libtls: Add downgrade protection for TLS 1.3 and TLS 1.2

[strongswan.git] / src / libtls / tls.c

diff --git a/src/libtls/tls.c b/src/libtls/tls.c
index 8b9911a..da45f4b 100644 (file)
--- a/src/libtls/tls.c
+++ b/src/libtls/tls.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2021 Tobias Brunner
- * Copyright (C) 2020 Pascal Knecht
+ * Copyright (C) 2020-2021 Pascal Knecht
  * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2010 Martin Willi
@@ -153,6 +153,13 @@ chunk_t tls_hello_retry_request_magic = chunk_from_chars(
        0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C,
 );
 
+chunk_t tls_downgrade_protection_tls11 = chunk_from_chars(
+       0x44, 0x4F, 0x57, 0x4E, 0x47, 0x52, 0x44, 0x00,
+);
+chunk_t tls_downgrade_protection_tls12 = chunk_from_chars(
+       0x44, 0x4F, 0x57, 0x4E, 0x47, 0x52, 0x44, 0x01,
+);
+
 /**
  * TLS record
  */