diff options
author | Matt Caswell <matt@openssl.org> | 2018-07-19 16:51:58 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-07-20 10:52:02 +0100 |
commit | d8434cf85691f32a17dcdfed6e81769a001074dd (patch) | |
tree | 60081d7183d042598d3ba886ab9f607b41d2c354 /include | |
parent | d6ce9da49b131cad85da8c94c617febf6c8d9073 (diff) |
Validate legacy_version
The spec says that a client MUST set legacy_version to TLSv1.2, and
requires servers to verify that it isn't SSLv3.
Fixes #6600
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6747)
Diffstat (limited to 'include')
-rw-r--r-- | include/openssl/sslerr.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h index 9eba6d8fd5..a5b2c55942 100644 --- a/include/openssl/sslerr.h +++ b/include/openssl/sslerr.h @@ -471,6 +471,7 @@ int ERR_load_SSL_strings(void); # define SSL_R_BAD_HRR_VERSION 263 # define SSL_R_BAD_KEY_SHARE 108 # define SSL_R_BAD_KEY_UPDATE 122 +# define SSL_R_BAD_LEGACY_VERSION 292 # define SSL_R_BAD_LENGTH 271 # define SSL_R_BAD_PACKET 240 # define SSL_R_BAD_PACKET_LENGTH 115 |