Add a function to express the desired record version protocol.
This function is currently a no-op, but could be made to do something in
the future to ease the transition of deployments that extract keys from
the handshake and drive the record protocol themselves.
Change-Id: Ib1399e42442dad78173a6462980945559a88a2c7
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49886
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index f731f8f..057fbc0 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -3887,6 +3887,10 @@
// two most significant bytes.
OPENSSL_EXPORT uint64_t SSL_get_write_sequence(const SSL *ssl);
+// SSL_CTX_set_record_protocol_version returns whether |version| is zero.
+OPENSSL_EXPORT int SSL_CTX_set_record_protocol_version(SSL_CTX *ctx,
+ int version);
+
// Handshake hints.
//
diff --git a/ssl/ssl_versions.cc b/ssl/ssl_versions.cc
index df499c7..964f7c9 100644
--- a/ssl/ssl_versions.cc
+++ b/ssl/ssl_versions.cc
@@ -396,3 +396,7 @@
// used on unit test sessions anyway.
return api_version_to_wire(&session->ssl_version, version);
}
+
+int SSL_CTX_set_record_protocol_version(SSL_CTX *ctx, int version) {
+ return version == 0;
+}