PR: 2171

Submitted by: Tomas Mraz <tmraz@redhat.com> Since SSLv2 doesn't support renegotiation at all don't reject it if legacy renegotiation isn't enabled. Also can now use SSL2 compatible client hello because RFC5746 supports it.
2010-02-16 14:19:42 +00:00
parent 1b690c1a8b
commit b50ef8b216
2 changed files with 0 additions and 7 deletions
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -235,8 +235,6 @@ static int ssl23_client_hello(SSL *s)
 			ssl2_compat = 0;
 		if (s->tlsext_status_type != -1)
 			ssl2_compat = 0;
-		if (!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
-			ssl2_compat = 0;
 		}
 #endif