From 229adfb42b700f65f32350b46793e74bf6f08bed Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sat, 25 Jul 2015 15:08:18 -0400 Subject: [PATCH] FALLBACK_SCSV is an RFC now. Update references. Change-Id: I56af31529cf6bfd00d3f0bb9b6281645ed134c5c Reviewed-on: https://boringssl-review.googlesource.com/5555 Reviewed-by: Adam Langley --- include/openssl/ssl.h | 6 ++---- include/openssl/ssl3.h | 5 ++--- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index bbd80a98..41745942 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -448,12 +448,10 @@ OPENSSL_EXPORT uint32_t SSL_get_options(const SSL *ssl); /* SSL_MODE_SEND_FALLBACK_SCSV sends TLS_FALLBACK_SCSV in the ClientHello. * To be set only by applications that reconnect with a downgraded protocol - * version; see https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-05 - * for details. + * version; see RFC 7507 for details. * * DO NOT ENABLE THIS if your application attempts a normal handshake. Only use - * this in explicit fallback retries, following the guidance in - * draft-ietf-tls-downgrade-scsv-05. */ + * this in explicit fallback retries, following the guidance in RFC 7507. */ #define SSL_MODE_SEND_FALLBACK_SCSV 0x00000400L /* The following flags do nothing and are included only to make it easier to diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h index 8fa92f8f..e456af3e 100644 --- a/include/openssl/ssl3.h +++ b/include/openssl/ssl3.h @@ -132,10 +132,9 @@ extern "C" { #define SSL2_MT_CLIENT_HELLO 1 #define SSL2_VERSION 0x0002 -/* Signalling cipher suite value: from RFC5746 */ +/* Signalling cipher suite value from RFC 5746. */ #define SSL3_CK_SCSV 0x030000FF -/* Fallback signalling cipher suite value: not IANA assigned. - * See https://tools.ietf.org/html/draft-bmoeller-tls-downgrade-scsv-01 */ +/* Fallback signalling cipher suite value from RFC 7507. */ #define SSL3_CK_FALLBACK_SCSV 0x03005600 #define SSL3_CK_RSA_NULL_MD5 0x03000001