diff options
| author | Bodo Moeller <bodo@openssl.org> | 2014-10-15 04:18:29 +0200 |
|---|---|---|
| committer | Bodo Moeller <bodo@openssl.org> | 2014-10-15 04:18:29 +0200 |
| commit | c6a876473cbff0fd323c8abcaace98ee2d21863d (patch) | |
| tree | e27388ca48f3cc5c4306e0ffee56e592e07fe661 /ssl/tls1.h | |
| parent | 5a7fc89394bb11dc8ac578d23d77762d2d58fff2 (diff) | |
Support TLS_FALLBACK_SCSV.
Reviewed-by: Stephen Henson <steve@openssl.org>
Diffstat (limited to 'ssl/tls1.h')
| -rw-r--r-- | ssl/tls1.h | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/ssl/tls1.h b/ssl/tls1.h index 47f25afb1d..5eacd283f2 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h @@ -80,17 +80,24 @@ extern "C" { #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 +#define TLS1_VERSION 0x0301 +#define TLS1_1_VERSION 0x0302 #define TLS1_2_VERSION 0x0303 -#define TLS1_2_VERSION_MAJOR 0x03 -#define TLS1_2_VERSION_MINOR 0x03 +/* TLS 1.1 and 1.2 are not supported by this version of TLS, so + * TLS_MAX_VERSION indicates TLS 1.0 regardless of the above + * definitions. (s23_clnt.c and s23_srvr.c have an OPENSSL_assert() + * check that would catch the error if TLS_MAX_VERSION was too low.) + */ +#define TLS_MAX_VERSION TLS1_VERSION + +#define TLS1_VERSION_MAJOR 0x03 +#define TLS1_VERSION_MINOR 0x01 -#define TLS1_1_VERSION 0x0302 #define TLS1_1_VERSION_MAJOR 0x03 #define TLS1_1_VERSION_MINOR 0x02 -#define TLS1_VERSION 0x0301 -#define TLS1_VERSION_MAJOR 0x03 -#define TLS1_VERSION_MINOR 0x01 +#define TLS1_2_VERSION_MAJOR 0x03 +#define TLS1_2_VERSION_MINOR 0x03 #define TLS1_get_version(s) \ ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0) @@ -108,6 +115,7 @@ extern "C" { #define TLS1_AD_PROTOCOL_VERSION 70 /* fatal */ #define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */ #define TLS1_AD_INTERNAL_ERROR 80 /* fatal */ +#define TLS1_AD_INAPPROPRIATE_FALLBACK 86 /* fatal */ #define TLS1_AD_USER_CANCELLED 90 #define TLS1_AD_NO_RENEGOTIATION 100 /* codes 110-114 are from RFC3546 */ |