENSSL_NO_TLS1_2_CLIENT
if (!(s->options & SSL_OP_NO_TLSv1_2)) if (!(s->options & SSL_OP_NO_TLSv1_2))
{ {
version = TLS1_2_VERSION; version = TLS1_2_VERSION;
} }
else if (!(s->options & SSL_OP_NO_TLSv1_1)) else
#endif
if (!(s->options & SSL_OP_NO_TLSv1_1))
{ {
version = TLS1_1_VERSION; version = TLS1_1_VERSION;
} }