From: Benjamin Kaduk Date: Thu, 23 Mar 2017 16:00:08 +0000 (-0500) Subject: drop some no-longer-relevant TODO(TLS1.3) entries X-Git-Tag: OpenSSL_1_1_1-pre1~1334 X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=cf34d54d82c1e51d018e81a95ea4a70598070eb3 drop some no-longer-relevant TODO(TLS1.3) entries We prevent compression both when the server is parsing the ClientHello and when the client is constructing the ClientHello. A 1.3 ServerHello has no way to hand us back a compression method, and we already check that the server does not try to give us back a compression method that we did not request, so these checks seem sufficient. Weaken the INSTALL note slightly, as we do now expect to interoperate with other implementations. Reviewed-by: Rich Salz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/3131) --- diff --git a/INSTALL b/INSTALL index 8ae0644f62..3deb7ff9fc 100644 --- a/INSTALL +++ b/INSTALL @@ -484,8 +484,9 @@ enable-tls1_3 TODO(TLS1.3): Make this enabled by default Build support for TLS1.3. Note: This is a WIP feature and - does not currently interoperate with other TLS1.3 - implementations! Use with caution!! + only a single draft version is supported. Implementations + of different draft versions will negotiate TLS 1.2 instead + of (draft) TLS 1.3. Use with caution!! no- Don't build support for negotiating the specified SSL/TLS diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 0c40905edb..68c427e928 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -841,9 +841,6 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, /* first we compress */ if (s->compress != NULL) { - /* - * TODO(TLS1.3): Make sure we prevent compression!!! - */ if (!ssl3_do_compress(s, thiswr) || !WPACKET_allocate_bytes(thispkt, thiswr->length, NULL)) { SSLerr(SSL_F_DO_SSL3_WRITE, SSL_R_COMPRESSION_FAILURE);