Update TLS 1.3 citations for the final RFC.
Change-Id: I2d1671a4f21a602191fd0c9b932244a376ac5713
Reviewed-on: https://boringssl-review.googlesource.com/31104
Reviewed-by: David Benjamin <davidben@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 047101e..c2afa15 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1696,8 +1696,8 @@
//
// If this function returns one, clients retain multiple sessions and use each
// only once. This prevents passive observers from correlating connections with
-// tickets. See draft-ietf-tls-tls13-18, appendix B.5. If it returns zero,
-// |session| cannot be used without leaking a correlator.
+// tickets. See RFC 8446, appendix C.4. If it returns zero, |session| cannot be
+// used without leaking a correlator.
OPENSSL_EXPORT int SSL_SESSION_should_be_single_use(const SSL_SESSION *session);
// SSL_SESSION_is_resumable returns one if |session| is resumable and zero
@@ -3048,8 +3048,8 @@
// WARNING: A 0-RTT handshake has different security properties from normal
// handshake, so it is off by default unless opted in. In particular, early data
// is replayable by a network attacker. Callers must account for this when
-// sending or processing data before the handshake is confirmed. See
-// draft-ietf-tls-tls13-18 for more information.
+// sending or processing data before the handshake is confirmed. See RFC 8446
+// for more information.
//
// As a server, if early data is accepted, |SSL_do_handshake| will complete as
// soon as the ClientHello is processed and server flight sent. |SSL_write| may
@@ -3084,9 +3084,9 @@
// properties. The caller must disregard any values from before the reset and
// query again.
//
-// Finally, to implement the fallback described in draft-ietf-tls-tls13-18
-// appendix C.3, retry on a fresh connection without 0-RTT if the handshake
-// fails with |SSL_R_WRONG_VERSION_ON_EARLY_DATA|.
+// Finally, to implement the fallback described in RFC 8446 appendix D.3, retry
+// on a fresh connection without 0-RTT if the handshake fails with
+// |SSL_R_WRONG_VERSION_ON_EARLY_DATA|.
// SSL_CTX_set_early_data_enabled sets whether early data is allowed to be used
// with resumptions using |ctx|.
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 0a3e9e4..937be6b 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -217,7 +217,7 @@
// ExtensionType value from RFC4507
#define TLSEXT_TYPE_session_ticket 35
-// ExtensionType values from draft-ietf-tls-tls13-18
+// ExtensionType values from RFC8446
#define TLSEXT_TYPE_supported_groups 10
#define TLSEXT_TYPE_pre_shared_key 41
#define TLSEXT_TYPE_early_data 42
@@ -431,7 +431,7 @@
#define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0x0300CCA9
#define TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0x0300CCAC
-// TLS 1.3 ciphersuites from draft-ietf-tls-tls13-16
+// TLS 1.3 ciphersuites from RFC 8446.
#define TLS1_CK_AES_128_GCM_SHA256 0x03001301
#define TLS1_CK_AES_256_GCM_SHA384 0x03001302
#define TLS1_CK_CHACHA20_POLY1305_SHA256 0x03001303
@@ -603,7 +603,7 @@
#define TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 \
"ECDHE-PSK-CHACHA20-POLY1305"
-// TLS 1.3 ciphersuites from draft-ietf-tls-tls13-16
+// TLS 1.3 ciphersuites from RFC 8446.
#define TLS1_TXT_AES_128_GCM_SHA256 "AEAD-AES128-GCM-SHA256"
#define TLS1_TXT_AES_256_GCM_SHA384 "AEAD-AES256-GCM-SHA384"
#define TLS1_TXT_CHACHA20_POLY1305_SHA256 "AEAD-CHACHA20-POLY1305-SHA256"
