#define SSL_OP_SINGLE_ECDH_USE 0x00080000L\r
/* If set, always create a new key when using tmp_dh parameters */\r
#define SSL_OP_SINGLE_DH_USE 0x00100000L\r
-/* Set to always use the tmp_rsa key when doing RSA operations,\r
- * even when this violates protocol specs */\r
-#define SSL_OP_EPHEMERAL_RSA 0x00200000L\r
+/* Does nothing: retained for compatibiity */\r
+#define SSL_OP_EPHEMERAL_RSA 0x0\r
/* Set on servers to choose the cipher according to the server's\r
* preferences */\r
#define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L\r
#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L\r
#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L\r
/* Send TLS_FALLBACK_SCSV in the ClientHello.\r
- * To be set by applications that reconnect with a downgraded protocol\r
- * version; see draft-ietf-tls-downgrade-scsv-00 for details. */\r
+ * To be set only by applications that reconnect with a downgraded protocol\r
+ * version; see draft-ietf-tls-downgrade-scsv-00 for details.\r
+ *\r
+ * DO NOT ENABLE THIS if your application attempts a normal handshake.\r
+ * Only use this in explicit fallback retries, following the guidance\r
+ * in draft-ietf-tls-downgrade-scsv-00.\r
+ */\r
#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L\r
\r
/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,\r
SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)\r
#define SSL_set_mtu(ssl, mtu) \\r
SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)\r
+#define DTLS_set_link_mtu(ssl, mtu) \\r
+ SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL)\r
+#define DTLS_get_link_min_mtu(ssl) \\r
+ SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL)\r
\r
#define SSL_get_secure_renegotiation_support(ssl) \\r
SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)\r
#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83\r
\r
#define SSL_CTRL_CHECK_PROTO_VERSION 119\r
+#define DTLS_CTRL_SET_LINK_MTU 120\r
+#define DTLS_CTRL_GET_LINK_MIN_MTU 121\r
\r
#define DTLSv1_get_timeout(ssl, arg) \\r
SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)\r
const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */\r
#endif\r
\r
+#ifndef OPENSSL_NO_SSL3_METHOD\r
const SSL_METHOD *SSLv3_method(void); /* SSLv3 */\r
const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */\r
const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */\r
+#endif\r
\r
-const SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */\r
-const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */\r
-const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */\r
+const SSL_METHOD *SSLv23_method(void); /* Negotiate highest available SSL/TLS version */\r
+const SSL_METHOD *SSLv23_server_method(void); /* Negotiate highest available SSL/TLS version */\r
+const SSL_METHOD *SSLv23_client_method(void); /* Negotiate highest available SSL/TLS version */\r
\r
const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */\r
const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */\r