summaryrefslogtreecommitdiff
path: root/src/ssl/ssl_lib.cc
diff options
context:
space:
mode:
Diffstat (limited to 'src/ssl/ssl_lib.cc')
-rw-r--r--src/ssl/ssl_lib.cc11
1 files changed, 10 insertions, 1 deletions
diff --git a/src/ssl/ssl_lib.cc b/src/ssl/ssl_lib.cc
index 13b9cacc..9c16de49 100644
--- a/src/ssl/ssl_lib.cc
+++ b/src/ssl/ssl_lib.cc
@@ -693,6 +693,7 @@ SSL *SSL_new(SSL_CTX *ctx) {
ctx->signed_cert_timestamps_enabled;
ssl->config->ocsp_stapling_enabled = ctx->ocsp_stapling_enabled;
ssl->config->handoff = ctx->handoff;
+ ssl->config->ignore_tls13_downgrade = ctx->ignore_tls13_downgrade;
if (!ssl->method->ssl_new(ssl.get()) ||
!ssl->ctx->x509_method->ssl_new(ssl->s3->hs.get())) {
@@ -709,7 +710,8 @@ SSL_CONFIG::SSL_CONFIG(SSL *ssl_arg)
channel_id_enabled(false),
retain_only_sha256_of_client_certs(false),
handoff(false),
- shed_handshake_config(false) {
+ shed_handshake_config(false),
+ ignore_tls13_downgrade(false) {
assert(ssl);
}
@@ -2642,6 +2644,13 @@ void SSL_CTX_set_ignore_tls13_downgrade(SSL_CTX *ctx, int ignore) {
ctx->ignore_tls13_downgrade = !!ignore;
}
+void SSL_set_ignore_tls13_downgrade(SSL *ssl, int ignore) {
+ if (!ssl->config) {
+ return;
+ }
+ ssl->config->ignore_tls13_downgrade = !!ignore;
+}
+
void SSL_set_shed_handshake_config(SSL *ssl, int enable) {
if (!ssl->config) {
return;
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-26 12:16:46 +0000