diff options
author | Matt Caswell <matt@openssl.org> | 2017-11-07 10:45:43 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-12-14 15:06:37 +0000 |
commit | a5816a5ab99610201dcec57a0e02b883d9d32891 (patch) | |
tree | dbcdbc8473d14ad1204c345725e6193d299b22d3 /include | |
parent | 88050dd1960bfaba7ede12a3ce1afe40f5deb124 (diff) |
Implement session id TLSv1.3 middlebox compatibility mode
Clients will send a "fake" session id and servers must echo it back.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)
Diffstat (limited to 'include')
-rw-r--r-- | include/openssl/ssl.h | 8 | ||||
-rw-r--r-- | include/openssl/sslerr.h | 1 |
2 files changed, 9 insertions, 0 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index a5251b59cc..48779fa6d2 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -338,9 +338,17 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); # define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000U /* Disable encrypt-then-mac */ # define SSL_OP_NO_ENCRYPT_THEN_MAC 0x00080000U + +/* + * Enable TLSv1.3 Compatibility mode. This is on by default. A future version + * of OpenSSL may have this disabled by default. + */ +# define SSL_OP_ENABLE_MIDDLEBOX_COMPAT 0x00100000U + /* Prioritize Chacha20Poly1305 when client does. * Modifies SSL_OP_CIPHER_SERVER_PREFERENCE */ # define SSL_OP_PRIORITIZE_CHACHA 0x00200000U + /* * Set on servers to choose the cipher according to the server's preferences */ diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h index 364b19809e..3199ab0ff4 100644 --- a/include/openssl/sslerr.h +++ b/include/openssl/sslerr.h @@ -543,6 +543,7 @@ int ERR_load_SSL_strings(void); # define SSL_R_INVALID_NULL_CMD_NAME 385 # define SSL_R_INVALID_SEQUENCE_NUMBER 402 # define SSL_R_INVALID_SERVERINFO_DATA 388 +# define SSL_R_INVALID_SESSION_ID 232 # define SSL_R_INVALID_SRP_USERNAME 357 # define SSL_R_INVALID_STATUS_RESPONSE 328 # define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 |