diff options
author | Matt Caswell <matt@openssl.org> | 2018-07-18 16:05:49 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-08-15 12:33:30 +0100 |
commit | 35e742ecac9239539db016e1282b4cbdf501509c (patch) | |
tree | 69505449d87cb5902f7db623738266782bb98ac2 /ssl/statem/statem_lib.c | |
parent | 58094ab60ff51918a248dc6bd977d48f981fe2c1 (diff) |
Update code for the final RFC version of TLSv1.3 (RFC8446)
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6741)
Diffstat (limited to 'ssl/statem/statem_lib.c')
-rw-r--r-- | ssl/statem/statem_lib.c | 23 |
1 files changed, 0 insertions, 23 deletions
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index d602846416..d04f8773de 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1742,8 +1742,6 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd) unsigned int best_vers = 0; const SSL_METHOD *best_method = NULL; PACKET versionslist; - /* TODO(TLS1.3): Remove this before release */ - unsigned int orig_candidate = 0; suppversions->parsed = 1; @@ -1765,24 +1763,6 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd) return SSL_R_BAD_LEGACY_VERSION; while (PACKET_get_net_2(&versionslist, &candidate_vers)) { - /* TODO(TLS1.3): Remove this before release */ - if (candidate_vers == TLS1_3_VERSION_DRAFT - || candidate_vers == TLS1_3_VERSION_DRAFT_27 - || candidate_vers == TLS1_3_VERSION_DRAFT_26) { - if (best_vers == TLS1_3_VERSION - && orig_candidate > candidate_vers) - continue; - orig_candidate = candidate_vers; - candidate_vers = TLS1_3_VERSION; - } else if (candidate_vers == TLS1_3_VERSION) { - /* Don't actually accept real TLSv1.3 */ - continue; - } - /* - * TODO(TLS1.3): There is some discussion on the TLS list about - * whether to ignore versions <TLS1.2 in supported_versions. At the - * moment we honour them if present. To be reviewed later - */ if (version_cmp(s, candidate_vers, best_vers) <= 0) continue; if (ssl_version_supported(s, candidate_vers, &best_method)) @@ -1805,9 +1785,6 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd) } check_for_downgrade(s, best_vers, dgrd); s->version = best_vers; - /* TODO(TLS1.3): Remove this before release */ - if (best_vers == TLS1_3_VERSION) - s->version_draft = orig_candidate; s->method = best_method; return 0; } |