hoellen/dockerfiles
1
0
Fork 0
mirror of https://github.com/hoellen/dockerfiles.git synced 2025-04-20 04:19:18 +00:00
Code Issues Projects Releases Wiki Activity
dockerfiles/boring-nginx/tls13.patch

64 lines
2.2 KiB
Diff
Raw Blame History

From cfc32a1e540e4f542egggd3008 Mon Sep 17 00:00:00 2001
From: Buik / Bassie <bassie@buik.locale>
Date: Tue, 09 Apr 2018 12:55:23 +0800
Subject: [PATCH] Enable TLS 1.3 on BoringSSL
Enable TLS 1.3 on BoringSSL.
Tested on Nginx 1.13.11 with BoringSSL chromium-stable and BoringSSL master (git branch April 09 2018)
---
s3_lib.cc | 2 +-
ssl_test.cc | 4 ++--
ssl_versions.cc | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/ssl/s3_lib.cc b/ssl/s3_lib.cc
index a3fc8d7..b28bbc8 100644
--- a/ssl/s3_lib.cc
+++ b/ssl/s3_lib.cc
@@ -201,7 +201,7 @@ bool ssl3_new(SSL *ssl) {
// TODO(davidben): Move this field into |s3|, have it store the normalized
// protocol version, and implement this pre-negotiation quirk in |SSL_version|
// at the API boundary rather than in internal state.
- ssl->version = TLS1_2_VERSION;
+ ssl->version = TLS1_3_VERSION;
return true;
}
diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
index 12f044c..cfc4af1 100644
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc
@@ -2607,7 +2607,7 @@ TEST(SSLTest, SetVersion) {
// Zero is the default version.
EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0));
- EXPECT_EQ(TLS1_2_VERSION, ctx->conf_max_version);
+ EXPECT_EQ(TLS1_3_VERSION, ctx->conf_max_version);
EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0));
EXPECT_EQ(TLS1_VERSION, ctx->conf_min_version);
@@ -2640,7 +2640,7 @@ TEST(SSLTest, SetVersion) {
EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x1234));
EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0));
- EXPECT_EQ(TLS1_2_VERSION, ctx->conf_max_version);
+ EXPECT_EQ(TLS1_3_VERSION, ctx->conf_max_version);
EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0));
EXPECT_EQ(TLS1_1_VERSION, ctx->conf_min_version);
}
diff --git a/ssl/ssl_versions.cc b/ssl/ssl_versions.cc
index 73ea26f..da10cb2 100644
--- a/ssl/ssl_versions.cc
+++ b/ssl/ssl_versions.cc
@@ -189,7 +189,7 @@ static bool set_max_version(const SSL_PROTOCOL_METHOD *method, uint16_t *out,
uint16_t version) {
// Zero is interpreted as the default maximum version.
if (version == 0) {
- *out = TLS1_2_VERSION;
+ *out = TLS1_3_VERSION;
return true;
}
Reference in New Issue View Git Blame Copy Permalink