1 files changed, 2 insertions, 7 deletions

diff --git a/src/lib/tls/msg_server_hello.cpp b/src/lib/tls/msg_server_hello.cpp
index 67c3d530f..81f9e1f62 100644
--- a/src/lib/tls/msg_server_hello.cpp
+++ b/src/lib/tls/msg_server_hello.cpp
@@ -37,7 +37,7 @@ Server_Hello::Server_Hello(Handshake_IO& io,
       m_extensions.add(new Extended_Master_Secret);
 
    // Sending the extension back does not commit us to sending a stapled response
-   if(client_hello.supports_cert_status_message())
+   if(client_hello.supports_cert_status_message() && policy.support_cert_status_message())
       m_extensions.add(new Certificate_Status_Request);
 
    Ciphersuite c = Ciphersuite::by_id(m_ciphersuite);
@@ -105,7 +105,7 @@ Server_Hello::Server_Hello(Handshake_IO& io,
       m_extensions.add(new Extended_Master_Secret);
 
    // Sending the extension back does not commit us to sending a stapled response
-   if(client_hello.supports_cert_status_message())
+   if(client_hello.supports_cert_status_message() && policy.support_cert_status_message())
       m_extensions.add(new Certificate_Status_Request);
 
    if(client_hello.supports_encrypt_then_mac() && policy.negotiate_encrypt_then_mac())
@@ -115,11 +115,6 @@ Server_Hello::Server_Hello(Handshake_IO& io,
          m_extensions.add(new Encrypt_then_MAC);
       }
 
-   if(client_hello.supports_cert_status_message())
-      {
-      m_extensions.add(new Certificate_Status_Request);
-      }
-
    if(resumed_session.ciphersuite().ecc_ciphersuite())
       {
       m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));