From c3f389dade719b7b34825d62404a88cc0d618631 Mon Sep 17 00:00:00 2001 From: Steven Valdez Date: Thu, 13 Oct 2016 14:33:35 -0400 Subject: [PATCH] Enabling TLS 1.3 (DRAFT). Change-Id: I2e4f0db3b8630f990911c8e104f60c048bb7450d --- diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 9cc0d9d..d4db949 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -189,7 +189,7 @@ * TODO(davidben): Move this field into |s3|, have it store the normalized * protocol version, and implement this pre-negotiation quirk in |SSL_version| * at the API boundary rather than in internal state. */ - ssl->version = TLS1_2_VERSION; + ssl->version = TLS1_3_VERSION; return 1; err: return 0; diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index d8270f3..57343a4 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -965,10 +965,6 @@ uint16_t version) { if (version == 0) { *out = method->max_version; - /* TODO(svaldez): Enable TLS 1.3 by default once fully implemented. */ - if (*out > TLS1_2_VERSION) { - *out = TLS1_2_VERSION; - } return 1; } diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc index 5eede01..d847030 100644 --- a/ssl/ssl_test.cc +++ b/ssl/ssl_test.cc @@ -2410,7 +2410,7 @@ } if (ctx->min_version != SSL3_VERSION || - ctx->max_version != TLS1_2_VERSION) { + ctx->max_version != TLS1_3_VERSION) { fprintf(stderr, "Default TLS versions were incorrect (%04x and %04x).\n", ctx->min_version, ctx->max_version); return false; @@ -2574,8 +2574,7 @@ !TestBadSSL_SESSIONEncoding(kBadSessionExtraField) || !TestBadSSL_SESSIONEncoding(kBadSessionVersion) || !TestBadSSL_SESSIONEncoding(kBadSessionTrailingData) || - // TODO(svaldez): Update this when TLS 1.3 is enabled by default. - !TestDefaultVersion(SSL3_VERSION, TLS1_2_VERSION, &TLS_method) || + !TestDefaultVersion(SSL3_VERSION, TLS1_3_VERSION, &TLS_method) || !TestDefaultVersion(SSL3_VERSION, SSL3_VERSION, &SSLv3_method) || !TestDefaultVersion(TLS1_VERSION, TLS1_VERSION, &TLSv1_method) || !TestDefaultVersion(TLS1_1_VERSION, TLS1_1_VERSION, &TLSv1_1_method) ||