Enable TLS 1.3 by default. Update-Note: If calling code does not work with TLS 1.3, the simplest fix is to call SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION). Change-Id: Ic99861753dac117c52aea1988a6c4227a32984ca Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/38624 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: David Benjamin <davidben@google.com>

commit: 58d56f4c59969a23e5f52014e2651c76fea2f877 [log] [tgz]
author: Matthew Braithwaite <mab@google.com> Mon Nov 04 13:20:01 2019 -0800
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Tue Nov 05 19:44:12 2019 +0000
tree: fc94ddd2ff16d8d9af7a7eca871f115222d5e9d9
parent: 9294306578c02cbcbdfbbe31639231110c0241a0 [diff] [blame]
diff --git a/ssl/ssl_versions.cc b/ssl/ssl_versions.cc
index e63a189..d95aeb3 100644
--- a/ssl/ssl_versions.cc
+++ b/ssl/ssl_versions.cc

@@ -150,7 +150,7 @@
                             uint16_t version) {
   // Zero is interpreted as the default maximum version.
   if (version == 0) {
-    *out = method->is_dtls ? DTLS1_2_VERSION : TLS1_2_VERSION;
+    *out = method->is_dtls ? DTLS1_2_VERSION : TLS1_3_VERSION;
     return true;
   }
commit	58d56f4c59969a23e5f52014e2651c76fea2f877	[log] [tgz]
author	Matthew Braithwaite <mab@google.com>	Mon Nov 04 13:20:01 2019 -0800
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Tue Nov 05 19:44:12 2019 +0000
tree	fc94ddd2ff16d8d9af7a7eca871f115222d5e9d9
parent	9294306578c02cbcbdfbbe31639231110c0241a0 [diff] [blame]