Pull out (and largely rewrite) the code that determines the enabled

protocol version range. This also fixes a bug whereby if all protocols were disabled, the client would still use TLSv1.2 in the client hello, only to have if fail with unsupported version when it received and processed the server hello. ok doug@
author: jsing <> 2016-12-30 16:57:01 +0000
committer: jsing <> 2016-12-30 16:57:01 +0000
commit: 4bbaf851be29df06e25013bb78186db9720afd59 (patch)
tree: a2ed01d37e8c52df3aee7ab1f67260b369a6be4e /src/lib/libssl/ssl_locl.h
parent: 3b4315c7c6a8718ce1ec984e4663189f7288a484 (diff)
download: openbsd-4bbaf851be29df06e25013bb78186db9720afd59.tar.gz
openbsd-4bbaf851be29df06e25013bb78186db9720afd59.tar.bz2
openbsd-4bbaf851be29df06e25013bb78186db9720afd59.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index de977846a4..e8fbd23572 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.142 2016/12/30 15:12:45 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.143 2016/12/30 16:57:01 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -497,6 +497,7 @@ extern SSL3_ENC_METHOD ssl3_undef_enc_method;
 extern SSL_CIPHER ssl3_ciphers[];
 const char *ssl_version_string(int ver);
+int ssl_enabled_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver);
 uint16_t ssl_max_server_version(SSL *s);
 extern SSL3_ENC_METHOD DTLSv1_enc_data;
author	jsing <>	2016-12-30 16:57:01 +0000
committer	jsing <>	2016-12-30 16:57:01 +0000
commit	4bbaf851be29df06e25013bb78186db9720afd59 (patch)
tree	a2ed01d37e8c52df3aee7ab1f67260b369a6be4e /src/lib/libssl/ssl_locl.h
parent	3b4315c7c6a8718ce1ec984e4663189f7288a484 (diff)
download	openbsd-4bbaf851be29df06e25013bb78186db9720afd59.tar.gz openbsd-4bbaf851be29df06e25013bb78186db9720afd59.tar.bz2 openbsd-4bbaf851be29df06e25013bb78186db9720afd59.zip