OpenBSD/src 9t8bOP5lib/libssl ssl_lib.c ssl3.h, lib/libssl/src/ssl ssl_lib.c ssl.h

   Reluctantly add server-side support for TLS_FALLBACK_SCSV.

   This allows for clients that willingly choose to perform a downgrade and
   attempt to establish a second connection at a lower protocol after the
   previous attempt unexpectedly failed, to be notified and have the second
   connection aborted, if the server does in fact support a higher protocol.

   TLS has perfectly good version negotiation and client-side fallback is
   dangerous. Despite this, in order to maintain maximum compatability with
   broken web servers, most mainstream browsers implement this. Furthermore,
   TLS_FALLBACK_SCSV only works if both the client and server support it and
   there is effectively no way to tell if this is the case, unless you control
   both ends.

   Unfortunately, various auditors and vulnerability scanners (including
   certain online assessment websites) consider the presence of a not yet
   standardised feature to be important for security, even if the clients do
   not perform client-side downgrade or the server only supports current TLS
   protocols.

   Diff is loosely based on OpenSSL with some inspiration from BoringSSL.

   Discussed with beck@ and miod@.

   ok bcook@
VersionDeltaFile
1.101+58-4lib/libssl/src/ssl/ssl_lib.c
1.101+58-4lib/libssl/ssl_lib.c
1.36+5-2lib/libssl/ssl3.h
1.83+5-2lib/libssl/ssl.h
1.83+5-2lib/libssl/src/ssl/ssl.h
1.36+5-2lib/libssl/src/ssl/ssl3.h
1.59+3-1lib/libssl/src/ssl/s3_enc.c
1.29+3-1lib/libssl/ssl_err.c
1.77+3-1lib/libssl/t1_enc.c
1.29+3-1lib/libssl/src/ssl/ssl_err.c
1.77+3-1lib/libssl/src/ssl/t1_enc.c
1.88+2-1lib/libssl/ssl_locl.h
1.88+2-1lib/libssl/src/ssl/ssl_locl.h
1.25+2-1lib/libssl/tls1.h
1.25+2-1lib/libssl/src/ssl/tls1.h
+159-2515 files

UnifiedSplitRaw