diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index cec6f8c8..b51ddf7a 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -288,17 +288,10 @@ static int ssl23_client_hello(SSL *s) * TLS1>=1, it would be insufficient to pass SSL_NO_TLSv1, the * answer is SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2. */ - mask = SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1 - |SSL_OP_NO_SSLv3 - ; -#if !defined(OPENSSL_NO_TLS1_2_CLIENT) + mask = SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3; version = TLS1_2_VERSION; - if ((options & SSL_OP_NO_TLSv1_2) && (options & mask) != mask) version = TLS1_1_VERSION; -#else - version = TLS1_1_VERSION; -#endif mask &= ~SSL_OP_NO_TLSv1_1; if ((options & SSL_OP_NO_TLSv1_1) && (options & mask) != mask) version = TLS1_VERSION; diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index ec054d26..720ab54d 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1151,11 +1151,8 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) s->max_cert_list=larg; return(l); case SSL_CTRL_SET_MTU: -#ifndef OPENSSL_NO_DTLS1 if (larg < (long)dtls1_min_mtu()) return 0; -#endif - if (SSL_IS_DTLS(s)) { s->d1->mtu = larg;