dockerfiles/boring-nginx/tls1_3.patch

diff -Naur boringssl/ssl/s3_lib.c boringssl-patched/ssl/s3_lib.c
--- boringssl/ssl/s3_lib.c	2017-02-19 03:26:26.485717137 +0100
+++ boringssl-patched/ssl/s3_lib.c	2017-02-19 03:21:59.196469813 +0100
@@ -185,7 +185,7 @@
    * TODO(davidben): Move this field into |s3|, have it store the normalized
    * protocol version, and implement this pre-negotiation quirk in |SSL_version|
    * at the API boundary rather than in internal state. */
-  ssl->version = TLS1_2_VERSION;
+  ssl->version = TLS1_3_VERSION;
   return 1;
 }
 
diff -Naur boringssl/ssl/ssl_lib.c boringssl-patched/ssl/ssl_lib.c
--- boringssl/ssl/ssl_lib.c	2017-02-19 03:26:26.485717137 +0100
+++ boringssl-patched/ssl/ssl_lib.c	2017-02-19 03:22:58.504765391 +0100
@@ -951,10 +951,6 @@
                            uint16_t version) {
   if (version == 0) {
     *out = method->max_version;
-    /* TODO(svaldez): Enable TLS 1.3 by default once fully implemented. */
-    if (*out > TLS1_2_VERSION) {
-      *out = TLS1_2_VERSION;
-    }
     return 1;
   }
 
diff -Naur boringssl/ssl/ssl_test.cc boringssl-patched/ssl/ssl_test.cc
--- boringssl/ssl/ssl_test.cc	2017-02-19 03:26:26.485717137 +0100
+++ boringssl-patched/ssl/ssl_test.cc	2017-02-19 03:25:50.377592542 +0100
@@ -3116,7 +3116,7 @@
       !TestBadSSL_SESSIONEncoding(kBadSessionVersion) ||
       !TestBadSSL_SESSIONEncoding(kBadSessionTrailingData) ||
       // TODO(svaldez): Update this when TLS 1.3 is enabled by default.
-      !TestDefaultVersion(SSL3_VERSION, TLS1_2_VERSION, &TLS_method) ||
+      !TestDefaultVersion(SSL3_VERSION, TLS1_3_VERSION, &TLS_method) ||
       !TestDefaultVersion(SSL3_VERSION, SSL3_VERSION, &SSLv3_method) ||
       !TestDefaultVersion(TLS1_VERSION, TLS1_VERSION, &TLSv1_method) ||
       !TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &TLSv1_1_method) ||
boring-nginx: add homemade tls1.3 patch 2017-02-19 03:34:27 +01:00			`diff -Naur boringssl/ssl/s3_lib.c boringssl-patched/ssl/s3_lib.c`
			`--- boringssl/ssl/s3_lib.c 2017-02-19 03:26:26.485717137 +0100`
			`+++ boringssl-patched/ssl/s3_lib.c 2017-02-19 03:21:59.196469813 +0100`
			`@@ -185,7 +185,7 @@`
			`* TODO(davidben): Move this field into \|s3\|, have it store the normalized`
			`* protocol version, and implement this pre-negotiation quirk in \|SSL_version\|`
			`* at the API boundary rather than in internal state. */`
			`- ssl->version = TLS1_2_VERSION;`
			`+ ssl->version = TLS1_3_VERSION;`
			`return 1;`
			`}`

			`diff -Naur boringssl/ssl/ssl_lib.c boringssl-patched/ssl/ssl_lib.c`
			`--- boringssl/ssl/ssl_lib.c 2017-02-19 03:26:26.485717137 +0100`
			`+++ boringssl-patched/ssl/ssl_lib.c 2017-02-19 03:22:58.504765391 +0100`
			`@@ -951,10 +951,6 @@`
			`uint16_t version) {`
			`if (version == 0) {`
			`*out = method->max_version;`
			`- /* TODO(svaldez): Enable TLS 1.3 by default once fully implemented. */`
			`- if (*out > TLS1_2_VERSION) {`
			`- *out = TLS1_2_VERSION;`
			`- }`
			`return 1;`
			`}`

			`diff -Naur boringssl/ssl/ssl_test.cc boringssl-patched/ssl/ssl_test.cc`
			`--- boringssl/ssl/ssl_test.cc 2017-02-19 03:26:26.485717137 +0100`
			`+++ boringssl-patched/ssl/ssl_test.cc 2017-02-19 03:25:50.377592542 +0100`
			`@@ -3116,7 +3116,7 @@`
			`!TestBadSSL_SESSIONEncoding(kBadSessionVersion) \|\|`
			`!TestBadSSL_SESSIONEncoding(kBadSessionTrailingData) \|\|`
			`// TODO(svaldez): Update this when TLS 1.3 is enabled by default.`
			`- !TestDefaultVersion(SSL3_VERSION, TLS1_2_VERSION, &TLS_method) \|\|`
			`+ !TestDefaultVersion(SSL3_VERSION, TLS1_3_VERSION, &TLS_method) \|\|`
			`!TestDefaultVersion(SSL3_VERSION, SSL3_VERSION, &SSLv3_method) \|\|`
			`!TestDefaultVersion(TLS1_VERSION, TLS1_VERSION, &TLSv1_method) \|\|`
			`!TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &TLSv1_1_method) \|\|`