mirror of
https://github.com/openssl/openssl.git
synced 2025-01-18 13:44:20 +08:00
Update Configure to know about tls1_3
Also we disable TLS1.3 by default (use enable-tls1_3 to re-enable). This is because this is a WIP and will not be interoperable with any other TLS1.3 implementation. Finally, we fix some tests that started failing when TLS1.3 was disabled by default. Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
parent
0ced42e050
commit
84a6833658
@ -318,7 +318,7 @@ $config{sdirs} = [
|
||||
];
|
||||
|
||||
# Known TLS and DTLS protocols
|
||||
my @tls = qw(ssl3 tls1 tls1_1 tls1_2);
|
||||
my @tls = qw(ssl3 tls1 tls1_1 tls1_2 tls1_3);
|
||||
my @dtls = qw(dtls1 dtls1_2);
|
||||
|
||||
# Explicitly known options that are possible to disable. They can
|
||||
@ -440,6 +440,8 @@ our %disabled = ( # "what" => "comment"
|
||||
"ssl3" => "default",
|
||||
"ssl3-method" => "default",
|
||||
"ubsan" => "default",
|
||||
#TODO(TLS1.3): Temporarily disabled while this is a WIP
|
||||
"tls1_3" => "default",
|
||||
"unit-test" => "default",
|
||||
"weak-ssl-ciphers" => "default",
|
||||
"zlib" => "default",
|
||||
@ -476,7 +478,7 @@ my @disable_cascades = (
|
||||
sub { $disabled{rsa}
|
||||
&& ($disabled{dsa} || $disabled{dh})
|
||||
&& ($disabled{ecdsa} || $disabled{ecdh}); }
|
||||
=> [ "tls1", "tls1_1", "tls1_2",
|
||||
=> [ "tls1", "tls1_1", "tls1_2", "tls1_3",
|
||||
"dtls1", "dtls1_2" ],
|
||||
|
||||
"tls" => [ @tls ],
|
||||
|
6
INSTALL
6
INSTALL
@ -457,6 +457,12 @@
|
||||
specific configuration, e.g. "-m32" to build x86 code on
|
||||
an x64 system.
|
||||
|
||||
enable-tls1_3
|
||||
TODO(TLS1.3): Make this enabled by default
|
||||
Build support for TLS1.3. Note: This is a WIP feature and
|
||||
does not currently interoperate with other TLS1.3
|
||||
implementations! Use with caution!!
|
||||
|
||||
no-<prot>
|
||||
Don't build support for negotiating the specified SSL/TLS
|
||||
protocol (one of ssl, ssl3, tls, tls1, tls1_1, tls1_2, dtls,
|
||||
|
@ -34,7 +34,8 @@ plan tests => 18; # = scalar @conf_srcs
|
||||
# Some test results depend on the configuration of enabled protocols. We only
|
||||
# verify generated sources in the default configuration.
|
||||
my $is_default_tls = (disabled("ssl3") && !disabled("tls1") &&
|
||||
!disabled("tls1_1") && !disabled("tls1_2"));
|
||||
!disabled("tls1_1") && !disabled("tls1_2") &&
|
||||
disabled("tls1_3"));
|
||||
|
||||
my $is_default_dtls = (!disabled("dtls1") && !disabled("dtls1_2"));
|
||||
|
||||
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -137,6 +137,7 @@ sub generate_resumption_tests {
|
||||
|
||||
my @protocols = $dtls ? @dtls_protocols : @tls_protocols;
|
||||
my $min_enabled = $dtls ? $min_dtls_enabled : $min_tls_enabled;
|
||||
my $max_enabled = $dtls ? $max_dtls_enabled : $max_tls_enabled;
|
||||
|
||||
if (no_tests($dtls)) {
|
||||
return;
|
||||
@ -146,10 +147,10 @@ sub generate_resumption_tests {
|
||||
my @client_tests = ();
|
||||
|
||||
# Obtain the first session against a fixed-version server/client.
|
||||
foreach my $original_protocol($min_enabled..$#protocols) {
|
||||
foreach my $original_protocol($min_enabled..$max_enabled) {
|
||||
# Upgrade or downgrade the server/client max version support and test
|
||||
# that it upgrades, downgrades or resumes the session as well.
|
||||
foreach my $resume_protocol($min_enabled..$#protocols) {
|
||||
foreach my $resume_protocol($min_enabled..$max_enabled) {
|
||||
my $resumption_expected;
|
||||
# We should only resume on exact version match.
|
||||
if ($original_protocol eq $resume_protocol) {
|
||||
|
Loading…
Reference in New Issue
Block a user