The -no_legacy_server_connect option applies to client

Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from #18296)
openssl · May 27, 2022 · d1b3b67 · d1b3b67
1 parent 65b2bb9
commit d1b3b67
Show file tree

Hide file tree

Showing 3 changed files with 2 additions and 2 deletions.
diff --git a/doc/man1/openssl-s_client.pod.in b/doc/man1/openssl-s_client.pod.in
@@ -87,6 +87,7 @@ B<openssl> B<s_client>
 [B<-no_comp>]
 [B<-brief>]
 [B<-legacy_server_connect>]
+[B<-no_legacy_server_connect>]
 [B<-allow_no_dhe_kex>]
 [B<-sigalgs> I<sigalglist>]
 [B<-curves> I<curvelist>]

diff --git a/doc/man1/openssl-s_server.pod.in b/doc/man1/openssl-s_server.pod.in
@@ -99,7 +99,6 @@ B<openssl> B<s_server>
 [B<-legacy_renegotiation>]
 [B<-no_renegotiation>]
 [B<-no_resumption_on_reneg>]
-[B<-no_legacy_server_connect>]
 [B<-allow_no_dhe_kex>]
 [B<-prioritize_chacha>]
 [B<-strict>]

diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
@@ -702,7 +702,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
     SSL_CONF_CMD_SWITCH("legacy_server_connect", SSL_CONF_FLAG_CLIENT),
     SSL_CONF_CMD_SWITCH("no_renegotiation", 0),
     SSL_CONF_CMD_SWITCH("no_resumption_on_reneg", SSL_CONF_FLAG_SERVER),
-    SSL_CONF_CMD_SWITCH("no_legacy_server_connect", SSL_CONF_FLAG_SERVER),
+    SSL_CONF_CMD_SWITCH("no_legacy_server_connect", SSL_CONF_FLAG_CLIENT),
     SSL_CONF_CMD_SWITCH("allow_no_dhe_kex", 0),
     SSL_CONF_CMD_SWITCH("prioritize_chacha", SSL_CONF_FLAG_SERVER),
     SSL_CONF_CMD_SWITCH("strict", 0),