diff options
| author | Matt Caswell <matt@openssl.org> | 2018-07-18 16:05:49 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2018-08-15 12:33:30 +0100 |
| commit | 35e742ecac9239539db016e1282b4cbdf501509c (patch) | |
| tree | 69505449d87cb5902f7db623738266782bb98ac2 /ssl/statem/extensions_clnt.c | |
| parent | 58094ab60ff51918a248dc6bd977d48f981fe2c1 (diff) | |
Update code for the final RFC version of TLSv1.3 (RFC8446)
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6741)
Diffstat (limited to 'ssl/statem/extensions_clnt.c')
| -rw-r--r-- | ssl/statem/extensions_clnt.c | 23 |
1 files changed, 1 insertions, 22 deletions
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index cc4563b357..86d6189ea1 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -530,23 +530,8 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt, return EXT_RETURN_FAIL; } - /* - * TODO(TLS1.3): There is some discussion on the TLS list as to whether - * we should include versions <TLS1.2. For the moment we do. To be - * reviewed later. - */ for (currv = max_version; currv >= min_version; currv--) { - /* TODO(TLS1.3): Remove this first if clause prior to release!! */ - if (currv == TLS1_3_VERSION) { - if (!WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT) - || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_27) - || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_26)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS, - ERR_R_INTERNAL_ERROR); - return EXT_RETURN_FAIL; - } - } else if (!WPACKET_put_bytes_u16(pkt, currv)) { + if (!WPACKET_put_bytes_u16(pkt, currv)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS, ERR_R_INTERNAL_ERROR); @@ -1790,12 +1775,6 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context, return 0; } - /* TODO(TLS1.3): Remove this before release */ - if (version == TLS1_3_VERSION_DRAFT - || version == TLS1_3_VERSION_DRAFT_27 - || version == TLS1_3_VERSION_DRAFT_26) - version = TLS1_3_VERSION; - /* * The only protocol version we support which is valid in this extension in * a ServerHello is TLSv1.3 therefore we shouldn't be getting anything else. |