boringssl

Historia

David Benjamin 5510863fbd Temporary remove the TLS 1.3 anti-downgrade mechanism. This mechanism is incompatible with deploying draft versions of TLS 1.3. Suppose a draft M client talks to a draft N server, M != N. (Either M or N could also be the final standard revision should there be lingering draft clients or servers.) The server will notice the mismatch and pretend ClientHello.version is TLS 1.2, not TLS 1.3. But this will trigger anti-downgrade signal and cause an interop failure! And if it doesn't trigger, all the clever tricks around ServerHello.random being signed in TLS 1.2 are moot. We'll put this back when the dust has settled. Change-Id: Ic3cf72b7c31ba91e5cca0cfd7a3fca830c493a43 Reviewed-on: https://boringssl-review.googlesource.com/11005 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>		8 vuotta sitten
..
test	Temporary remove the TLS 1.3 anti-downgrade mechanism.	8 vuotta sitten
CMakeLists.txt	Add TLS 1.3 1-RTT.	8 vuotta sitten
custom_extensions.c	Send unsupported_extension on unexpected ServerHello extensions.	8 vuotta sitten
d1_both.c	Switch finish_handshake to release_current_message.	8 vuotta sitten
d1_lib.c	Test that servers enforce session timeouts.	8 vuotta sitten
d1_pkt.c	Move post-handshake message handling out of read_app_data.	8 vuotta sitten
d1_srtp.c	Make kSRTPProfiles static.	8 vuotta sitten
dtls_method.c	Switch finish_handshake to release_current_message.	8 vuotta sitten
dtls_record.c	Fix the alias checks in dtls_record.c.	8 vuotta sitten
handshake_client.c	Temporary remove the TLS 1.3 anti-downgrade mechanism.	8 vuotta sitten
handshake_server.c	Temporary remove the TLS 1.3 anti-downgrade mechanism.	8 vuotta sitten
internal.h	Fix a number of sigalg scope issues.	8 vuotta sitten
s3_both.c	Fix a number of sigalg scope issues.	8 vuotta sitten
s3_enc.c	Splitting SSL session state.	8 vuotta sitten
s3_lib.c	Pass a ClientHello into ssl3_choose_cipher.	8 vuotta sitten
s3_pkt.c	Stop pretending to ssl_clear_bad_session.	8 vuotta sitten
ssl_aead_ctx.c	Fixing iv_length for TLS 1.3.	8 vuotta sitten
ssl_asn1.c	Undo rename of tlsext_tick_lifetime_hint.	8 vuotta sitten
ssl_buffer.c	Add SSL_is_dtls.	8 vuotta sitten
ssl_cert.c	Set verify_result, even on failure.	8 vuotta sitten
ssl_cipher.c	Remove RC4 ciphersuites from TLS.	8 vuotta sitten
ssl_ecdh.c	Adding ARRAY_SIZE macro for getting the size of constant arrays.	8 vuotta sitten
ssl_file.c	Banish SSL_add_dir_cert_subjects_to_stack and OPENSSL_DIR_CTX to decrepit.	8 vuotta sitten
ssl_lib.c	Declare SSL_R_BLOCK_CIPHER_PAD_IS_WRONG and SSL_R_NO_CIPHERS_SPECIFIED.	8 vuotta sitten
ssl_rsa.c	Fix a number of sigalg scope issues.	8 vuotta sitten
ssl_session.c	Don't crash when a session callback returns NULL.	8 vuotta sitten
ssl_stat.c	Factor out the client_cert_cb code.	8 vuotta sitten
ssl_test.cc	Replace Scoped* heap types with bssl::UniquePtr.	8 vuotta sitten
t1_enc.c	Splitting SSL session state.	8 vuotta sitten
t1_lib.c	Enable RSA-PSS in TLS 1.2 by default.	8 vuotta sitten
tls13_both.c	Implement BORINGSSL_UNSAFE_FUZZER_MODE for TLS 1.3.	8 vuotta sitten
tls13_client.c	Request contexts are now illegal during the handshake.	8 vuotta sitten
tls13_enc.c	const-correct a variable.	8 vuotta sitten
tls13_server.c	Fix a number of sigalg scope issues.	8 vuotta sitten
tls_method.c	Add TLS_{client,server}_method.	8 vuotta sitten
tls_record.c	Stop pretending to ssl_clear_bad_session.	8 vuotta sitten