Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 520e1220bb7557b491627ebbef96ce2d3a0c6368^! / . / include / openssl / ssl.h
commit520e1220bb7557b491627ebbef96ce2d3a0c6368[log] [tgz]
authorSteven Valdez <svaldez@google.com>Tue Jun 13 12:45:25 2017 -0400
committerCQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>Mon Jul 10 18:15:08 2017 +0000
treed022e8a637df5fedfed3e0eb171d16df9dafb401
parenta818134b67ae85ae0a5ba8dec3c4c44a7cd4e6ac [diff] [blame]
Implement experimental alternate encoding of TLS 1.3.

TLS 1.3 deployment is currently blocked by buggy middleboxes
throughout the ecosystem. As an experiment to better understand these bugs
and the problems they are causing, implement TLS 1.3 variants with
alternate encodings. These are still the same protocol, only encoded
slightly differently. We will use what we learn from these experiments to
guide the TLS 1.3 deployment strategy and proposals to the IETF, if any.

These experiments only target the basic 1-RTT TLS 1.3 handshake. Based on
what we learn from this experiment, we may try future variations to
explore 0-RTT and HelloRetryRequest.

When enabled, the server supports all TLS 1.3 variants while the client
is configured to use a particular variant.

Change-Id: I532411d1abc41314dc76acce0246879b754b4c61
Reviewed-on: https://boringssl-review.googlesource.com/17327
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index f9f29b6..ca1e9e8 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -578,6 +578,7 @@
 #define DTLS1_2_VERSION 0xfefd
 
 #define TLS1_3_DRAFT_VERSION 0x7f12
+#define TLS1_3_EXPERIMENT_VERSION 0x7e01
 
 /* SSL_CTX_set_min_proto_version sets the minimum protocol version for |ctx| to
  * |version|. If |version| is zero, the default minimum version is used. It
@@ -3136,6 +3137,17 @@
  * performed by |ssl|. This includes the pending renegotiation, if any. */
 OPENSSL_EXPORT int SSL_total_renegotiations(const SSL *ssl);
 
+enum tls13_variant_t {
+  tls13_default = 0,
+  tls13_experiment = 1,
+};
+
+/* SSL_CTX_set_tls13_variant sets which variant of TLS 1.3 we negotiate. On the
+ * server, if |variant| is not |tls13_default|, all variants are enabled. On the
+ * client, only the configured variant is enabled. */
+OPENSSL_EXPORT void SSL_CTX_set_tls13_variant(SSL_CTX *ctx,
+                                              enum tls13_variant_t variant);
+
 /* SSL_MAX_CERT_LIST_DEFAULT is the default maximum length, in bytes, of a peer
  * certificate chain. */
 #define SSL_MAX_CERT_LIST_DEFAULT (1024 * 100)
@@ -4124,6 +4136,10 @@
    * and is further constrainted by |SSL_OP_NO_*|. */
   uint16_t conf_min_version;
 
+  /* tls13_variant is the variant of TLS 1.3 we are using for this
+   * configuration. */
+  enum tls13_variant_t tls13_variant;
+
   struct ssl_cipher_preference_list_st *cipher_list;
 
   X509_STORE *cert_store;