summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl.h
diff options
context:
space:
mode:
authorjsing <>2015-09-10 17:57:50 +0000
committerjsing <>2015-09-10 17:57:50 +0000
commit6a01e44e5bb9917370be7048957c7d999d847bb6 (patch)
treeb6e132390b9936d3bc45c6b7e5f7567e5fabce5b /src/lib/libssl/ssl.h
parentd65ad2c1f2794d3d6f1cd74e64b738ee9904a95b (diff)
downloadopenbsd-6a01e44e5bb9917370be7048957c7d999d847bb6.tar.gz
openbsd-6a01e44e5bb9917370be7048957c7d999d847bb6.tar.bz2
openbsd-6a01e44e5bb9917370be7048957c7d999d847bb6.zip
Remove support for DTLS_BAD_VER. We do not support non-standard and
incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years. ok bcook@ miod@
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/ssl.h6
1 files changed, 2 insertions, 4 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index e7873f5ed4..7c815df8e1 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl.h,v 1.93 2015/08/27 06:21:15 doug Exp $ */ 1/* $OpenBSD: ssl.h,v 1.94 2015/09/10 17:57:50 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -302,7 +302,6 @@ extern "C" {
302#define SSL_TXT_STREEBOG512 "STREEBOG512" 302#define SSL_TXT_STREEBOG512 "STREEBOG512"
303 303
304#define SSL_TXT_DTLS1 "DTLSv1" 304#define SSL_TXT_DTLS1 "DTLSv1"
305#define SSL_TXT_DTLS1_BAD "DTLSv1-bad"
306#define SSL_TXT_SSLV2 "SSLv2" 305#define SSL_TXT_SSLV2 "SSLv2"
307#define SSL_TXT_SSLV3 "SSLv3" 306#define SSL_TXT_SSLV3 "SSLv3"
308#define SSL_TXT_TLSV1 "TLSv1" 307#define SSL_TXT_TLSV1 "TLSv1"
@@ -535,8 +534,6 @@ struct ssl_session_st {
535#define SSL_OP_COOKIE_EXCHANGE 0x00002000L 534#define SSL_OP_COOKIE_EXCHANGE 0x00002000L
536/* Don't use RFC4507 ticket extension */ 535/* Don't use RFC4507 ticket extension */
537#define SSL_OP_NO_TICKET 0x00004000L 536#define SSL_OP_NO_TICKET 0x00004000L
538/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */
539#define SSL_OP_CISCO_ANYCONNECT 0x00008000L
540 537
541/* As server, disallow session resumption on renegotiation */ 538/* As server, disallow session resumption on renegotiation */
542#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L 539#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
@@ -590,6 +587,7 @@ struct ssl_session_st {
590#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0 587#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0
591#define SSL_OP_TLS_D5_BUG 0x0 588#define SSL_OP_TLS_D5_BUG 0x0
592#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x0 589#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x0
590#define SSL_OP_CISCO_ANYCONNECT 0x0
593 591
594/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success 592/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
595 * when just a single record has been written): */ 593 * when just a single record has been written): */