Pass a dtls1_use_epoch enum down to dtls1_seal_record.

This is considerably less scary than swapping out connection state. It also
fixes a minor bug where, if dtls1_do_write had an alert to dispatch and we
happened to retry during a rexmit, it would use the wrong epoch.


Change-Id: I754b0d46bfd02f797f4c3f7cfde28d3e5f30c52b
Reviewed-by: Adam Langley <>
4 files changed