From 8f747e37ca75852d11cbdf34b74825c397e6fdba Mon Sep 17 00:00:00 2001
From: Jay Sorg <jay.sorg@gmail.com>
Date: Thu, 25 Aug 2016 11:38:03 -0700
Subject: always set SSL_OP_NO_SSLv2 in TLS options

---
 common/ssl_calls.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

(limited to 'common')

diff --git a/common/ssl_calls.c b/common/ssl_calls.c
index 04e7a177..2d3b2dfa 100644
--- a/common/ssl_calls.c
+++ b/common/ssl_calls.c
@@ -601,14 +601,11 @@ ssl_tls_accept(struct ssl_tls *self, int disableSSLv3,
      * SSLv3 is used by, eg. Microsoft RDC for Mac OS X.
      * No SSLv3 if disableSSLv3=yes so only tls used
      */
+    options |= SSL_OP_NO_SSLv2;
     if (disableSSLv3)
     {
         options |= SSL_OP_NO_SSLv3;
     }
-    else
-    {
-        options |= SSL_OP_NO_SSLv2;
-    }
 
 #if defined(SSL_OP_NO_COMPRESSION)
     /**
-- 
cgit v1.2.1