Validate legacy_version

The spec says that a client MUST set legacy_version to TLSv1.2, and requires servers to verify that it isn't SSLv3. Fixes #6600 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6747)
author: Matt Caswell <matt@openssl.org> 2018-07-19 16:51:58 +0100
committer: Matt Caswell <matt@openssl.org> 2018-07-20 10:52:02 +0100
commit: d8434cf85691f32a17dcdfed6e81769a001074dd (patch)
tree: 60081d7183d042598d3ba886ab9f607b41d2c354 /include
parent: d6ce9da49b131cad85da8c94c617febf6c8d9073 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
index 9eba6d8fd5..a5b2c55942 100644
--- a/include/openssl/sslerr.h
+++ b/include/openssl/sslerr.h
@@ -471,6 +471,7 @@ int ERR_load_SSL_strings(void);
 # define SSL_R_BAD_HRR_VERSION                            263
 # define SSL_R_BAD_KEY_SHARE                              108
 # define SSL_R_BAD_KEY_UPDATE                             122
+# define SSL_R_BAD_LEGACY_VERSION                         292
 # define SSL_R_BAD_LENGTH                                 271
 # define SSL_R_BAD_PACKET                                 240
 # define SSL_R_BAD_PACKET_LENGTH                          115
author	Matt Caswell <matt@openssl.org>	2018-07-19 16:51:58 +0100
committer	Matt Caswell <matt@openssl.org>	2018-07-20 10:52:02 +0100
commit	d8434cf85691f32a17dcdfed6e81769a001074dd (patch)
tree	60081d7183d042598d3ba886ab9f607b41d2c354 /include
parent	d6ce9da49b131cad85da8c94c617febf6c8d9073 (diff)