Add SSL_CIPHER_get_min_version and tidy up SSL_TLSV1_2 logic. Later when TLS 1.3 comes around, we'll need SSL_CIPHER_get_max_version too. In the meantime, hide the SSL_TLSV1_2 messiness behind a reasonable API. Change-Id: Ibcc17cccf48dd99e364d6defdfa5a87d031ecf0a Reviewed-on: https://boringssl-review.googlesource.com/6452 Reviewed-by: Adam Langley <agl@google.com>

commit: c7817d8ce2f3c90b2de36cd3c654b80ab078abac [log] [tgz]
author: David Benjamin <davidben@chromium.org> Thu Nov 05 18:28:33 2015 -0500
committer: Adam Langley <agl@google.com> Fri Nov 06 19:56:29 2015 +0000
tree: ecc42b6e167a047e872b5bc32dda67fc86978694
parent: 9d94d5e4aef8f23b3be696d3d8a9606a9f3a2f00 [diff] [blame]
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 5b49fdc..bf53d5e 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -1067,6 +1067,10 @@
 /* SSL_CIPHER_is_ECDSA returns one if |cipher| uses ECDSA. */
 OPENSSL_EXPORT int SSL_CIPHER_is_ECDSA(const SSL_CIPHER *cipher);
 
+/* SSL_CIPHER_get_min_version returns the minimum protocol version required
+ * for |cipher|. */
+OPENSSL_EXPORT uint16_t SSL_CIPHER_get_min_version(const SSL_CIPHER *cipher);
+
 /* SSL_CIPHER_get_name returns the OpenSSL name of |cipher|. */
 OPENSSL_EXPORT const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher);
commit	c7817d8ce2f3c90b2de36cd3c654b80ab078abac	[log] [tgz]
author	David Benjamin <davidben@chromium.org>	Thu Nov 05 18:28:33 2015 -0500
committer	Adam Langley <agl@google.com>	Fri Nov 06 19:56:29 2015 +0000
tree	ecc42b6e167a047e872b5bc32dda67fc86978694
parent	9d94d5e4aef8f23b3be696d3d8a9606a9f3a2f00 [diff] [blame]