Switch to the actual DTLS 1.3 codepoint I believe our implementation is interoperable at this point. Bug: 42290594 Change-Id: Id802b626a3028a3f2d4e89dfd3fcb69b51572b7d Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/73650 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Nick Harper <nharper@chromium.org>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index e7c57c7..9e9acee 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h
@@ -672,17 +672,7 @@ #define DTLS1_VERSION 0xfeff #define DTLS1_2_VERSION 0xfefd -// DTLS1_3_EXPERIMENTAL_VERSION gates experimental, in-progress code for DTLS -// 1.3. -// -// WARNING: Do not use this value. BoringSSL's DTLS 1.3 implementation is still -// under development. The code enabled by this value is neither stable nor -// secure. It does not correspond to any real protocol. It is also incompatible -// with other DTLS implementations, and it is not compatible with future or past -// versions of BoringSSL. -// -// When the DTLS 1.3 implementation is complete, this symbol will be replaced. -#define DTLS1_3_EXPERIMENTAL_VERSION 0xfc25 +#define DTLS1_3_VERSION 0xfefc // SSL_CTX_set_min_proto_version sets the minimum protocol version for |ctx| to // |version|. If |version| is zero, the default minimum version is used. It
diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc index 055015f..5fb78da 100644 --- a/ssl/ssl_test.cc +++ b/ssl/ssl_test.cc
@@ -92,7 +92,7 @@ {TLS1_3_VERSION, VersionParam::is_tls, "TLS1_3"}, {DTLS1_VERSION, VersionParam::is_dtls, "DTLS1"}, {DTLS1_2_VERSION, VersionParam::is_dtls, "DTLS1_2"}, - {DTLS1_3_EXPERIMENTAL_VERSION, VersionParam::is_dtls, "DTLS1_3"}, + {DTLS1_3_VERSION, VersionParam::is_dtls, "DTLS1_3"}, }; struct ExpectedCipher { @@ -2765,8 +2765,7 @@ uint16_t version() const { return GetParam().version; } bool is_tls13() const { - return version() == TLS1_3_VERSION || - version() == DTLS1_3_EXPERIMENTAL_VERSION; + return version() == TLS1_3_VERSION || version() == DTLS1_3_VERSION; } bool is_dtls() const { @@ -2799,7 +2798,7 @@ uint64_t server_write_seq = SSL_get_write_sequence(server_.get()); if (is_dtls()) { - if (version() == DTLS1_3_EXPERIMENTAL_VERSION) { + if (version() == DTLS1_3_VERSION) { // Both client and server must be at epoch 3 (application data). EXPECT_EQ(EpochFromSequence(client_write_seq), 3); EXPECT_EQ(EpochFromSequence(server_write_seq), 3); @@ -2830,7 +2829,7 @@ EXPECT_EQ(SSL_write(client_.get(), &byte, 1), 1); EXPECT_EQ(SSL_read(server_.get(), &byte, 1), 1); - if (version() == DTLS1_3_EXPERIMENTAL_VERSION) { + if (version() == DTLS1_3_VERSION) { // TODO(crbug.com/42290608): Write an appropriate test for incrementing both // sequence number and epoch in the following test. The server read seq was // in epoch 2, but after the write it's in epoch 3, so adding 1 doesn't work @@ -3985,7 +3984,7 @@ return "DTLSv1"; case DTLS1_2_VERSION: return "DTLSv1.2"; - case DTLS1_3_EXPERIMENTAL_VERSION: + case DTLS1_3_VERSION: return "DTLSv1.3"; default: return "???"; @@ -4376,7 +4375,7 @@ } TEST_P(SSLVersionTest, RecordCallback) { - if (version() == DTLS1_3_EXPERIMENTAL_VERSION) { + if (version() == DTLS1_3_VERSION) { // The DTLS 1.3 record header is vastly different than the TLS or DTLS < 1.3 // header format. Instead of checking that the record header is formatted as // expected here, the runner implementation in dtls.go is strict about what @@ -9749,14 +9748,10 @@ SSL_CTX_set_early_data_enabled(server_ctx.get(), true); SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH); SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH); - ASSERT_TRUE(SSL_CTX_set_min_proto_version(client_ctx.get(), - DTLS1_3_EXPERIMENTAL_VERSION)); - ASSERT_TRUE(SSL_CTX_set_max_proto_version(client_ctx.get(), - DTLS1_3_EXPERIMENTAL_VERSION)); - ASSERT_TRUE(SSL_CTX_set_min_proto_version(server_ctx.get(), - DTLS1_3_EXPERIMENTAL_VERSION)); - ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(), - DTLS1_3_EXPERIMENTAL_VERSION)); + ASSERT_TRUE(SSL_CTX_set_min_proto_version(client_ctx.get(), DTLS1_3_VERSION)); + ASSERT_TRUE(SSL_CTX_set_max_proto_version(client_ctx.get(), DTLS1_3_VERSION)); + ASSERT_TRUE(SSL_CTX_set_min_proto_version(server_ctx.get(), DTLS1_3_VERSION)); + ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(), DTLS1_3_VERSION)); bssl::UniquePtr<SSL_SESSION> session = CreateClientSession(client_ctx.get(), server_ctx.get());
diff --git a/ssl/ssl_versions.cc b/ssl/ssl_versions.cc index a34278d..20e17e1 100644 --- a/ssl/ssl_versions.cc +++ b/ssl/ssl_versions.cc
@@ -46,7 +46,7 @@ *out = TLS1_2_VERSION; return true; - case DTLS1_3_EXPERIMENTAL_VERSION: + case DTLS1_3_VERSION: *out = TLS1_3_VERSION; return true; @@ -66,7 +66,7 @@ }; static const uint16_t kDTLSVersions[] = { - DTLS1_3_EXPERIMENTAL_VERSION, + DTLS1_3_VERSION, DTLS1_2_VERSION, DTLS1_VERSION, }; @@ -104,7 +104,7 @@ {TLS1_VERSION, "TLSv1"}, {DTLS1_VERSION, "DTLSv1"}, {DTLS1_2_VERSION, "DTLSv1.2"}, - {DTLS1_3_EXPERIMENTAL_VERSION, "DTLSv1.3"}, + {DTLS1_3_VERSION, "DTLSv1.3"}, }; static const char *ssl_version_to_string(uint16_t version) { @@ -156,6 +156,8 @@ static bool set_max_version(const SSL_PROTOCOL_METHOD *method, uint16_t *out, uint16_t version) { // Zero is interpreted as the default maximum version. + // TODO(crbug.com/42290594): Enable DTLS 1.3 by default, after it's + // successfully shipped in WebRTC. if (version == 0) { *out = method->is_dtls ? DTLS1_2_VERSION : TLS1_3_VERSION; return true;
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go index 7dfba14..8a76672 100644 --- a/ssl/test/runner/common.go +++ b/ssl/test/runner/common.go
@@ -31,9 +31,9 @@ ) const ( - VersionDTLS10 = 0xfeff - VersionDTLS12 = 0xfefd - VersionDTLS125Experimental = 0xfc25 + VersionDTLS10 = 0xfeff + VersionDTLS12 = 0xfefd + VersionDTLS13 = 0xfefc ) var allTLSWireVersions = []uint16{ @@ -45,7 +45,7 @@ } var allDTLSWireVersions = []uint16{ - VersionDTLS125Experimental, + VersionDTLS13, VersionDTLS12, VersionDTLS10, } @@ -2126,7 +2126,7 @@ func wireToVersion(vers uint16, isDTLS bool) (uint16, bool) { if isDTLS { switch vers { - case VersionDTLS125Experimental: + case VersionDTLS13: return VersionTLS13, true case VersionDTLS12: return VersionTLS12, true
diff --git a/ssl/test/runner/handshake_client.go b/ssl/test/runner/handshake_client.go index b6b9515..f9dfb98 100644 --- a/ssl/test/runner/handshake_client.go +++ b/ssl/test/runner/handshake_client.go
@@ -848,7 +848,7 @@ if session.vers < VersionTLS13 { version = VersionTLS13 if c.isDTLS { - version = VersionDTLS125Experimental + version = VersionDTLS13 } } generatePSKBinders(version, c.isDTLS, hello, session, nil, nil, c.config)
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index ddd665a..19e3740 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go
@@ -1903,7 +1903,7 @@ excludeFlag: "-no-tls13", hasQUIC: true, hasDTLS: true, - versionDTLS: VersionDTLS125Experimental, + versionDTLS: VersionDTLS13, versionWire: VersionTLS13, }, }
diff --git a/ssl/test/test_config.cc b/ssl/test/test_config.cc index 9471379..bf16b51 100644 --- a/ssl/test/test_config.cc +++ b/ssl/test/test_config.cc
@@ -2316,8 +2316,9 @@ !SSL_set_min_proto_version(ssl.get(), min_version)) { return nullptr; } + // TODO(crbug.com/42290594): Remove this once DTLS 1.3 is enabled by default. if (is_dtls && max_version == 0 && - !SSL_set_max_proto_version(ssl.get(), DTLS1_3_EXPERIMENTAL_VERSION)) { + !SSL_set_max_proto_version(ssl.get(), DTLS1_3_VERSION)) { return nullptr; } if (max_version != 0 &&