|
@@ -271,6 +271,18 @@ int ssl3_accept(SSL *s)
|
|
|
s->state=SSL3_ST_SR_CLNT_HELLO_A;
|
|
|
s->ctx->stats.sess_accept++;
|
|
|
}
|
|
|
+ else if (!s->s3->send_connection_binding &&
|
|
|
+ !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
|
|
|
+ {
|
|
|
+ /* Server attempting to renegotiate with
|
|
|
+ * client that doesn't support secure
|
|
|
+ * renegotiation.
|
|
|
+ */
|
|
|
+ SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
|
|
|
+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
|
|
|
+ ret = -1;
|
|
|
+ goto end;
|
|
|
+ }
|
|
|
else
|
|
|
{
|
|
|
/* s->state == SSL_ST_RENEGOTIATE,
|