Add TLS1_3_VERSION and SSL_OP_NO_TLSv1_3 defines under guards.

ok beck@ bluhm@ tb@

2 files changed, 13 insertions, 2 deletions

diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 324691485b..8d4fcc442f 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.159 2018/08/24 20:30:21 tb Exp $ */
+/* $OpenBSD: ssl.h,v 1.160 2018/11/06 01:37:23 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -146,6 +146,7 @@
 #include <stdint.h>
 
 #include <openssl/opensslconf.h>
+
 #include <openssl/hmac.h>
 #include <openssl/pem.h>
 #include <openssl/safestack.h>
@@ -512,6 +513,10 @@ struct ssl_session_st {
 #define SSL_OP_NO_TLSv1_2                               0x08000000L
 #define SSL_OP_NO_TLSv1_1                               0x10000000L
 
+#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
+#define SSL_OP_NO_TLSv1_3                               0x20000000L
+#endif
+
 /* SSL_OP_ALL: various bug workarounds that should be rather harmless. */
 #define SSL_OP_ALL \
     (SSL_OP_LEGACY_SERVER_CONNECT)
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index 7ad9a387c9..dd8d778ff6 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls1.h,v 1.33 2018/11/05 20:41:30 jsing Exp $ */
+/* $OpenBSD: tls1.h,v 1.34 2018/11/06 01:37:23 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -151,6 +151,8 @@
 #ifndef HEADER_TLS1_H
 #define HEADER_TLS1_H
 
+#include <openssl/opensslconf.h>
+
 #include <openssl/buffer.h>
 
 #ifdef  __cplusplus
@@ -159,6 +161,10 @@ extern "C" {
 
 #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES    0
 
+#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
+#define TLS1_3_VERSION                  0x0304
+#endif
+
 #define TLS1_2_VERSION                  0x0303
 #define TLS1_2_VERSION_MAJOR            0x03
 #define TLS1_2_VERSION_MINOR            0x03