From 3e3f6ec66f3d0f27fbe7349f8131243574f2d5c9 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Thu, 12 Feb 2015 04:23:17 +0000
Subject: Change TLS_PROTOCOLS_DEFAULT to be TLSv1.2 only. Add a
 TLS_PROTOCOLS_ALL that includes all currently supported protocols (TLSv1.0,
 TLSv1.1 and TLSv1.2). Change all users of libtls to use TLS_PROTOCOLS_ALL so
 that they maintain existing behaviour.

Discussed with tedu@ and reyk@.
---
 src/lib/libtls/tls.h | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/lib/libtls/tls.h b/src/lib/libtls/tls.h
index 0a6f8d7258..0fafcc6e23 100644
--- a/src/lib/libtls/tls.h
+++ b/src/lib/libtls/tls.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.h,v 1.7 2015/02/11 07:01:10 jsing Exp $ */
+/* $OpenBSD: tls.h,v 1.8 2015/02/12 04:23:17 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -25,7 +25,9 @@
 #define TLS_PROTOCOL_TLSv1_2	(1 << 3)
 #define TLS_PROTOCOL_TLSv1 \
 	(TLS_PROTOCOL_TLSv1_0|TLS_PROTOCOL_TLSv1_1|TLS_PROTOCOL_TLSv1_2)
-#define TLS_PROTOCOLS_DEFAULT TLS_PROTOCOL_TLSv1
+
+#define TLS_PROTOCOLS_ALL TLS_PROTOCOL_TLSv1
+#define TLS_PROTOCOLS_DEFAULT TLS_PROTOCOL_TLSv1_2
 
 #define TLS_READ_AGAIN	-2
 #define TLS_WRITE_AGAIN	-3
-- 
cgit v1.2.3-55-g6feb