Google Git
Sign in
boringssl / boringssl / 5e7e7cc696e00ff903a021c5028882590cab7168
commit5e7e7cc696e00ff903a021c5028882590cab7168[log] [tgz]
authorDavid Benjamin <davidben@google.com>Thu Jul 21 12:55:28 2016 +0200
committerDavid Benjamin <davidben@google.com>Fri Jul 22 14:47:47 2016 +0000
tree2712614cc5036bb2b64b3bb529004a83481e0fbe
parentd5d24fd14e47091e224c0aaff60bbcb640ba7e77 [diff]
Add SSL_set_fallback_version.

Alas, we will need a version fallback for TLS 1.3 again.

This deprecates SSL_MODE_SEND_FALLBACK_SCSV. Rather than supplying a
boolean, have BoringSSL be aware of the real maximum version so we can
change the TLS 1.3 anti-downgrade logic to kick in, even when
max_version is set to 1.2.

The fallback version replaces the maximum version when it is set for
almost all purposes, except for downgrade protection purposes.

BUG=chromium:630165

Change-Id: I4c841dcbc6e55a282b223dfe169ac89c83c8a01f
Reviewed-on: https://boringssl-review.googlesource.com/8882
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
8 files changed
tree: 2712614cc5036bb2b64b3bb529004a83481e0fbe
  1. .github/
  2. crypto/
  3. decrepit/
  4. fuzz/
  5. include/
  6. infra/
  7. ssl/
  8. third_party/
  9. tool/
  10. util/
  11. .clang-format
  12. .gitignore
  13. BUILDING.md
  14. CMakeLists.txt
  15. codereview.settings
  16. CONTRIBUTING.md
  17. FUZZING.md
  18. INCORPORATING.md
  19. LICENSE
  20. PORTING.md
  21. README.md
  22. STYLE.md
README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

There are other files in this directory which might be helpful: