Initial experimental TLSv1.1 support

 Changes between 1.0.0 and 1.1.0  [xx XXX xxxx]

  *) Initial TLSv1.1 support. Since TLSv1.1 is very similar to TLS v1.0 only

     a few changes are required:

       Add SSL_OP_NO_TLSv1_1 flag.

       Add TLSv1_1 methods.

       Update version checking logic to handle version 1.1.

       Add explicit IV handling (ported from DTLS code).

       Add command line options to s_client/s_server.

     [Steve Henson]

  *) Experiemental password based recipient info support for CMS library:

     implementing RFC3211.

     [Steve Henson]

#endif

	BIO_printf(bio_err," -ssl2         - just use SSLv2\n");

	BIO_printf(bio_err," -ssl3         - just use SSLv3\n");

	BIO_printf(bio_err," -tls1_1       - just use TLSv1.1\n");

	BIO_printf(bio_err," -tls1         - just use TLSv1\n");

	BIO_printf(bio_err," -dtls1        - just use DTLSv1\n");    

	BIO_printf(bio_err," -mtu          - set the link layer MTU\n");

	BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");

	BIO_printf(bio_err," -no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");

	BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");

	BIO_printf(bio_err," -serverpref   - Use server's cipher preferences (only SSLv2)\n");

	BIO_printf(bio_err," -cipher       - preferred cipher to use, use the 'openssl ciphers'\n");

			meth=SSLv3_client_method();

#endif

#ifndef OPENSSL_NO_TLS1

		else if	(strcmp(*argv,"-tls1_1") == 0)

			meth=TLSv1_1_client_method();

		else if	(strcmp(*argv,"-tls1") == 0)

			meth=TLSv1_client_method();

#endif

			if (--argc < 1) goto bad;

			CAfile= *(++argv);

			}

		else if (strcmp(*argv,"-no_tls1_1") == 0)

			off|=SSL_OP_NO_TLSv1_1;

		else if (strcmp(*argv,"-no_tls1") == 0)

			off|=SSL_OP_NO_TLSv1;

		else if (strcmp(*argv,"-no_ssl3") == 0)

#endif

	BIO_printf(bio_err," -ssl2         - Just talk SSLv2\n");

	BIO_printf(bio_err," -ssl3         - Just talk SSLv3\n");

	BIO_printf(bio_err," -tls1_1       - Just talk TLSv1_1\n");

	BIO_printf(bio_err," -tls1         - Just talk TLSv1\n");

	BIO_printf(bio_err," -dtls1        - Just talk DTLSv1\n");

	BIO_printf(bio_err," -timeout      - Enable timeouts\n");

	BIO_printf(bio_err," -no_ssl2      - Just disable SSLv2\n");

	BIO_printf(bio_err," -no_ssl3      - Just disable SSLv3\n");

	BIO_printf(bio_err," -no_tls1      - Just disable TLSv1\n");

	BIO_printf(bio_err," -no_tls1_1    - Just disable TLSv1.1\n");

#ifndef OPENSSL_NO_DH

	BIO_printf(bio_err," -no_dhe       - Disable ephemeral DH\n");

#endif

			{ off|=SSL_OP_NO_SSLv2; }

		else if	(strcmp(*argv,"-no_ssl3") == 0)

			{ off|=SSL_OP_NO_SSLv3; }

		else if	(strcmp(*argv,"-no_tls1_1") == 0)

			{ off|=SSL_OP_NO_TLSv1_1; }

		else if	(strcmp(*argv,"-no_tls1") == 0)

			{ off|=SSL_OP_NO_TLSv1; }

		else if	(strcmp(*argv,"-no_comp") == 0)

			{ meth=SSLv3_server_method(); }

#endif

#ifndef OPENSSL_NO_TLS1

		else if	(strcmp(*argv,"-tls1_1") == 0)

			{ meth=TLSv1_1_server_method(); }

		else if	(strcmp(*argv,"-tls1") == 0)

			{ meth=TLSv1_server_method(); }

#endif

	if (ssl2_compat && ssl23_no_ssl2_ciphers(s))

		ssl2_compat = 0;

	if (!(s->options & SSL_OP_NO_TLSv1))

	if (!(s->options & SSL_OP_NO_TLSv1_1))

		{

		version = TLS1_1_VERSION;

		}

	else if (!(s->options & SSL_OP_NO_TLSv1))

		{

		version = TLS1_VERSION;

		}

		if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)

			return -1;

		if (version == TLS1_VERSION)

		if (version == TLS1_1_VERSION)

			{

			version_major = TLS1_1_VERSION_MAJOR;

			version_minor = TLS1_1_VERSION_MINOR;

			}

		else if (version == TLS1_VERSION)

			{

			version_major = TLS1_VERSION_MAJOR;

			version_minor = TLS1_VERSION_MINOR;

#endif

		}

	else if (p[1] == SSL3_VERSION_MAJOR &&

	         (p[2] == SSL3_VERSION_MINOR || p[2] == TLS1_VERSION_MINOR) &&

	         (p[2] >= SSL3_VERSION_MINOR && p[2] <= TLS1_1_VERSION_MINOR) &&

	         ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) ||

	          (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2)))

		{

			s->version=TLS1_VERSION;

			s->method=TLSv1_client_method();

			}

		else if ((p[2] == TLS1_1_VERSION_MINOR) &&

			!(s->options & SSL_OP_NO_TLSv1_1))

			{

			s->version=TLS1_1_VERSION;

			s->method=TLSv1_1_client_method();

			}

		else

			{

			SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);

		return(SSLv3_server_method());

	else if (ver == TLS1_VERSION)

		return(TLSv1_server_method());

	else if (ver == TLS1_1_VERSION)

		return(TLSv1_1_server_method());

	else

		return(NULL);

	}

				/* SSLv3/TLSv1 */

				if (p[4] >= TLS1_VERSION_MINOR)

					{

					if (!(s->options & SSL_OP_NO_TLSv1))

					if (p[4] >= TLS1_1_VERSION_MINOR &&

					   !(s->options & SSL_OP_NO_TLSv1_1))

						{

						s->version=TLS1_1_VERSION;

						s->state=SSL23_ST_SR_CLNT_HELLO_B;

						}

					else if (!(s->options & SSL_OP_NO_TLSv1))

						{

						s->version=TLS1_VERSION;

						/* type=2; */ /* done later to survive restarts */

				v[1]=p[10]; /* minor version according to client_version */

			if (v[1] >= TLS1_VERSION_MINOR)

				{

				if (!(s->options & SSL_OP_NO_TLSv1))

				if (v[1] >= TLS1_1_VERSION_MINOR &&

					!(s->options & SSL_OP_NO_TLSv1_1))

					{

					s->version=TLS1_1_VERSION;

					type=3;

					}

				else if (!(s->options & SSL_OP_NO_TLSv1))

					{

					s->version=TLS1_VERSION;

					type=3;

			s->s3->rbuf.offset=0;

			}

		if (s->version == TLS1_VERSION)

		if (s->version == TLS1_1_VERSION)

			s->method = TLSv1_1_server_method();

		else if (s->version == TLS1_VERSION)

			s->method = TLSv1_server_method();

		else

			s->method = SSLv3_server_method();