Google Git
Sign in
boringssl / boringssl / a8e3e0e936fea2c512a774e22de03966a91bf6b2^! / . / include / openssl / ssl.h
commita8e3e0e936fea2c512a774e22de03966a91bf6b2[log] [tgz]
authorDavid Benjamin <davidben@chromium.org>Wed Aug 06 22:11:10 2014 -0400
committerAdam Langley <agl@google.com>Fri Aug 08 17:04:53 2014 +0000
tree9ba0ac5f376c3c3ac5b47934bdf339c9fe4a1ae3
parentc3d79605ab06cffa87877bcfe0792f767bde8b90 [diff] [blame]
Remove SSL_OP_TLS_ROLLBACK_BUG.

It's not part of SSL_OP_ALL and is unused, so remove it. Add a test that
asserts the version check works.

Change-Id: I917516594ec5a4998a8316782f035697c33d99b0
Reviewed-on: https://boringssl-review.googlesource.com/1418
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index b43fa74..497baa9 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -547,10 +547,7 @@
 /* Set to always use the tmp_rsa key when doing RSA operations,
  * even when this violates protocol specs */
 #define SSL_OP_CIPHER_SERVER_PREFERENCE			0x00400000L
-/* If set, a server will allow a client to issue a SSLv3.0 version number
- * as latest version supported in the premaster secret, even when TLSv1.0
- * (version 3.1) was announced in the client hello. Normally this is
- * forbidden to prevent version rollback attacks. */
+/* SSL_OP_TLS_ROLLBACK_BUG does nothing. */
 #define SSL_OP_TLS_ROLLBACK_BUG				0x00800000L
 
 #define SSL_OP_NO_SSLv2					0x01000000L