Add default SSL options to SSL_OP_ALL

This change repurposes SSL_OP_ALL to hold all the SSL options that are
enabled by default. This CL does not change any behavior.

Change-Id: Ib41c7bf546419e417d2c0237460ff7c66a6a6964
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/96427
Commit-Queue: Lily Chen <chlily@google.com>
Reviewed-by: David Benjamin <davidben@google.com>

include/openssl/ssl.h

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 0b91e5d3..5320c26 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -616,6 +616,11 @@
 // client's.
 #define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L
 
+// SSL_OP_ALL is the set of options that are enabled by default. It is safe, but
+// not necessary, to pass this value to `SSL_CTX_set_options`.
+// TODO(crbug.com/41393419): Disable SSL_OP_LEGACY_SERVER_CONNECT by default.
+#define SSL_OP_ALL SSL_OP_LEGACY_SERVER_CONNECT
+
 // The following flags toggle individual protocol versions. This is deprecated.
 // Use `SSL_CTX_set_min_proto_version` and `SSL_CTX_set_max_proto_version`
 // instead.
@@ -5884,7 +5889,6 @@
 #define SSL_MODE_RELEASE_BUFFERS 0
 #define SSL_MODE_SEND_CLIENTHELLO_TIME 0
 #define SSL_MODE_SEND_SERVERHELLO_TIME 0
-#define SSL_OP_ALL 0
 #define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0
 #define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0
 #define SSL_OP_EPHEMERAL_RSA 0

ssl/internal.h

diff --git a/ssl/internal.h b/ssl/internal.h
index 90647c7..70ff4f7 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -3992,8 +3992,7 @@
   // Default values to use in SSL structures follow (these are copied by
   // SSL_new)
 
-  // TODO(crbug.com/41393419): Disable SSL_OP_LEGACY_SERVER_CONNECT by default.
-  uint32_t options = SSL_OP_LEGACY_SERVER_CONNECT;
+  uint32_t options = SSL_OP_ALL;
   // Disable the auto-chaining feature by default. wpa_supplicant relies on this
   // feature, but require callers opt into it.
   uint32_t mode = SSL_MODE_NO_AUTO_CHAIN;