diff options
| author | David Benjamin <davidben@google.com> | 2016-09-20 01:40:03 +0300 |
|---|---|---|
| committer | CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> | 2016-09-21 20:03:42 +0300 |
| commit | e0ff7670253bf6525bd827125cdf7409f05d32ce (patch) | |
| tree | 23a8b8f623a66da5ba21eae397b0134cbbaf1188 /include/openssl | |
| parent | 28d938d4c3b0e7a7fd34afc755c6dc8ab40a0172 (diff) | |
Remove SSL_set_fallback_version.
Ding-dong the fallback's dead.
https://mailarchive.ietf.org/arch/msg/tls/xfCh7D7hISFs5x-eA0xHwksoLrc
Also we'll need to tweak the versioning code slightly to implement
supported_versions and it's nice to have this out of the way.
Change-Id: I0961e19ea56b4afd828f6f48858ac6310129503d
Reviewed-on: https://boringssl-review.googlesource.com/11120
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Diffstat (limited to 'include/openssl')
| -rw-r--r-- | include/openssl/ssl.h | 25 |
1 files changed, 1 insertions, 24 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index a8d5abd9..256e3a03 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -695,9 +695,7 @@ OPENSSL_EXPORT uint32_t SSL_get_options(const SSL *ssl); * version; see RFC 7507 for details. * * DO NOT ENABLE THIS if your application attempts a normal handshake. Only use - * this in explicit fallback retries, following the guidance in RFC 7507. - * - * This flag is deprecated. Use |SSL_set_fallback_version| instead. */ + * this in explicit fallback retries, following the guidance in RFC 7507. */ #define SSL_MODE_SEND_FALLBACK_SCSV 0x00000400L /* SSL_CTX_set_mode enables all modes set in |mode| (which should be one or more @@ -3093,22 +3091,6 @@ OPENSSL_EXPORT const SSL_CIPHER *SSL_get_pending_cipher(const SSL *ssl); OPENSSL_EXPORT void SSL_CTX_set_retain_only_sha256_of_client_certs(SSL_CTX *ctx, int enable); -/* SSL_set_fallback_version, on a client, sets the effective maximum protocol - * version. This may be used when implementing a version fallback to work around - * buggy servers. - * - * For purposes of the TLS protocol itself, including assembling the ClientHello - * and which ServerHello versions are accepted, this value is used as the - * maximum version. However, if this value differs from the real maximum - * version, as set by |SSL_set_max_version|, TLS_FALLBACK_SCSV (see RFC 7507) - * will be sent. Further, the TLS 1.3 anti-downgrade logic will be conditioned - * on the true maximum version. - * - * For instance, a fallback from a TLS 1.3 ClientHello to a TLS 1.2 ClientHello - * should set this value to |TLS1_2_VERSION| and call |SSL_set_max_version| with - * |TLS1_3_VERSION|. */ -OPENSSL_EXPORT void SSL_set_fallback_version(SSL *ssl, uint16_t version); - /* Deprecated functions. */ @@ -4017,11 +3999,6 @@ struct ssl_st { * is normalized in DTLS. */ uint16_t min_version; - /* fallback_version is the effective maximum acceptable protocol version for - * use with a version fallback, or zero if unset. Note this version is - * normalized in DTLS. */ - uint16_t fallback_version; - uint16_t max_send_fragment; /* There are 2 BIO's even though they are normally both the same. This is so |