Add TLS 1.3 record layer to go implementation. This implements the cipher suite constraints in "fake TLS 1.3". It also makes bssl_shim and runner enable it by default so we can start adding MaxVersion: VersionTLS12 markers to tests as 1.2 vs. 1.3 differences begin to take effect. Change-Id: If1caf6e43938c8d15b0a0f39f40963b8199dcef5 Reviewed-on: https://boringssl-review.googlesource.com/8340 Reviewed-by: David Benjamin <davidben@google.com>

commit: 1fd39d84cf616fb126a33b771830477fd321f39e [log] [tgz]
author: Nick Harper <nharper@chromium.org> Tue Jun 14 18:14:35 2016 -0700
committer: David Benjamin <davidben@google.com> Tue Jun 21 21:43:40 2016 +0000
tree: 9411648376420416ee871ea48dc293f65e46433f
parent: c9a43688780a7808d54a20283a3ee96d80adeb25 [diff] [blame]
diff --git a/ssl/ssl_cipher.c b/ssl/ssl_cipher.c
index 539472d..3c4f325 100644
--- a/ssl/ssl_cipher.c
+++ b/ssl/ssl_cipher.c

@@ -1727,6 +1727,15 @@
   return SSL3_VERSION;
 }
 
+uint16_t SSL_CIPHER_get_max_version(const SSL_CIPHER *cipher) {
+  if (cipher->algorithm_mac == SSL_AEAD &&
+      (cipher->algorithm_enc & SSL_CHACHA20POLY1305_OLD) == 0 &&
+      (cipher->algorithm_mkey & SSL_kECDHE) != 0) {
+    return TLS1_3_VERSION;
+  }
+  return TLS1_2_VERSION;
+}
+
 /* return the actual cipher being used */
 const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher) {
   if (cipher != NULL) {
commit	1fd39d84cf616fb126a33b771830477fd321f39e	[log] [tgz]
author	Nick Harper <nharper@chromium.org>	Tue Jun 14 18:14:35 2016 -0700
committer	David Benjamin <davidben@google.com>	Tue Jun 21 21:43:40 2016 +0000
tree	9411648376420416ee871ea48dc293f65e46433f
parent	c9a43688780a7808d54a20283a3ee96d80adeb25 [diff] [blame]