From d1b3b6741380a1d7607da671b97f3fe5f54fa657 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Thu, 12 May 2022 11:53:27 +0200 Subject: [PATCH] The -no_legacy_server_connect option applies to client Reviewed-by: Paul Dale Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/18296) --- doc/man1/openssl-s_client.pod.in | 1 + doc/man1/openssl-s_server.pod.in | 1 - ssl/ssl_conf.c | 2 +- 3 files changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/man1/openssl-s_client.pod.in b/doc/man1/openssl-s_client.pod.in index 0d38d46d25767..6e380cb1475d1 100644 --- a/doc/man1/openssl-s_client.pod.in +++ b/doc/man1/openssl-s_client.pod.in @@ -87,6 +87,7 @@ B B [B<-no_comp>] [B<-brief>] [B<-legacy_server_connect>] +[B<-no_legacy_server_connect>] [B<-allow_no_dhe_kex>] [B<-sigalgs> I] [B<-curves> I] diff --git a/doc/man1/openssl-s_server.pod.in b/doc/man1/openssl-s_server.pod.in index f0f78670ec469..06c2c6d67a8d1 100644 --- a/doc/man1/openssl-s_server.pod.in +++ b/doc/man1/openssl-s_server.pod.in @@ -99,7 +99,6 @@ B B [B<-legacy_renegotiation>] [B<-no_renegotiation>] [B<-no_resumption_on_reneg>] -[B<-no_legacy_server_connect>] [B<-allow_no_dhe_kex>] [B<-prioritize_chacha>] [B<-strict>] diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 767faf2452a6d..b83f9fe3a904c 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -702,7 +702,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { SSL_CONF_CMD_SWITCH("legacy_server_connect", SSL_CONF_FLAG_CLIENT), SSL_CONF_CMD_SWITCH("no_renegotiation", 0), SSL_CONF_CMD_SWITCH("no_resumption_on_reneg", SSL_CONF_FLAG_SERVER), - SSL_CONF_CMD_SWITCH("no_legacy_server_connect", SSL_CONF_FLAG_SERVER), + SSL_CONF_CMD_SWITCH("no_legacy_server_connect", SSL_CONF_FLAG_CLIENT), SSL_CONF_CMD_SWITCH("allow_no_dhe_kex", 0), SSL_CONF_CMD_SWITCH("prioritize_chacha", SSL_CONF_FLAG_SERVER), SSL_CONF_CMD_SWITCH("strict", 0),