5e7e7cc696
Alas, we will need a version fallback for TLS 1.3 again. This deprecates SSL_MODE_SEND_FALLBACK_SCSV. Rather than supplying a boolean, have BoringSSL be aware of the real maximum version so we can change the TLS 1.3 anti-downgrade logic to kick in, even when max_version is set to 1.2. The fallback version replaces the maximum version when it is set for almost all purposes, except for downgrade protection purposes. BUG=chromium:630165 Change-Id: I4c841dcbc6e55a282b223dfe169ac89c83c8a01f Reviewed-on: https://boringssl-review.googlesource.com/8882 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> |
||
|---|---|---|
| .. | ||
| openssl | ||