The -no_legacy_server_connect option applies to client

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/18296)

diff --git a/doc/man1/openssl-s_client.pod.in b/doc/man1/openssl-s_client.pod.in
index 0d38d46d257670e948f02c0c75d325d60eb62bf4..6e380cb1475d112d278cf681d04742c17bb1dd46 100644 (file)
--- a/doc/man1/openssl-s_client.pod.in
+++ b/doc/man1/openssl-s_client.pod.in
@@ -87,6 +87,7 @@ B<openssl> B<s_client>
 [B<-no_comp>]
 [B<-brief>]
 [B<-legacy_server_connect>]
+[B<-no_legacy_server_connect>]
 [B<-allow_no_dhe_kex>]
 [B<-sigalgs> I<sigalglist>]
 [B<-curves> I<curvelist>]

diff --git a/doc/man1/openssl-s_server.pod.in b/doc/man1/openssl-s_server.pod.in
index f0f78670ec4699e64c63e1bb3aeb0e8f6b4e5bbc..06c2c6d67a8d1790f13cdd1ede7aaccaa448a16b 100644 (file)
--- a/doc/man1/openssl-s_server.pod.in
+++ b/doc/man1/openssl-s_server.pod.in
@@ -99,7 +99,6 @@ B<openssl> B<s_server>
 [B<-legacy_renegotiation>]
 [B<-no_renegotiation>]
 [B<-no_resumption_on_reneg>]
-[B<-no_legacy_server_connect>]
 [B<-allow_no_dhe_kex>]
 [B<-prioritize_chacha>]
 [B<-strict>]

diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 767faf2452a6d1f2b95822d0e78787b3c2e70158..b83f9fe3a904c63d9ce8e1059e04a5de81d5f658 100644 (file)
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -702,7 +702,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
     SSL_CONF_CMD_SWITCH("legacy_server_connect", SSL_CONF_FLAG_CLIENT),
     SSL_CONF_CMD_SWITCH("no_renegotiation", 0),
     SSL_CONF_CMD_SWITCH("no_resumption_on_reneg", SSL_CONF_FLAG_SERVER),
-    SSL_CONF_CMD_SWITCH("no_legacy_server_connect", SSL_CONF_FLAG_SERVER),
+    SSL_CONF_CMD_SWITCH("no_legacy_server_connect", SSL_CONF_FLAG_CLIENT),
     SSL_CONF_CMD_SWITCH("allow_no_dhe_kex", 0),
     SSL_CONF_CMD_SWITCH("prioritize_chacha", SSL_CONF_FLAG_SERVER),
     SSL_CONF_CMD_SWITCH("strict", 0),