Bodo Möller 37569e64e8 Fix SSL 2.0 rollback checking: The previous implementation of the ...

test was never triggered due to an off-by-one error.

In s23_clnt.c, don't use special rollback-attack detection padding
(RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the
client; similarly, in s23_srvr.c, don't do the rollback check if
SSL 2.0 is the only protocol enabled in the server.

2000-07-29 18:50:41 +00:00

4.8 KiB

Raw Blame History

View Raw