From 5f574489be242a7d86373038f340aaf574a0b228 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Thu, 30 Jun 2022 11:17:50 +0000
Subject: Add checks to ensure we do not initiate or negotiate handshakes with
 versions below the minimum required by the security level.

input & ok jsing
---
 src/lib/libssl/ssl_seclevel.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'src/lib/libssl/ssl_seclevel.c')

diff --git a/src/lib/libssl/ssl_seclevel.c b/src/lib/libssl/ssl_seclevel.c
index b174f57f0c..2fe6e3f222 100644
--- a/src/lib/libssl/ssl_seclevel.c
+++ b/src/lib/libssl/ssl_seclevel.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ssl_seclevel.c,v 1.11 2022/06/30 07:09:45 tb Exp $ */
+/*	$OpenBSD: ssl_seclevel.c,v 1.12 2022/06/30 11:17:49 tb Exp $ */
 /*
  * Copyright (c) 2020 Theo Buehler <tb@openbsd.org>
  *
@@ -232,6 +232,12 @@ ssl_security(const SSL *ssl, int op, int bits, int nid, void *other)
 	    ssl->cert->security_ex_data);
 }
 
+int
+ssl_security_version(const SSL *ssl, int tls_version)
+{
+	return ssl_security(ssl, SSL_SECOP_VERSION, 0, tls_version, NULL);
+}
+
 int
 ssl_ctx_security_dh(const SSL_CTX *ctx, DH *dh)
 {
-- 
cgit v1.2.3-55-g6feb