Add a function to express the desired record version protocol.

This function is currently a no-op, but could be made to do something in
the future to ease the transition of deployments that extract keys from
the handshake and drive the record protocol themselves.

Change-Id: Ib1399e42442dad78173a6462980945559a88a2c7
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49886
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: David Benjamin <davidben@google.com>

2 files changed, 8 insertions, 0 deletions

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index f731f8f..057fbc0 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -3887,6 +3887,10 @@ OPENSSL_EXPORT uint64_t SSL_get_read_sequence(const SSL *ssl);
 // two most significant bytes.
 OPENSSL_EXPORT uint64_t SSL_get_write_sequence(const SSL *ssl);
 
+// SSL_CTX_set_record_protocol_version returns whether |version| is zero.
+OPENSSL_EXPORT int SSL_CTX_set_record_protocol_version(SSL_CTX *ctx,
+                                                       int version);
+
 
 // Handshake hints.
 //
diff --git a/ssl/ssl_versions.cc b/ssl/ssl_versions.cc
index df499c7..964f7c9 100644
--- a/ssl/ssl_versions.cc
+++ b/ssl/ssl_versions.cc
@@ -396,3 +396,7 @@ int SSL_SESSION_set_protocol_version(SSL_SESSION *session, uint16_t version) {
   // used on unit test sessions anyway.
   return api_version_to_wire(&session->ssl_version, version);
 }
+
+int SSL_CTX_set_record_protocol_version(SSL_CTX *ctx, int version) {
+  return version == 0;
+}