Index: ssl/s3_srvr.c =================================================================== RCS file: /e/openssl/cvs/openssl/ssl/s3_srvr.c,v retrieving revision 1.126.2.28 diff -u -r1.126.2.28 s3_srvr.c --- ssl/s3_srvr.c 20 Sep 2009 12:53:42 -0000 1.126.2.28 +++ ssl/s3_srvr.c 5 Nov 2009 06:51:16 -0000 @@ -718,6 +718,13 @@ #endif STACK_OF(SSL_CIPHER) *ciphers=NULL; + if (s->new_session) + { + al=SSL_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_RENEGOTIATION); + goto f_err; + } + /* We do this so that we will respond with our native type. * If we are TLSv1 and we get SSLv3, we will respond with TLSv1, * This down switching should be handled by a different method. Index: ssl/ssl.h =================================================================== RCS file: /e/openssl/cvs/openssl/ssl/ssl.h,v retrieving revision 1.161.2.27 diff -u -r1.161.2.27 ssl.h --- ssl/ssl.h 12 Sep 2009 23:18:43 -0000 1.161.2.27 +++ ssl/ssl.h 5 Nov 2009 06:51:17 -0000 @@ -1969,6 +1969,7 @@ #define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 #define SSL_R_NO_PROTOCOLS_AVAILABLE 191 #define SSL_R_NO_PUBLICKEY 192 +#define SSL_R_NO_RENEGOTIATION 319 #define SSL_R_NO_SHARED_CIPHER 193 #define SSL_R_NO_VERIFY_CALLBACK 194 #define SSL_R_NULL_SSL_CTX 195 Index: ssl/ssl_err.c =================================================================== RCS file: /e/openssl/cvs/openssl/ssl/ssl_err.c,v retrieving revision 1.53.2.14 diff -u -r1.53.2.14 ssl_err.c --- ssl/ssl_err.c 26 Aug 2009 11:54:14 -0000 1.53.2.14 +++ ssl/ssl_err.c 5 Nov 2009 06:51:18 -0000 @@ -388,6 +388,7 @@ {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"}, {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"}, {ERR_REASON(SSL_R_NO_PUBLICKEY) ,"no publickey"}, +{ERR_REASON(SSL_R_NO_RENEGOTIATION) ,"no renegotiation"}, {ERR_REASON(SSL_R_NO_SHARED_CIPHER) ,"no shared cipher"}, {ERR_REASON(SSL_R_NO_VERIFY_CALLBACK) ,"no verify callback"}, {ERR_REASON(SSL_R_NULL_SSL_CTX) ,"null ssl ctx"},