Remove deprecated TLS 1.3 variants.
Upgrade-Note: SSL_CTX_set_tls13_variant(tls13_experiment) on the server
should switch to SSL_CTX_set_tls13_variant(tls13_experiment2).
(Configuring any TLS 1.3 variants on the server enables all variants,
so this is a no-op. We're just retiring some old experiments.)
Change-Id: I60f0ca3f96ff84bdf59e1a282a46e51d99047462
Reviewed-on: https://boringssl-review.googlesource.com/23784
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
index 8288878..5d37448 100644
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc
@@ -2617,7 +2617,8 @@
EXPECT_EQ(TLS1_3_VERSION, ctx->conf_max_version);
// TLS1_3_DRAFT_VERSION is not an API-level version.
- EXPECT_FALSE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_3_DRAFT_VERSION));
+ EXPECT_FALSE(
+ SSL_CTX_set_max_proto_version(ctx.get(), TLS1_3_DRAFT22_VERSION));
ERR_clear_error();
ctx.reset(SSL_CTX_new(DTLS_method()));
@@ -2960,9 +2961,7 @@
uint16_t record_version, length;
ASSERT_TRUE(CBS_get_u8(&cbs, &type));
ASSERT_TRUE(CBS_get_u16(&cbs, &record_version));
- EXPECT_TRUE(record_version == version() ||
- record_version == (is_dtls() ? DTLS1_VERSION : TLS1_VERSION))
- << "Invalid record version: " << record_version;
+ EXPECT_EQ(record_version & 0xff00, version() & 0xff00);
if (is_dtls()) {
uint16_t epoch;
ASSERT_TRUE(CBS_get_u16(&cbs, &epoch));
@@ -3862,7 +3861,7 @@
!TestPaddingExtension(TLS1_3_VERSION, TLS1_2_VERSION) ||
// Test the padding extension at TLS 1.3 with a TLS 1.3 session, so there
// will be a PSK binder after the padding extension.
- !TestPaddingExtension(TLS1_3_VERSION, TLS1_3_DRAFT_VERSION)) {
+ !TestPaddingExtension(TLS1_3_VERSION, TLS1_3_DRAFT22_VERSION)) {
ADD_FAILURE() << "Tests failed";
}
}
