From 4f11c7476b14225d5919924e433dbac0b4806081 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Fri, 7 Jul 2017 10:56:48 +0100
Subject: [PATCH] Choose a safer value for SSL_OP_ALLOW_NO_DHE_KEX

1.1.0 included the previous value for SSL_OP_ALLOW_NO_DHE_KEX in
SSL_OP_ALL. This might cause binary compatibility issues. We should choose
a value that is not in SSL_OP_ALL.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3833)
---
 include/openssl/ssl.h | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index cc5b398a16..156b50a16a 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -282,14 +282,14 @@ typedef int (*SSL_custom_ext_parse_cb_ex) (SSL *s, unsigned int ext_type,
 /* Typedef for verification callback */
 typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx);
 
-/* In TLSv1.3 allow a non-(ec)dhe based kex_mode */
-# define SSL_OP_ALLOW_NO_DHE_KEX                         0x00000001U
-
 /* Allow initial connection to servers that don't support RI */
 # define SSL_OP_LEGACY_SERVER_CONNECT                    0x00000004U
 # define SSL_OP_TLSEXT_PADDING                           0x00000010U
 # define SSL_OP_SAFARI_ECDHE_ECDSA_BUG                   0x00000040U
 
+/* In TLSv1.3 allow a non-(ec)dhe based kex_mode */
+# define SSL_OP_ALLOW_NO_DHE_KEX                         0x00000400U
+
 /*
  * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added in
  * OpenSSL 0.9.6d.  Usually (depending on the application protocol) the
-- 
2.25.1