diff options
| author | Bodo Moeller <bodo@openssl.org> | 2014-10-15 04:05:42 +0200 |
|---|---|---|
| committer | Janusz Kozerski <j.kozerski@samsung.com> | 2014-10-20 15:26:05 +0200 |
| commit | 360ea1882d5678330fc111419146d12e2a94d25f (patch) | |
| tree | e7675dff10d8b7dff07579a707585b8e3563b816 /apps/s_client.c | |
| parent | 3b03fe1079c2fec254a8126677e8c0a4f9661a8e (diff) | |
| download | openssl-360ea1882d5678330fc111419146d12e2a94d25f.tar.gz openssl-360ea1882d5678330fc111419146d12e2a94d25f.tar.bz2 openssl-360ea1882d5678330fc111419146d12e2a94d25f.zip | |
Support TLS_FALLBACK_SCSV.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'apps/s_client.c')
| -rw-r--r-- | apps/s_client.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/apps/s_client.c b/apps/s_client.c index 4625467..c2e160c 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -337,6 +337,7 @@ static void sc_usage(void) BIO_printf(bio_err," -tls1_1 - just use TLSv1.1\n"); BIO_printf(bio_err," -tls1 - just use TLSv1\n"); BIO_printf(bio_err," -dtls1 - just use DTLSv1\n"); + BIO_printf(bio_err," -fallback_scsv - send TLS_FALLBACK_SCSV\n"); BIO_printf(bio_err," -mtu - set the link layer MTU\n"); BIO_printf(bio_err," -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n"); BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n"); @@ -617,6 +618,7 @@ int MAIN(int argc, char **argv) char *sess_out = NULL; struct sockaddr peer; int peerlen = sizeof(peer); + int fallback_scsv = 0; int enable_timeouts = 0 ; long socket_mtu = 0; #ifndef OPENSSL_NO_JPAKE @@ -823,6 +825,10 @@ int MAIN(int argc, char **argv) meth=DTLSv1_client_method(); socket_type=SOCK_DGRAM; } + else if (strcmp(*argv,"-fallback_scsv") == 0) + { + fallback_scsv = 1; + } else if (strcmp(*argv,"-timeout") == 0) enable_timeouts=1; else if (strcmp(*argv,"-mtu") == 0) @@ -1235,6 +1241,10 @@ bad: SSL_set_session(con, sess); SSL_SESSION_free(sess); } + + if (fallback_scsv) + SSL_set_mode(con, SSL_MODE_SEND_FALLBACK_SCSV); + #ifndef OPENSSL_NO_TLSEXT if (servername != NULL) { |