*/\r
#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L\r
#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L\r
+/* Send TLS_FALLBACK_SCSV in the ClientHello.\r
+ * To be set by applications that reconnect with a downgraded protocol\r
+ * version; see draft-ietf-tls-downgrade-scsv-00 for details. */\r
+#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L\r
\r
/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,\r
* they cannot be used to clear bits. */\r
#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE\r
#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE\r
#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */\r
+#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */\r
\r
#define SSL_ERROR_NONE 0\r
#define SSL_ERROR_SSL 1\r
#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82\r
#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83\r
\r
+#define SSL_CTRL_CHECK_PROTO_VERSION 119\r
+\r
#define DTLSv1_get_timeout(ssl, arg) \\r
SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)\r
#define DTLSv1_handle_timeout(ssl) \\r
#define SSL_R_HTTPS_PROXY_REQUEST 155\r
#define SSL_R_HTTP_REQUEST 156\r
#define SSL_R_ILLEGAL_PADDING 283\r
+#define SSL_R_INAPPROPRIATE_FALLBACK 373\r
#define SSL_R_INCONSISTENT_COMPRESSION 340\r
#define SSL_R_INVALID_CHALLENGE_LENGTH 158\r
#define SSL_R_INVALID_COMMAND 280\r
#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021\r
#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051\r
#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060\r
+#define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086\r
#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071\r
#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080\r
#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100\r