Implement session id TLSv1.3 middlebox compatibility mode

        OPT_S_STRICT, OPT_S_SIGALGS, OPT_S_CLIENTSIGALGS, OPT_S_GROUPS, \

        OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, \

        OPT_S_RECORD_PADDING, OPT_S_DEBUGBROKE, OPT_S_COMP, \

        OPT_S_NO_RENEGOTIATION, OPT_S__LAST

        OPT_S_NO_RENEGOTIATION, OPT_S_NO_MIDDLEBOX, OPT_S__LAST

# define OPT_S_OPTIONS \

        {"no_ssl3", OPT_S_NOSSL3, '-',"Just disable SSLv3" }, \

        {"record_padding", OPT_S_RECORD_PADDING, 's', \

            "Block size to pad TLS 1.3 records to."}, \

        {"debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \

            "Perform all sorts of protocol violations for testing purposes"}

            "Perform all sorts of protocol violations for testing purposes"}, \

        {"no_middlebox", OPT_S_NO_MIDDLEBOX, '-', "Disable TLSv1.3 middlebox compat mode" }

# define OPT_S_CASES \

        case OPT_S_CIPHER: \

        case OPT_S_RECORD_PADDING: \

        case OPT_S_NO_RENEGOTIATION: \

        case OPT_S_DEBUGBROKE

        case OPT_S_DEBUGBROKE: \

        case OPT_S_NO_MIDDLEBOX

#define IS_NO_PROT_FLAG(o) \

 (o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \

SSL_R_INVALID_NULL_CMD_NAME:385:invalid null cmd name

SSL_R_INVALID_SEQUENCE_NUMBER:402:invalid sequence number

SSL_R_INVALID_SERVERINFO_DATA:388:invalid serverinfo data

SSL_R_INVALID_SESSION_ID:232:invalid session id

SSL_R_INVALID_SRP_USERNAME:357:invalid srp username

SSL_R_INVALID_STATUS_RESPONSE:328:invalid status response

SSL_R_INVALID_TICKET_KEYS_LENGTH:325:invalid ticket keys length

# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION        0x00040000U

/* Disable encrypt-then-mac */

# define SSL_OP_NO_ENCRYPT_THEN_MAC                      0x00080000U

/*

 * Enable TLSv1.3 Compatibility mode. This is on by default. A future version

 * of OpenSSL may have this disabled by default.

 */

# define SSL_OP_ENABLE_MIDDLEBOX_COMPAT                  0x00100000U

/* Prioritize Chacha20Poly1305 when client does.

 * Modifies SSL_OP_CIPHER_SERVER_PREFERENCE */

# define SSL_OP_PRIORITIZE_CHACHA                        0x00200000U

/*

 * Set on servers to choose the cipher according to the server's preferences

 */

# define SSL_R_INVALID_NULL_CMD_NAME                      385

# define SSL_R_INVALID_SEQUENCE_NUMBER                    402

# define SSL_R_INVALID_SERVERINFO_DATA                    388

# define SSL_R_INVALID_SESSION_ID                         232

# define SSL_R_INVALID_SRP_USERNAME                       357

# define SSL_R_INVALID_STATUS_RESPONSE                    328

# define SSL_R_INVALID_TICKET_KEYS_LENGTH                 325

        SSL_FLAG_TBL_INV("EncryptThenMac", SSL_OP_NO_ENCRYPT_THEN_MAC),

        SSL_FLAG_TBL("NoRenegotiation", SSL_OP_NO_RENEGOTIATION),

        SSL_FLAG_TBL("AllowNoDHEKEX", SSL_OP_ALLOW_NO_DHE_KEX),

        SSL_FLAG_TBL("PrioritizeChaCha", SSL_OP_PRIORITIZE_CHACHA)

        SSL_FLAG_TBL("PrioritizeChaCha", SSL_OP_PRIORITIZE_CHACHA),

        SSL_FLAG_TBL("MiddleboxCompat", SSL_OP_ENABLE_MIDDLEBOX_COMPAT)

    };

    if (value == NULL)

        return -3;

    SSL_CONF_CMD_SWITCH("allow_no_dhe_kex", 0),

    SSL_CONF_CMD_SWITCH("prioritize_chacha", SSL_CONF_FLAG_SERVER),

    SSL_CONF_CMD_SWITCH("strict", 0),

    SSL_CONF_CMD_SWITCH("no_middlebox", SSL_CONF_FLAG_CLIENT),

    SSL_CONF_CMD_STRING(SignatureAlgorithms, "sigalgs", 0),

    SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, "client_sigalgs", 0),

    SSL_CONF_CMD_STRING(Curves, "curves", 0),

    /* chacha reprioritization */

    {SSL_OP_PRIORITIZE_CHACHA, 0},

    {SSL_CERT_FLAG_TLS_STRICT, SSL_TFLAG_CERT}, /* strict */

    /* no_middlebox */

    {SSL_OP_ENABLE_MIDDLEBOX_COMPAT, SSL_TFLAG_INV},

};

static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd)