Make DTLS1_BAD_VER work with DTLS_client_method() (032924c4) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

Commit 032924c4 authored Jul 25, 2016 by

David Woodhouse Committed by Matt Caswell Aug 04, 2016

Make DTLS1_BAD_VER work with DTLS_client_method()

DTLSv1_client_method() is deprecated, but it was the only way to obtain
DTLS1_BAD_VER support. The SSL_OP_CISCO_ANYCONNECT hack doesn't work with
DTLS_client_method(), and it's relatively non-trivial to make it work without
expanding the hack into lots of places.

So deprecate SSL_OP_CISCO_ANYCONNECT with DTLSv1_client_method(), and make
it work with SSL_CTX_set_{min,max}_proto_version(DTLS1_BAD_VER) instead.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

parent 387cf213

Hide whitespace changes

Inline Side-by-side

Please register or to comment