drop some no-longer-relevant TODO(TLS1.3) entries

We prevent compression both when the server is parsing the ClientHello and when the client is constructing the ClientHello. A 1.3 ServerHello has no way to hand us back a compression method, and we already check that the server does not try to give us back a compression method that we did not request, so these checks seem sufficient. Weaken the INSTALL note slightly, as we do now expect to interoperate with other implementations. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3131)
2025-04-24 20:51:14 +08:00 · 2017-03-23 11:00:08 -05:00 · 2017-03-23 11:00:08 -05:00 · cf34d54d82
commit cf34d54d82
parent 5c718b9e46
2 changed files with 3 additions and 5 deletions
--- a/5
+++ b/5
@ -484,8 +484,9 @@
  enable-tls1_3
                   TODO(TLS1.3): Make this enabled by default
                   Build support for TLS1.3. Note: This is a WIP feature and
-                   does not currently interoperate with other TLS1.3
-                   implementations! Use with caution!!
+                   only a single draft version is supported.  Implementations
+                   of different draft versions will negotiate TLS 1.2 instead
+                   of (draft) TLS 1.3.  Use with caution!!

  no-<prot>
                   Don't build support for negotiating the specified SSL/TLS
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@ -841,9 +841,6 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,

        /* first we compress */
        if (s->compress != NULL) {
-            /*
-             * TODO(TLS1.3): Make sure we prevent compression!!!
-             */
            if (!ssl3_do_compress(s, thiswr)
                    || !WPACKET_allocate_bytes(thispkt, thiswr->length, NULL)) {
                SSLerr(SSL_F_DO_SSL3_WRITE, SSL_R_COMPRESSION_FAILURE);