}
int SSL_renegotiate_abbreviated(SSL *s)
-{
+ {
if (s->renegotiate == 0)
s->renegotiate=1;
-
+
s->new_session=0;
-
+
return(s->method->ssl_renegotiate(s));
-}
+ }
int SSL_renegotiate_pending(SSL *s)
{
s->max_cert_list=larg;
return(l);
case SSL_CTRL_SET_MTU:
+ if (larg < (long)dtls1_min_mtu())
+ return 0;
+
if (SSL_version(s) == DTLS1_VERSION ||
SSL_version(s) == DTLS1_BAD_VER)
{
c=sk_SSL_CIPHER_value(sk,i);
/* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
if ((c->algorithm_ssl & SSL_TLSV1_2) &&
- (TLS1_get_version(s) < TLS1_2_VERSION))
+ (TLS1_get_client_version(s) < TLS1_2_VERSION))
continue;
#ifndef OPENSSL_NO_KRB5
if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) &&
* deployed might change this.
*/
ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
- /* Disable TLS v1.2 by default for now */
- ret->options |= SSL_OP_NO_TLSv1_2;
return(ret);
err:
IMPLEMENT_STACK_OF(SSL_COMP)
IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
ssl_cipher_id);
-