Switch to the actual DTLS 1.3 codepoint
I believe our implementation is interoperable at this point.
Bug: 42290594
Change-Id: Id802b626a3028a3f2d4e89dfd3fcb69b51572b7d
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/73650
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Nick Harper <nharper@chromium.org>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index e7c57c7..9e9acee 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -672,17 +672,7 @@
#define DTLS1_VERSION 0xfeff
#define DTLS1_2_VERSION 0xfefd
-// DTLS1_3_EXPERIMENTAL_VERSION gates experimental, in-progress code for DTLS
-// 1.3.
-//
-// WARNING: Do not use this value. BoringSSL's DTLS 1.3 implementation is still
-// under development. The code enabled by this value is neither stable nor
-// secure. It does not correspond to any real protocol. It is also incompatible
-// with other DTLS implementations, and it is not compatible with future or past
-// versions of BoringSSL.
-//
-// When the DTLS 1.3 implementation is complete, this symbol will be replaced.
-#define DTLS1_3_EXPERIMENTAL_VERSION 0xfc25
+#define DTLS1_3_VERSION 0xfefc
// SSL_CTX_set_min_proto_version sets the minimum protocol version for |ctx| to
// |version|. If |version| is zero, the default minimum version is used. It
diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
index 055015f..5fb78da 100644
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc
@@ -92,7 +92,7 @@
{TLS1_3_VERSION, VersionParam::is_tls, "TLS1_3"},
{DTLS1_VERSION, VersionParam::is_dtls, "DTLS1"},
{DTLS1_2_VERSION, VersionParam::is_dtls, "DTLS1_2"},
- {DTLS1_3_EXPERIMENTAL_VERSION, VersionParam::is_dtls, "DTLS1_3"},
+ {DTLS1_3_VERSION, VersionParam::is_dtls, "DTLS1_3"},
};
struct ExpectedCipher {
@@ -2765,8 +2765,7 @@
uint16_t version() const { return GetParam().version; }
bool is_tls13() const {
- return version() == TLS1_3_VERSION ||
- version() == DTLS1_3_EXPERIMENTAL_VERSION;
+ return version() == TLS1_3_VERSION || version() == DTLS1_3_VERSION;
}
bool is_dtls() const {
@@ -2799,7 +2798,7 @@
uint64_t server_write_seq = SSL_get_write_sequence(server_.get());
if (is_dtls()) {
- if (version() == DTLS1_3_EXPERIMENTAL_VERSION) {
+ if (version() == DTLS1_3_VERSION) {
// Both client and server must be at epoch 3 (application data).
EXPECT_EQ(EpochFromSequence(client_write_seq), 3);
EXPECT_EQ(EpochFromSequence(server_write_seq), 3);
@@ -2830,7 +2829,7 @@
EXPECT_EQ(SSL_write(client_.get(), &byte, 1), 1);
EXPECT_EQ(SSL_read(server_.get(), &byte, 1), 1);
- if (version() == DTLS1_3_EXPERIMENTAL_VERSION) {
+ if (version() == DTLS1_3_VERSION) {
// TODO(crbug.com/42290608): Write an appropriate test for incrementing both
// sequence number and epoch in the following test. The server read seq was
// in epoch 2, but after the write it's in epoch 3, so adding 1 doesn't work
@@ -3985,7 +3984,7 @@
return "DTLSv1";
case DTLS1_2_VERSION:
return "DTLSv1.2";
- case DTLS1_3_EXPERIMENTAL_VERSION:
+ case DTLS1_3_VERSION:
return "DTLSv1.3";
default:
return "???";
@@ -4376,7 +4375,7 @@
}
TEST_P(SSLVersionTest, RecordCallback) {
- if (version() == DTLS1_3_EXPERIMENTAL_VERSION) {
+ if (version() == DTLS1_3_VERSION) {
// The DTLS 1.3 record header is vastly different than the TLS or DTLS < 1.3
// header format. Instead of checking that the record header is formatted as
// expected here, the runner implementation in dtls.go is strict about what
@@ -9749,14 +9748,10 @@
SSL_CTX_set_early_data_enabled(server_ctx.get(), true);
SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
- ASSERT_TRUE(SSL_CTX_set_min_proto_version(client_ctx.get(),
- DTLS1_3_EXPERIMENTAL_VERSION));
- ASSERT_TRUE(SSL_CTX_set_max_proto_version(client_ctx.get(),
- DTLS1_3_EXPERIMENTAL_VERSION));
- ASSERT_TRUE(SSL_CTX_set_min_proto_version(server_ctx.get(),
- DTLS1_3_EXPERIMENTAL_VERSION));
- ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(),
- DTLS1_3_EXPERIMENTAL_VERSION));
+ ASSERT_TRUE(SSL_CTX_set_min_proto_version(client_ctx.get(), DTLS1_3_VERSION));
+ ASSERT_TRUE(SSL_CTX_set_max_proto_version(client_ctx.get(), DTLS1_3_VERSION));
+ ASSERT_TRUE(SSL_CTX_set_min_proto_version(server_ctx.get(), DTLS1_3_VERSION));
+ ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(), DTLS1_3_VERSION));
bssl::UniquePtr<SSL_SESSION> session =
CreateClientSession(client_ctx.get(), server_ctx.get());
diff --git a/ssl/ssl_versions.cc b/ssl/ssl_versions.cc
index a34278d..20e17e1 100644
--- a/ssl/ssl_versions.cc
+++ b/ssl/ssl_versions.cc
@@ -46,7 +46,7 @@
*out = TLS1_2_VERSION;
return true;
- case DTLS1_3_EXPERIMENTAL_VERSION:
+ case DTLS1_3_VERSION:
*out = TLS1_3_VERSION;
return true;
@@ -66,7 +66,7 @@
};
static const uint16_t kDTLSVersions[] = {
- DTLS1_3_EXPERIMENTAL_VERSION,
+ DTLS1_3_VERSION,
DTLS1_2_VERSION,
DTLS1_VERSION,
};
@@ -104,7 +104,7 @@
{TLS1_VERSION, "TLSv1"},
{DTLS1_VERSION, "DTLSv1"},
{DTLS1_2_VERSION, "DTLSv1.2"},
- {DTLS1_3_EXPERIMENTAL_VERSION, "DTLSv1.3"},
+ {DTLS1_3_VERSION, "DTLSv1.3"},
};
static const char *ssl_version_to_string(uint16_t version) {
@@ -156,6 +156,8 @@
static bool set_max_version(const SSL_PROTOCOL_METHOD *method, uint16_t *out,
uint16_t version) {
// Zero is interpreted as the default maximum version.
+ // TODO(crbug.com/42290594): Enable DTLS 1.3 by default, after it's
+ // successfully shipped in WebRTC.
if (version == 0) {
*out = method->is_dtls ? DTLS1_2_VERSION : TLS1_3_VERSION;
return true;
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index 7dfba14..8a76672 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -31,9 +31,9 @@
)
const (
- VersionDTLS10 = 0xfeff
- VersionDTLS12 = 0xfefd
- VersionDTLS125Experimental = 0xfc25
+ VersionDTLS10 = 0xfeff
+ VersionDTLS12 = 0xfefd
+ VersionDTLS13 = 0xfefc
)
var allTLSWireVersions = []uint16{
@@ -45,7 +45,7 @@
}
var allDTLSWireVersions = []uint16{
- VersionDTLS125Experimental,
+ VersionDTLS13,
VersionDTLS12,
VersionDTLS10,
}
@@ -2126,7 +2126,7 @@
func wireToVersion(vers uint16, isDTLS bool) (uint16, bool) {
if isDTLS {
switch vers {
- case VersionDTLS125Experimental:
+ case VersionDTLS13:
return VersionTLS13, true
case VersionDTLS12:
return VersionTLS12, true
diff --git a/ssl/test/runner/handshake_client.go b/ssl/test/runner/handshake_client.go
index b6b9515..f9dfb98 100644
--- a/ssl/test/runner/handshake_client.go
+++ b/ssl/test/runner/handshake_client.go
@@ -848,7 +848,7 @@
if session.vers < VersionTLS13 {
version = VersionTLS13
if c.isDTLS {
- version = VersionDTLS125Experimental
+ version = VersionDTLS13
}
}
generatePSKBinders(version, c.isDTLS, hello, session, nil, nil, c.config)
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index ddd665a..19e3740 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -1903,7 +1903,7 @@
excludeFlag: "-no-tls13",
hasQUIC: true,
hasDTLS: true,
- versionDTLS: VersionDTLS125Experimental,
+ versionDTLS: VersionDTLS13,
versionWire: VersionTLS13,
},
}
diff --git a/ssl/test/test_config.cc b/ssl/test/test_config.cc
index 9471379..bf16b51 100644
--- a/ssl/test/test_config.cc
+++ b/ssl/test/test_config.cc
@@ -2316,8 +2316,9 @@
!SSL_set_min_proto_version(ssl.get(), min_version)) {
return nullptr;
}
+ // TODO(crbug.com/42290594): Remove this once DTLS 1.3 is enabled by default.
if (is_dtls && max_version == 0 &&
- !SSL_set_max_proto_version(ssl.get(), DTLS1_3_EXPERIMENTAL_VERSION)) {
+ !SSL_set_max_proto_version(ssl.get(), DTLS1_3_VERSION)) {
return nullptr;
}
if (max_version != 0 &&
