kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
5510863fbd
boringssl/ssl
History
David Benjamin 5510863fbd Temporary remove the TLS 1.3 anti-downgrade mechanism. 
This mechanism is incompatible with deploying draft versions of TLS 1.3.

Suppose a draft M client talks to a draft N server, M != N. (Either M or
N could also be the final standard revision should there be lingering
draft clients or servers.) The server will notice the mismatch and
pretend ClientHello.version is TLS 1.2, not TLS 1.3. But this will
trigger anti-downgrade signal and cause an interop failure! And if it
doesn't trigger, all the clever tricks around ServerHello.random being
signed in TLS 1.2 are moot.

We'll put this back when the dust has settled.

Change-Id: Ic3cf72b7c31ba91e5cca0cfd7a3fca830c493a43
Reviewed-on: https://boringssl-review.googlesource.com/11005
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-09-12 18:10:23 +00:00
..
test Temporary remove the TLS 1.3 anti-downgrade mechanism. 2016-09-12 18:10:23 +00:00
CMakeLists.txt Add TLS 1.3 1-RTT. 2016-07-18 09:54:46 +00:00
custom_extensions.c Send unsupported_extension on unexpected ServerHello extensions. 2016-08-01 18:56:31 +00:00
d1_both.c Switch finish_handshake to release_current_message. 2016-07-28 22:59:18 +00:00
d1_lib.c Test that servers enforce session timeouts. 2016-08-03 21:27:07 +00:00
d1_pkt.c Move post-handshake message handling out of read_app_data. 2016-07-29 21:05:49 +00:00
d1_srtp.c Make kSRTPProfiles static. 2016-05-13 14:12:22 +00:00
dtls_method.c Switch finish_handshake to release_current_message. 2016-07-28 22:59:18 +00:00
dtls_record.c Fix the alias checks in dtls_record.c. 2016-06-09 21:11:22 +00:00
handshake_client.c Temporary remove the TLS 1.3 anti-downgrade mechanism. 2016-09-12 18:10:23 +00:00
handshake_server.c Temporary remove the TLS 1.3 anti-downgrade mechanism. 2016-09-12 18:10:23 +00:00
internal.h Fix a number of sigalg scope issues. 2016-08-24 00:24:34 +00:00
s3_both.c Fix a number of sigalg scope issues. 2016-08-24 00:24:34 +00:00
s3_enc.c Splitting SSL session state. 2016-07-29 21:22:46 +00:00
s3_lib.c Pass a ClientHello into ssl3_choose_cipher. 2016-08-11 05:11:39 +00:00
s3_pkt.c Stop pretending to ssl_clear_bad_session. 2016-08-03 21:07:36 +00:00
ssl_aead_ctx.c Fixing iv_length for TLS 1.3. 2016-06-16 17:04:14 +00:00
ssl_asn1.c Undo rename of tlsext_tick_lifetime_hint. 2016-08-09 17:50:28 +00:00
ssl_buffer.c Add SSL_is_dtls. 2016-08-02 20:43:58 +00:00
ssl_cert.c Set verify_result, even on failure. 2016-08-26 17:47:40 +00:00
ssl_cipher.c Remove RC4 ciphersuites from TLS. 2016-08-26 19:32:44 +00:00
ssl_ecdh.c Adding ARRAY_SIZE macro for getting the size of constant arrays. 2016-08-19 19:30:39 +00:00
ssl_file.c Banish SSL_add_dir_cert_subjects_to_stack and OPENSSL_DIR_CTX to decrepit. 2016-04-27 18:40:25 +00:00
ssl_lib.c Declare SSL_R_BLOCK_CIPHER_PAD_IS_WRONG and SSL_R_NO_CIPHERS_SPECIFIED. 2016-08-24 01:15:19 +00:00
ssl_rsa.c Fix a number of sigalg scope issues. 2016-08-24 00:24:34 +00:00
ssl_session.c Don't crash when a session callback returns NULL. 2016-08-26 17:42:41 +00:00
ssl_stat.c Factor out the client_cert_cb code. 2016-07-20 09:25:52 +00:00
ssl_test.cc Replace Scoped* heap types with bssl::UniquePtr. 2016-09-01 22:22:54 +00:00
t1_enc.c Splitting SSL session state. 2016-07-29 21:22:46 +00:00
t1_lib.c Enable RSA-PSS in TLS 1.2 by default. 2016-08-30 22:50:05 +00:00
tls13_both.c Implement BORINGSSL_UNSAFE_FUZZER_MODE for TLS 1.3. 2016-08-19 19:11:34 +00:00
tls13_client.c Request contexts are now illegal during the handshake. 2016-08-18 15:40:40 +00:00
tls13_enc.c const-correct a variable. 2016-09-06 18:19:37 +00:00
tls13_server.c Fix a number of sigalg scope issues. 2016-08-24 00:24:34 +00:00
tls_method.c Add TLS_{client,server}_method. 2016-08-05 18:59:32 +00:00
tls_record.c Stop pretending to ssl_clear_bad_session. 2016-08-03 21:07:36 +00:00