projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Turn on TLSv1.3 downgrade protection by default
[openssl.git] / ssl / statem / statem_lib.c
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index d04f8773debc188e0d8c1235148d75a4638f4dcd..38121b7fd2552d02f084b394694556fcb97ccbd7 100644 (file)
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1914,7 +1914,6 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions)
         if (s->version != vent->version)
             continue;
 
-#ifndef OPENSSL_NO_TLS13DOWNGRADE
         /* Check for downgrades */
         if (s->version == TLS1_2_VERSION && highver > s->version) {
             if (memcmp(tls12downgrade,
@@ -1941,7 +1940,6 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions)
                 return 0;
             }
         }
-#endif
 
         s->method = method;
         return 1;
Unnamed repository; edit this file 'description' to name the repository.