Detach TLS 1.3 cipher configuration from the cipher language. TLS 1.3 ciphers are now always enabled and come with a hard-coded preference order. BUG=110 Change-Id: Idd9cb0d75fb6bf2676ecdee27d88893ff974c4a3 Reviewed-on: https://boringssl-review.googlesource.com/12025 Reviewed-by: Adam Langley <agl@google.com>

commit: abbbee10ad4739648bcbf36a5ac52f23263a67dd [log] [tgz]
author: David Benjamin <davidben@google.com> Mon Oct 31 19:20:42 2016 -0400
committer: Adam Langley <agl@google.com> Wed Nov 02 20:47:55 2016 +0000
tree: b279f5a085ab27163056aa1cb27d6978bcc9b4b5
parent: fb73e97292f8a5b6f9a60dbcf7aeabc7759812e1 [diff] [blame]
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 417b194..449bd8c 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -1306,7 +1306,12 @@
  *   [ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256]
  *
  * Once an equal-preference group is used, future directives must be
- * opcode-less. */
+ * opcode-less.
+ *
+ * TLS 1.3 ciphers do not participate in this mechanism and instead have a
+ * built-in preference order. Functions to set cipher lists do not affect TLS
+ * 1.3, and functions to query the cipher list do not include TLS 1.3
+ * ciphers. */
 
 /* SSL_DEFAULT_CIPHER_LIST is the default cipher suite configuration. It is
  * substituted when a cipher string starts with 'DEFAULT'. */
commit	abbbee10ad4739648bcbf36a5ac52f23263a67dd	[log] [tgz]
author	David Benjamin <davidben@google.com>	Mon Oct 31 19:20:42 2016 -0400
committer	Adam Langley <agl@google.com>	Wed Nov 02 20:47:55 2016 +0000
tree	b279f5a085ab27163056aa1cb27d6978bcc9b4b5
parent	fb73e97292f8a5b6f9a60dbcf7aeabc7759812e1 [diff] [blame]