diff options
| author | Matt Caswell <matt@openssl.org> | 2016-10-21 17:39:33 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2016-11-02 13:08:21 +0000 |
| commit | 582a17d662d123eafbb70c9eaaa140a2559b7cdb (patch) | |
| tree | dbdc271e94609b3095b676a93bac0f242692a1e9 /include | |
| parent | ffd3d0ef34aac46c06379cc50d38c5c0324c3d4c (diff) | |
Add the SSL_METHOD for TLSv1.3 and all other base changes required
Includes addition of the various options to s_server/s_client. Also adds
one of the new TLS1.3 ciphersuites.
This isn't "real" TLS1.3!! It's identical to TLS1.2 apart from the protocol
and the ciphersuite...and the ciphersuite is just a renamed TLS1.2 one (not
a "real" TLS1.3 ciphersuite).
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/openssl/ssl.h | 3 | ||||
| -rw-r--r-- | include/openssl/tls1.h | 13 |
2 files changed, 14 insertions, 2 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 20013dbfe8..f0aa306133 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -343,12 +343,13 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, # define SSL_OP_NO_TLSv1 0x04000000U # define SSL_OP_NO_TLSv1_2 0x08000000U # define SSL_OP_NO_TLSv1_1 0x10000000U +# define SSL_OP_NO_TLSv1_3 0x20000000U # define SSL_OP_NO_DTLSv1 0x04000000U # define SSL_OP_NO_DTLSv1_2 0x08000000U # define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3|\ - SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2) + SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2|SSL_OP_NO_TLSv1_3) # define SSL_OP_NO_DTLS_MASK (SSL_OP_NO_DTLSv1|SSL_OP_NO_DTLSv1_2) diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index 23e382cdd3..3f7e749c69 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -65,7 +65,8 @@ extern "C" { # define TLS1_VERSION 0x0301 # define TLS1_1_VERSION 0x0302 # define TLS1_2_VERSION 0x0303 -# define TLS_MAX_VERSION TLS1_2_VERSION +# define TLS1_3_VERSION 0x0304 +# define TLS_MAX_VERSION TLS1_3_VERSION /* Special value for method supporting multiple versions */ # define TLS_ANY_VERSION 0x10000 @@ -599,6 +600,9 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305 0x0300CCAD # define TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305 0x0300CCAE +/* TLS v1.3 ciphersuites */ +# define TLS1_3_CK_AES_128_GCM_SHA256 0x03000D01 + /* * XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE * ciphers names with "EDH" instead of "DHE". Going forward, we should be @@ -868,6 +872,13 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305 "DHE-PSK-CHACHA20-POLY1305" # define TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305 "RSA-PSK-CHACHA20-POLY1305" +/* TLSv1.3 ciphersuites */ +/* + * TODO(TLS1.3): Review the naming scheme for TLSv1.3 ciphers and also the + * cipherstring selection process for these ciphers + */ +# define TLS1_3_TXT_AES_128_GCM_SHA256 "TLS13-AES-128-GCM-SHA256" + # define TLS_CT_RSA_SIGN 1 # define TLS_CT_DSS_SIGN 2 # define TLS_CT_RSA_FIXED_DH 3 |