libtls: Add downgrade protection for TLS 1.3 and TLS 1.2

[strongswan.git] / src / libtls / tls.h

diff --git a/src/libtls/tls.h b/src/libtls/tls.h
index 5a11f70..9de042b 100644 (file)
--- a/src/libtls/tls.h
+++ b/src/libtls/tls.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2021 Tobias Brunner
- * Copyright (C) 2020 Pascal Knecht
+ * Copyright (C) 2020-2021 Pascal Knecht
  * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2010 Martin Willi
@@ -214,6 +214,12 @@ extern enum_name_t *tls_extension_names;
 extern chunk_t tls_hello_retry_request_magic;
 
 /**
+ * Magic values for downgrade protection (see RFC 8446, section 4.1.3)
+ */
+extern chunk_t tls_downgrade_protection_tls11;
+extern chunk_t tls_downgrade_protection_tls12;
+
+/**
  * A bottom-up driven TLS stack, suitable for EAP implementations.
  */
 struct tls_t {