From 915e1bd09b87e5d7402cab53ddc89bd039968fd4 Mon Sep 17 00:00:00 2001
From: doug <>
Date: Sun, 19 Jul 2015 06:31:32 +0000
Subject: Add TLS_method, TLS_client_method and TLS_server_method.

Use these instead of SSLv23_*method when you want to make sure TLS is
used.

By default, we disable SSLv3 but it's still possible for the user to
re-enable it.  TLS_*method does not allow SSLv3.

Both BoringSSL and (next version of) OpenSSL have these methods.
However, they have changed the implementation significantly.  We will
as well, but not right now.

Riding the libssl major bump.

ok miod@ bcook@
---
 src/lib/libssl/ssl_locl.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/lib/libssl/ssl_locl.h')

diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index ba8fc79964..1c78770dfa 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.97 2015/07/18 23:00:23 doug Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.98 2015/07/19 06:31:32 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -757,6 +757,8 @@ int ssl23_accept(SSL *s);
 int ssl23_connect(SSL *s);
 int ssl23_read_bytes(SSL *s, int n);
 int ssl23_write_bytes(SSL *s);
+int tls_accept(SSL *s);
+int tls_connect(SSL *s);
 
 int tls1_new(SSL *s);
 void tls1_free(SSL *s);
-- 
cgit v1.2.3-55-g6feb