Remove deprecated TLS 1.3 variants.
Upgrade-Note: SSL_CTX_set_tls13_variant(tls13_experiment) on the server
should switch to SSL_CTX_set_tls13_variant(tls13_experiment2).
(Configuring any TLS 1.3 variants on the server enables all variants,
so this is a no-op. We're just retiring some old experiments.)
Change-Id: I60f0ca3f96ff84bdf59e1a282a46e51d99047462
Reviewed-on: https://boringssl-review.googlesource.com/23784
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/tool/server.cc b/tool/server.cc
index 9963885..37235a7 100644
--- a/tool/server.cc
+++ b/tool/server.cc
@@ -68,10 +68,7 @@
"-early-data", kBooleanArgument, "Allow early data",
},
{
- "-tls13-variant", kBooleanArgument, "Enable TLS 1.3 variants",
- },
- {
- "-tls13-draft22-variant", kBooleanArgument, "Enable TLS 1.3 Draft 22.",
+ "-tls13-variant", kBooleanArgument, "Enables all TLS 1.3 variants",
},
{
"-www", kBooleanArgument,
@@ -310,11 +307,8 @@
SSL_CTX_set_early_data_enabled(ctx.get(), 1);
}
- // Draft 22 variants need to be explicitly enabled.
- if (args_map.count("-tls13-draft22-variant") != 0) {
- SSL_CTX_set_tls13_variant(ctx.get(), tls13_draft22);
- } else if (args_map.count("-tls13-variant") != 0) {
- SSL_CTX_set_tls13_variant(ctx.get(), tls13_experiment);
+ if (args_map.count("-tls13-variant") != 0) {
+ SSL_CTX_set_tls13_variant(ctx.get(), tls13_experiment2);
}
if (args_map.count("-debug") != 0) {
