Remove draft 26, 27
parent
c4437b6b7d
commit
692bc2e890
|
@ -12,5 +12,5 @@ OpenSSL 1.1.0 patch is [here](https://gitlab.com/buik/openssl/blob/openssl-patch
|
|||
### OpenSSL-1.1.1-pre6~pre7 ciphers (draft 26 ~ 28)
|
||||
`[EECDH+ECDSA+AESGCM+AES128|EECDH+ECDSA+CHACHA20]:EECDH+ECDSA+AESGCM+AES256:EECDH+ECDSA+AES128+SHA:EECDH+ECDSA+AES256+SHA:[EECDH+aRSA+AESGCM+AES128|EECDH+aRSA+CHACHA20]:EECDH+aRSA+AESGCM+AES256:EECDH+aRSA+AES128+SHA:EECDH+aRSA+AES256+SHA:RSA+AES128+SHA:RSA+AES256+SHA:RSA+3DES`
|
||||
|
||||
### OpenSSL-1.1.1-pre7 (Latest) ciphers (draft 23, 26 ~ 28)
|
||||
### OpenSSL-1.1.1-pre7 (Latest) ciphers (draft 23, 28)
|
||||
`[EECDH+ECDSA+AESGCM+AES128|EECDH+ECDSA+CHACHA20]:EECDH+ECDSA+AESGCM+AES256:EECDH+ECDSA+AES128+SHA:EECDH+ECDSA+AES256+SHA:[EECDH+aRSA+AESGCM+AES128|EECDH+aRSA+CHACHA20]:EECDH+aRSA+AESGCM+AES256:EECDH+aRSA+AES128+SHA:EECDH+aRSA+AES256+SHA`
|
||||
|
|
|
@ -71,21 +71,23 @@ index 8e395cdd2d..700d7b7b4e 100644
|
|||
# define SSL_R_UNINITIALIZED 276
|
||||
# define SSL_R_UNKNOWN_ALERT_TYPE 246
|
||||
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
|
||||
index 37bdc7da43..894801bb4a 100644
|
||||
index 37bdc7da43..d8dc34a8a0 100644
|
||||
--- a/include/openssl/tls1.h
|
||||
+++ b/include/openssl/tls1.h
|
||||
@@ -31,9 +31,11 @@ extern "C" {
|
||||
@@ -31,11 +31,9 @@ extern "C" {
|
||||
# define TLS_MAX_VERSION TLS1_3_VERSION
|
||||
|
||||
/* TODO(TLS1.3) REMOVE ME: Version indicators for draft version */
|
||||
-# define TLS1_3_VERSION_DRAFT_26 0x7f1a
|
||||
-# define TLS1_3_VERSION_DRAFT_27 0x7f1b
|
||||
+# define TLS1_3_VERSION_DRAFT_23 0x7f17
|
||||
# define TLS1_3_VERSION_DRAFT_26 0x7f1a
|
||||
# define TLS1_3_VERSION_DRAFT_27 0x7f1b
|
||||
# define TLS1_3_VERSION_DRAFT 0x7f1c
|
||||
-# define TLS1_3_VERSION_DRAFT_TXT_26 "TLS 1.3 (draft 26)"
|
||||
-# define TLS1_3_VERSION_DRAFT_TXT_27 "TLS 1.3 (draft 27)"
|
||||
+# define TLS1_3_VERSION_DRAFT_TXT_23 "TLS 1.3 (draft 23)"
|
||||
# define TLS1_3_VERSION_DRAFT_TXT_26 "TLS 1.3 (draft 26)"
|
||||
# define TLS1_3_VERSION_DRAFT_TXT_27 "TLS 1.3 (draft 27)"
|
||||
# define TLS1_3_VERSION_DRAFT_TXT "TLS 1.3 (draft 28)"
|
||||
|
||||
/* Special value for method supporting multiple versions */
|
||||
diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c
|
||||
index 8822ca25c3..63ecafe373 100644
|
||||
--- a/ssl/record/ssl3_record_tls13.c
|
||||
|
@ -1032,25 +1034,25 @@ index 4aec810179..d251ee178f 100644
|
|||
__owur int ssl3_new(SSL *s);
|
||||
void ssl3_free(SSL *s);
|
||||
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
|
||||
index cc4563b357..4fb02935e9 100644
|
||||
index cc4563b357..05681cd399 100644
|
||||
--- a/ssl/statem/extensions_clnt.c
|
||||
+++ b/ssl/statem/extensions_clnt.c
|
||||
@@ -540,7 +540,8 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt,
|
||||
@@ -539,8 +539,7 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt,
|
||||
/* TODO(TLS1.3): Remove this first if clause prior to release!! */
|
||||
if (currv == TLS1_3_VERSION) {
|
||||
if (!WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT)
|
||||
|| !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_27)
|
||||
- || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_27)
|
||||
- || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_26)) {
|
||||
+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_26)
|
||||
+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_23)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
|
||||
SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
|
||||
ERR_R_INTERNAL_ERROR);
|
||||
@@ -1793,8 +1794,11 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
|
||||
@@ -1792,9 +1791,10 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
|
||||
|
||||
/* TODO(TLS1.3): Remove this before release */
|
||||
if (version == TLS1_3_VERSION_DRAFT
|
||||
|| version == TLS1_3_VERSION_DRAFT_27
|
||||
- || version == TLS1_3_VERSION_DRAFT_27
|
||||
- || version == TLS1_3_VERSION_DRAFT_26)
|
||||
+ || version == TLS1_3_VERSION_DRAFT_26
|
||||
+ || version == TLS1_3_VERSION_DRAFT_23) {
|
||||
+ s->version_draft = version;
|
||||
version = TLS1_3_VERSION;
|
||||
|
@ -1059,15 +1061,15 @@ index cc4563b357..4fb02935e9 100644
|
|||
/*
|
||||
* The only protocol version we support which is valid in this extension in
|
||||
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
|
||||
index 91d304e2b4..ed62a0590b 100644
|
||||
index 91d304e2b4..1f2eecad0b 100644
|
||||
--- a/ssl/statem/statem_lib.c
|
||||
+++ b/ssl/statem/statem_lib.c
|
||||
@@ -1709,7 +1709,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
|
||||
@@ -1708,8 +1708,7 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
|
||||
while (PACKET_get_net_2(&versionslist, &candidate_vers)) {
|
||||
/* TODO(TLS1.3): Remove this before release */
|
||||
if (candidate_vers == TLS1_3_VERSION_DRAFT
|
||||
|| candidate_vers == TLS1_3_VERSION_DRAFT_27
|
||||
- || candidate_vers == TLS1_3_VERSION_DRAFT_27
|
||||
- || candidate_vers == TLS1_3_VERSION_DRAFT_26) {
|
||||
+ || candidate_vers == TLS1_3_VERSION_DRAFT_26
|
||||
+ || candidate_vers == TLS1_3_VERSION_DRAFT_23) {
|
||||
if (best_vers == TLS1_3_VERSION
|
||||
&& orig_candidate > candidate_vers)
|
||||
|
@ -1116,22 +1118,26 @@ index ce8cec185a..1a12a9c1a0 100644
|
|||
if (cipher == NULL) {
|
||||
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
|
||||
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
|
||||
index 4d052d0705..15f7f76e6e 100644
|
||||
index 4d052d0705..b6abd6d9d7 100644
|
||||
--- a/ssl/t1_trce.c
|
||||
+++ b/ssl/t1_trce.c
|
||||
@@ -66,6 +66,7 @@ static const ssl_trace_tbl ssl_version_tbl[] = {
|
||||
@@ -66,8 +66,7 @@ static const ssl_trace_tbl ssl_version_tbl[] = {
|
||||
{TLS1_2_VERSION, "TLS 1.2"},
|
||||
{TLS1_3_VERSION, "TLS 1.3"},
|
||||
/* TODO(TLS1.3): Remove these lines before release */
|
||||
- {TLS1_3_VERSION_DRAFT_26, TLS1_3_VERSION_DRAFT_TXT_26},
|
||||
- {TLS1_3_VERSION_DRAFT_27, TLS1_3_VERSION_DRAFT_TXT_27},
|
||||
+ {TLS1_3_VERSION_DRAFT_23, TLS1_3_VERSION_DRAFT_TXT_23},
|
||||
{TLS1_3_VERSION_DRAFT_26, TLS1_3_VERSION_DRAFT_TXT_26},
|
||||
{TLS1_3_VERSION_DRAFT_27, TLS1_3_VERSION_DRAFT_TXT_27},
|
||||
{TLS1_3_VERSION_DRAFT, TLS1_3_VERSION_DRAFT_TXT},
|
||||
@@ -645,6 +646,7 @@ static int ssl_print_version(BIO *bio, int indent, const char *name,
|
||||
{DTLS1_VERSION, "DTLS 1.0"},
|
||||
{DTLS1_2_VERSION, "DTLS 1.2"},
|
||||
@@ -645,8 +644,8 @@ static int ssl_print_version(BIO *bio, int indent, const char *name,
|
||||
if (version != NULL) {
|
||||
/* TODO(TLS1.3): Remove the draft conditional here before release */
|
||||
switch(vers) {
|
||||
+ case TLS1_3_VERSION_DRAFT_23:
|
||||
case TLS1_3_VERSION_DRAFT_26:
|
||||
case TLS1_3_VERSION_DRAFT_27:
|
||||
- case TLS1_3_VERSION_DRAFT_27:
|
||||
case TLS1_3_VERSION_DRAFT:
|
||||
*version = TLS1_3_VERSION;
|
||||
break;
|
||||
|
|
Loading…
Reference in New Issue