diff --git a/README.md b/README.md
index e043ef2..f8b5db9 100644
--- a/README.md
+++ b/README.md
@@ -12,12 +12,10 @@
## Information
-- [Test Page - (TLS 1.3 draft 23, 26, 28, final)](https://ssl.hakase.io/)
+- [Test Page - (TLS 1.3 final)](https://ssl.hakase.io/)
- [SSL Test Result - testssl.sh](https://ssl.hakase.io/ssltest/hakase.io.html)
- [SSL Test Result - dev.ssllabs.com](https://dev.ssllabs.com/ssltest/analyze.html?d=hakase.io)
-- **If you link site to a browser that supports draft 23 or 26 or 28 or final, you'll see a TLS 1.3 message.**
-
-**Support TLS 1.3 draft 28 browsers - _Chrome Canary, Firefox Nightly_**
+- **If you link site to a browser that supports final, you'll see a TLS 1.3 message.**
Displays TLSv1.3 support for large sites.
@@ -25,13 +23,13 @@ Default support is in bold type.
- [Baidu(China)](https://baidu.cn/) : **TLSv1.2**
- [Naver(Korea)](https://naver.com/) : **TLSv1.2**
- [Twitter](https://twitter.com/) : **TLSv1.2**
-- [**My Site**](https://hakase.io/) : _TLSv1.3_ draft 23, 26, 28, **final**
+- [**My Site**](https://hakase.io/) : _TLSv1.3_ **final**
- [Facebook](https://facebook.com/) : _TLSv1.3_ draft 23, 26, 28, **final**
-- [Cloudflare](https://cloudflare.com/) : _TLSv1.3_ draft 23, 28, **final**
-- [Google(Gmail)](https://gmail.com/) : _TLSv1.3_ draft 23, 28, **final**
+- [Cloudflare](https://cloudflare.com/) : _TLSv1.3_ **final**
+- [Google(Gmail)](https://gmail.com/) : _TLSv1.3_ **final**
- [NSS TLS 1.3(Mozilla)](https://tls13.crypto.mozilla.org/) : _TLSv1.3_ **final**
-[Compatible OpenSSL-3.0.0-dev (OpenSSL, 23204 commits)](https://github.com/openssl/openssl/tree/829800b0735ab99a0962418180cb076ff8081028)
+[Compatible OpenSSL-3.0.0-dev (OpenSSL, 23340 commits)](https://github.com/openssl/openssl/tree/1980ce45d6bdd2b57df7003d6b56b5df560b9064)
## Patch files
@@ -40,19 +38,15 @@ Default support is in bold type.
You can find the _OpenSSL 1.1.0h_ patch is [here.](https://gitlab.com/buik/openssl/blob/openssl-patch/openssl-1.1/OpenSSL1.1h-equal-preference-cipher-groups.patch)
Here is the basic patch content.
-- Support TLS 1.3 draft 23 + 26 + 28 + final
- - Server: draft 23 + 26 + 28 + final
- - Client: draft 23 + 26 + 27 + 28 + final
- BoringSSL's Equal Preference Patch
- Weak 3DES and not using ECDHE ciphers is not used in TLSv1.1 or later.
| Patch file name | Patch list |
| :--- | :--- |
-| openssl-1.1.1a-tls13_draft.patch | Only for TLS 1.3 draft 23, 26, 28, final support patch. |
| openssl-equal-1.1.1a.patch
openssl-equal-3.0.0-dev.patch | Support **final (TLS 1.3)**, TLS 1.3 cipher settings **_can not_** be changed on _nginx_. |
| openssl-equal-1.1.1a_ciphers.patch
openssl-equal-3.0.0-dev_ciphers.patch | Support **final (TLS 1.3)**, TLS 1.3 cipher settings **_can_** be changed on _nginx_. |
| openssl-1.1.1a-chacha_draft.patch
openssl-3.0.0-dev-chacha_draft.patch | A draft version of chacha20-poly1305 is available. [View issue](https://github.com/hakasenyang/openssl-patch/issues/1#issuecomment-427554824) |
-| openssl-1.1.1a-tls13_draft.patch | Enable TLS 1.3 draft 23, 26, 28, final. |
+| openssl-1.1.1a-tls13_draft.patch | Only for **TLS 1.3 draft 23, 26, 28, final support patch**. |
| openssl-1.1.1a-tls13_nginx_config.patch | You can set TLS 1.3 ciphere in nginx. ex) TLS13+AESGCM+AES128 |
| openssl-3.0.0-dev_version_error.patch | **TEST** This is a way to fix nginx when the following errors occur during the build:
Error: missing binary operator before token "("
Maybe patched: [https://github.com/openssl/openssl/pull/7839](https://github.com/openssl/openssl/pull/7839)
Patched : [https://github.com/openssl/openssl/commit/5d609f22d28615c45685d9da871d432e9cb81127](https://github.com/openssl/openssl/commit/5d609f22d28615c45685d9da871d432e9cb81127) |
@@ -162,12 +156,12 @@ ssl_ecdh_curve X25519:P-256:P-384;
ssl_prefer_server_ciphers on;
```
-### OpenSSL-1.1.1a, 3.0.0-dev ciphers (draft 23, 26, 28, final)
+### OpenSSL-1.1.1a, 3.0.0-dev ciphers
```
[EECDH+ECDSA+AESGCM+AES128|EECDH+ECDSA+CHACHA20]:EECDH+ECDSA+AESGCM+AES256:EECDH+ECDSA+AES128+SHA:EECDH+ECDSA+AES256+SHA:[EECDH+aRSA+AESGCM+AES128|EECDH+aRSA+CHACHA20]:EECDH+aRSA+AESGCM+AES256:EECDH+aRSA+AES128+SHA:EECDH+aRSA+AES256+SHA:RSA+AES128+SHA:RSA+AES256+SHA:RSA+3DES
```
-### OpenSSL-1.1.1a_ciphers, 3.0.0-dev_ciphers ciphers (draft 23, 26, 28, final)
+### OpenSSL-1.1.1a_ciphers, 3.0.0-dev_ciphers ciphers
```
[TLS13+AESGCM+AES128|TLS13+AESGCM+AES256|TLS13+CHACHA20]:[EECDH+ECDSA+AESGCM+AES128|EECDH+ECDSA+CHACHA20]:EECDH+ECDSA+AESGCM+AES256:EECDH+ECDSA+AES128+SHA:EECDH+ECDSA+AES256+SHA:[EECDH+aRSA+AESGCM+AES128|EECDH+aRSA+CHACHA20]:EECDH+aRSA+AESGCM+AES256:EECDH+aRSA+AES128+SHA:EECDH+aRSA+AES256+SHA:RSA+AES128+SHA:RSA+AES256+SHA:RSA+3DES
```
diff --git a/openssl-3.0.0-dev-chacha_draft.patch b/openssl-3.0.0-dev-chacha_draft.patch
index 851ad15..fb86628 100644
--- a/openssl-3.0.0-dev-chacha_draft.patch
+++ b/openssl-3.0.0-dev-chacha_draft.patch
@@ -220,69 +220,69 @@ index 0d4612f314..5a3516d642 100644
# endif
#endif
diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
-index 859795fa50..550e794fca 100644
+index 78a9e7acaf..15c712b291 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -1079,7 +1079,7 @@ static const unsigned char so[7767] = {
0x28,0xCC,0x45,0x03,0x04, /* [ 7761] OBJ_gmac */
};
--#define NUM_NID 1201
-+#define NUM_NID 1202
+-#define NUM_NID 1203
++#define NUM_NID 1204
static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"UNDEF", "undefined", NID_undef},
{"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
-@@ -2282,9 +2282,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
- {"AES-128-SIV", "aes-128-siv", NID_aes_128_siv},
- {"AES-192-SIV", "aes-192-siv", NID_aes_192_siv},
+@@ -2284,9 +2284,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"AES-256-SIV", "aes-256-siv", NID_aes_256_siv},
+ {"BLAKE2BMAC", "blake2bmac", NID_blake2bmac},
+ {"BLAKE2SMAC", "blake2smac", NID_blake2smac},
+ {"ChaCha20-Poly1305-D", "chacha20-poly1305-draft", NID_chacha20_poly1305_draft },
};
--#define NUM_SN 1192
-+#define NUM_SN 1193
+-#define NUM_SN 1194
++#define NUM_SN 1195
static const unsigned int sn_objs[NUM_SN] = {
364, /* "AD_DVCS" */
419, /* "AES-128-CBC" */
-@@ -2405,6 +2406,7 @@ static const unsigned int sn_objs[NUM_SN] = {
+@@ -2409,6 +2410,7 @@ static const unsigned int sn_objs[NUM_SN] = {
417, /* "CSPName" */
1019, /* "ChaCha20" */
1018, /* "ChaCha20-Poly1305" */
-+ 1201, /* "chacha20-poly1305-draft" */
++ 1203, /* "chacha20-poly1305-draft" */
367, /* "CrlID" */
391, /* "DC" */
31, /* "DES-CBC" */
-@@ -3480,7 +3482,7 @@ static const unsigned int sn_objs[NUM_SN] = {
+@@ -3484,7 +3486,7 @@ static const unsigned int sn_objs[NUM_SN] = {
1093, /* "x509ExtAdmission" */
};
--#define NUM_LN 1192
-+#define NUM_LN 1193
+-#define NUM_LN 1194
++#define NUM_LN 1195
static const unsigned int ln_objs[NUM_LN] = {
363, /* "AD Time Stamping" */
405, /* "ANSI X9.62" */
-@@ -3862,6 +3864,7 @@ static const unsigned int ln_objs[NUM_LN] = {
+@@ -3868,6 +3870,7 @@ static const unsigned int ln_objs[NUM_LN] = {
883, /* "certificateRevocationList" */
1019, /* "chacha20" */
1018, /* "chacha20-poly1305" */
-+ 1201, /* "ChaCha20-Poly1305-D" */
++ 1203, /* "ChaCha20-Poly1305-D" */
54, /* "challengePassword" */
407, /* "characteristic-two-field" */
395, /* "clearance" */
diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
-index 021875d9e4..c13c751d74 100644
+index 87790200d4..94d033c158 100644
--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
-@@ -1198,3 +1198,4 @@ kmac256 1197
- aes_128_siv 1198
- aes_192_siv 1199
+@@ -1200,3 +1200,4 @@ aes_192_siv 1199
aes_256_siv 1200
-+chacha20_poly1305_draft 1201
+ blake2bmac 1201
+ blake2smac 1202
++chacha20_poly1305_draft 1203
diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
-index 851e31e5aa..e5b288d999 100644
+index 344b67b395..21653d9b87 100644
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
-@@ -1541,6 +1541,7 @@ sm-scheme 104 7 : SM4-CTR : sm4-ctr
+@@ -1543,6 +1543,7 @@ sm-scheme 104 7 : SM4-CTR : sm4-ctr
: AES-192-CBC-HMAC-SHA256 : aes-192-cbc-hmac-sha256
: AES-256-CBC-HMAC-SHA256 : aes-256-cbc-hmac-sha256
: ChaCha20-Poly1305 : chacha20-poly1305
@@ -291,7 +291,7 @@ index 851e31e5aa..e5b288d999 100644
ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
-index 9f1dbd4b8b..774f102e48 100644
+index 23f07eaa05..c90c6435bd 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -928,6 +928,7 @@ const EVP_CIPHER *EVP_camellia_256_ctr(void);
@@ -303,22 +303,22 @@ index 9f1dbd4b8b..774f102e48 100644
# endif
diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
-index 242eaeb6ce..c8960d0e5c 100644
+index 97b2204ba6..a9b341243a 100644
--- a/include/openssl/obj_mac.h
+++ b/include/openssl/obj_mac.h
-@@ -4824,6 +4824,10 @@
+@@ -4832,6 +4832,10 @@
#define LN_chacha20 "chacha20"
#define NID_chacha20 1019
+#define SN_chacha20_poly1305_draft "ChaCha20-Poly1305-D"
+#define LN_chacha20_poly1305_draft "chacha20-poly1305-draft"
-+#define NID_chacha20_poly1305_draft 1201
++#define NID_chacha20_poly1305_draft 1203
+
#define SN_dhpublicnumber "dhpublicnumber"
#define LN_dhpublicnumber "X9.42 DH"
#define NID_dhpublicnumber 920
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
-index c7a830445b..8aa020669d 100644
+index 35311acaf4..c2bce6822d 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -125,6 +125,7 @@ extern "C" {
diff --git a/openssl-equal-1.1.1a.patch b/openssl-equal-1.1.1a.patch
index 98f604b..b2eff9f 100644
--- a/openssl-equal-1.1.1a.patch
+++ b/openssl-equal-1.1.1a.patch
@@ -70,43 +70,6 @@ index 87b295c9f9..d118d8e864 100644
# define SSL_R_UNEXPECTED_RECORD 245
# define SSL_R_UNINITIALIZED 276
# define SSL_R_UNKNOWN_ALERT_TYPE 246
-diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
-index e13b5dd4bc..779341c948 100644
---- a/include/openssl/tls1.h
-+++ b/include/openssl/tls1.h
-@@ -30,6 +30,16 @@ extern "C" {
- # define TLS1_3_VERSION 0x0304
- # define TLS_MAX_VERSION TLS1_3_VERSION
-
-+/* TODO(TLS1.3) REMOVE ME: Version indicators for draft version */
-+# define TLS1_3_VERSION_DRAFT_23 0x7f17
-+# define TLS1_3_VERSION_DRAFT_26 0x7f1a
-+# define TLS1_3_VERSION_DRAFT_27 0x7f1b
-+# define TLS1_3_VERSION_DRAFT 0x7f1c
-+# define TLS1_3_VERSION_DRAFT_TXT_23 "TLS 1.3 (draft 23)"
-+# define TLS1_3_VERSION_DRAFT_TXT_26 "TLS 1.3 (draft 26)"
-+# define TLS1_3_VERSION_DRAFT_TXT_27 "TLS 1.3 (draft 27)"
-+# define TLS1_3_VERSION_DRAFT_TXT "TLS 1.3 (draft 28)"
-+
- /* Special value for method supporting multiple versions */
- # define TLS_ANY_VERSION 0x10000
-
-diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c
-index a11ed483e6..4fd583dd03 100644
---- a/ssl/record/ssl3_record_tls13.c
-+++ b/ssl/record/ssl3_record_tls13.c
-@@ -173,8 +173,9 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
- if (((alg_enc & SSL_AESCCM) != 0
- && EVP_CipherUpdate(ctx, NULL, &lenu, NULL,
- (unsigned int)rec->length) <= 0)
-- || EVP_CipherUpdate(ctx, NULL, &lenu, recheader,
-- sizeof(recheader)) <= 0
-+ || (s->version_draft != TLS1_3_VERSION_DRAFT_23
-+ && EVP_CipherUpdate(ctx, NULL, &lenu, recheader,
-+ sizeof(recheader)) <= 0)
- || EVP_CipherUpdate(ctx, rec->data, &lenu, rec->input,
- (unsigned int)rec->length) <= 0
- || EVP_CipherFinal_ex(ctx, rec->data + lenu, &lenf) <= 0
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 866ca4dfa9..7b98b670d2 100644
--- a/ssl/s3_lib.c
@@ -1022,15 +985,6 @@ index 70e5a1740f..d583840984 100644
/* same as above but sorted for lookup */
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */
-@@ -1080,6 +1117,8 @@ struct ssl_st {
- * DTLS1_VERSION)
- */
- int version;
-+ /* TODO(TLS1.3): Remove this before release */
-+ int version_draft;
- /* SSLv3 */
- const SSL_METHOD *method;
- /*
@@ -1138,7 +1177,7 @@ struct ssl_st {
/* Per connection DANE state */
SSL_DANE dane;
@@ -1072,124 +1026,6 @@ index 70e5a1740f..d583840984 100644
__owur int ssl3_digest_cached_records(SSL *s, int keep);
__owur int ssl3_new(SSL *s);
void ssl3_free(SSL *s);
-diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
-index ab4dbf6713..745897b638 100644
---- a/ssl/statem/extensions_clnt.c
-+++ b/ssl/statem/extensions_clnt.c
-@@ -533,8 +533,25 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt,
- return EXT_RETURN_FAIL;
- }
-
-+ /*
-+ * TODO(TLS1.3): There is some discussion on the TLS list as to whether
-+ * we should include versions = min_version; currv--) {
-- if (!WPACKET_put_bytes_u16(pkt, currv)) {
-+ /* TODO(TLS1.3): Remove this first if clause prior to release!! */
-+ if (currv == TLS1_3_VERSION) {
-+ if (!WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION)
-+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT)
-+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_27)
-+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_26)
-+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_23)) {
-+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
-+ SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
-+ ERR_R_INTERNAL_ERROR);
-+ return EXT_RETURN_FAIL;
-+ }
-+ } else if (!WPACKET_put_bytes_u16(pkt, currv)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR,
- SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
- ERR_R_INTERNAL_ERROR);
-@@ -1763,6 +1780,15 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
- return 0;
- }
-
-+ /* TODO(TLS1.3): Remove this before release */
-+ if (version == TLS1_3_VERSION_DRAFT
-+ || version == TLS1_3_VERSION_DRAFT_27
-+ || version == TLS1_3_VERSION_DRAFT_26
-+ || version == TLS1_3_VERSION_DRAFT_23) {
-+ s->version_draft = version;
-+ version = TLS1_3_VERSION;
-+ }
-+
- /*
- * The only protocol version we support which is valid in this extension in
- * a ServerHello is TLSv1.3 therefore we shouldn't be getting anything else.
-diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
-index 0f2b22392b..6c1ce9813f 100644
---- a/ssl/statem/extensions_srvr.c
-+++ b/ssl/statem/extensions_srvr.c
-@@ -897,7 +897,8 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
- }
- if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_supported_versions)
- || !WPACKET_start_sub_packet_u16(&hrrpkt)
-- || !WPACKET_put_bytes_u16(&hrrpkt, s->version)
-+ /* TODO(TLS1.3): Fix this before release */
-+ || !WPACKET_put_bytes_u16(&hrrpkt, s->version_draft)
- || !WPACKET_close(&hrrpkt)) {
- WPACKET_cleanup(&hrrpkt);
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
-@@ -1652,7 +1653,8 @@ EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt,
-
- if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions)
- || !WPACKET_start_sub_packet_u16(pkt)
-- || !WPACKET_put_bytes_u16(pkt, s->version)
-+ /* TODO(TLS1.3): Update to remove the TLSv1.3 draft indicator */
-+ || !WPACKET_put_bytes_u16(pkt, s->version_draft)
- || !WPACKET_close(pkt)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR,
- SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS,
-diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
-index 4324896f50..d0de7ffe3d 100644
---- a/ssl/statem/statem_lib.c
-+++ b/ssl/statem/statem_lib.c
-@@ -1786,6 +1786,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
- unsigned int best_vers = 0;
- const SSL_METHOD *best_method = NULL;
- PACKET versionslist;
-+ /* TODO(TLS1.3): Remove this before release */
-+ unsigned int orig_candidate = 0;
-
- suppversions->parsed = 1;
-
-@@ -1807,6 +1809,23 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
- return SSL_R_BAD_LEGACY_VERSION;
-
- while (PACKET_get_net_2(&versionslist, &candidate_vers)) {
-+ /* TODO(TLS1.3): Remove this before release */
-+ if (candidate_vers == TLS1_3_VERSION
-+ || candidate_vers == TLS1_3_VERSION_DRAFT
-+ || candidate_vers == TLS1_3_VERSION_DRAFT_26
-+ || candidate_vers == TLS1_3_VERSION_DRAFT_23) {
-+ if (best_vers == TLS1_3_VERSION
-+ && (orig_candidate > candidate_vers
-+ || orig_candidate == TLS1_3_VERSION))
-+ continue;
-+ orig_candidate = candidate_vers;
-+ candidate_vers = TLS1_3_VERSION;
-+ }
-+ /*
-+ * TODO(TLS1.3): There is some discussion on the TLS list about
-+ * whether to ignore versions version = best_vers;
-+ /* TODO(TLS1.3): Remove this before release */
-+ if (best_vers == TLS1_3_VERSION)
-+ s->version_draft = orig_candidate;
- s->method = best_method;
- return 0;
- }
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index e7c11c4bea..a2a6c1e44e 100644
--- a/ssl/statem/statem_srvr.c
@@ -1233,41 +1069,3 @@ index e7c11c4bea..a2a6c1e44e 100644
if (cipher == NULL) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
-diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
-index be3039af38..99c4ddcb41 100644
---- a/ssl/t1_trce.c
-+++ b/ssl/t1_trce.c
-@@ -65,6 +65,11 @@ static const ssl_trace_tbl ssl_version_tbl[] = {
- {TLS1_1_VERSION, "TLS 1.1"},
- {TLS1_2_VERSION, "TLS 1.2"},
- {TLS1_3_VERSION, "TLS 1.3"},
-+ /* TODO(TLS1.3): Remove these lines before release */
-+ {TLS1_3_VERSION_DRAFT_23, TLS1_3_VERSION_DRAFT_TXT_23},
-+ {TLS1_3_VERSION_DRAFT_26, TLS1_3_VERSION_DRAFT_TXT_26},
-+ {TLS1_3_VERSION_DRAFT_27, TLS1_3_VERSION_DRAFT_TXT_27},
-+ {TLS1_3_VERSION_DRAFT, TLS1_3_VERSION_DRAFT_TXT},
- {DTLS1_VERSION, "DTLS 1.0"},
- {DTLS1_2_VERSION, "DTLS 1.2"},
- {DTLS1_BAD_VER, "DTLS 1.0 (bad)"}
-@@ -638,8 +643,19 @@ static int ssl_print_version(BIO *bio, int indent, const char *name,
- if (*pmsglen < 2)
- return 0;
- vers = ((*pmsg)[0] << 8) | (*pmsg)[1];
-- if (version != NULL)
-- *version = vers;
-+ if (version != NULL) {
-+ /* TODO(TLS1.3): Remove the draft conditional here before release */
-+ switch(vers) {
-+ case TLS1_3_VERSION_DRAFT_23:
-+ case TLS1_3_VERSION_DRAFT_26:
-+ case TLS1_3_VERSION_DRAFT_27:
-+ case TLS1_3_VERSION_DRAFT:
-+ *version = TLS1_3_VERSION;
-+ break;
-+ default:
-+ *version = vers;
-+ }
-+ }
- BIO_indent(bio, indent, 80);
- BIO_printf(bio, "%s=0x%x (%s)\n",
- name, vers, ssl_trace_str(vers, ssl_version_tbl));
diff --git a/openssl-equal-1.1.1a_ciphers.patch b/openssl-equal-1.1.1a_ciphers.patch
index 41ee97b..37f0599 100644
--- a/openssl-equal-1.1.1a_ciphers.patch
+++ b/openssl-equal-1.1.1a_ciphers.patch
@@ -49,43 +49,6 @@ index 87b295c9f9..d118d8e864 100644
# define SSL_R_UNEXPECTED_RECORD 245
# define SSL_R_UNINITIALIZED 276
# define SSL_R_UNKNOWN_ALERT_TYPE 246
-diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
-index e13b5dd4bc..779341c948 100644
---- a/include/openssl/tls1.h
-+++ b/include/openssl/tls1.h
-@@ -30,6 +30,16 @@ extern "C" {
- # define TLS1_3_VERSION 0x0304
- # define TLS_MAX_VERSION TLS1_3_VERSION
-
-+/* TODO(TLS1.3) REMOVE ME: Version indicators for draft version */
-+# define TLS1_3_VERSION_DRAFT_23 0x7f17
-+# define TLS1_3_VERSION_DRAFT_26 0x7f1a
-+# define TLS1_3_VERSION_DRAFT_27 0x7f1b
-+# define TLS1_3_VERSION_DRAFT 0x7f1c
-+# define TLS1_3_VERSION_DRAFT_TXT_23 "TLS 1.3 (draft 23)"
-+# define TLS1_3_VERSION_DRAFT_TXT_26 "TLS 1.3 (draft 26)"
-+# define TLS1_3_VERSION_DRAFT_TXT_27 "TLS 1.3 (draft 27)"
-+# define TLS1_3_VERSION_DRAFT_TXT "TLS 1.3 (draft 28)"
-+
- /* Special value for method supporting multiple versions */
- # define TLS_ANY_VERSION 0x10000
-
-diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c
-index a11ed483e6..4fd583dd03 100644
---- a/ssl/record/ssl3_record_tls13.c
-+++ b/ssl/record/ssl3_record_tls13.c
-@@ -173,8 +173,9 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
- if (((alg_enc & SSL_AESCCM) != 0
- && EVP_CipherUpdate(ctx, NULL, &lenu, NULL,
- (unsigned int)rec->length) <= 0)
-- || EVP_CipherUpdate(ctx, NULL, &lenu, recheader,
-- sizeof(recheader)) <= 0
-+ || (s->version_draft != TLS1_3_VERSION_DRAFT_23
-+ && EVP_CipherUpdate(ctx, NULL, &lenu, recheader,
-+ sizeof(recheader)) <= 0)
- || EVP_CipherUpdate(ctx, rec->data, &lenu, rec->input,
- (unsigned int)rec->length) <= 0
- || EVP_CipherFinal_ex(ctx, rec->data + lenu, &lenf) <= 0
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 866ca4dfa9..1b6b99cb19 100644
--- a/ssl/s3_lib.c
@@ -1057,15 +1020,6 @@ index 70e5a1740f..d583840984 100644
/* same as above but sorted for lookup */
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */
-@@ -1080,6 +1117,8 @@ struct ssl_st {
- * DTLS1_VERSION)
- */
- int version;
-+ /* TODO(TLS1.3): Remove this before release */
-+ int version_draft;
- /* SSLv3 */
- const SSL_METHOD *method;
- /*
@@ -1138,7 +1177,7 @@ struct ssl_st {
/* Per connection DANE state */
SSL_DANE dane;
@@ -1107,124 +1061,6 @@ index 70e5a1740f..d583840984 100644
__owur int ssl3_digest_cached_records(SSL *s, int keep);
__owur int ssl3_new(SSL *s);
void ssl3_free(SSL *s);
-diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
-index ab4dbf6713..745897b638 100644
---- a/ssl/statem/extensions_clnt.c
-+++ b/ssl/statem/extensions_clnt.c
-@@ -533,8 +533,25 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt,
- return EXT_RETURN_FAIL;
- }
-
-+ /*
-+ * TODO(TLS1.3): There is some discussion on the TLS list as to whether
-+ * we should include versions = min_version; currv--) {
-- if (!WPACKET_put_bytes_u16(pkt, currv)) {
-+ /* TODO(TLS1.3): Remove this first if clause prior to release!! */
-+ if (currv == TLS1_3_VERSION) {
-+ if (!WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION)
-+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT)
-+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_27)
-+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_26)
-+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_23)) {
-+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
-+ SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
-+ ERR_R_INTERNAL_ERROR);
-+ return EXT_RETURN_FAIL;
-+ }
-+ } else if (!WPACKET_put_bytes_u16(pkt, currv)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR,
- SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
- ERR_R_INTERNAL_ERROR);
-@@ -1763,6 +1780,15 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
- return 0;
- }
-
-+ /* TODO(TLS1.3): Remove this before release */
-+ if (version == TLS1_3_VERSION_DRAFT
-+ || version == TLS1_3_VERSION_DRAFT_27
-+ || version == TLS1_3_VERSION_DRAFT_26
-+ || version == TLS1_3_VERSION_DRAFT_23) {
-+ s->version_draft = version;
-+ version = TLS1_3_VERSION;
-+ }
-+
- /*
- * The only protocol version we support which is valid in this extension in
- * a ServerHello is TLSv1.3 therefore we shouldn't be getting anything else.
-diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
-index 0f2b22392b..6c1ce9813f 100644
---- a/ssl/statem/extensions_srvr.c
-+++ b/ssl/statem/extensions_srvr.c
-@@ -897,7 +897,8 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
- }
- if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_supported_versions)
- || !WPACKET_start_sub_packet_u16(&hrrpkt)
-- || !WPACKET_put_bytes_u16(&hrrpkt, s->version)
-+ /* TODO(TLS1.3): Fix this before release */
-+ || !WPACKET_put_bytes_u16(&hrrpkt, s->version_draft)
- || !WPACKET_close(&hrrpkt)) {
- WPACKET_cleanup(&hrrpkt);
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
-@@ -1652,7 +1653,8 @@ EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt,
-
- if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions)
- || !WPACKET_start_sub_packet_u16(pkt)
-- || !WPACKET_put_bytes_u16(pkt, s->version)
-+ /* TODO(TLS1.3): Update to remove the TLSv1.3 draft indicator */
-+ || !WPACKET_put_bytes_u16(pkt, s->version_draft)
- || !WPACKET_close(pkt)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR,
- SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS,
-diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
-index 4324896f50..d0de7ffe3d 100644
---- a/ssl/statem/statem_lib.c
-+++ b/ssl/statem/statem_lib.c
-@@ -1786,6 +1786,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
- unsigned int best_vers = 0;
- const SSL_METHOD *best_method = NULL;
- PACKET versionslist;
-+ /* TODO(TLS1.3): Remove this before release */
-+ unsigned int orig_candidate = 0;
-
- suppversions->parsed = 1;
-
-@@ -1807,6 +1809,23 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
- return SSL_R_BAD_LEGACY_VERSION;
-
- while (PACKET_get_net_2(&versionslist, &candidate_vers)) {
-+ /* TODO(TLS1.3): Remove this before release */
-+ if (candidate_vers == TLS1_3_VERSION
-+ || candidate_vers == TLS1_3_VERSION_DRAFT
-+ || candidate_vers == TLS1_3_VERSION_DRAFT_26
-+ || candidate_vers == TLS1_3_VERSION_DRAFT_23) {
-+ if (best_vers == TLS1_3_VERSION
-+ && (orig_candidate > candidate_vers
-+ || orig_candidate == TLS1_3_VERSION))
-+ continue;
-+ orig_candidate = candidate_vers;
-+ candidate_vers = TLS1_3_VERSION;
-+ }
-+ /*
-+ * TODO(TLS1.3): There is some discussion on the TLS list about
-+ * whether to ignore versions version = best_vers;
-+ /* TODO(TLS1.3): Remove this before release */
-+ if (best_vers == TLS1_3_VERSION)
-+ s->version_draft = orig_candidate;
- s->method = best_method;
- return 0;
- }
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index e7c11c4bea..a2a6c1e44e 100644
--- a/ssl/statem/statem_srvr.c
@@ -1268,41 +1104,3 @@ index e7c11c4bea..a2a6c1e44e 100644
if (cipher == NULL) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
-diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
-index be3039af38..99c4ddcb41 100644
---- a/ssl/t1_trce.c
-+++ b/ssl/t1_trce.c
-@@ -65,6 +65,11 @@ static const ssl_trace_tbl ssl_version_tbl[] = {
- {TLS1_1_VERSION, "TLS 1.1"},
- {TLS1_2_VERSION, "TLS 1.2"},
- {TLS1_3_VERSION, "TLS 1.3"},
-+ /* TODO(TLS1.3): Remove these lines before release */
-+ {TLS1_3_VERSION_DRAFT_23, TLS1_3_VERSION_DRAFT_TXT_23},
-+ {TLS1_3_VERSION_DRAFT_26, TLS1_3_VERSION_DRAFT_TXT_26},
-+ {TLS1_3_VERSION_DRAFT_27, TLS1_3_VERSION_DRAFT_TXT_27},
-+ {TLS1_3_VERSION_DRAFT, TLS1_3_VERSION_DRAFT_TXT},
- {DTLS1_VERSION, "DTLS 1.0"},
- {DTLS1_2_VERSION, "DTLS 1.2"},
- {DTLS1_BAD_VER, "DTLS 1.0 (bad)"}
-@@ -638,8 +643,19 @@ static int ssl_print_version(BIO *bio, int indent, const char *name,
- if (*pmsglen < 2)
- return 0;
- vers = ((*pmsg)[0] << 8) | (*pmsg)[1];
-- if (version != NULL)
-- *version = vers;
-+ if (version != NULL) {
-+ /* TODO(TLS1.3): Remove the draft conditional here before release */
-+ switch(vers) {
-+ case TLS1_3_VERSION_DRAFT_23:
-+ case TLS1_3_VERSION_DRAFT_26:
-+ case TLS1_3_VERSION_DRAFT_27:
-+ case TLS1_3_VERSION_DRAFT:
-+ *version = TLS1_3_VERSION;
-+ break;
-+ default:
-+ *version = vers;
-+ }
-+ }
- BIO_indent(bio, indent, 80);
- BIO_printf(bio, "%s=0x%x (%s)\n",
- name, vers, ssl_trace_str(vers, ssl_version_tbl));
diff --git a/openssl-equal-3.0.0-dev.patch b/openssl-equal-3.0.0-dev.patch
index 03c3ec9..e5e53ba 100644
--- a/openssl-equal-3.0.0-dev.patch
+++ b/openssl-equal-3.0.0-dev.patch
@@ -70,43 +70,6 @@ index f8783717bc..0e7ad2818b 100644
# define SSL_R_UNEXPECTED_RECORD 245
# define SSL_R_UNINITIALIZED 276
# define SSL_R_UNKNOWN_ALERT_TYPE 246
-diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
-index 166f15ad5c..3205f1cbfb 100644
---- a/include/openssl/tls1.h
-+++ b/include/openssl/tls1.h
-@@ -32,6 +32,16 @@ extern "C" {
- # define TLS_MAX_VERSION TLS1_3_VERSION
- # endif
-
-+/* TODO(TLS1.3) REMOVE ME: Version indicators for draft version */
-+# define TLS1_3_VERSION_DRAFT_23 0x7f17
-+# define TLS1_3_VERSION_DRAFT_26 0x7f1a
-+# define TLS1_3_VERSION_DRAFT_27 0x7f1b
-+# define TLS1_3_VERSION_DRAFT 0x7f1c
-+# define TLS1_3_VERSION_DRAFT_TXT_23 "TLS 1.3 (draft 23)"
-+# define TLS1_3_VERSION_DRAFT_TXT_26 "TLS 1.3 (draft 26)"
-+# define TLS1_3_VERSION_DRAFT_TXT_27 "TLS 1.3 (draft 27)"
-+# define TLS1_3_VERSION_DRAFT_TXT "TLS 1.3 (draft 28)"
-+
- /* Special value for method supporting multiple versions */
- # define TLS_ANY_VERSION 0x10000
-
-diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c
-index 30e5dddf82..4f1c2f2bd1 100644
---- a/ssl/record/ssl3_record_tls13.c
-+++ b/ssl/record/ssl3_record_tls13.c
-@@ -173,8 +173,9 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
- if (((alg_enc & SSL_AESCCM) != 0
- && EVP_CipherUpdate(ctx, NULL, &lenu, NULL,
- (unsigned int)rec->length) <= 0)
-- || EVP_CipherUpdate(ctx, NULL, &lenu, recheader,
-- sizeof(recheader)) <= 0
-+ || (s->version_draft != TLS1_3_VERSION_DRAFT_23
-+ && EVP_CipherUpdate(ctx, NULL, &lenu, recheader,
-+ sizeof(recheader)) <= 0)
- || EVP_CipherUpdate(ctx, rec->data, &lenu, rec->input,
- (unsigned int)rec->length) <= 0
- || EVP_CipherFinal_ex(ctx, rec->data + lenu, &lenf) <= 0
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index a5b3dbbfd5..505c32d18e 100644
--- a/ssl/s3_lib.c
@@ -1022,15 +985,6 @@ index bd0d4210f4..2c96db0618 100644
/* same as above but sorted for lookup */
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */
-@@ -1088,6 +1125,8 @@ struct ssl_st {
- * DTLS1_VERSION)
- */
- int version;
-+ /* TODO(TLS1.3): Remove this before release */
-+ int version_draft;
- /* SSLv3 */
- const SSL_METHOD *method;
- /*
@@ -1146,7 +1185,7 @@ struct ssl_st {
/* Per connection DANE state */
SSL_DANE dane;
@@ -1072,124 +1026,6 @@ index bd0d4210f4..2c96db0618 100644
__owur int ssl3_digest_cached_records(SSL *s, int keep);
__owur int ssl3_new(SSL *s);
void ssl3_free(SSL *s);
-diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
-index 6e133e026e..f26bc8e879 100644
---- a/ssl/statem/extensions_clnt.c
-+++ b/ssl/statem/extensions_clnt.c
-@@ -533,8 +533,25 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt,
- return EXT_RETURN_FAIL;
- }
-
-+ /*
-+ * TODO(TLS1.3): There is some discussion on the TLS list as to whether
-+ * we should include versions = min_version; currv--) {
-- if (!WPACKET_put_bytes_u16(pkt, currv)) {
-+ /* TODO(TLS1.3): Remove this first if clause prior to release!! */
-+ if (currv == TLS1_3_VERSION) {
-+ if (!WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION)
-+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT)
-+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_27)
-+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_26)
-+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_23)) {
-+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
-+ SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
-+ ERR_R_INTERNAL_ERROR);
-+ return EXT_RETURN_FAIL;
-+ }
-+ } else if (!WPACKET_put_bytes_u16(pkt, currv)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR,
- SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
- ERR_R_INTERNAL_ERROR);
-@@ -1763,6 +1780,15 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
- return 0;
- }
-
-+ /* TODO(TLS1.3): Remove this before release */
-+ if (version == TLS1_3_VERSION_DRAFT
-+ || version == TLS1_3_VERSION_DRAFT_27
-+ || version == TLS1_3_VERSION_DRAFT_26
-+ || version == TLS1_3_VERSION_DRAFT_23) {
-+ s->version_draft = version;
-+ version = TLS1_3_VERSION;
-+ }
-+
- /*
- * The only protocol version we support which is valid in this extension in
- * a ServerHello is TLSv1.3 therefore we shouldn't be getting anything else.
-diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
-index 6545f5727d..15786a7bfc 100644
---- a/ssl/statem/extensions_srvr.c
-+++ b/ssl/statem/extensions_srvr.c
-@@ -897,7 +897,8 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
- }
- if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_supported_versions)
- || !WPACKET_start_sub_packet_u16(&hrrpkt)
-- || !WPACKET_put_bytes_u16(&hrrpkt, s->version)
-+ /* TODO(TLS1.3): Fix this before release */
-+ || !WPACKET_put_bytes_u16(&hrrpkt, s->version_draft)
- || !WPACKET_close(&hrrpkt)) {
- WPACKET_cleanup(&hrrpkt);
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
-@@ -1652,7 +1653,8 @@ EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt,
-
- if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions)
- || !WPACKET_start_sub_packet_u16(pkt)
-- || !WPACKET_put_bytes_u16(pkt, s->version)
-+ /* TODO(TLS1.3): Update to remove the TLSv1.3 draft indicator */
-+ || !WPACKET_put_bytes_u16(pkt, s->version_draft)
- || !WPACKET_close(pkt)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR,
- SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS,
-diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
-index 2f78a3f602..5d5121d12b 100644
---- a/ssl/statem/statem_lib.c
-+++ b/ssl/statem/statem_lib.c
-@@ -1770,6 +1770,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
- unsigned int best_vers = 0;
- const SSL_METHOD *best_method = NULL;
- PACKET versionslist;
-+ /* TODO(TLS1.3): Remove this before release */
-+ unsigned int orig_candidate = 0;
-
- suppversions->parsed = 1;
-
-@@ -1791,6 +1793,23 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
- return SSL_R_BAD_LEGACY_VERSION;
-
- while (PACKET_get_net_2(&versionslist, &candidate_vers)) {
-+ /* TODO(TLS1.3): Remove this before release */
-+ if (candidate_vers == TLS1_3_VERSION
-+ || candidate_vers == TLS1_3_VERSION_DRAFT
-+ || candidate_vers == TLS1_3_VERSION_DRAFT_26
-+ || candidate_vers == TLS1_3_VERSION_DRAFT_23) {
-+ if (best_vers == TLS1_3_VERSION
-+ && (orig_candidate > candidate_vers
-+ || orig_candidate == TLS1_3_VERSION))
-+ continue;
-+ orig_candidate = candidate_vers;
-+ candidate_vers = TLS1_3_VERSION;
-+ }
-+ /*
-+ * TODO(TLS1.3): There is some discussion on the TLS list about
-+ * whether to ignore versions version = best_vers;
-+ /* TODO(TLS1.3): Remove this before release */
-+ if (best_vers == TLS1_3_VERSION)
-+ s->version_draft = orig_candidate;
- s->method = best_method;
- return 0;
- }
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index b0dd54903d..1d096858f8 100644
--- a/ssl/statem/statem_srvr.c
@@ -1233,41 +1069,3 @@ index b0dd54903d..1d096858f8 100644
if (cipher == NULL) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
-diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
-index 656fefe896..654271f368 100644
---- a/ssl/t1_trce.c
-+++ b/ssl/t1_trce.c
-@@ -65,6 +65,11 @@ static const ssl_trace_tbl ssl_version_tbl[] = {
- {TLS1_1_VERSION, "TLS 1.1"},
- {TLS1_2_VERSION, "TLS 1.2"},
- {TLS1_3_VERSION, "TLS 1.3"},
-+ /* TODO(TLS1.3): Remove these lines before release */
-+ {TLS1_3_VERSION_DRAFT_23, TLS1_3_VERSION_DRAFT_TXT_23},
-+ {TLS1_3_VERSION_DRAFT_26, TLS1_3_VERSION_DRAFT_TXT_26},
-+ {TLS1_3_VERSION_DRAFT_27, TLS1_3_VERSION_DRAFT_TXT_27},
-+ {TLS1_3_VERSION_DRAFT, TLS1_3_VERSION_DRAFT_TXT},
- {DTLS1_VERSION, "DTLS 1.0"},
- {DTLS1_2_VERSION, "DTLS 1.2"},
- {DTLS1_BAD_VER, "DTLS 1.0 (bad)"}
-@@ -638,8 +643,19 @@ static int ssl_print_version(BIO *bio, int indent, const char *name,
- if (*pmsglen < 2)
- return 0;
- vers = ((*pmsg)[0] << 8) | (*pmsg)[1];
-- if (version != NULL)
-- *version = vers;
-+ if (version != NULL) {
-+ /* TODO(TLS1.3): Remove the draft conditional here before release */
-+ switch(vers) {
-+ case TLS1_3_VERSION_DRAFT_23:
-+ case TLS1_3_VERSION_DRAFT_26:
-+ case TLS1_3_VERSION_DRAFT_27:
-+ case TLS1_3_VERSION_DRAFT:
-+ *version = TLS1_3_VERSION;
-+ break;
-+ default:
-+ *version = vers;
-+ }
-+ }
- BIO_indent(bio, indent, 80);
- BIO_printf(bio, "%s=0x%x (%s)\n",
- name, vers, ssl_trace_str(vers, ssl_version_tbl));
diff --git a/openssl-equal-3.0.0-dev_ciphers.patch b/openssl-equal-3.0.0-dev_ciphers.patch
index 75ab0a6..b7057f4 100644
--- a/openssl-equal-3.0.0-dev_ciphers.patch
+++ b/openssl-equal-3.0.0-dev_ciphers.patch
@@ -49,43 +49,6 @@ index f8783717bc..0e7ad2818b 100644
# define SSL_R_UNEXPECTED_RECORD 245
# define SSL_R_UNINITIALIZED 276
# define SSL_R_UNKNOWN_ALERT_TYPE 246
-diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
-index 166f15ad5c..3205f1cbfb 100644
---- a/include/openssl/tls1.h
-+++ b/include/openssl/tls1.h
-@@ -32,6 +32,16 @@ extern "C" {
- # define TLS_MAX_VERSION TLS1_3_VERSION
- # endif
-
-+/* TODO(TLS1.3) REMOVE ME: Version indicators for draft version */
-+# define TLS1_3_VERSION_DRAFT_23 0x7f17
-+# define TLS1_3_VERSION_DRAFT_26 0x7f1a
-+# define TLS1_3_VERSION_DRAFT_27 0x7f1b
-+# define TLS1_3_VERSION_DRAFT 0x7f1c
-+# define TLS1_3_VERSION_DRAFT_TXT_23 "TLS 1.3 (draft 23)"
-+# define TLS1_3_VERSION_DRAFT_TXT_26 "TLS 1.3 (draft 26)"
-+# define TLS1_3_VERSION_DRAFT_TXT_27 "TLS 1.3 (draft 27)"
-+# define TLS1_3_VERSION_DRAFT_TXT "TLS 1.3 (draft 28)"
-+
- /* Special value for method supporting multiple versions */
- # define TLS_ANY_VERSION 0x10000
-
-diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c
-index 30e5dddf82..4f1c2f2bd1 100644
---- a/ssl/record/ssl3_record_tls13.c
-+++ b/ssl/record/ssl3_record_tls13.c
-@@ -173,8 +173,9 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
- if (((alg_enc & SSL_AESCCM) != 0
- && EVP_CipherUpdate(ctx, NULL, &lenu, NULL,
- (unsigned int)rec->length) <= 0)
-- || EVP_CipherUpdate(ctx, NULL, &lenu, recheader,
-- sizeof(recheader)) <= 0
-+ || (s->version_draft != TLS1_3_VERSION_DRAFT_23
-+ && EVP_CipherUpdate(ctx, NULL, &lenu, recheader,
-+ sizeof(recheader)) <= 0)
- || EVP_CipherUpdate(ctx, rec->data, &lenu, rec->input,
- (unsigned int)rec->length) <= 0
- || EVP_CipherFinal_ex(ctx, rec->data + lenu, &lenf) <= 0
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index a5b3dbbfd5..6dd4ad4b68 100644
--- a/ssl/s3_lib.c
@@ -1057,15 +1020,6 @@ index bd0d4210f4..2c96db0618 100644
/* same as above but sorted for lookup */
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */
-@@ -1088,6 +1125,8 @@ struct ssl_st {
- * DTLS1_VERSION)
- */
- int version;
-+ /* TODO(TLS1.3): Remove this before release */
-+ int version_draft;
- /* SSLv3 */
- const SSL_METHOD *method;
- /*
@@ -1146,7 +1185,7 @@ struct ssl_st {
/* Per connection DANE state */
SSL_DANE dane;
@@ -1107,124 +1061,6 @@ index bd0d4210f4..2c96db0618 100644
__owur int ssl3_digest_cached_records(SSL *s, int keep);
__owur int ssl3_new(SSL *s);
void ssl3_free(SSL *s);
-diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
-index 6e133e026e..f26bc8e879 100644
---- a/ssl/statem/extensions_clnt.c
-+++ b/ssl/statem/extensions_clnt.c
-@@ -533,8 +533,25 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt,
- return EXT_RETURN_FAIL;
- }
-
-+ /*
-+ * TODO(TLS1.3): There is some discussion on the TLS list as to whether
-+ * we should include versions = min_version; currv--) {
-- if (!WPACKET_put_bytes_u16(pkt, currv)) {
-+ /* TODO(TLS1.3): Remove this first if clause prior to release!! */
-+ if (currv == TLS1_3_VERSION) {
-+ if (!WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION)
-+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT)
-+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_27)
-+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_26)
-+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_23)) {
-+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
-+ SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
-+ ERR_R_INTERNAL_ERROR);
-+ return EXT_RETURN_FAIL;
-+ }
-+ } else if (!WPACKET_put_bytes_u16(pkt, currv)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR,
- SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
- ERR_R_INTERNAL_ERROR);
-@@ -1763,6 +1780,15 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
- return 0;
- }
-
-+ /* TODO(TLS1.3): Remove this before release */
-+ if (version == TLS1_3_VERSION_DRAFT
-+ || version == TLS1_3_VERSION_DRAFT_27
-+ || version == TLS1_3_VERSION_DRAFT_26
-+ || version == TLS1_3_VERSION_DRAFT_23) {
-+ s->version_draft = version;
-+ version = TLS1_3_VERSION;
-+ }
-+
- /*
- * The only protocol version we support which is valid in this extension in
- * a ServerHello is TLSv1.3 therefore we shouldn't be getting anything else.
-diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
-index 6545f5727d..15786a7bfc 100644
---- a/ssl/statem/extensions_srvr.c
-+++ b/ssl/statem/extensions_srvr.c
-@@ -897,7 +897,8 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
- }
- if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_supported_versions)
- || !WPACKET_start_sub_packet_u16(&hrrpkt)
-- || !WPACKET_put_bytes_u16(&hrrpkt, s->version)
-+ /* TODO(TLS1.3): Fix this before release */
-+ || !WPACKET_put_bytes_u16(&hrrpkt, s->version_draft)
- || !WPACKET_close(&hrrpkt)) {
- WPACKET_cleanup(&hrrpkt);
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
-@@ -1652,7 +1653,8 @@ EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt,
-
- if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions)
- || !WPACKET_start_sub_packet_u16(pkt)
-- || !WPACKET_put_bytes_u16(pkt, s->version)
-+ /* TODO(TLS1.3): Update to remove the TLSv1.3 draft indicator */
-+ || !WPACKET_put_bytes_u16(pkt, s->version_draft)
- || !WPACKET_close(pkt)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR,
- SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS,
-diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
-index 2f78a3f602..5d5121d12b 100644
---- a/ssl/statem/statem_lib.c
-+++ b/ssl/statem/statem_lib.c
-@@ -1770,6 +1770,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
- unsigned int best_vers = 0;
- const SSL_METHOD *best_method = NULL;
- PACKET versionslist;
-+ /* TODO(TLS1.3): Remove this before release */
-+ unsigned int orig_candidate = 0;
-
- suppversions->parsed = 1;
-
-@@ -1791,6 +1793,23 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
- return SSL_R_BAD_LEGACY_VERSION;
-
- while (PACKET_get_net_2(&versionslist, &candidate_vers)) {
-+ /* TODO(TLS1.3): Remove this before release */
-+ if (candidate_vers == TLS1_3_VERSION
-+ || candidate_vers == TLS1_3_VERSION_DRAFT
-+ || candidate_vers == TLS1_3_VERSION_DRAFT_26
-+ || candidate_vers == TLS1_3_VERSION_DRAFT_23) {
-+ if (best_vers == TLS1_3_VERSION
-+ && (orig_candidate > candidate_vers
-+ || orig_candidate == TLS1_3_VERSION))
-+ continue;
-+ orig_candidate = candidate_vers;
-+ candidate_vers = TLS1_3_VERSION;
-+ }
-+ /*
-+ * TODO(TLS1.3): There is some discussion on the TLS list about
-+ * whether to ignore versions version = best_vers;
-+ /* TODO(TLS1.3): Remove this before release */
-+ if (best_vers == TLS1_3_VERSION)
-+ s->version_draft = orig_candidate;
- s->method = best_method;
- return 0;
- }
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index b0dd54903d..1d096858f8 100644
--- a/ssl/statem/statem_srvr.c
@@ -1268,41 +1104,3 @@ index b0dd54903d..1d096858f8 100644
if (cipher == NULL) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
-diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
-index 656fefe896..654271f368 100644
---- a/ssl/t1_trce.c
-+++ b/ssl/t1_trce.c
-@@ -65,6 +65,11 @@ static const ssl_trace_tbl ssl_version_tbl[] = {
- {TLS1_1_VERSION, "TLS 1.1"},
- {TLS1_2_VERSION, "TLS 1.2"},
- {TLS1_3_VERSION, "TLS 1.3"},
-+ /* TODO(TLS1.3): Remove these lines before release */
-+ {TLS1_3_VERSION_DRAFT_23, TLS1_3_VERSION_DRAFT_TXT_23},
-+ {TLS1_3_VERSION_DRAFT_26, TLS1_3_VERSION_DRAFT_TXT_26},
-+ {TLS1_3_VERSION_DRAFT_27, TLS1_3_VERSION_DRAFT_TXT_27},
-+ {TLS1_3_VERSION_DRAFT, TLS1_3_VERSION_DRAFT_TXT},
- {DTLS1_VERSION, "DTLS 1.0"},
- {DTLS1_2_VERSION, "DTLS 1.2"},
- {DTLS1_BAD_VER, "DTLS 1.0 (bad)"}
-@@ -638,8 +643,19 @@ static int ssl_print_version(BIO *bio, int indent, const char *name,
- if (*pmsglen < 2)
- return 0;
- vers = ((*pmsg)[0] << 8) | (*pmsg)[1];
-- if (version != NULL)
-- *version = vers;
-+ if (version != NULL) {
-+ /* TODO(TLS1.3): Remove the draft conditional here before release */
-+ switch(vers) {
-+ case TLS1_3_VERSION_DRAFT_23:
-+ case TLS1_3_VERSION_DRAFT_26:
-+ case TLS1_3_VERSION_DRAFT_27:
-+ case TLS1_3_VERSION_DRAFT:
-+ *version = TLS1_3_VERSION;
-+ break;
-+ default:
-+ *version = vers;
-+ }
-+ }
- BIO_indent(bio, indent, 80);
- BIO_printf(bio, "%s=0x%x (%s)\n",
- name, vers, ssl_trace_str(vers, ssl_version_tbl));