.only_extension = 0,
.false_start = 1
},
+#ifdef TLS13_FINAL_VERSION
{.name = "TLS1.3",
.id = GNUTLS_TLS1_3,
- .age = 4,
+ .age = 5,
.major = 3,
.minor = 4,
.transport = GNUTLS_STREAM,
.supported = 1,
- .explicit_iv = 1,
+ .explicit_iv = 0,
+ .extensions = 1,
+ .selectable_sighash = 1,
+ .selectable_prf = 1,
+ .tls13_sem = 1,
+ .obsolete = 0,
+ .only_extension = 1,
+ .post_handshake_auth = 1,
+ .key_shares = 1,
+ .false_start = 0, /* doesn't make sense */
+ .tls_sig_sem = 1
+ },
+#else
+ {.name = "TLS1.3",
+ .id = GNUTLS_TLS1_3,
+ .age = 5,
+ .major = 0x7f,
+ .minor = 21,
+ .transport = GNUTLS_STREAM,
+ .supported = 1,
+ .explicit_iv = 0,
.extensions = 1,
.selectable_sighash = 1,
.selectable_prf = 1,
- .compact_hello = 1,
+ .tls13_sem = 1,
.obsolete = 0,
.only_extension = 1,
.post_handshake_auth = 1,
.false_start = 0, /* doesn't make sense */
.tls_sig_sem = 1
},
+#endif
{.name = "DTLS0.9", /* Cisco AnyConnect (based on about OpenSSL 0.9.8e) */
.id = GNUTLS_DTLS0_9,
.age = 200,
at_least_one_new = 1;
if (buffer_size > 2) {
+ _gnutls_debug_log("Advertizing version %x.%x\n", (int)p->major, (int)p->minor);
buffer[0] = p->major;
buffer[1] = p->minor;
written_bytes += 2;
/* if SSL3 is disabled this flag indicates that this protocol is a placeholder,
* otherwise it prevents this protocol from being set as record version */
bool obsolete;
- bool compact_hello; /* The TLS 1.3 client and server hello form */
+ bool tls13_sem; /* The TLS 1.3 handshake semantics */
bool false_start; /* That version can be used with false start */
bool only_extension; /* negotiated only with an extension */
bool post_handshake_auth; /* Supports the TLS 1.3 post handshake auth */
pos += GNUTLS_RANDOM_SIZE;
- if (!vers->compact_hello) {
+ if (!vers->tls13_sem) {
/* Read session ID
*/
DECR_LEN(len, 1);
}
pos += 2;
- if (!vers->compact_hello) {
+ if (!vers->tls13_sem) {
/* move to compression
*/
DECR_LEN(len, 1);
goto fail;
}
- if (!vers->compact_hello) {
+ if (!vers->tls13_sem) {
datalen = 2 + session_id_len + 1 + GNUTLS_RANDOM_SIZE + 3 + extdata.length;
} else {
datalen = 2 + GNUTLS_RANDOM_SIZE + 2 + extdata.length;
GNUTLS_RANDOM_SIZE);
pos += GNUTLS_RANDOM_SIZE;
- if (!vers->compact_hello) {
+ if (!vers->tls13_sem) {
data[pos++] = session_id_len;
if (session_id_len > 0) {
memcpy(&data[pos],
session->security_parameters.cs->id, 2);
pos += 2;
- if (!vers->compact_hello) {
+ if (!vers->tls13_sem) {
data[pos++] = 0x00;
}
success("server hello of %d bytes\n", msg->size);
/* we expect the legacy version to be present */
/* ProtocolVersion legacy_version = 0x0303 */
+#ifdef TLS13_FINAL_VERSION
if (msg->data[0] != 0x03) {
+#else
+ if (msg->data[0] != 0x7f) {
+#endif
fail("ProtocolVersion contains %d.%d\n", (int)msg->data[0], (int)msg->data[1]);
}
success("server hello:\n\t%d.%d\n",
(int)msg->data[pos], (int)msg->data[pos+1]);
+#ifdef TLS13_FINAL_VERSION
if (msg->data[pos] != 0x03 || msg->data[pos+1] != 0x04) {
+#else
+ if (msg->data[pos] != 0x7f || msg->data[pos+1] != 21) {
+#endif
fail("fail expected TLS 1.3 in server hello, got %d.%d\n", (int)msg->data[pos], (int)msg->data[pos+1]);
}
(int)msg->data[pos+2], (int)msg->data[pos+3],
(int)msg->data[pos+4], (int)msg->data[pos+5]);
+#ifdef TLS13_FINAL_VERSION
if (msg->data[pos] != 0x03 || msg->data[pos+1] != 0x04) {
+#else
+ if (msg->data[pos] != 0x7f || msg->data[pos+1] != 21) {
+#endif
fail("fail expected TLS 1.3, got %d.%d\n", (int)msg->data[pos], (int)msg->data[pos+1]);
}
pos+=2;
projects / thirdparty / gnutls.git / commitdiff
