Use SSL_MODE_SEND_FALLBACK_SCSV.
Upstream settled in this API, and it's also the one that we expect
internally and that third_party code will expect.
This is an import of upstream's
5f0efe06e199a1bd96f161eb45f3dd76924cdc2a.
Change-Id: Ib4c7054a382dccdd23919407742bd037b9653a4b
diff --git a/src/include/openssl/ssl.h b/src/include/openssl/ssl.h
index eb8cad0..ef73c8d 100644
--- a/src/include/openssl/ssl.h
+++ b/src/include/openssl/ssl.h
@@ -482,6 +482,16 @@
* session resumption is used for a given SSL*. */
#define SSL_MODE_NO_SESSION_CREATION 0x00000200L
+/* SSL_MODE_SEND_SERVERHELLO_TIME sends TLS_FALLBACK_SCSV in the ClientHello.
+ * To be set only by applications that reconnect with a downgraded protocol
+ * version; see https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-05
+ * for details.
+ *
+ * DO NOT ENABLE THIS if your application attempts a normal handshake. Only use
+ * this in explicit fallback retries, following the guidance in
+ * draft-ietf-tls-downgrade-scsv-05. */
+#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000400L
+
/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they
* cannot be used to clear bits. */
@@ -1313,10 +1323,6 @@
* 2 if we are a server and are inside a handshake
* (i.e. not just sending a HelloRequest) */
- /* fallback_scsv is non-zero iff we are sending the TLS_FALLBACK_SCSV cipher
- * suite value. Only applies to a client. */
- char fallback_scsv;
-
/* fastradio_padding, if true, causes ClientHellos to be padded to 1024
* bytes. This ensures that the cellular radio is fast forwarded to DCH (high
* data rate) state in 3G networks. */
@@ -1597,8 +1603,9 @@
#define SSL_CTRL_GET_CHANNEL_ID 118
#define SSL_CTRL_SET_CHANNEL_ID 119
-#define SSL_CTRL_FALLBACK_SCSV 120
-
+/* DTLSv1_get_timeout queries the next DTLS handshake timeout. If there is a
+ * timeout in progress, it sets |*((OPENSSL_timeval*)arg)| to the time remaining
+ * and returns one. Otherwise, it returns zero. */
#define DTLSv1_get_timeout(ssl, arg) \
SSL_ctrl(ssl, DTLS_CTRL_GET_TIMEOUT, 0, (void *)arg)
#define DTLSv1_handle_timeout(ssl) \
@@ -1757,9 +1764,6 @@
#define SSL_get0_ec_point_formats(s, plst) \
SSL_ctrl(s, SSL_CTRL_GET_EC_POINT_FORMATS, 0, (char *)plst)
-#define SSL_enable_fallback_scsv(s) \
- SSL_ctrl(s, SSL_CTRL_FALLBACK_SCSV, 0, NULL)
-
OPENSSL_EXPORT int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str);
OPENSSL_EXPORT int SSL_CTX_set_cipher_list_tls11(SSL_CTX *, const char *str);
OPENSSL_EXPORT SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
diff --git a/src/ssl/s3_lib.c b/src/ssl/s3_lib.c
index 9782296..d33a4c2 100644
--- a/src/ssl/s3_lib.c
+++ b/src/ssl/s3_lib.c
@@ -967,11 +967,6 @@
memcpy(parg, s->s3->tlsext_channel_id, larg < 64 ? larg : 64);
return 64;
- case SSL_CTRL_FALLBACK_SCSV:
- s->fallback_scsv = 1;
- ret = 1;
- break;
-
default:
break;
}
diff --git a/src/ssl/ssl_lib.c b/src/ssl/ssl_lib.c
index c3b95d5..35eb1ec 100644
--- a/src/ssl/ssl_lib.c
+++ b/src/ssl/ssl_lib.c
@@ -1425,7 +1425,7 @@
s2n(SSL3_CK_SCSV & 0xffff, p);
}
- if (s->fallback_scsv) {
+ if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) {
s2n(SSL3_CK_FALLBACK_SCSV & 0xffff, p);
}
