Some SSL_OP_ values can't be used in 1.1.x (dd05bd4c) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

include/openssl/ssl.h

+15 −0

Original line number	Diff line number	Diff line
		@@ -282,10 +282,25 @@ typedef int (SSL_custom_ext_parse_cb_ex) (SSL s, unsigned int ext_type,
		/* Typedef for verification callback */
		typedef int (SSL_verify_cb)(int preverify_ok, X509_STORE_CTX x509_ctx);

		/*
		* Some values are reserved until OpenSSL 1.2.0 because they were previously
		* included in SSL_OP_ALL in a 1.1.x release.
		*
		* Reserved value (until OpenSSL 1.2.0) 0x00000001U
		* Reserved value (until OpenSSL 1.2.0) 0x00000002U
		*/
		/* Allow initial connection to servers that don't support RI */
		# define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004U

		/* Reserved value (until OpenSSL 1.2.0) 0x00000008U */
		# define SSL_OP_TLSEXT_PADDING 0x00000010U
		/* Reserved value (until OpenSSL 1.2.0) 0x00000020U */
		# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040U
		/*
		* Reserved value (until OpenSSL 1.2.0) 0x00000080U
		* Reserved value (until OpenSSL 1.2.0) 0x00000100U
		* Reserved value (until OpenSSL 1.2.0) 0x00000200U
		*/

		/* In TLSv1.3 allow a non-(ec)dhe based kex_mode */
		# define SSL_OP_ALLOW_NO_DHE_KEX 0x00000400U