Document rollback issues.

[openssl.git] / ssl / s23_srvr.c

diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index cbf2f5d836f189be840273af9d7e2aaaa6ef8d6a..a81544a1b62a99a15f54cfa2960ca97d3bb6580a 100644 (file)
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -499,6 +499,8 @@ int ssl23_get_client_hello(SSL *s)
                        (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3))
                        s->s2->ssl2_rollback=0;
                else
                        (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3))
                        s->s2->ssl2_rollback=0;
                else

+                       /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
+                        * (SSL 3.0 draft/RFC 2246, App. E.2) */

                        s->s2->ssl2_rollback=1;
 
                /* setup the n bytes we have read so we get them from
                        s->s2->ssl2_rollback=1;
 
                /* setup the n bytes we have read so we get them from