generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove SSLv2 support

Browse Source 
The only support for SSLv2 left is receiving a SSLv2 compatible client hello.

Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Kurt Roeckx
2014-11-30 15:35:22 +01:00
parent 616f71e486
commit 45f55f6a5b
69 changed files with 235 additions and 5575 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
ssl/ssl_cert.c
View File

@@ -1389,9 +1389,6 @@ static int ssl_security_default_callback(SSL *s, SSL_CTX *ctx, int op, int bits,
/* No ciphers below security level */
if (bits < minbits)
return 0;
/* No SSLv2 ciphers */
if ((SSL_CIPHER_get_id(c) >> 24) == 0x2)
return 0;
/* No unauthenticated ciphersuites */
if (c->algorithm_auth & SSL_aNULL)
return 0;
@@ -1410,9 +1407,6 @@ static int ssl_security_default_callback(SSL *s, SSL_CTX *ctx, int op, int bits,
break;
}
case SSL_SECOP_VERSION:
/* SSLv2 allowed only on level zero */
if (nid == SSL2_VERSION)
return 0;
/* SSLv3 not allowed on level 2 */
if (nid <= SSL3_VERSION && level >= 2)
return 0;
@@ -1432,9 +1426,6 @@ static int ssl_security_default_callback(SSL *s, SSL_CTX *ctx, int op, int bits,
if (level >= 3)
return 0;
break;
case SSL_SECOP_SSL2_COMPAT:
/* SSLv2 compatible client hello only for level zero */
return 0;
default:
if (bits < minbits)
return 0;