Allow enabling all TLS 1.3 variants by setting |tls13_default|.
Update-Note: Enabling TLS 1.3 now enables both draft-23 and draft-28
by default, in preparation for cycling all to draft-28.
Change-Id: I9405f39081f2e5f7049aaae8a9c85399f21df047
Reviewed-on: https://boringssl-review.googlesource.com/28304
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/ssl/ssl_versions.cc b/ssl/ssl_versions.cc
index a09efa1..9588dd3 100644
--- a/ssl/ssl_versions.cc
+++ b/ssl/ssl_versions.cc
@@ -299,17 +299,20 @@
return false;
}
- // This logic is part of the TLS 1.3 variants mechanism used in TLS 1.3
- // experimentation. TLS 1.3 variants must match the enabled |tls13_variant|.
- if (protocol_version != TLS1_3_VERSION ||
- (ssl->tls13_variant == tls13_draft28 &&
- version == TLS1_3_DRAFT28_VERSION) ||
- (ssl->tls13_variant == tls13_default &&
- version == TLS1_3_DRAFT23_VERSION)) {
- return true;
+ // If the TLS 1.3 variant is set to |tls13_default|, all variants are enabled,
+ // otherwise only the matching version is enabled.
+ if (protocol_version == TLS1_3_VERSION) {
+ switch (ssl->tls13_variant) {
+ case tls13_draft23:
+ return version == TLS1_3_DRAFT23_VERSION;
+ case tls13_draft28:
+ return version == TLS1_3_DRAFT28_VERSION;
+ case tls13_default:
+ return true;
+ }
}
- return false;
+ return true;
}
bool ssl_add_supported_versions(SSL_HANDSHAKE *hs, CBB *cbb) {
