From 36e2f3cf8e8a2f41b7ec1d7040d589974bfad93e Mon Sep 17 00:00:00 2001 From: Steven Valdez Date: Thu, 13 Oct 2016 14:33:35 -0400 Subject: [PATCH] Enabling TLS 1.3 (DRAFT). Change-Id: I2e4f0db3b8630f990911c8e104f60c048bb7450d --- diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 3b14411..802ed2f 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -187,7 +187,7 @@ * TODO(davidben): Move this field into |s3|, have it store the normalized * protocol version, and implement this pre-negotiation quirk in |SSL_version| * at the API boundary rather than in internal state. */ - ssl->version = TLS1_2_VERSION; + ssl->version = TLS1_3_VERSION; return 1; } diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 89d6f15..9c5afae 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -999,10 +999,6 @@ uint16_t version) { if (version == 0) { *out = method->max_version; - /* TODO(svaldez): Enable TLS 1.3 by default once fully implemented. */ - if (*out > TLS1_2_VERSION) { - *out = TLS1_2_VERSION; - } return 1; } diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc index b74e51e..e8d1847 100644 --- a/ssl/ssl_test.cc +++ b/ssl/ssl_test.cc @@ -2541,7 +2541,7 @@ } if (ctx->min_version != SSL3_VERSION || - ctx->max_version != TLS1_2_VERSION) { + ctx->max_version != TLS1_3_VERSION) { fprintf(stderr, "Default TLS versions were incorrect (%04x and %04x).\n", ctx->min_version, ctx->max_version); return false; @@ -2778,8 +2778,7 @@ !TestBadSSL_SESSIONEncoding(kBadSessionExtraField) || !TestBadSSL_SESSIONEncoding(kBadSessionVersion) || !TestBadSSL_SESSIONEncoding(kBadSessionTrailingData) || - // TODO(svaldez): Update this when TLS 1.3 is enabled by default. - !TestDefaultVersion(SSL3_VERSION, TLS1_2_VERSION, &TLS_method) || + !TestDefaultVersion(SSL3_VERSION, TLS1_3_VERSION, &TLS_method) || !TestDefaultVersion(SSL3_VERSION, SSL3_VERSION, &SSLv3_method) || !TestDefaultVersion(TLS1_VERSION, TLS1_VERSION, &TLSv1_method) || !TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &TLSv1_1_method) ||