commit abbbee10ad4739648bcbf36a5ac52f23263a67dd
author David Benjamin <davidben@google.com> Mon Oct 31 19:20:42 2016 -0400
committer Adam Langley <agl@google.com> Wed Nov 02 20:47:55 2016 +0000
tree b279f5a085ab27163056aa1cb27d6978bcc9b4b5
parent fb73e97292f8a5b6f9a60dbcf7aeabc7759812e1

Detach TLS 1.3 cipher configuration from the cipher language.

TLS 1.3 ciphers are now always enabled and come with a hard-coded
preference order.

BUG=110

Change-Id: Idd9cb0d75fb6bf2676ecdee27d88893ff974c4a3
Reviewed-on: https://boringssl-review.googlesource.com/12025
Reviewed-by: Adam Langley <agl@google.com>

ssl/internal.h

diff --git a/ssl/internal.h b/ssl/internal.h
index 461de2c..b217017 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -1658,6 +1658,9 @@
 
 void ssl_cipher_preference_list_free(
     struct ssl_cipher_preference_list_st *cipher_list);
+
+/* ssl_get_cipher_preferences returns the cipher preference list for TLS 1.2 and
+ * below. */
 const struct ssl_cipher_preference_list_st *ssl_get_cipher_preferences(
     const SSL *ssl);
 
@@ -1712,7 +1715,7 @@
 
 /* ssl_is_valid_cipher checks that |cipher| is valid according to the current
  * server configuration in |ssl|. It returns 1 if valid, and 0 otherwise. */
-int ssl_is_valid_cipher(SSL *ssl, const SSL_CIPHER *cipher);
+int ssl_is_valid_cipher(const SSL *ssl, const SSL_CIPHER *cipher);
 
 const SSL_CIPHER *ssl3_choose_cipher(
     SSL *ssl, const struct ssl_early_callback_ctx *client_hello,