From 1f61f0d7c381184b3c0ed2fcfe79eba37bab5b56 Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@google.com>
Date: Sun, 10 Jul 2016 12:20:35 -0400
Subject: Implement TLS 1.3's downgrade signal.

For now, skip the 1.2 -> 1.1 signal since that will affect shipping
code. We may as well enable it too, but wait until things have settled
down. This implements the version in draft-14 since draft-13's isn't
backwards-compatible.

Change-Id: I46be43e6f4c5203eb4ae006d1c6a2fe7d7a949ec
Reviewed-on: https://boringssl-review.googlesource.com/8724
Reviewed-by: David Benjamin <davidben@google.com>
---
 crypto/err/ssl.errordata | 1 +
 1 file changed, 1 insertion(+)

(limited to 'crypto')

diff --git a/crypto/err/ssl.errordata b/crypto/err/ssl.errordata
index 23143444..f211a24f 100644
--- a/crypto/err/ssl.errordata
+++ b/crypto/err/ssl.errordata
@@ -41,6 +41,7 @@ SSL,139,DECRYPTION_FAILED_OR_BAD_RECORD_MAC
 SSL,140,DH_PUBLIC_VALUE_LENGTH_IS_WRONG
 SSL,141,DH_P_TOO_LONG
 SSL,142,DIGEST_CHECK_FAILED
+SSL,254,DOWNGRADE_DETECTED
 SSL,143,DTLS_MESSAGE_TOO_BIG
 SSL,144,ECC_CERT_NOT_FOR_SIGNING
 SSL,145,EMS_STATE_INCONSISTENT
-- 
cgit v1.2.3