Implement TLS 1.3's downgrade signal. For now, skip the 1.2 -> 1.1 signal since that will affect shipping code. We may as well enable it too, but wait until things have settled down. This implements the version in draft-14 since draft-13's isn't backwards-compatible. Change-Id: I46be43e6f4c5203eb4ae006d1c6a2fe7d7a949ec Reviewed-on: https://boringssl-review.googlesource.com/8724 Reviewed-by: David Benjamin <davidben@google.com>

commit: 1f61f0d7c381184b3c0ed2fcfe79eba37bab5b56 [log] [tgz]
author: David Benjamin <davidben@google.com> Sun Jul 10 12:20:35 2016 -0400
committer: David Benjamin <davidben@google.com> Tue Jul 12 19:17:43 2016 +0000
tree: 579c572d78702fe5485c46c0cc72321336afa5f3
parent: 0a8deb23350d30db06cb6f90e15c7ee9bd9e2933 [diff] [blame]
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 7c27266..8747d58 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -4661,6 +4661,7 @@
 #define SSL_R_INVALID_OUTER_RECORD_TYPE 251
 #define SSL_R_UNSUPPORTED_PROTOCOL_FOR_CUSTOM_KEY 252
 #define SSL_R_NO_COMMON_SIGNATURE_ALGORITHMS 253
+#define SSL_R_DOWNGRADE_DETECTED 254
 #define SSL_R_SSLV3_ALERT_CLOSE_NOTIFY 1000
 #define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
 #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
commit	1f61f0d7c381184b3c0ed2fcfe79eba37bab5b56	[log] [tgz]
author	David Benjamin <davidben@google.com>	Sun Jul 10 12:20:35 2016 -0400
committer	David Benjamin <davidben@google.com>	Tue Jul 12 19:17:43 2016 +0000
tree	579c572d78702fe5485c46c0cc72321336afa5f3
parent	0a8deb23350d30db06cb6f90e15c7ee9bd9e2933 [diff] [blame]