1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 08:08:50 -05:00

openssl: initial TLS 1.3 adaptions

BoringSSL supports TLSv1.3 already, but these changes don't seem to be anough
to get it working.
This commit is contained in:
Daniel Stenberg 2016-11-07 14:38:59 +01:00
parent 50aded1cd4
commit 9e8b0a283f

View File

@ -1548,6 +1548,11 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type,
case TLS1_2_VERSION:
verstr = "TLSv1.2";
break;
#endif
#ifdef TLS1_3_VERSION
case TLS1_3_VERSION:
verstr = "TLSv1.3";
break;
#endif
case 0:
break;
@ -1677,6 +1682,10 @@ get_ssl_version_txt(SSL *ssl)
return "";
switch(SSL_version(ssl)) {
#ifdef TLS1_3_VERSION
case TLS1_3_VERSION:
return "TLSv1.3";
#endif
#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
case TLS1_2_VERSION:
return "TLSv1.2";
@ -1728,6 +1737,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
case CURL_SSLVERSION_TLSv1_0:
case CURL_SSLVERSION_TLSv1_1:
case CURL_SSLVERSION_TLSv1_2:
case CURL_SSLVERSION_TLSv1_3:
/* it will be handled later with the context options */
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
!defined(LIBRESSL_VERSION_NUMBER)
@ -1891,6 +1901,16 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
break;
#endif
#ifdef TLS1_3_VERSION
case CURL_SSLVERSION_TLSv1_3:
ctx_options |= SSL_OP_NO_SSLv2;
ctx_options |= SSL_OP_NO_SSLv3;
ctx_options |= SSL_OP_NO_TLSv1;
ctx_options |= SSL_OP_NO_TLSv1_1;
ctx_options |= SSL_OP_NO_TLSv1_2;
break;
#endif
#ifndef OPENSSL_NO_SSL2
case CURL_SSLVERSION_SSLv2:
ctx_options |= SSL_OP_NO_SSLv3;