Support TLS_FALLBACK_SCSV.

[openssl.git] / ssl / tls1.h

diff --git a/ssl/tls1.h b/ssl/tls1.h
index c90fbee038f1e0c53e75c9ddc533933162368aa4..e8188ec5cfb8c36abeae8ed34ff511ce2eb7d02b 100644 (file)
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -164,17 +164,19 @@ extern "C" {
 
 #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES   0
 
+#define TLS1_VERSION                   0x0301
+#define TLS1_1_VERSION                 0x0302
 #define TLS1_2_VERSION                 0x0303
-#define TLS1_2_VERSION_MAJOR           0x03
-#define TLS1_2_VERSION_MINOR           0x03
+#define TLS_MAX_VERSION                        TLS1_2_VERSION
+
+#define TLS1_VERSION_MAJOR             0x03
+#define TLS1_VERSION_MINOR             0x01
 
-#define TLS1_1_VERSION                 0x0302
 #define TLS1_1_VERSION_MAJOR           0x03
 #define TLS1_1_VERSION_MINOR           0x02
 
-#define TLS1_VERSION                   0x0301
-#define TLS1_VERSION_MAJOR             0x03
-#define TLS1_VERSION_MINOR             0x01
+#define TLS1_2_VERSION_MAJOR           0x03
+#define TLS1_2_VERSION_MINOR           0x03
 
 #define TLS1_get_version(s) \
                ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)
@@ -192,6 +194,7 @@ extern "C" {
 #define TLS1_AD_PROTOCOL_VERSION       70      /* fatal */
 #define TLS1_AD_INSUFFICIENT_SECURITY  71      /* fatal */
 #define TLS1_AD_INTERNAL_ERROR         80      /* fatal */
+#define TLS1_AD_INAPPROPRIATE_FALLBACK 86      /* fatal */
 #define TLS1_AD_USER_CANCELLED         90
 #define TLS1_AD_NO_RENEGOTIATION       100
 /* codes 110-114 are from RFC3546 */