Remove TLS 1.3 draft28.

Change-Id: I9ea299acbb40e8b8430eea5d1af1426edf96743b
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index daa58b0..6859cec 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -600,7 +600,6 @@
 #define DTLS1_2_VERSION 0xfefd
 
 #define TLS1_3_DRAFT23_VERSION 0x7f17
-#define TLS1_3_DRAFT28_VERSION 0x7f1c
 
 // SSL_CTX_set_min_proto_version sets the minimum protocol version for |ctx| to
 // |version|. If |version| is zero, the default minimum version is used. It
@@ -3384,7 +3383,6 @@
 enum tls13_variant_t {
   tls13_rfc = 0,
   tls13_draft23,
-  tls13_draft28,
   // tls13_all enables all variants of TLS 1.3, to keep the transition smooth as
   // early adopters move to the final version.
   tls13_all,
diff --git a/ssl/internal.h b/ssl/internal.h
index 087f5fb..71aaf89 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -408,10 +408,6 @@
 // call this function before the version is determined.
 uint16_t ssl_protocol_version(const SSL *ssl);
 
-// ssl_is_draft28 returns whether the version corresponds to a draft28 TLS 1.3
-// variant.
-bool ssl_is_draft28(uint16_t version);
-
 // Cipher suites.
 
 }  // namespace bssl
diff --git a/ssl/ssl_aead_ctx.cc b/ssl/ssl_aead_ctx.cc
index 322b1b5..e452f56 100644
--- a/ssl/ssl_aead_ctx.cc
+++ b/ssl/ssl_aead_ctx.cc
@@ -134,7 +134,7 @@
       aead_ctx->xor_fixed_nonce_ = true;
       aead_ctx->variable_nonce_len_ = 8;
       aead_ctx->variable_nonce_included_in_record_ = false;
-      if (ssl_is_draft28(version)) {
+      if (version == TLS1_3_VERSION) {
         aead_ctx->ad_is_header_ = true;
       } else {
         aead_ctx->omit_ad_ = true;
diff --git a/ssl/ssl_versions.cc b/ssl/ssl_versions.cc
index 212c3ac..d2736a6 100644
--- a/ssl/ssl_versions.cc
+++ b/ssl/ssl_versions.cc
@@ -35,7 +35,6 @@
       return true;
 
     case TLS1_3_DRAFT23_VERSION:
-    case TLS1_3_DRAFT28_VERSION:
       *out = TLS1_3_VERSION;
       return true;
 
@@ -58,7 +57,6 @@
 
 static const uint16_t kTLSVersions[] = {
     TLS1_3_VERSION,
-    TLS1_3_DRAFT28_VERSION,
     TLS1_3_DRAFT23_VERSION,
     TLS1_2_VERSION,
     TLS1_1_VERSION,
@@ -102,7 +100,6 @@
 static const char *ssl_version_to_string(uint16_t version) {
   switch (version) {
     case TLS1_3_DRAFT23_VERSION:
-    case TLS1_3_DRAFT28_VERSION:
     case TLS1_3_VERSION:
       return "TLSv1.3";
 
@@ -130,7 +127,6 @@
   switch (version) {
     // Report TLS 1.3 draft versions as TLS 1.3 in the public API.
     case TLS1_3_DRAFT23_VERSION:
-    case TLS1_3_DRAFT28_VERSION:
     case TLS1_3_VERSION:
       return TLS1_3_VERSION;
     default:
@@ -142,8 +138,7 @@
 // particular, it picks an arbitrary TLS 1.3 representative. This should only be
 // used in context where that does not matter.
 static bool api_version_to_wire(uint16_t *out, uint16_t version) {
-  if (version == TLS1_3_DRAFT23_VERSION ||
-      version == TLS1_3_DRAFT28_VERSION) {
+  if (version == TLS1_3_DRAFT23_VERSION) {
     return false;
   }
 
@@ -300,8 +295,6 @@
     switch (ssl->tls13_variant) {
       case tls13_draft23:
         return version == TLS1_3_DRAFT23_VERSION;
-      case tls13_draft28:
-        return version == TLS1_3_DRAFT28_VERSION;
       case tls13_rfc:
         return version == TLS1_3_VERSION;
       case tls13_all:
@@ -356,10 +349,6 @@
   return false;
 }
 
-bool ssl_is_draft28(uint16_t version) {
-  return version == TLS1_3_DRAFT28_VERSION || version == TLS1_3_VERSION;
-}
-
 }  // namespace bssl
 
 using namespace bssl;
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index 702814d..24a8608 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -35,19 +35,16 @@
 // A draft version of TLS 1.3 that is sent over the wire for the current draft.
 const (
 	tls13Draft23Version = 0x7f17
-	tls13Draft28Version = 0x7f1c
 )
 
 const (
 	TLS13RFC     = 0
 	TLS13Draft23 = 1
-	TLS13Draft28 = 2
-	TLS13All     = 3
+	TLS13All     = 2
 )
 
 var allTLSWireVersions = []uint16{
 	VersionTLS13,
-	tls13Draft28Version,
 	tls13Draft23Version,
 	VersionTLS12,
 	VersionTLS11,
@@ -1738,7 +1735,7 @@
 		switch vers {
 		case VersionSSL30, VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13:
 			return vers, true
-		case tls13Draft23Version, tls13Draft28Version:
+		case tls13Draft23Version:
 			return VersionTLS13, true
 		}
 	}
@@ -1746,10 +1743,6 @@
 	return 0, false
 }
 
-func isDraft28(vers uint16) bool {
-	return vers == tls13Draft28Version || vers == VersionTLS13
-}
-
 // isSupportedVersion checks if the specified wire version is acceptable. If so,
 // it returns true and the corresponding protocol version. Otherwise, it returns
 // false.
@@ -1764,10 +1757,6 @@
 			if wireVers != tls13Draft23Version {
 				return 0, false
 			}
-		case TLS13Draft28:
-			if wireVers != tls13Draft28Version {
-				return 0, false
-			}
 		case TLS13RFC:
 			if wireVers != VersionTLS13 {
 				return 0, false
diff --git a/ssl/test/runner/conn.go b/ssl/test/runner/conn.go
index b6b6ffa..407e0ee 100644
--- a/ssl/test/runner/conn.go
+++ b/ssl/test/runner/conn.go
@@ -453,7 +453,7 @@
 				n := len(payload) - c.Overhead()
 				additionalData[11] = byte(n >> 8)
 				additionalData[12] = byte(n)
-			} else if isDraft28(hc.wireVersion) {
+			} else if hc.wireVersion == VersionTLS13 {
 				additionalData = b.data[:recordHeaderLen]
 			}
 			var err error
@@ -619,7 +619,7 @@
 				copy(additionalData[8:], b.data[:3])
 				additionalData[11] = byte(payloadLen >> 8)
 				additionalData[12] = byte(payloadLen)
-			} else if isDraft28(hc.wireVersion) {
+			} else if hc.wireVersion == VersionTLS13 {
 				additionalData = make([]byte, 5)
 				copy(additionalData, b.data[:3])
 				n := len(b.data) - recordHeaderLen
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 6bbaecf..cd6c6f8 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -1389,13 +1389,6 @@
 		versionWire:  tls13Draft23Version,
 		tls13Variant: TLS13Draft23,
 	},
-	{
-		name:         "TLS13Draft28",
-		version:      VersionTLS13,
-		excludeFlag:  "-no-tls13",
-		versionWire:  tls13Draft28Version,
-		tls13Variant: TLS13Draft28,
-	},
 }
 
 func allVersions(protocol protocol) []tlsVersion {
@@ -3025,7 +3018,7 @@
 					ExpectPackedEncryptedHandshake: 512,
 				},
 			},
-			tls13Variant: TLS13Draft28,
+			tls13Variant: TLS13RFC,
 			messageLen:   1024,
 			flags: []string{
 				"-max-send-fragment", "512",
@@ -3067,17 +3060,16 @@
 			tls13Variant: TLS13Draft23,
 		},
 		{
-			// Test that handshake data is tightly packed in TLS 1.3
-			// draft-28.
+			// Test that handshake data is tightly packed in the final TLS 1.3.
 			testType: serverTest,
-			name:     "PackedEncryptedHandshake-TLS13Draft28",
+			name:     "PackedEncryptedHandshake-TLS13",
 			config: Config{
 				MaxVersion: VersionTLS13,
 				Bugs: ProtocolBugs{
 					ExpectPackedEncryptedHandshake: 16384,
 				},
 			},
-			tls13Variant: TLS13Draft28,
+			tls13Variant: TLS13RFC,
 		},
 		{
 			// Test that DTLS can handle multiple application data
@@ -5954,7 +5946,7 @@
 				SendTLS13DowngradeRandom: true,
 			},
 		},
-		tls13Variant:    TLS13Draft28,
+		tls13Variant:    TLS13Draft23,
 		expectedVersion: VersionTLS12,
 	})
 	testCases = append(testCases, testCase{
@@ -5965,7 +5957,7 @@
 				CheckTLS13DowngradeRandom: true,
 			},
 		},
-		tls13Variant:    TLS13Draft28,
+		tls13Variant:    TLS13Draft23,
 		expectedVersion: VersionTLS13,
 	})
 
@@ -6010,7 +6002,7 @@
 			"-advertise-alpn", "\x03foo",
 			"-expect-alpn", "foo",
 			"-ignore-tls13-downgrade",
-			"-tls13-variant", strconv.Itoa(TLS13Draft28),
+			"-tls13-variant", strconv.Itoa(TLS13Draft23),
 			"-max-version", strconv.Itoa(VersionTLS13),
 		},
 		shimWritesFirst: true,
@@ -12751,7 +12743,7 @@
 
 		// Test that the supported_versions extension is enforced in the
 		// second ServerHello. Note we only enforce this starting draft 28.
-		if isDraft28(version.versionWire) {
+		if version.versionWire == VersionTLS13 {
 			testCases = append(testCases, testCase{
 				name: "SecondServerHelloNoVersion-" + name,
 				config: Config{
diff --git a/ssl/tls13_client.cc b/ssl/tls13_client.cc
index cf20403..57eb2fa 100644
--- a/ssl/tls13_client.cc
+++ b/ssl/tls13_client.cc
@@ -291,7 +291,7 @@
     return ssl_hs_error;
   }
 
-  if (ssl_is_draft28(ssl->version)) {
+  if (ssl->version == TLS1_3_VERSION) {
     // Recheck supported_versions, in case this is the second ServerHello.
     uint16_t version;
     if (!have_supported_versions ||
diff --git a/tool/client.cc b/tool/client.cc
index 80acf34..a0ccfd8 100644
--- a/tool/client.cc
+++ b/tool/client.cc
@@ -333,10 +333,6 @@
     *out = tls13_draft23;
     return true;
   }
-  if (in == "draft28") {
-    *out = tls13_draft28;
-    return true;
-  }
   if (in == "rfc") {
     *out = tls13_rfc;
     return true;
diff --git a/tool/server.cc b/tool/server.cc
index c4b23bf..6fe3d01 100644
--- a/tool/server.cc
+++ b/tool/server.cc
@@ -153,10 +153,6 @@
     *out = tls13_draft23;
     return true;
   }
-  if (in == "draft28") {
-    *out = tls13_draft28;
-    return true;
-  }
   if (in == "rfc") {
     *out = tls13_rfc;
     return true;