Remove TLS 1.3 draft28.
Change-Id: I9ea299acbb40e8b8430eea5d1af1426edf96743b
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index daa58b0..6859cec 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -600,7 +600,6 @@
#define DTLS1_2_VERSION 0xfefd
#define TLS1_3_DRAFT23_VERSION 0x7f17
-#define TLS1_3_DRAFT28_VERSION 0x7f1c
// SSL_CTX_set_min_proto_version sets the minimum protocol version for |ctx| to
// |version|. If |version| is zero, the default minimum version is used. It
@@ -3384,7 +3383,6 @@
enum tls13_variant_t {
tls13_rfc = 0,
tls13_draft23,
- tls13_draft28,
// tls13_all enables all variants of TLS 1.3, to keep the transition smooth as
// early adopters move to the final version.
tls13_all,
diff --git a/ssl/internal.h b/ssl/internal.h
index 087f5fb..71aaf89 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -408,10 +408,6 @@
// call this function before the version is determined.
uint16_t ssl_protocol_version(const SSL *ssl);
-// ssl_is_draft28 returns whether the version corresponds to a draft28 TLS 1.3
-// variant.
-bool ssl_is_draft28(uint16_t version);
-
// Cipher suites.
} // namespace bssl
diff --git a/ssl/ssl_aead_ctx.cc b/ssl/ssl_aead_ctx.cc
index 322b1b5..e452f56 100644
--- a/ssl/ssl_aead_ctx.cc
+++ b/ssl/ssl_aead_ctx.cc
@@ -134,7 +134,7 @@
aead_ctx->xor_fixed_nonce_ = true;
aead_ctx->variable_nonce_len_ = 8;
aead_ctx->variable_nonce_included_in_record_ = false;
- if (ssl_is_draft28(version)) {
+ if (version == TLS1_3_VERSION) {
aead_ctx->ad_is_header_ = true;
} else {
aead_ctx->omit_ad_ = true;
diff --git a/ssl/ssl_versions.cc b/ssl/ssl_versions.cc
index 212c3ac..d2736a6 100644
--- a/ssl/ssl_versions.cc
+++ b/ssl/ssl_versions.cc
@@ -35,7 +35,6 @@
return true;
case TLS1_3_DRAFT23_VERSION:
- case TLS1_3_DRAFT28_VERSION:
*out = TLS1_3_VERSION;
return true;
@@ -58,7 +57,6 @@
static const uint16_t kTLSVersions[] = {
TLS1_3_VERSION,
- TLS1_3_DRAFT28_VERSION,
TLS1_3_DRAFT23_VERSION,
TLS1_2_VERSION,
TLS1_1_VERSION,
@@ -102,7 +100,6 @@
static const char *ssl_version_to_string(uint16_t version) {
switch (version) {
case TLS1_3_DRAFT23_VERSION:
- case TLS1_3_DRAFT28_VERSION:
case TLS1_3_VERSION:
return "TLSv1.3";
@@ -130,7 +127,6 @@
switch (version) {
// Report TLS 1.3 draft versions as TLS 1.3 in the public API.
case TLS1_3_DRAFT23_VERSION:
- case TLS1_3_DRAFT28_VERSION:
case TLS1_3_VERSION:
return TLS1_3_VERSION;
default:
@@ -142,8 +138,7 @@
// particular, it picks an arbitrary TLS 1.3 representative. This should only be
// used in context where that does not matter.
static bool api_version_to_wire(uint16_t *out, uint16_t version) {
- if (version == TLS1_3_DRAFT23_VERSION ||
- version == TLS1_3_DRAFT28_VERSION) {
+ if (version == TLS1_3_DRAFT23_VERSION) {
return false;
}
@@ -300,8 +295,6 @@
switch (ssl->tls13_variant) {
case tls13_draft23:
return version == TLS1_3_DRAFT23_VERSION;
- case tls13_draft28:
- return version == TLS1_3_DRAFT28_VERSION;
case tls13_rfc:
return version == TLS1_3_VERSION;
case tls13_all:
@@ -356,10 +349,6 @@
return false;
}
-bool ssl_is_draft28(uint16_t version) {
- return version == TLS1_3_DRAFT28_VERSION || version == TLS1_3_VERSION;
-}
-
} // namespace bssl
using namespace bssl;
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index 702814d..24a8608 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -35,19 +35,16 @@
// A draft version of TLS 1.3 that is sent over the wire for the current draft.
const (
tls13Draft23Version = 0x7f17
- tls13Draft28Version = 0x7f1c
)
const (
TLS13RFC = 0
TLS13Draft23 = 1
- TLS13Draft28 = 2
- TLS13All = 3
+ TLS13All = 2
)
var allTLSWireVersions = []uint16{
VersionTLS13,
- tls13Draft28Version,
tls13Draft23Version,
VersionTLS12,
VersionTLS11,
@@ -1738,7 +1735,7 @@
switch vers {
case VersionSSL30, VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13:
return vers, true
- case tls13Draft23Version, tls13Draft28Version:
+ case tls13Draft23Version:
return VersionTLS13, true
}
}
@@ -1746,10 +1743,6 @@
return 0, false
}
-func isDraft28(vers uint16) bool {
- return vers == tls13Draft28Version || vers == VersionTLS13
-}
-
// isSupportedVersion checks if the specified wire version is acceptable. If so,
// it returns true and the corresponding protocol version. Otherwise, it returns
// false.
@@ -1764,10 +1757,6 @@
if wireVers != tls13Draft23Version {
return 0, false
}
- case TLS13Draft28:
- if wireVers != tls13Draft28Version {
- return 0, false
- }
case TLS13RFC:
if wireVers != VersionTLS13 {
return 0, false
diff --git a/ssl/test/runner/conn.go b/ssl/test/runner/conn.go
index b6b6ffa..407e0ee 100644
--- a/ssl/test/runner/conn.go
+++ b/ssl/test/runner/conn.go
@@ -453,7 +453,7 @@
n := len(payload) - c.Overhead()
additionalData[11] = byte(n >> 8)
additionalData[12] = byte(n)
- } else if isDraft28(hc.wireVersion) {
+ } else if hc.wireVersion == VersionTLS13 {
additionalData = b.data[:recordHeaderLen]
}
var err error
@@ -619,7 +619,7 @@
copy(additionalData[8:], b.data[:3])
additionalData[11] = byte(payloadLen >> 8)
additionalData[12] = byte(payloadLen)
- } else if isDraft28(hc.wireVersion) {
+ } else if hc.wireVersion == VersionTLS13 {
additionalData = make([]byte, 5)
copy(additionalData, b.data[:3])
n := len(b.data) - recordHeaderLen
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 6bbaecf..cd6c6f8 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -1389,13 +1389,6 @@
versionWire: tls13Draft23Version,
tls13Variant: TLS13Draft23,
},
- {
- name: "TLS13Draft28",
- version: VersionTLS13,
- excludeFlag: "-no-tls13",
- versionWire: tls13Draft28Version,
- tls13Variant: TLS13Draft28,
- },
}
func allVersions(protocol protocol) []tlsVersion {
@@ -3025,7 +3018,7 @@
ExpectPackedEncryptedHandshake: 512,
},
},
- tls13Variant: TLS13Draft28,
+ tls13Variant: TLS13RFC,
messageLen: 1024,
flags: []string{
"-max-send-fragment", "512",
@@ -3067,17 +3060,16 @@
tls13Variant: TLS13Draft23,
},
{
- // Test that handshake data is tightly packed in TLS 1.3
- // draft-28.
+ // Test that handshake data is tightly packed in the final TLS 1.3.
testType: serverTest,
- name: "PackedEncryptedHandshake-TLS13Draft28",
+ name: "PackedEncryptedHandshake-TLS13",
config: Config{
MaxVersion: VersionTLS13,
Bugs: ProtocolBugs{
ExpectPackedEncryptedHandshake: 16384,
},
},
- tls13Variant: TLS13Draft28,
+ tls13Variant: TLS13RFC,
},
{
// Test that DTLS can handle multiple application data
@@ -5954,7 +5946,7 @@
SendTLS13DowngradeRandom: true,
},
},
- tls13Variant: TLS13Draft28,
+ tls13Variant: TLS13Draft23,
expectedVersion: VersionTLS12,
})
testCases = append(testCases, testCase{
@@ -5965,7 +5957,7 @@
CheckTLS13DowngradeRandom: true,
},
},
- tls13Variant: TLS13Draft28,
+ tls13Variant: TLS13Draft23,
expectedVersion: VersionTLS13,
})
@@ -6010,7 +6002,7 @@
"-advertise-alpn", "\x03foo",
"-expect-alpn", "foo",
"-ignore-tls13-downgrade",
- "-tls13-variant", strconv.Itoa(TLS13Draft28),
+ "-tls13-variant", strconv.Itoa(TLS13Draft23),
"-max-version", strconv.Itoa(VersionTLS13),
},
shimWritesFirst: true,
@@ -12751,7 +12743,7 @@
// Test that the supported_versions extension is enforced in the
// second ServerHello. Note we only enforce this starting draft 28.
- if isDraft28(version.versionWire) {
+ if version.versionWire == VersionTLS13 {
testCases = append(testCases, testCase{
name: "SecondServerHelloNoVersion-" + name,
config: Config{
diff --git a/ssl/tls13_client.cc b/ssl/tls13_client.cc
index cf20403..57eb2fa 100644
--- a/ssl/tls13_client.cc
+++ b/ssl/tls13_client.cc
@@ -291,7 +291,7 @@
return ssl_hs_error;
}
- if (ssl_is_draft28(ssl->version)) {
+ if (ssl->version == TLS1_3_VERSION) {
// Recheck supported_versions, in case this is the second ServerHello.
uint16_t version;
if (!have_supported_versions ||
diff --git a/tool/client.cc b/tool/client.cc
index 80acf34..a0ccfd8 100644
--- a/tool/client.cc
+++ b/tool/client.cc
@@ -333,10 +333,6 @@
*out = tls13_draft23;
return true;
}
- if (in == "draft28") {
- *out = tls13_draft28;
- return true;
- }
if (in == "rfc") {
*out = tls13_rfc;
return true;
diff --git a/tool/server.cc b/tool/server.cc
index c4b23bf..6fe3d01 100644
--- a/tool/server.cc
+++ b/tool/server.cc
@@ -153,10 +153,6 @@
*out = tls13_draft23;
return true;
}
- if (in == "draft28") {
- *out = tls13_draft28;
- return true;
- }
if (in == "rfc") {
*out = tls13_rfc;
return true;