Turn on TLSv1.3 downgrade protection by default

Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6741)
author: Matt Caswell <matt@openssl.org> 2018-07-18 16:13:14 +0100
committer: Matt Caswell <matt@openssl.org> 2018-08-15 12:33:30 +0100
commit: 9f22c527232d8babfa4827dff34a6707e8880dd9 (patch)
tree: dcc7a43d93421790c76b5a4aab274285e2dcd15d /ssl/s3_lib.c
parent: 35e742ecac9239539db016e1282b4cbdf501509c (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index c170eed5e1..5ecbc3c554 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4568,7 +4568,7 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
     } else {
         ret = RAND_bytes(result, len);
     }
-#ifndef OPENSSL_NO_TLS13DOWNGRADE
+
     if (ret > 0) {
         if (!ossl_assert(sizeof(tls11downgrade) < len)
                 || !ossl_assert(sizeof(tls12downgrade) < len))
@@ -4580,7 +4580,7 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
             memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
                    sizeof(tls11downgrade));
     }
-#endif
+
     return ret;
 }
author	Matt Caswell <matt@openssl.org>	2018-07-18 16:13:14 +0100
committer	Matt Caswell <matt@openssl.org>	2018-08-15 12:33:30 +0100
commit	9f22c527232d8babfa4827dff34a6707e8880dd9 (patch)
tree	dcc7a43d93421790c76b5a4aab274285e2dcd15d /ssl/s3_lib.c
parent	35e742ecac9239539db016e1282b4cbdf501509c (diff)