Validate legacy_version

The spec says that a client MUST set legacy_version to TLSv1.2, and requires servers to verify that it isn't SSLv3. Fixes #6600 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6747)
author: Matt Caswell <matt@openssl.org> 2018-07-19 16:51:58 +0100
committer: Matt Caswell <matt@openssl.org> 2018-07-20 10:52:02 +0100
commit: d8434cf85691f32a17dcdfed6e81769a001074dd (patch)
tree: 60081d7183d042598d3ba886ab9f607b41d2c354 /ssl/ssl_err.c
parent: d6ce9da49b131cad85da8c94c617febf6c8d9073 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 9ce643ae8e..d3e805636f 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -757,6 +757,7 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HRR_VERSION), "bad hrr version"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_KEY_SHARE), "bad key share"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_KEY_UPDATE), "bad key update"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_LEGACY_VERSION), "bad legacy version"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_LENGTH), "bad length"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PACKET), "bad packet"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PACKET_LENGTH), "bad packet length"},
author	Matt Caswell <matt@openssl.org>	2018-07-19 16:51:58 +0100
committer	Matt Caswell <matt@openssl.org>	2018-07-20 10:52:02 +0100
commit	d8434cf85691f32a17dcdfed6e81769a001074dd (patch)
tree	60081d7183d042598d3ba886ab9f607b41d2c354 /ssl/ssl_err.c
parent	d6ce9da49b131cad85da8c94c617febf6c8d9073 (diff)