Enable TLSv1.3 by default

                  sources:

                      - ubuntu-toolchain-r-test

          compiler: gcc-5

          env: CONFIG_OPTS="--strict-warnings enable-tls1_3" TESTS="-test_fuzz" COMMENT="Move to the BORINGTEST build when interoperable"

          env: CONFIG_OPTS="--strict-warnings" TESTS="-test_fuzz" COMMENT="Move to the BORINGTEST build when interoperable"

        - os: linux

          compiler: clang-3.9

          env: CONFIG_OPTS="--strict-warnings no-deprecated" BUILDONLY="yes"

 Changes between 1.1.0f and 1.1.1 [xx XXX xxxx]

  *) Support for TLSv1.3 added. Note that users upgrading from an earlier

     version of OpenSSL should review their configuration settings to ensure

     that they are still appropriate for TLSv1.3. In particular if no TLSv1.3

     ciphersuites are enabled then OpenSSL will refuse to make a connection

     unless (1) TLSv1.3 is explicitly disabled or (2) the ciphersuite

     configuration is updated to include suitable ciphersuites. The DEFAULT

     ciphersuite configuration does include TLSv1.3 ciphersuites. For further

     information on this and other related issues please see:

     https://www.openssl.org/blog/blog/2017/05/04/tlsv1.3/

     NOTE: In this pre-release of OpenSSL a draft version of the

     TLSv1.3 standard has been implemented. Implementations of different draft

     versions of the standard do not inter-operate, and this version will not

     inter-operate with an implementation of the final standard when it is

     eventually published. Different pre-release versions may implement

     different versions of the draft. The final version of OpenSSL 1.1.1 will

     implement the final version of the standard.

     TODO(TLS1.3): Remove the above note before final release

     [Matt Caswell]

  *) Changed Configure so it only says what it does and doesn't dump

     so much data.  Instead, ./configdata.pm should be used as a script

     to display all sorts of configuration data.

		  "ssl3"                => "default",

		  "ssl3-method"         => "default",

                  "ubsan"		=> "default",

          #TODO(TLS1.3): Temporarily disabled while this is a WIP

		  "tls1_3"              => "default",

		  "tls13downgrade"      => "default",

		  "unit-test"           => "default",

		  "weak-ssl-ciphers"    => "default",

                   likely to complement configuration command line with

                   suitable compiler-specific option.

  enable-tls1_3

                   TODO(TLS1.3): Make this enabled by default

                   Build support for TLS1.3. Note: This is a WIP feature and

                   only a single draft version is supported.  Implementations

                   of different draft versions will negotiate TLS 1.2 instead

                   of (draft) TLS 1.3.  Use with caution!!

  no-<prot>

                   Don't build support for negotiating the specified SSL/TLS

                   protocol (one of ssl, ssl3, tls, tls1, tls1_1, tls1_2, dtls,

                   dtls1 or dtls1_2). If "no-tls" is selected then all of tls1,

                   tls1_1 and tls1_2 are disabled. Similarly "no-dtls" will

                   disable dtls1 and dtls1_2. The "no-ssl" option is synonymous

                   with "no-ssl3". Note this only affects version negotiation.

                   OpenSSL will still provide the methods for applications to

                   explicitly select the individual protocol versions.

                   protocol (one of ssl, ssl3, tls, tls1, tls1_1, tls1_2,

                   tls1_3, dtls, dtls1 or dtls1_2). If "no-tls" is selected then

                   all of tls1, tls1_1, tls1_2 and tls1_3 are disabled.

                   Similarly "no-dtls" will disable dtls1 and dtls1_2. The

                   "no-ssl" option is synonymous with "no-ssl3". Note this only

                   affects version negotiation. OpenSSL will still provide the

                   methods for applications to explicitly select the individual

                   protocol versions.

  no-<prot>-method

                   As for no-<prot> but in addition do not build the methods for

                   applications to explicitly select individual protocol

                   versions.

                   versions. Note that there is no "no-tls1_3-method" option

                   because there is no application method for TLSv1.3. Using

                   invidivial protocol methods directly is deprecated.

                   Applications should use TLS_method() instead.

  enable-<alg>

                   Build with support for the specified algorithm, where <alg>

  Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.1 [under development]

      o Support for TLSv1.3 added

      o Move the display of configuration data to configdata.pm.

      o Allow GNU style "make variables" to be used with Configure.

      o Add a STORE module (OSSL_STORE)