CVSROOT: /cvs Module name: src Changes by: js...@cvs.openbsd.org 2020/05/31 10:36:35
Modified files:
lib/libssl : ssl_clnt.c ssl_locl.h ssl_srvr.c ssl_versions.c
Log message:
Correct downgrade sentinels when a version pinned method is in use.
Previously only the enabled protocol versions were considered, however we
also have to consider the method in use which may be version pinned.
Found the hard way by danj@ with haproxy and force-tlsv12.
ok beck@ inoguchi@ tb@
