aboutsummaryrefslogtreecommitdiff
path: root/apps/s_client.c
diff options
context:
space:
mode:
authorBodo Moeller <bodo@openssl.org>2014-10-15 04:03:28 +0200
committerBodo Moeller <bodo@openssl.org>2014-10-15 04:03:28 +0200
commitcf6da05304d554aaa885151451aa4ecaa977e601 (patch)
treebe3b67fd78ae75a3cc8e6b79f934a5db63ea11e4 /apps/s_client.c
parentffa08b3242e0f10f1fef3c93ef3f0b51de8c27a9 (diff)
downloadopenssl-cf6da05304d554aaa885151451aa4ecaa977e601.zip
openssl-cf6da05304d554aaa885151451aa4ecaa977e601.tar.gz
openssl-cf6da05304d554aaa885151451aa4ecaa977e601.tar.bz2
Support TLS_FALLBACK_SCSV.
Reviewed-by: Stephen Henson <steve@openssl.org>
Diffstat (limited to 'apps/s_client.c')
-rw-r--r--apps/s_client.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/apps/s_client.c b/apps/s_client.c
index 09c9b72..d56dc8d 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -341,6 +341,7 @@ static void sc_usage(void)
BIO_printf(bio_err," -tls1_1 - just use TLSv1.1\n");
BIO_printf(bio_err," -tls1 - just use TLSv1\n");
BIO_printf(bio_err," -dtls1 - just use DTLSv1\n");
+ BIO_printf(bio_err," -fallback_scsv - send TLS_FALLBACK_SCSV\n");
BIO_printf(bio_err," -mtu - set the link layer MTU\n");
BIO_printf(bio_err," -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n");
@@ -650,6 +651,7 @@ int MAIN(int argc, char **argv)
char *sess_out = NULL;
struct sockaddr peer;
int peerlen = sizeof(peer);
+ int fallback_scsv = 0;
int enable_timeouts = 0 ;
long socket_mtu = 0;
#ifndef OPENSSL_NO_JPAKE
@@ -940,6 +942,10 @@ static char *jpake_secret = NULL;
meth=DTLSv1_2_client_method();
socket_type=SOCK_DGRAM;
}
+ else if (strcmp(*argv,"-fallback_scsv") == 0)
+ {
+ fallback_scsv = 1;
+ }
else if (strcmp(*argv,"-timeout") == 0)
enable_timeouts=1;
else if (strcmp(*argv,"-mtu") == 0)
@@ -1439,6 +1445,10 @@ bad:
SSL_set_session(con, sess);
SSL_SESSION_free(sess);
}
+
+ if (fallback_scsv)
+ SSL_set_mode(con, SSL_MODE_SEND_FALLBACK_SCSV);
+
#ifndef OPENSSL_NO_TLSEXT
if (servername != NULL)
{
generated by cgit v1.1 at 2024-07-13 06:38:33 +0000