From b894ac7f9919aa742371fd35da000d708e5584ab Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 7 Mar 2022 11:56:06 +0100 Subject: [PATCH] ssl_tls12_server.c: Remove some dead code for versions of TLS < 1.2 Signed-off-by: Ronald Cron --- library/ssl_tls12_server.c | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index e9fa63311f..deab271d3b 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -1011,23 +1011,6 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl, } #endif - /* - * Try to select a SHA-1 certificate for pre-1.2 clients, but still - * present them a SHA-higher cert rather than failing if it's the only - * one we got that satisfies the other conditions. - */ - if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 && - cur->cert->sig_md != MBEDTLS_MD_SHA1 ) - { - if( fallback == NULL ) - fallback = cur; - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate not preferred: " - "sha-2 with pre-TLS 1.2 client" ) ); - continue; - } - } - /* If we get there, we got a winner */ break; }