diff options
| author | Bodo Moeller <bodo@openssl.org> | 2014-10-15 04:03:28 +0200 |
|---|---|---|
| committer | Bodo Moeller <bodo@openssl.org> | 2014-10-15 04:03:28 +0200 |
| commit | cf6da05304d554aaa885151451aa4ecaa977e601 (patch) | |
| tree | be3b67fd78ae75a3cc8e6b79f934a5db63ea11e4 /ssl/ssl.h | |
| parent | ffa08b3242e0f10f1fef3c93ef3f0b51de8c27a9 (diff) | |
| download | openssl-cf6da05304d554aaa885151451aa4ecaa977e601.tar.gz | |
Support TLS_FALLBACK_SCSV.
Reviewed-by: Stephen Henson <steve@openssl.org>
Diffstat (limited to 'ssl/ssl.h')
| -rw-r--r-- | ssl/ssl.h | 12 |
1 files changed, 11 insertions, 1 deletions
@@ -685,6 +685,10 @@ struct ssl_session_st */ #define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L #define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L +/* Send TLS_FALLBACK_SCSV in the ClientHello. + * To be set by applications that reconnect with a downgraded protocol + * version; see draft-ietf-tls-downgrade-scsv-00 for details. */ +#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L /* Cert related flags */ /* Many implementations ignore some aspects of the TLS standards such as @@ -1693,6 +1697,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE #define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE #define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */ +#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */ #define SSL_ERROR_NONE 0 #define SSL_ERROR_SSL 1 @@ -1832,11 +1837,14 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTRL_SELECT_CURRENT_CERT 116 #define SSL_CTRL_SET_CURRENT_CERT 117 +#define SSL_CTRL_SET_DH_AUTO 118 +#define SSL_CTRL_CHECK_PROTO_VERSION 119 + + #define SSL_CERT_SET_FIRST 1 #define SSL_CERT_SET_NEXT 2 #define SSL_CERT_SET_SERVER 3 -#define SSL_CTRL_SET_DH_AUTO 118 #define DTLSv1_get_timeout(ssl, arg) \ SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) @@ -2869,6 +2877,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_HTTP_REQUEST 156 #define SSL_R_ILLEGAL_PADDING 283 #define SSL_R_ILLEGAL_SUITEB_DIGEST 380 +#define SSL_R_INAPPROPRIATE_FALLBACK 373 #define SSL_R_INCONSISTENT_COMPRESSION 340 #define SSL_R_INVALID_CHALLENGE_LENGTH 158 #define SSL_R_INVALID_COMMAND 280 @@ -3027,6 +3036,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 #define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 #define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 +#define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 #define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 #define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 #define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 |