Security-163.tar.gz

[apple/security.git] / SecureTransport / ssl2Record.cpp

diff --git a/SecureTransport/ssl2Record.cpp b/SecureTransport/ssl2Record.cpp
index 6cfaafadd99af08d415e6c9b43387b324e9f053e..40ea26a8102b8f34d57563f72ae7d3054e89105c 100644 (file)
--- a/SecureTransport/ssl2Record.cpp
+++ b/SecureTransport/ssl2Record.cpp
@@ -64,7 +64,6 @@ SSL2ReadRecord(SSLRecord &rec, SSLContext *ctx)
     
     switch (ctx->negProtocolVersion)
     {   case SSL_Version_Undetermined:
-        case SSL_Version_3_0_With_2_0_Hello:
         case SSL_Version_2_0:
             break;
         case SSL_Version_3_0:           /* We've negotiated a 3.0 session; 
@@ -72,10 +71,6 @@ SSL2ReadRecord(SSLRecord &rec, SSLContext *ctx)
                case TLS_Version_1_0:
             SSLFatalSessionAlert(SSL_AlertUnexpectedMsg, ctx);
             return errSSLProtocol;
-        case SSL_Version_3_0_Only:      /* We haven't yet negotiated, but 
-                                                                                * we don't want to support 2.0; just 
-                                                                                * die without an alert */
-            return errSSLProtocol;
         default:
             sslErrorLog("bad protocolVersion in ctx->protocolVersion");
                        return errSSLInternal;
@@ -84,11 +79,11 @@ SSL2ReadRecord(SSLRecord &rec, SSLContext *ctx)
     if (!ctx->partialReadBuffer.data || ctx->partialReadBuffer.length < 3)
     {   if (ctx->partialReadBuffer.data)
             if ((err = SSLFreeBuffer(ctx->partialReadBuffer, ctx)) != 0)
-            {   SSLFatalSessionAlert(SSL_AlertCloseNotify, ctx);
+            {   SSL2SendError(SSL2_ErrNoCipher, ctx);
                 return err;
             }
         if ((err = SSLAllocBuffer(ctx->partialReadBuffer, DEFAULT_BUFFER_SIZE, ctx)) != 0)
-        {   SSLFatalSessionAlert(SSL_AlertCloseNotify, ctx);
+        {   SSL2SendError(SSL2_ErrNoCipher, ctx);
             return err;
         }
     }