X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Ft1_lib.c;h=c4670346648a3f1331deea8a9f1c3de989a7b869;hp=667892690b4a69fb119f9a4f2af59b86bdf3b850;hb=fbed9f8158ef50518706798a1488f9af4be3eb7d;hpb=e50858c559b6eaa6088ddab47e05b516b92b73d0

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 667892690b..c467034664 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -971,8 +971,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 	if (!renegotiate_seen && s->new_session &&
 		!(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
 		{
-		/* FIXME: Spec currently doesn't give alert to use */
-		*al = SSL_AD_ILLEGAL_PARAMETER;
+		*al = SSL_AD_HANDSHAKE_FAILURE;
 	 	SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT,
 				SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
 		return 0;
@@ -1161,8 +1160,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 		(s->new_session || !(s->options & SSL_OP_LEGACY_SERVER_CONNECT))
 		&& !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
 		{
-		/* FIXME: Spec currently doesn't give alert to use */
-		*al = SSL_AD_ILLEGAL_PARAMETER;
+		*al = SSL_AD_HANDSHAKE_FAILURE;
 		SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT,
 				SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
 		return 0;