Google Git
Sign in
boringssl/boringssl/7e5dd25d47face6deb452823ae4f40c4c7ca375a^!/./ssl/ssl_versions.cc
commit
7e5dd25d47face6deb452823ae4f40c4c7ca375a
[log]
author
Steven Valdez <svaldez@google.com>
Mon Jan 22 15:20:31 2018 -0500
committer
CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Wed Jan 31 18:07:53 2018 +0000
tree
0d4c4b607bf7a7b3647ed248fc8635b90dbb3683
parent
3c034b2cf386b3131f75520705491871a2e0cafe [diff] [blame]
Remove draft22 and experiment2.

Change-Id: I2486dc810ea842c534015fc04917712daa26cfde
Update-Note: Now that tls13_experiment2 is gone, the server should remove the set_tls13_variant call. To avoid further churn, we'll make the server default for future variants to be what we'd like to deploy.
Reviewed-on: https://boringssl-review.googlesource.com/25104
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>

diff --git a/ssl/ssl_versions.cc b/ssl/ssl_versions.cc
index 15012dc..aeb41d3 100644
--- a/ssl/ssl_versions.cc
+++ b/ssl/ssl_versions.cc

@@ -34,9 +34,7 @@
       *out = version;
       return true;
 
-    case TLS1_3_DRAFT22_VERSION:
     case TLS1_3_DRAFT23_VERSION:
-    case TLS1_3_EXPERIMENT2_VERSION:
       *out = TLS1_3_VERSION;
       return true;
 
@@ -59,8 +57,6 @@
 
 static const uint16_t kTLSVersions[] = {
     TLS1_3_DRAFT23_VERSION,
-    TLS1_3_DRAFT22_VERSION,
-    TLS1_3_EXPERIMENT2_VERSION,
     TLS1_2_VERSION,
     TLS1_1_VERSION,
     TLS1_VERSION,
@@ -103,9 +99,7 @@
 
 static const char *ssl_version_to_string(uint16_t version) {
   switch (version) {
-    case TLS1_3_DRAFT22_VERSION:
     case TLS1_3_DRAFT23_VERSION:
-    case TLS1_3_EXPERIMENT2_VERSION:
       return "TLSv1.3";
 
     case TLS1_2_VERSION:
@@ -134,9 +128,7 @@
 static uint16_t wire_version_to_api(uint16_t version) {
   switch (version) {
     // Report TLS 1.3 draft versions as TLS 1.3 in the public API.
-    case TLS1_3_DRAFT22_VERSION:
     case TLS1_3_DRAFT23_VERSION:
-    case TLS1_3_EXPERIMENT2_VERSION:
       return TLS1_3_VERSION;
     default:
       return version;
@@ -147,13 +139,11 @@
 // particular, it picks an arbitrary TLS 1.3 representative. This should only be
 // used in context where that does not matter.
 static bool api_version_to_wire(uint16_t *out, uint16_t version) {
-  if (version == TLS1_3_DRAFT22_VERSION ||
-      version == TLS1_3_DRAFT23_VERSION ||
-      version == TLS1_3_EXPERIMENT2_VERSION) {
+  if (version == TLS1_3_DRAFT23_VERSION) {
     return false;
   }
   if (version == TLS1_3_VERSION) {
-    version = TLS1_3_DRAFT22_VERSION;
+    version = TLS1_3_DRAFT23_VERSION;
   }
 
   // Check it is a real protocol version.
@@ -304,12 +294,10 @@
     return false;
   }
 
-  // TLS 1.3 variants must additionally match |tls13_variant|.
+  // This logic is part of the TLS 1.3 variants mechanism used in TLS 1.3
+  // experimentation. Although we currently only have one variant, TLS 1.3 does
+  // not a final stable deployment yet, so leave the logic in place for now.
   if (protocol_version != TLS1_3_VERSION ||
-      (ssl->tls13_variant == tls13_experiment2 &&
-       version == TLS1_3_EXPERIMENT2_VERSION) ||
-      (ssl->tls13_variant == tls13_draft22 &&
-       version == TLS1_3_DRAFT22_VERSION) ||
       (ssl->tls13_variant == tls13_default &&
        version == TLS1_3_DRAFT23_VERSION)) {
     return true;
@@ -368,18 +356,6 @@
   return false;
 }
 
-bool ssl_is_draft22(uint16_t version) {
-  return version == TLS1_3_DRAFT22_VERSION || version == TLS1_3_DRAFT23_VERSION;
-}
-
-bool ssl_is_draft23(uint16_t version) {
-  return version == TLS1_3_DRAFT23_VERSION;
-}
-
-bool ssl_is_draft23_variant(tls13_variant_t variant) {
-  return variant == tls13_default;
-}
-
 }  // namespace bssl
 
 using namespace bssl;