generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix no-ssl3 configuration option

Browse Source 
CVE-2014-3568

Reviewed-by: Emilia Kasper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Geoff Thorpe
2014-10-15 03:25:50 -04:00
parent 7482705548
commit 62f45cc27d
2 changed files with 16 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
ssl/s23_clnt.c
View File

@@ -125,9 +125,11 @@ static const SSL_METHOD *ssl23_get_client_method(int ver)
if (ver == SSL2_VERSION)
return(SSLv2_client_method());
#endif
#ifndef OPENSSL_NO_SSL3
if (ver == SSL3_VERSION)
return(SSLv3_client_method());
else if (ver == TLS1_VERSION)
#endif
if (ver == TLS1_VERSION)
return(TLSv1_client_method());
else if (ver == TLS1_1_VERSION)
return(TLSv1_1_client_method());
@@ -714,6 +716,7 @@ static int ssl23_get_server_hello(SSL *s)
{
/* we have sslv3 or tls1 (server hello or alert) */
#ifndef OPENSSL_NO_SSL3
if ((p[2] == SSL3_VERSION_MINOR) &&
!(s->options & SSL_OP_NO_SSLv3))
{
@@ -728,7 +731,9 @@ static int ssl23_get_server_hello(SSL *s)
s->version=SSL3_VERSION;
s->method=SSLv3_client_method();
}
else if ((p[2] == TLS1_VERSION_MINOR) &&
else
#endif
if ((p[2] == TLS1_VERSION_MINOR) &&
!(s->options & SSL_OP_NO_TLSv1))
{
s->version=TLS1_VERSION;