Support for TLS 1.3 from OpenSSL 1.1.1

Based on PR #97 from @wmark.
2024-11-08 06:28:26 +01:00 · 2018-09-12 19:06:46 -03:00 · 2018-09-12 19:06:46 -03:00 · 421c897dd3
commit 421c897dd3
parent 2ecf239cfe
3 changed files with 28 additions and 2 deletions
--- a/src/config.c
+++ b/src/config.c
@ -41,6 +41,11 @@ LSEC_API int luaopen_ssl_config(lua_State *L)
  lua_pushstring(L, "tlsv1_2");
  lua_pushboolean(L, 1);
  lua_rawset(L, -3);
+#if defined(TLS1_3_VERSION)
+  lua_pushstring(L, "tlsv1_3");
+  lua_pushboolean(L, 1);
+  lua_rawset(L, -3);
+#endif

  lua_rawset(L, -3);

--- a/src/context.c
+++ b/src/context.c
@ -102,7 +102,13 @@ static const SSL_METHOD* str2method(const char *method, int *vmin, int *vmax)
    *vmax = TLS1_2_VERSION;
    return TLS_method();
  }
-
+#if defined(TLS1_3_VERSION)
+  else if (!strcmp(method, "tlsv1_3")) {
+    *vmin = TLS1_3_VERSION;
+    *vmax = TLS1_3_VERSION;
+    return TLS_method();
+  }
+#endif
  return NULL;
 }
 #endif
--- a/src/options.h
+++ b/src/options.h
@ -13,7 +13,7 @@
 /* If you need to generate these options again, see options.lua */

 /* 
-  OpenSSL version: OpenSSL 1.1.0h
+  OpenSSL version: OpenSSL 1.1.1
 */

 struct ssl_option_s {
@ -26,6 +26,9 @@ static ssl_option_t ssl_options[] = {
 #if defined(SSL_OP_ALL)
  {"all", SSL_OP_ALL},
 #endif
+#if defined(SSL_OP_ALLOW_NO_DHE_KEX)
+  {"allow_no_dhe_kex", SSL_OP_ALLOW_NO_DHE_KEX},
+#endif
 #if defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
  {"allow_unsafe_legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION},
 #endif
@ -44,6 +47,9 @@ static ssl_option_t ssl_options[] = {
 #if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
  {"dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS},
 #endif
+#if defined(SSL_OP_ENABLE_MIDDLEBOX_COMPAT)
+  {"enable_middlebox_compat", SSL_OP_ENABLE_MIDDLEBOX_COMPAT},
+#endif
 #if defined(SSL_OP_EPHEMERAL_RSA)
  {"ephemeral_rsa", SSL_OP_EPHEMERAL_RSA},
 #endif
@ -71,6 +77,9 @@ static ssl_option_t ssl_options[] = {
 #if defined(SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)
  {"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG},
 #endif
+#if defined(SSL_OP_NO_ANTI_REPLAY)
+  {"no_anti_replay", SSL_OP_NO_ANTI_REPLAY},
+#endif
 #if defined(SSL_OP_NO_COMPRESSION)
  {"no_compression", SSL_OP_NO_COMPRESSION},
 #endif
@ -116,12 +125,18 @@ static ssl_option_t ssl_options[] = {
 #if defined(SSL_OP_NO_TLSv1_2)
  {"no_tlsv1_2", SSL_OP_NO_TLSv1_2},
 #endif
+#if defined(SSL_OP_NO_TLSv1_3)
+  {"no_tlsv1_3", SSL_OP_NO_TLSv1_3},
+#endif
 #if defined(SSL_OP_PKCS1_CHECK_1)
  {"pkcs1_check_1", SSL_OP_PKCS1_CHECK_1},
 #endif
 #if defined(SSL_OP_PKCS1_CHECK_2)
  {"pkcs1_check_2", SSL_OP_PKCS1_CHECK_2},
 #endif
+#if defined(SSL_OP_PRIORITIZE_CHACHA)
+  {"prioritize_chacha", SSL_OP_PRIORITIZE_CHACHA},
+#endif
 #if defined(SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
  {"safari_ecdhe_ecdsa_bug", SSL_OP_SAFARI_ECDHE_ECDSA_BUG},
 #endif