From: Andrew Dinh <andrewd@openssl.org>
Date: Thu, 11 Sep 2025 07:06:59 +0000 (+1000)
Subject: Rename SSL3 error codes to TLS equivalents
X-Git-Tag: openssl-4.0.0-alpha1~624
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b3d26e438a6a0d879bb0383de866a0474238cd61;p=thirdparty%2Fopenssl.git

Rename SSL3 error codes to TLS equivalents

Updated error code names and references from SSL3 to TLS in error definitions and error strings. Legacy error codes are preserved in sslerr_legacy.h for backward compatibility

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29338)
---

diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec
index a3fce495489..91aa11d1a6f 100644
--- a/crypto/err/openssl.ec
+++ b/crypto/err/openssl.ec
@@ -45,19 +45,19 @@ L OSSL_DECODER  include/openssl/decodererr.h    crypto/encode_decode/decoder_err
 L HTTP          include/openssl/httperr.h       crypto/http/http_err.c                  include/crypto/httperr.h
 
 # SSL/TLS alerts
-R SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE          1010
-R SSL_R_SSLV3_ALERT_BAD_RECORD_MAC              1020
+R SSL_R_TLS_ALERT_UNEXPECTED_MESSAGE            1010
+R SSL_R_TLS_ALERT_BAD_RECORD_MAC                1020
 R SSL_R_TLSV1_ALERT_DECRYPTION_FAILED           1021
 R SSL_R_TLSV1_ALERT_RECORD_OVERFLOW             1022
-R SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE       1030
-R SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE           1040
-R SSL_R_SSLV3_ALERT_NO_CERTIFICATE              1041
-R SSL_R_SSLV3_ALERT_BAD_CERTIFICATE             1042
-R SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE     1043
-R SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED         1044
-R SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED         1045
-R SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN         1046
-R SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER           1047
+R SSL_R_TLS_ALERT_DECOMPRESSION_FAILURE         1030
+R SSL_R_TLS_ALERT_HANDSHAKE_FAILURE             1040
+R SSL_R_TLS_ALERT_NO_CERTIFICATE                1041
+R SSL_R_TLS_ALERT_BAD_CERTIFICATE               1042
+R SSL_R_TLS_ALERT_UNSUPPORTED_CERTIFICATE       1043
+R SSL_R_TLS_ALERT_CERTIFICATE_REVOKED           1044
+R SSL_R_TLS_ALERT_CERTIFICATE_EXPIRED           1045
+R SSL_R_TLS_ALERT_CERTIFICATE_UNKNOWN           1046
+R SSL_R_TLS_ALERT_ILLEGAL_PARAMETER             1047
 R SSL_R_TLSV1_ALERT_UNKNOWN_CA                  1048
 R SSL_R_TLSV1_ALERT_ACCESS_DENIED               1049
 R SSL_R_TLSV1_ALERT_DECODE_ERROR                1050
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 1c160cecb56..3302b94a1e3 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -1586,22 +1586,22 @@ SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES:362:srtp could not allocate profiles
 SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG:363:\
 	srtp protection profile list too long
 SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE:364:srtp unknown protection profile
-SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH:232:\
+SSL_R_TLS_EXT_INVALID_MAX_FRAGMENT_LENGTH:232:\
 	ssl3 ext invalid max fragment length
-SSL_R_SSL3_EXT_INVALID_SERVERNAME:319:ssl3 ext invalid servername
-SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE:320:ssl3 ext invalid servername type
-SSL_R_SSL3_SESSION_ID_TOO_LONG:300:ssl3 session id too long
-SSL_R_SSLV3_ALERT_BAD_CERTIFICATE:1042:ssl/tls alert bad certificate
-SSL_R_SSLV3_ALERT_BAD_RECORD_MAC:1020:ssl/tls alert bad record mac
-SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED:1045:ssl/tls alert certificate expired
-SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED:1044:ssl/tls alert certificate revoked
-SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN:1046:ssl/tls alert certificate unknown
-SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE:1030:ssl/tls alert decompression failure
-SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE:1040:ssl/tls alert handshake failure
-SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER:1047:ssl/tls alert illegal parameter
-SSL_R_SSLV3_ALERT_NO_CERTIFICATE:1041:ssl/tls alert no certificate
-SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE:1010:ssl/tls alert unexpected message
-SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE:1043:\
+SSL_R_TLS_EXT_INVALID_SERVERNAME:319:ssl3 ext invalid servername
+SSL_R_TLS_EXT_INVALID_SERVERNAME_TYPE:320:ssl3 ext invalid servername type
+SSL_R_TLS_SESSION_ID_TOO_LONG:300:ssl3 session id too long
+SSL_R_TLS_ALERT_BAD_CERTIFICATE:1042:ssl/tls alert bad certificate
+SSL_R_TLS_ALERT_BAD_RECORD_MAC:1020:ssl/tls alert bad record mac
+SSL_R_TLS_ALERT_CERTIFICATE_EXPIRED:1045:ssl/tls alert certificate expired
+SSL_R_TLS_ALERT_CERTIFICATE_REVOKED:1044:ssl/tls alert certificate revoked
+SSL_R_TLS_ALERT_CERTIFICATE_UNKNOWN:1046:ssl/tls alert certificate unknown
+SSL_R_TLS_ALERT_DECOMPRESSION_FAILURE:1030:ssl/tls alert decompression failure
+SSL_R_TLS_ALERT_HANDSHAKE_FAILURE:1040:ssl/tls alert handshake failure
+SSL_R_TLS_ALERT_ILLEGAL_PARAMETER:1047:ssl/tls alert illegal parameter
+SSL_R_TLS_ALERT_NO_CERTIFICATE:1041:ssl/tls alert no certificate
+SSL_R_TLS_ALERT_UNEXPECTED_MESSAGE:1010:ssl/tls alert unexpected message
+SSL_R_TLS_ALERT_UNSUPPORTED_CERTIFICATE:1043:\
 	ssl/tls alert unsupported certificate
 SSL_R_SSL_COMMAND_SECTION_EMPTY:117:ssl command section empty
 SSL_R_SSL_COMMAND_SECTION_NOT_FOUND:125:ssl command section not found
diff --git a/crypto/ssl_err.c b/crypto/ssl_err.c
index c8963522a30..9fce52bf7ce 100644
--- a/crypto/ssl_err.c
+++ b/crypto/ssl_err.c
@@ -422,36 +422,36 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
         "srtp protection profile list too long" },
     { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE),
         "srtp unknown protection profile" },
-    { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH),
-        "ssl3 ext invalid max fragment length" },
-    { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_SERVERNAME),
-        "ssl3 ext invalid servername" },
-    { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),
-        "ssl3 ext invalid servername type" },
-    { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_SESSION_ID_TOO_LONG),
-        "ssl3 session id too long" },
-    { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),
-        "ssl/tls alert bad certificate" },
-    { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),
-        "ssl/tls alert bad record mac" },
-    { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),
-        "ssl/tls alert certificate expired" },
-    { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),
-        "ssl/tls alert certificate revoked" },
-    { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),
-        "ssl/tls alert certificate unknown" },
-    { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),
-        "ssl/tls alert decompression failure" },
-    { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),
-        "ssl/tls alert handshake failure" },
-    { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),
-        "ssl/tls alert illegal parameter" },
-    { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_NO_CERTIFICATE),
-        "ssl/tls alert no certificate" },
-    { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),
-        "ssl/tls alert unexpected message" },
-    { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),
-        "ssl/tls alert unsupported certificate" },
+    { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_EXT_INVALID_MAX_FRAGMENT_LENGTH),
+        "tls ext invalid max fragment length" },
+    { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_EXT_INVALID_SERVERNAME),
+        "tls ext invalid servername" },
+    { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_EXT_INVALID_SERVERNAME_TYPE),
+        "tls ext invalid servername type" },
+    { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_SESSION_ID_TOO_LONG),
+        "tls session id too long" },
+    { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_BAD_CERTIFICATE),
+        "tls alert bad certificate" },
+    { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_BAD_RECORD_MAC),
+        "tls alert bad record mac" },
+    { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_CERTIFICATE_EXPIRED),
+        "tls alert certificate expired" },
+    { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_CERTIFICATE_REVOKED),
+        "tls alert certificate revoked" },
+    { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_CERTIFICATE_UNKNOWN),
+        "tls alert certificate unknown" },
+    { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_DECOMPRESSION_FAILURE),
+        "tls alert decompression failure" },
+    { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_HANDSHAKE_FAILURE),
+        "tls alert handshake failure" },
+    { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_ILLEGAL_PARAMETER),
+        "tls alert illegal parameter" },
+    { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_NO_CERTIFICATE),
+        "tls alert no certificate" },
+    { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_UNEXPECTED_MESSAGE),
+        "tls alert unexpected message" },
+    { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_UNSUPPORTED_CERTIFICATE),
+        "tls alert unsupported certificate" },
     { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_COMMAND_SECTION_EMPTY),
         "ssl command section empty" },
     { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_COMMAND_SECTION_NOT_FOUND),
diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
index 3f0568f2856..24dbf0d7c35 100644
--- a/include/openssl/sslerr.h
+++ b/include/openssl/sslerr.h
@@ -266,21 +266,21 @@
 #define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362
 #define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363
 #define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364
-#define SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH 232
-#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319
-#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320
-#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300
-#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
-#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046
-#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030
-#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
-#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
-#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
-#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
-#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
+#define SSL_R_TLS_EXT_INVALID_MAX_FRAGMENT_LENGTH 232
+#define SSL_R_TLS_EXT_INVALID_SERVERNAME 319
+#define SSL_R_TLS_EXT_INVALID_SERVERNAME_TYPE 320
+#define SSL_R_TLS_SESSION_ID_TOO_LONG 300
+#define SSL_R_TLS_ALERT_BAD_CERTIFICATE 1042
+#define SSL_R_TLS_ALERT_BAD_RECORD_MAC 1020
+#define SSL_R_TLS_ALERT_CERTIFICATE_EXPIRED 1045
+#define SSL_R_TLS_ALERT_CERTIFICATE_REVOKED 1044
+#define SSL_R_TLS_ALERT_CERTIFICATE_UNKNOWN 1046
+#define SSL_R_TLS_ALERT_DECOMPRESSION_FAILURE 1030
+#define SSL_R_TLS_ALERT_HANDSHAKE_FAILURE 1040
+#define SSL_R_TLS_ALERT_ILLEGAL_PARAMETER 1047
+#define SSL_R_TLS_ALERT_NO_CERTIFICATE 1041
+#define SSL_R_TLS_ALERT_UNEXPECTED_MESSAGE 1010
+#define SSL_R_TLS_ALERT_UNSUPPORTED_CERTIFICATE 1043
 #define SSL_R_SSL_COMMAND_SECTION_EMPTY 117
 #define SSL_R_SSL_COMMAND_SECTION_NOT_FOUND 125
 #define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228
diff --git a/include/openssl/sslerr_legacy.h b/include/openssl/sslerr_legacy.h
index 8cf1ebd7b02..fd3453e4137 100644
--- a/include/openssl/sslerr_legacy.h
+++ b/include/openssl/sslerr_legacy.h
@@ -461,6 +461,26 @@ OSSL_DEPRECATEDIN_3_0 int ERR_load_SSL_strings(void);
 #define SSL_F_WRITE_STATE_MACHINE 0
 #endif
 
+#ifndef OPENSSL_NO_DEPRECATED_4_0
+
+#define SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH 232
+#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319
+#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320
+#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300
+#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
+#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
+#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045
+#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044
+#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046
+#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030
+#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
+#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
+#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
+#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
+#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
+
+#endif
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 397ddf4bf59..872812e4f4c 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4003,7 +4003,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                 break;
             len = strlen((char *)parg);
             if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
-                ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
+                ERR_raise(ERR_LIB_SSL, SSL_R_TLS_EXT_INVALID_SERVERNAME);
                 return 0;
             }
             if ((sc->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
@@ -4011,7 +4011,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                 return 0;
             }
         } else {
-            ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
+            ERR_raise(ERR_LIB_SSL, SSL_R_TLS_EXT_INVALID_SERVERNAME_TYPE);
             return 0;
         }
         break;
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 1833a617992..e91b7400ea4 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -1365,7 +1365,7 @@ int tls_parse_stoc_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt,
     /* |value| should contains a valid max-fragment-length code. */
     if (!IS_MAX_FRAGMENT_LENGTH_EXT_VALID(value)) {
         SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
-            SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
+            SSL_R_TLS_EXT_INVALID_MAX_FRAGMENT_LENGTH);
         return 0;
     }
 
@@ -1377,7 +1377,7 @@ int tls_parse_stoc_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt,
      */
     if (value != s->ext.max_fragment_len_mode) {
         SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
-            SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
+            SSL_R_TLS_EXT_INVALID_MAX_FRAGMENT_LENGTH);
         return 0;
     }
 
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index c4aef4c939c..f2418617404 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -188,7 +188,7 @@ int tls_parse_ctos_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt,
     /* Received |value| should be a valid max-fragment-length code. */
     if (!IS_MAX_FRAGMENT_LENGTH_EXT_VALID(value)) {
         SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
-            SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
+            SSL_R_TLS_EXT_INVALID_MAX_FRAGMENT_LENGTH);
         return 0;
     }
 
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index a9b229fca3c..3907664ebc5 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1518,7 +1518,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s, PACKET *pkt)
     session_id_len = PACKET_remaining(&session_id);
     if (session_id_len > sizeof(s->session->session_id)
         || session_id_len > SSL3_SESSION_ID_SIZE) {
-        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_SSL3_SESSION_ID_TOO_LONG);
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_TLS_SESSION_ID_TOO_LONG);
         goto err;
     }
 
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 9ece3189503..02f5d43055b 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -4779,7 +4779,7 @@ int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode)
 {
     if (mode != TLSEXT_max_fragment_length_DISABLED
         && !IS_MAX_FRAGMENT_LENGTH_EXT_VALID(mode)) {
-        ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
+        ERR_raise(ERR_LIB_SSL, SSL_R_TLS_EXT_INVALID_MAX_FRAGMENT_LENGTH);
         return 0;
     }
 
@@ -4797,7 +4797,7 @@ int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode)
 
     if (mode != TLSEXT_max_fragment_length_DISABLED
         && !IS_MAX_FRAGMENT_LENGTH_EXT_VALID(mode)) {
-        ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
+        ERR_raise(ERR_LIB_SSL, SSL_R_TLS_EXT_INVALID_MAX_FRAGMENT_LENGTH);
         return 0;
     }