From 5f574489be242a7d86373038f340aaf574a0b228 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Thu, 30 Jun 2022 11:17:50 +0000
Subject: Add checks to ensure we do not initiate or negotiate handshakes with
 versions below the minimum required by the security level.

input & ok jsing
---
 src/lib/libssl/ssl_locl.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/lib/libssl/ssl_locl.h')

diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index b46e37f5eb..d466b59642 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.407 2022/06/29 21:18:04 tb Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.408 2022/06/30 11:17:49 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1301,6 +1301,7 @@ int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid,
 int ssl_security(const SSL *ssl, int op, int bits, int nid, void *other);
 int ssl_ctx_security_dh(const SSL_CTX *ctx, DH *dh);
 int ssl_security_dh(const SSL *ssl, DH *dh);
+int ssl_security_version(const SSL *ssl, int version);
 int ssl_security_cert(const SSL_CTX *ctx, const SSL *ssl, X509 *x509,
     int is_peer, int *out_error);
 int ssl_security_cert_chain(const SSL *ssl, STACK_OF(X509) *sk,
-- 
cgit v1.2.3-55-g6feb