Commit cf34d54d authored by Benjamin Kaduk's avatar Benjamin Kaduk Committed by Matt Caswell
Browse files

drop some no-longer-relevant TODO(TLS1.3) entries 



We prevent compression both when the server is parsing the ClientHello
and when the client is constructing the ClientHello.  A 1.3 ServerHello
has no way to hand us back a compression method, and we already check
that the server does not try to give us back a compression method that
we did not request, so these checks seem sufficient.

Weaken the INSTALL note slightly, as we do now expect to interoperate
with other implementations.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3131)
parent 5c718b9e

INSTALL

+3 −2
Original line number Original line Diff line number Diff line
@@ -484,8 +484,9 @@ 
  enable-tls1_3

  enable-tls1_3

                   TODO(TLS1.3): Make this enabled by default

                   TODO(TLS1.3): Make this enabled by default

                   Build support for TLS1.3. Note: This is a WIP feature and

                   Build support for TLS1.3. Note: This is a WIP feature and

                   does not currently interoperate with other TLS1.3

                   only a single draft version is supported.  Implementations

                   implementations! Use with caution!!

                   of different draft versions will negotiate TLS 1.2 instead

                   of (draft) TLS 1.3.  Use with caution!!





  no-<prot>

  no-<prot>

                   Don't build support for negotiating the specified SSL/TLS

                   Don't build support for negotiating the specified SSL/TLS

ssl/record/rec_layer_s3.c

+0 −3
Original line number Original line Diff line number Diff line
@@ -841,9 +841,6 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, 




        /* first we compress */

        /* first we compress */

        if (s->compress != NULL) {

        if (s->compress != NULL) {

            /*

             * TODO(TLS1.3): Make sure we prevent compression!!!

             */

            if (!ssl3_do_compress(s, thiswr)

            if (!ssl3_do_compress(s, thiswr)

                    || !WPACKET_allocate_bytes(thispkt, thiswr->length, NULL)) {

                    || !WPACKET_allocate_bytes(thispkt, thiswr->length, NULL)) {

                SSLerr(SSL_F_DO_SSL3_WRITE, SSL_R_COMPRESSION_FAILURE);

                SSLerr(SSL_F_DO_SSL3_WRITE, SSL_R_COMPRESSION_FAILURE);