Add an interface for QUIC integration. 0-RTT support and APIs to consume NewSessionTicket will be added in a follow-up. Change-Id: Ib2b2c6b618b3e33a74355fb53fdbd2ffafcc5c56 Reviewed-on: https://boringssl-review.googlesource.com/c/31744 Commit-Queue: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>

commit: c8e0f90f83b9ec38ea833deb86b5a41360b62b6a [log] [tgz]
author: Steven Valdez <svaldez@chromium.org> Sat Jul 14 11:23:01 2018 -0400
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Wed Oct 31 20:38:10 2018 +0000
tree: 80d337d43e11ace709aee31a4247be3457fdefef
parent: dc332205326340ec1bf7d553452c7699904054b4 [diff] [blame]
diff --git a/ssl/ssl_versions.cc b/ssl/ssl_versions.cc
index 911fb7e..7df7fe7 100644
--- a/ssl/ssl_versions.cc
+++ b/ssl/ssl_versions.cc

@@ -217,6 +217,11 @@
   uint16_t min_version = hs->config->conf_min_version;
   uint16_t max_version = hs->config->conf_max_version;
 
+  // QUIC requires TLS 1.3.
+  if (hs->ssl->ctx->quic_method && min_version < TLS1_3_VERSION) {
+    min_version = TLS1_3_VERSION;
+  }
+
   // OpenSSL's API for controlling versions entails blacklisting individual
   // protocols. This has two problems. First, on the client, the protocol can
   // only express a contiguous range of versions. Second, a library consumer
commit	c8e0f90f83b9ec38ea833deb86b5a41360b62b6a	[log] [tgz]
author	Steven Valdez <svaldez@chromium.org>	Sat Jul 14 11:23:01 2018 -0400
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Wed Oct 31 20:38:10 2018 +0000
tree	80d337d43e11ace709aee31a4247be3457fdefef
parent	dc332205326340ec1bf7d553452c7699904054b4 [diff] [blame]