Implement FALLBACK_SCSV client-side
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 50b4e33..ff0ccec 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -812,6 +812,23 @@
//#define POLARSSL_SSL_DEBUG_ALL
/**
+ * \def POLARSSL_SSL_FALLBACK_SCSV
+ *
+ * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00).
+ *
+ * For servers, it is recommended to always enable this, unless you support
+ * only one version of TLS, or know for sure that none of your clients
+ * implements a fallback strategy.
+ *
+ * For clients, you only need this if you're using a fallback strategy, which
+ * is not recommended in the first place, unless you absolutely need it to
+ * interoperate with buggy (version-intolerant) servers.
+ *
+ * Comment this macro to disable support for FALLBACK_SCSV
+ */
+#define POLARSSL_SSL_FALLBACK_SCSV
+
+/**
* \def POLARSSL_SSL_HW_RECORD_ACCEL
*
* Enable hooking functions in SSL module for hardware acceleration of
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 194e944..a36e742 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -206,6 +206,9 @@
#define SSL_IS_CLIENT 0
#define SSL_IS_SERVER 1
+#define SSL_IS_NOT_FALLBACK 0
+#define SSL_IS_FALLBACK 1
+
#define SSL_COMPRESS_NULL 0
#define SSL_COMPRESS_DEFLATE 1
@@ -308,6 +311,7 @@
* Signaling ciphersuite values (SCSV)
*/
#define SSL_EMPTY_RENEGOTIATION_INFO 0xFF /**< renegotiation info ext */
+#define SSL_FALLBACK_SCSV 0x5600 /**< draft-ietf-tls-downgrade-scsv-00 */
/*
* Supported Signature and Hash algorithms (For TLS 1.2)
@@ -697,6 +701,10 @@
int min_major_ver; /*!< min. major version used */
int min_minor_ver; /*!< min. minor version used */
+#if defined(POLARSSL_SSL_FALLBACK_SCSV) && defined(POLARSSL_SSL_CLI_C)
+ char fallback; /*!< flag for fallback connections */
+#endif
+
/*
* Callbacks (RNG, debug, I/O, verification)
*/
@@ -1367,7 +1375,6 @@
*/
void ssl_set_max_version( ssl_context *ssl, int major, int minor );
-
/**
* \brief Set the minimum accepted SSL/TLS protocol version
* (Default: SSL_MIN_MAJOR_VERSION, SSL_MIN_MINOR_VERSION)
@@ -1383,6 +1390,29 @@
*/
void ssl_set_min_version( ssl_context *ssl, int major, int minor );
+#if defined(POLARSSL_SSL_FALLBACK_SCSV) && defined(POLARSSL_SSL_CLI_C)
+/**
+ * \brief Set the fallback flag (client-side only).
+ * (Default: SSL_IS_NOT_FALLBACK).
+ *
+ * \note Set to SSL_IS_FALLBACK when preparing a fallback
+ * connection, that is a connection with max_version set to a
+ * lower value than the value you're willing to use. Such
+ * fallback connections are not recommended but are sometimes
+ * necessary to interoperate with buggy (version-intolerant)
+ * servers.
+ *
+ * \warning You should NOT set this to SSL_IS_FALLBACK for
+ * non-fallback connections! This would appear to work for a
+ * while, then cause failures when the server is upgraded to
+ * support a newer TLS version.
+ *
+ * \param ssl SSL context
+ * \param fallback SSL_IS_NOT_FALLBACK or SSL_IS_FALLBACK
+ */
+void ssl_set_fallback( ssl_context *ssl, char fallback );
+#endif /* POLARSSL_SSL_FALLBACK_SCSV && POLARSSL_SSL_CLI_C */
+
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
/**
* \brief Set the maximum fragment length to emit and/or negotiate