From ba8f1864c15ec938ce0851f416663511c89f454a Mon Sep 17 00:00:00 2001
From: Steven Valdez <svaldez@chromium.org>
Date: Sat, 11 Nov 2017 21:38:15 -0500
Subject: [PATCH] Disable 'draft 22' by default.

Change-Id: I1a0f264cbfa0eb5d4adac96d0fc24fa342f2b6a3
Reviewed-on: https://boringssl-review.googlesource.com/22946
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
---
 ssl/ssl_versions.cc       | 12 +++++++-----
 ssl/test/runner/runner.go |  2 +-
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/ssl/ssl_versions.cc b/ssl/ssl_versions.cc
index a356ed15..15b02943 100644
--- a/ssl/ssl_versions.cc
+++ b/ssl/ssl_versions.cc
@@ -338,13 +338,15 @@ bool ssl_supports_version(SSL_HANDSHAKE *hs, uint16_t version) {
 
   // The server, when not configured at |tls13_default|, should additionally
   // enable all variants, except draft-21 which is implemented solely for QUIC
-  // interop testing and will not be deployed. Currently, this is to implement
-  // the draft-18 vs. experiments field trials. In the future, this will be to
-  // transition cleanly to a future draft-22 which hopefully includes the
-  // deployability fixes.
+  // interop testing and will not be deployed, and draft-22 which will be
+  // enabled once the draft is finalized and ready to be deployed in Chrome.
+  // Currently, this is to implement the draft-18 vs. experiments field trials.
+  // In the future, this will be to transition cleanly to a final draft-22
+  // which hopefully includes the deployability fixes.
   if (ssl->server &&
       ssl->tls13_variant != tls13_default &&
-      version != TLS1_3_DRAFT21_VERSION) {
+      version != TLS1_3_DRAFT21_VERSION &&
+      version != TLS1_3_DRAFT22_VERSION) {
     return true;
   }
 
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index b6aa4a18..57bc20cb 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -5215,7 +5215,7 @@ func addVersionNegotiationTests() {
 				if expectedVersion == VersionTLS13 && runnerVers.tls13Variant != shimVers.tls13Variant {
 					expectedClientVersion = VersionTLS12
 					expectedServerVersion = VersionTLS12
-					if shimVers.tls13Variant != TLS13Default && runnerVers.tls13Variant != TLS13Draft21 {
+					if shimVers.tls13Variant != TLS13Default && runnerVers.tls13Variant != TLS13Draft21 && runnerVers.tls13Variant != TLS13Draft22 {
 						expectedServerVersion = VersionTLS13
 					}
 				}