From: Daniel Stenberg Date: Mon, 7 Nov 2016 13:38:59 +0000 (+0100) Subject: openssl: initial TLS 1.3 adaptions X-Git-Tag: curl-7_52_0~149 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9e8b0a283f52e6160626a7ad9f366fe62cc40b06;p=curl openssl: initial TLS 1.3 adaptions BoringSSL supports TLSv1.3 already, but these changes don't seem to be anough to get it working. --- diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 24d9d42c1..edfd5356d 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -1548,6 +1548,11 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type, case TLS1_2_VERSION: verstr = "TLSv1.2"; break; +#endif +#ifdef TLS1_3_VERSION + case TLS1_3_VERSION: + verstr = "TLSv1.3"; + break; #endif case 0: break; @@ -1677,6 +1682,10 @@ get_ssl_version_txt(SSL *ssl) return ""; switch(SSL_version(ssl)) { +#ifdef TLS1_3_VERSION + case TLS1_3_VERSION: + return "TLSv1.3"; +#endif #if OPENSSL_VERSION_NUMBER >= 0x1000100FL case TLS1_2_VERSION: return "TLSv1.2"; @@ -1728,6 +1737,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) case CURL_SSLVERSION_TLSv1_0: case CURL_SSLVERSION_TLSv1_1: case CURL_SSLVERSION_TLSv1_2: + case CURL_SSLVERSION_TLSv1_3: /* it will be handled later with the context options */ #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \ !defined(LIBRESSL_VERSION_NUMBER) @@ -1891,6 +1901,16 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) break; #endif +#ifdef TLS1_3_VERSION + case CURL_SSLVERSION_TLSv1_3: + ctx_options |= SSL_OP_NO_SSLv2; + ctx_options |= SSL_OP_NO_SSLv3; + ctx_options |= SSL_OP_NO_TLSv1; + ctx_options |= SSL_OP_NO_TLSv1_1; + ctx_options |= SSL_OP_NO_TLSv1_2; + break; +#endif + #ifndef OPENSSL_NO_SSL2 case CURL_SSLVERSION_SSLv2: ctx_options |= SSL_OP_NO_SSLv3;