Add server side support for TLSv1.3 downgrade mechanism Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3022)

commit: f7f2a01d6364f10f353652e29555e6c66aec9b6d [log] [tgz]
author: Matt Caswell <matt@openssl.org> Wed Mar 22 08:52:54 2017 +0000
committer: Matt Caswell <matt@openssl.org> Fri Mar 24 14:07:11 2017 +0000
tree: 717a2864e04c5a9dfb94907bae06ffbe5df1cdc5
parent: a41815f05e71009d2a5148bd30b70f47186ed66b [diff] [blame]
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index d584bd7..0490813 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c

@@ -1094,7 +1094,8 @@
     } else
         i = 1;
 
-    if (i && ssl_fill_hello_random(s, 0, p, sizeof(s->s3->client_random)) <= 0)
+    if (i && ssl_fill_hello_random(s, 0, p, sizeof(s->s3->client_random),
+                                   DOWNGRADE_NONE) <= 0)
         return 0;
 
     /*-
commit	f7f2a01d6364f10f353652e29555e6c66aec9b6d	[log] [tgz]
author	Matt Caswell <matt@openssl.org>	Wed Mar 22 08:52:54 2017 +0000
committer	Matt Caswell <matt@openssl.org>	Fri Mar 24 14:07:11 2017 +0000
tree	717a2864e04c5a9dfb94907bae06ffbe5df1cdc5
parent	a41815f05e71009d2a5148bd30b70f47186ed66b [diff] [blame]