summaryrefslogtreecommitdiffstats
path: root/ssl/statem/statem_lib.c
diff options
context:
space:
mode:
authorMatt Caswell <matt@openssl.org>2018-07-18 16:05:49 +0100
committerMatt Caswell <matt@openssl.org>2018-08-15 12:33:30 +0100
commit35e742ecac9239539db016e1282b4cbdf501509c (patch)
tree69505449d87cb5902f7db623738266782bb98ac2 /ssl/statem/statem_lib.c
parent58094ab60ff51918a248dc6bd977d48f981fe2c1 (diff)
Update code for the final RFC version of TLSv1.3 (RFC8446)
Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6741)
Diffstat (limited to 'ssl/statem/statem_lib.c')
-rw-r--r--ssl/statem/statem_lib.c23
1 files changed, 0 insertions, 23 deletions
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index d602846416..d04f8773de 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1742,8 +1742,6 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
unsigned int best_vers = 0;
const SSL_METHOD *best_method = NULL;
PACKET versionslist;
- /* TODO(TLS1.3): Remove this before release */
- unsigned int orig_candidate = 0;
suppversions->parsed = 1;
@@ -1765,24 +1763,6 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
return SSL_R_BAD_LEGACY_VERSION;
while (PACKET_get_net_2(&versionslist, &candidate_vers)) {
- /* TODO(TLS1.3): Remove this before release */
- if (candidate_vers == TLS1_3_VERSION_DRAFT
- || candidate_vers == TLS1_3_VERSION_DRAFT_27
- || candidate_vers == TLS1_3_VERSION_DRAFT_26) {
- if (best_vers == TLS1_3_VERSION
- && orig_candidate > candidate_vers)
- continue;
- orig_candidate = candidate_vers;
- candidate_vers = TLS1_3_VERSION;
- } else if (candidate_vers == TLS1_3_VERSION) {
- /* Don't actually accept real TLSv1.3 */
- continue;
- }
- /*
- * TODO(TLS1.3): There is some discussion on the TLS list about
- * whether to ignore versions <TLS1.2 in supported_versions. At the
- * moment we honour them if present. To be reviewed later
- */
if (version_cmp(s, candidate_vers, best_vers) <= 0)
continue;
if (ssl_version_supported(s, candidate_vers, &best_method))
@@ -1805,9 +1785,6 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
}
check_for_downgrade(s, best_vers, dgrd);
s->version = best_vers;
- /* TODO(TLS1.3): Remove this before release */
- if (best_vers == TLS1_3_VERSION)
- s->version_draft = orig_candidate;
s->method = best_method;
return 0;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-12 09:28:06 +0000