From 401db67bcd68155643432584c78d63e1b253648d Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfsssl.com>
Date: Sun, 30 Jul 2017 07:45:22 +0900
Subject: [PATCH] WOLFSSL_MIN_DOWNGRADE, default: TLSv1_MINOR

---
 src/internal.c     | 2 +-
 wolfssl/internal.h | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/internal.c b/src/internal.c
index 416254ec7..272c4eb00 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -1345,7 +1345,7 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
     ctx->refCount = 1;          /* so either CTX_free or SSL_free can release */
     ctx->heap     = ctx;        /* defaults to self */
     ctx->timeout  = WOLFSSL_SESSION_TIMEOUT;
-    ctx->minDowngrade = TLSv1_MINOR;     /* current default */
+    ctx->minDowngrade = WOLFSSL_MIN_DOWNGRADE; /* current default: TLSv1_MINOR */
 
     if (wc_InitMutex(&ctx->countMutex) < 0) {
         WOLFSSL_MSG("Mutex error on CTX init");
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index d24c14904..83edfd5ed 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -1185,6 +1185,10 @@ enum Misc {
     READ_PROTO         = 0     /* reading a protocol message */
 };
 
+/* minimum Downgrade Minor version */
+#ifndef WOLFSSL_MIN_DOWNGRADE
+    #define WOLFSSL_MIN_DOWNGRADE TLSv1_MINOR
+#endif
 
 /* Set max implicit IV size for AEAD cipher suites */
 #define AEAD_MAX_IMP_SZ 12