Disable 'draft 22' by default.

Change-Id: I1a0f264cbfa0eb5d4adac96d0fc24fa342f2b6a3
Reviewed-on: https://boringssl-review.googlesource.com/22946
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
Steven Valdez 2017-11-11 21:38:15 -05:00 committed by CQ bot account: commit-bot@chromium.org
parent 4ddbc7bd0d
commit ba8f1864c1
2 changed files with 8 additions and 6 deletions

View File

@ -338,13 +338,15 @@ bool ssl_supports_version(SSL_HANDSHAKE *hs, uint16_t version) {
// The server, when not configured at |tls13_default|, should additionally // The server, when not configured at |tls13_default|, should additionally
// enable all variants, except draft-21 which is implemented solely for QUIC // enable all variants, except draft-21 which is implemented solely for QUIC
// interop testing and will not be deployed. Currently, this is to implement // interop testing and will not be deployed, and draft-22 which will be
// the draft-18 vs. experiments field trials. In the future, this will be to // enabled once the draft is finalized and ready to be deployed in Chrome.
// transition cleanly to a future draft-22 which hopefully includes the // Currently, this is to implement the draft-18 vs. experiments field trials.
// deployability fixes. // In the future, this will be to transition cleanly to a final draft-22
// which hopefully includes the deployability fixes.
if (ssl->server && if (ssl->server &&
ssl->tls13_variant != tls13_default && ssl->tls13_variant != tls13_default &&
version != TLS1_3_DRAFT21_VERSION) { version != TLS1_3_DRAFT21_VERSION &&
version != TLS1_3_DRAFT22_VERSION) {
return true; return true;
} }

View File

@ -5215,7 +5215,7 @@ func addVersionNegotiationTests() {
if expectedVersion == VersionTLS13 && runnerVers.tls13Variant != shimVers.tls13Variant { if expectedVersion == VersionTLS13 && runnerVers.tls13Variant != shimVers.tls13Variant {
expectedClientVersion = VersionTLS12 expectedClientVersion = VersionTLS12
expectedServerVersion = VersionTLS12 expectedServerVersion = VersionTLS12
if shimVers.tls13Variant != TLS13Default && runnerVers.tls13Variant != TLS13Draft21 { if shimVers.tls13Variant != TLS13Default && runnerVers.tls13Variant != TLS13Draft21 && runnerVers.tls13Variant != TLS13Draft22 {
expectedServerVersion = VersionTLS13 expectedServerVersion = VersionTLS13
} }
} }