X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Ft1_enc.c;h=ecd2d6cbb557640bf8afb5c875e0d48e6314a809;hp=b80525f3badea9e50cf61c3d99ec416e3906c980;hb=c21506ba024adb6d5655a92d61c1d3824e5dedcf;hpb=00f1628eaccac9be1f3941d20f387fa9a7063b30

diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index b80525f3ba..ecd2d6cbb5 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -483,13 +483,18 @@ printf("\nkey block\n");
 { int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
 #endif
 
-	/* enable vulnerability countermeasure for CBC ciphers with
-	 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) */
-	s->s3->need_empty_fragments = 1;
+	if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
+		{
+		/* enable vulnerability countermeasure for CBC ciphers with
+		 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
+		 */
+		s->s3->need_empty_fragments = 1;
+
 #ifndef NO_RC4
-	if ((s->session->cipher != NULL) && ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4))
-		s->s3->need_empty_fragments = 0;
+		if ((s->session->cipher != NULL) && ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4))
+			s->s3->need_empty_fragments = 0;
 #endif
+		}
 		
 	return(1);
 err: