# define TLS1_3_VERSION 0x0304
# define TLS_MAX_VERSION TLS1_3_VERSION
-/* TODO(TLS1.3) REMOVE ME: Version indicator for draft -18 */
-# define TLS1_3_VERSION_DRAFT 0x7f12
-# define TLS1_3_VERSION_DRAFT_TXT "TLS 1.3 (draft 18)"
+/* TODO(TLS1.3) REMOVE ME: Version indicator for draft -19 */
+# define TLS1_3_VERSION_DRAFT 0x7f13
+# define TLS1_3_VERSION_DRAFT_TXT "TLS 1.3 (draft 19)"
/* Special value for method supporting multiple versions */
# define TLS_ANY_VERSION 0x10000
# define TLS1_AD_USER_CANCELLED 90
# define TLS1_AD_NO_RENEGOTIATION 100
/* TLSv1.3 alerts */
+# define TLS13_AD_END_OF_EARLY_DATA 1
# define TLS13_AD_MISSING_EXTENSION 109 /* fatal */
+# define TLS13_AD_CERTIFICATE_REQUIRED 116 /* fatal */
/* codes 110-114 are from RFC3546 */
# define TLS1_AD_UNSUPPORTED_EXTENSION 110
# define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
/* As defined for TLS1.3 */
# define TLSEXT_TYPE_key_share 40
+# define TLSEXT_TYPE_psk 41
+# define TLSEXT_TYPE_early_data 42
# define TLSEXT_TYPE_supported_versions 43
+# define TLSEXT_TYPE_cookie 44
# define TLSEXT_TYPE_psk_kex_modes 45
/* Temporary extension type */
const unsigned char *p, size_t plen,
int use_context);
+int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid);
+
int SSL_get_sigalgs(SSL *s, int idx,
int *psign, int *phash, int *psignandhash,
unsigned char *rsig, unsigned char *rhash);
/* TLS v1.3 ciphersuites */
# define TLS1_3_CK_AES_128_GCM_SHA256 0x03001301
+# define TLS1_3_CK_AES_256_GCM_SHA384 0x03001302
+# define TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x03001303
+# define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304
+# define TLS1_3_CK_AES_128_CCM_8_SHA256 0x03001305
/*
* XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE
* cipherstring selection process for these ciphers
*/
# define TLS1_3_TXT_AES_128_GCM_SHA256 "TLS13-AES-128-GCM-SHA256"
+# define TLS1_3_TXT_AES_256_GCM_SHA384 "TLS13-AES-256-GCM-SHA384"
+# define TLS1_3_TXT_CHACHA20_POLY1305_SHA256 "TLS13-CHACHA20-POLY1305-SHA256"
+# define TLS1_3_TXT_AES_128_CCM_SHA256 "TLS13-AES-128-CCM-SHA256"
+# define TLS1_3_TXT_AES_128_CCM_8_SHA256 "TLS13-AES-128-CCM-8-SHA256"
# define TLS_CT_RSA_SIGN 1
# define TLS_CT_DSS_SIGN 2