TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 2fbefde1d825f570b8abd3ea3fc3cdc75294b843^! / . / include / polarssl / ssl.h
commit2fbefde1d825f570b8abd3ea3fc3cdc75294b843[log] [tgz]
authorPaul Bakker <p.j.bakker@polarssl.org>Sat Jun 29 16:01:15 2013 +0200
committerPaul Bakker <p.j.bakker@polarssl.org>Sat Jun 29 18:35:40 2013 +0200
tree4b62f9499fadf853206ca4c3375a83c5fb202de4
parent59c28a2723a8d15e0e48cb841c4022fabc64039e [diff] [blame]
Client and server now filter sent and accepted ciphersuites on minimum
and maximum protocol version

diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 1bc5893..e0e4bd8 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h

@@ -401,6 +401,8 @@
                                         /*!<  premaster secret        */
 
     int resume;                         /*!<  session resume indicator*/
+    int max_major_ver;                  /*!< max. major version client*/
+    int max_minor_ver;                  /*!< max. minor version client*/
 };
 
 struct _ssl_context
@@ -414,10 +416,10 @@
     int major_ver;              /*!< equal to  SSL_MAJOR_VERSION_3    */
     int minor_ver;              /*!< either 0 (SSL3) or 1 (TLS1.0)    */
 
-    int max_major_ver;          /*!< max. major version from client   */
-    int max_minor_ver;          /*!< max. minor version from client   */
-    int min_major_ver;          /*!< min. major version accepted      */
-    int min_minor_ver;          /*!< min. minor version accepted      */
+    int max_major_ver;          /*!< max. major version used          */
+    int max_minor_ver;          /*!< max. minor version used          */
+    int min_major_ver;          /*!< min. major version used          */
+    int min_minor_ver;          /*!< min. minor version used          */
 
     /*
      * Callbacks (RNG, debug, I/O, verification)
@@ -911,6 +913,11 @@
 
 /**
  * \brief          Set the maximum supported version sent from the client side
+ *                 and/or accepted at the server side
+ *                 (Default: SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3)
+ *
+ *                 Note: This prevents ciphersuites from 'higher' versions to
+ *                 be ignored.
  * 
  * \param ssl      SSL context
  * \param major    Major version number (only SSL_MAJOR_VERSION_3 supported)