diff options
author | Bodo Möller <bodo@openssl.org> | 2011-02-03 10:42:00 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2011-02-03 10:42:00 +0000 |
commit | 346601bc3255c6728785fedfe27d9f923a33afaf (patch) | |
tree | 902650103f61a6993821f3a9084cd20c1479d157 /ssl/s3_srvr.c | |
parent | 5080fbbef024e8dca56f2ce94cef0c37a2bf3bcb (diff) | |
download | openssl-new-346601bc3255c6728785fedfe27d9f923a33afaf.tar.gz |
CVE-2010-4180 fix (from OpenSSL_1_0_0-stable)
Diffstat (limited to 'ssl/s3_srvr.c')
-rw-r--r-- | ssl/s3_srvr.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index b1071da262..1b99a946a7 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -986,6 +986,10 @@ int ssl3_get_client_hello(SSL *s) break; } } +/* Disabled because it can be used in a ciphersuite downgrade + * attack: CVE-2010-4180. + */ +#if 0 if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1)) { /* Special case as client bug workaround: the previously used cipher may @@ -1000,6 +1004,7 @@ int ssl3_get_client_hello(SSL *s) j = 1; } } +#endif if (j == 0) { /* we need to have the cipher in the cipher |