*) Support for TLSv1.3 added. Note that users upgrading from an earlier
version of OpenSSL should review their configuration settings to ensure
that they are still appropriate for TLSv1.3. For further information see:
- https://www.openssl.org/blog/blog/2018/02/08/tlsv1.3/
-
- NOTE: In this pre-release of OpenSSL a draft version of the
- TLSv1.3 standard has been implemented. Implementations of different draft
- versions of the standard do not inter-operate, and this version will not
- inter-operate with an implementation of the final standard when it is
- eventually published. Different pre-release versions may implement
- different versions of the draft. The final version of OpenSSL 1.1.1 will
- implement the final version of the standard.
- TODO(TLS1.3): Remove the above note before final release
+ https://wiki.openssl.org/index.php/TLS1.3
[Matt Caswell]
*) Grand redesign of the OpenSSL random generator
established between the two endpoints. The functions
SSL_export_keying_material() and SSL_export_keying_material_early() enable an
application to use some of this keying material for its own purposes in
-accordance with RFC5705 (for TLSv1.2 and below) or RFCXXXX (for TLSv1.3).
-TODO(TLS1.3): Update the RFC number when the RFC is published.
+accordance with RFC5705 (for TLSv1.2 and below) or RFC8446 (for TLSv1.3).
SSL_export_keying_material() derives keying material using
the F<exporter_master_secret> established in the handshake.
# define TLS1_3_VERSION 0x0304
# define TLS_MAX_VERSION TLS1_3_VERSION
-/* TODO(TLS1.3) REMOVE ME: Version indicators for draft version */
-# define TLS1_3_VERSION_DRAFT_26 0x7f1a
-# define TLS1_3_VERSION_DRAFT_27 0x7f1b
-# define TLS1_3_VERSION_DRAFT 0x7f1c
-# define TLS1_3_VERSION_DRAFT_TXT_26 "TLS 1.3 (draft 26)"
-# define TLS1_3_VERSION_DRAFT_TXT_27 "TLS 1.3 (draft 27)"
-# define TLS1_3_VERSION_DRAFT_TXT "TLS 1.3 (draft 28)"
-
/* Special value for method supporting multiple versions */
# define TLS_ANY_VERSION 0x10000
* DTLS1_VERSION)
*/
int version;
- /* TODO(TLS1.3): Remove this before release */
- int version_draft;
/* SSLv3 */
const SSL_METHOD *method;
/*
return EXT_RETURN_FAIL;
}
- /*
- * TODO(TLS1.3): There is some discussion on the TLS list as to whether
- * we should include versions <TLS1.2. For the moment we do. To be
- * reviewed later.
- */
for (currv = max_version; currv >= min_version; currv--) {
- /* TODO(TLS1.3): Remove this first if clause prior to release!! */
- if (currv == TLS1_3_VERSION) {
- if (!WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT)
- || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_27)
- || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_26)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR,
- SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
- ERR_R_INTERNAL_ERROR);
- return EXT_RETURN_FAIL;
- }
- } else if (!WPACKET_put_bytes_u16(pkt, currv)) {
+ if (!WPACKET_put_bytes_u16(pkt, currv)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
ERR_R_INTERNAL_ERROR);
return 0;
}
- /* TODO(TLS1.3): Remove this before release */
- if (version == TLS1_3_VERSION_DRAFT
- || version == TLS1_3_VERSION_DRAFT_27
- || version == TLS1_3_VERSION_DRAFT_26)
- version = TLS1_3_VERSION;
-
/*
* The only protocol version we support which is valid in this extension in
* a ServerHello is TLSv1.3 therefore we shouldn't be getting anything else.
}
if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_supported_versions)
|| !WPACKET_start_sub_packet_u16(&hrrpkt)
- /* TODO(TLS1.3): Fix this before release */
- || !WPACKET_put_bytes_u16(&hrrpkt, s->version_draft)
+ || !WPACKET_put_bytes_u16(&hrrpkt, s->version)
|| !WPACKET_close(&hrrpkt)) {
WPACKET_cleanup(&hrrpkt);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions)
|| !WPACKET_start_sub_packet_u16(pkt)
- /* TODO(TLS1.3): Update to remove the TLSv1.3 draft indicator */
- || !WPACKET_put_bytes_u16(pkt, s->version_draft)
+ || !WPACKET_put_bytes_u16(pkt, s->version)
|| !WPACKET_close(pkt)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS,
unsigned int best_vers = 0;
const SSL_METHOD *best_method = NULL;
PACKET versionslist;
- /* TODO(TLS1.3): Remove this before release */
- unsigned int orig_candidate = 0;
suppversions->parsed = 1;
return SSL_R_BAD_LEGACY_VERSION;
while (PACKET_get_net_2(&versionslist, &candidate_vers)) {
- /* TODO(TLS1.3): Remove this before release */
- if (candidate_vers == TLS1_3_VERSION_DRAFT
- || candidate_vers == TLS1_3_VERSION_DRAFT_27
- || candidate_vers == TLS1_3_VERSION_DRAFT_26) {
- if (best_vers == TLS1_3_VERSION
- && orig_candidate > candidate_vers)
- continue;
- orig_candidate = candidate_vers;
- candidate_vers = TLS1_3_VERSION;
- } else if (candidate_vers == TLS1_3_VERSION) {
- /* Don't actually accept real TLSv1.3 */
- continue;
- }
- /*
- * TODO(TLS1.3): There is some discussion on the TLS list about
- * whether to ignore versions <TLS1.2 in supported_versions. At the
- * moment we honour them if present. To be reviewed later
- */
if (version_cmp(s, candidate_vers, best_vers) <= 0)
continue;
if (ssl_version_supported(s, candidate_vers, &best_method))
}
check_for_downgrade(s, best_vers, dgrd);
s->version = best_vers;
- /* TODO(TLS1.3): Remove this before release */
- if (best_vers == TLS1_3_VERSION)
- s->version_draft = orig_candidate;
s->method = best_method;
return 0;
}
{TLS1_1_VERSION, "TLS 1.1"},
{TLS1_2_VERSION, "TLS 1.2"},
{TLS1_3_VERSION, "TLS 1.3"},
- /* TODO(TLS1.3): Remove these lines before release */
- {TLS1_3_VERSION_DRAFT_26, TLS1_3_VERSION_DRAFT_TXT_26},
- {TLS1_3_VERSION_DRAFT_27, TLS1_3_VERSION_DRAFT_TXT_27},
- {TLS1_3_VERSION_DRAFT, TLS1_3_VERSION_DRAFT_TXT},
{DTLS1_VERSION, "DTLS 1.0"},
{DTLS1_2_VERSION, "DTLS 1.2"},
{DTLS1_BAD_VER, "DTLS 1.0 (bad)"}
if (*pmsglen < 2)
return 0;
vers = ((*pmsg)[0] << 8) | (*pmsg)[1];
- if (version != NULL) {
- /* TODO(TLS1.3): Remove the draft conditional here before release */
- switch(vers) {
- case TLS1_3_VERSION_DRAFT_26:
- case TLS1_3_VERSION_DRAFT_27:
- case TLS1_3_VERSION_DRAFT:
- *version = TLS1_3_VERSION;
- break;
- default:
- *version = vers;
- }
- }
+ if (version != NULL)
+ *version = vers;
BIO_indent(bio, indent, 80);
BIO_printf(bio, "%s=0x%x (%s)\n",
name, vers, ssl_trace_str(vers, ssl_version_tbl));
/*
* We can't fragment anything after the ServerHello (or CCS <=
* TLS1.2), otherwise we get a bad record MAC
- * TODO(TLS1.3): Change TLS1_3_VERSION_DRAFT to TLS1_3_VERSION
- * before release
*/
if (contenttype == SSL3_RT_CHANGE_CIPHER_SPEC
- || (negversion == TLS1_3_VERSION_DRAFT
+ || (negversion == TLS1_3_VERSION
&& msgtype == SSL3_MT_SERVER_HELLO)) {
fragment = 0;
break;
#Test 1: Sending a status_request extension in both ClientHello and
#ServerHello but then omitting the CertificateStatus message is valid
-#TODO(TLS1.3): Temporarily disabling this test in TLS1.3 until we've completed
-#the move the status request extension to the Certificate message.
$proxy->clientflags("-status -no_tls1_3");
$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
plan tests => 1;
$ext = pack "C5",
0x04, # Length
0x03, 0x03, #TLSv1.2
- #TODO(TLS1.3): Fix before release
- 0x7f, 0x1c; #TLSv1.3 (draft 28)
+ 0x03, 0x04; #TLSv1.3
} elsif ($testtype == UNRECOGNISED_VERSIONS) {
$ext = pack "C5",
0x04, # Length
} elsif ($testtype == WITH_TLS1_4) {
$ext = pack "C5",
0x04, # Length
- #TODO(TLS1.3): Fix before release
- 0x7f, 0x1c; #TLSv1.3 (draft 28)
+ 0x03, 0x04; #TLSv1.3
}
if ($testtype == REVERSE_ORDER_VERSIONS
|| $testtype == UNRECOGNISED_VERSIONS
EXT_FORCE_LAST => 0xffff
};
-# SignatureScheme of TLS 1.3, from
-# https://tools.ietf.org/html/draft-ietf-tls-tls13-20#appendix-B.3.1.3
-# TODO(TLS1.3) update link to IANA registry after publication
+# SignatureScheme of TLS 1.3 from:
+# https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-signaturescheme
# We have to manually grab the SHA224 equivalents from the old registry
use constant {
SIG_ALG_RSA_PKCS1_SHA256 => 0x0401,
use constant {
VERS_TLS_1_4 => 0x0305,
- VERS_TLS_1_3_DRAFT => 0x7f1c,
VERS_TLS_1_3 => 0x0304,
VERS_TLS_1_2 => 0x0303,
VERS_TLS_1_1 => 0x0302,
if ($random eq $hrrrandom) {
TLSProxy::Proxy->is_tls13(1);
- # TODO(TLS1.3): Replace this reference to draft version before release
- } elsif ($neg_version == TLSProxy::Record::VERS_TLS_1_3_DRAFT) {
- $neg_version = TLSProxy::Record::VERS_TLS_1_3;
+ } elsif ($neg_version == TLSProxy::Record::VERS_TLS_1_3) {
TLSProxy::Proxy->is_tls13(1);
TLSProxy::Record->server_encrypting(1);
projects / oweals / openssl.git / commitdiff