diff options
Diffstat (limited to 'lib/ssl/ssl.h')
-rw-r--r-- | lib/ssl/ssl.h | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h index ecc4f9506..edc011447 100644 --- a/lib/ssl/ssl.h +++ b/lib/ssl/ssl.h @@ -282,6 +282,15 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd); */ #define SSL_ENABLE_DTLS_SHORT_HEADER 36 +/* + * Enables the processing of the downgrade sentinel that can be added to the + * ServerHello.random by a server that supports Section 4.1.3 of TLS 1.3 + * [RFC8446]. This sentinel will always be generated by a server that + * negotiates a version lower than its maximum, this only controls whether a + * client will treat receipt of a value that indicates a downgrade as an error. + */ +#define SSL_ENABLE_HELLO_DOWNGRADE_CHECK 37 + #ifdef SSL_DEPRECATED_FUNCTION /* Old deprecated function names */ SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRIntn on); |