Implement TLS 1.3's downgrade signal.

For now, skip the 1.2 -> 1.1 signal since that will affect shipping code. We may as well enable it too, but wait until things have settled down. This implements the version in draft-14 since draft-13's isn't backwards-compatible. Change-Id: I46be43e6f4c5203eb4ae006d1c6a2fe7d7a949ec Reviewed-on: https://boringssl-review.googlesource.com/8724 Reviewed-by: David Benjamin <davidben@google.com>
author: David Benjamin <davidben@google.com> 2016-07-10 19:20:35 +0300
committer: David Benjamin <davidben@google.com> 2016-07-12 22:17:43 +0300
commit: 1f61f0d7c381184b3c0ed2fcfe79eba37bab5b56 (patch)
tree: 579c572d78702fe5485c46c0cc72321336afa5f3 /crypto
parent: 0a8deb23350d30db06cb6f90e15c7ee9bd9e2933 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/crypto/err/ssl.errordata b/crypto/err/ssl.errordata
index 23143444..f211a24f 100644
--- a/crypto/err/ssl.errordata
+++ b/crypto/err/ssl.errordata
@@ -41,6 +41,7 @@ SSL,139,DECRYPTION_FAILED_OR_BAD_RECORD_MAC
 SSL,140,DH_PUBLIC_VALUE_LENGTH_IS_WRONG
 SSL,141,DH_P_TOO_LONG
 SSL,142,DIGEST_CHECK_FAILED
+SSL,254,DOWNGRADE_DETECTED
 SSL,143,DTLS_MESSAGE_TOO_BIG
 SSL,144,ECC_CERT_NOT_FOR_SIGNING
 SSL,145,EMS_STATE_INCONSISTENT
author	David Benjamin <davidben@google.com>	2016-07-10 19:20:35 +0300
committer	David Benjamin <davidben@google.com>	2016-07-12 22:17:43 +0300
commit	1f61f0d7c381184b3c0ed2fcfe79eba37bab5b56 (patch)
tree	579c572d78702fe5485c46c0cc72321336afa5f3 /crypto
parent	0a8deb23350d30db06cb6f90e15c7ee9bd9e2933 (diff)