Allow using -SSLv2 again when setting Protocol in the config.

[openssl.git] / ssl / ssl_conf.c

diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 419400aa2408f6757784f3301c92105955600287..95ca88adfe4ccc419801d18a255f5c7ccd4df810 100644 (file)
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -198,7 +198,6 @@ static int ctrl_str_option(SSL_CONF_CTX *cctx, const char *cmd)
        {
        static const ssl_flag_tbl ssl_option_single[] =
                {
-               SSL_FLAG_TBL("no_ssl2", SSL_OP_NO_SSLv2),
                SSL_FLAG_TBL("no_ssl3", SSL_OP_NO_SSLv3),
                SSL_FLAG_TBL("no_tls1", SSL_OP_NO_TLSv1),
                SSL_FLAG_TBL("no_tls1_1", SSL_OP_NO_TLSv1_1),
@@ -212,6 +211,7 @@ static int ctrl_str_option(SSL_CONF_CTX *cctx, const char *cmd)
                SSL_FLAG_TBL_SRV("serverpref", SSL_OP_CIPHER_SERVER_PREFERENCE),
                SSL_FLAG_TBL("legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION),
                SSL_FLAG_TBL_SRV("legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT),
+               SSL_FLAG_TBL_SRV("no_resumption_on_reneg", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION),
                SSL_FLAG_TBL_SRV_INV("no_legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT),
                SSL_FLAG_TBL_CERT("strict", SSL_CERT_FLAG_TLS_STRICT),
 #ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
@@ -355,6 +355,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
                SSL_FLAG_TBL("Bugs", SSL_OP_ALL),
                SSL_FLAG_TBL_INV("Compression", SSL_OP_NO_COMPRESSION),
                SSL_FLAG_TBL_SRV("ServerPreference", SSL_OP_CIPHER_SERVER_PREFERENCE),
+               SSL_FLAG_TBL_SRV("NoResumptionOnRenegotiation", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION),
                SSL_FLAG_TBL_SRV("DHSingle", SSL_OP_SINGLE_DH_USE),
                SSL_FLAG_TBL_SRV("ECDHSingle", SSL_OP_SINGLE_ECDH_USE),
                SSL_FLAG_TBL("UnsafeLegacyRenegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION),