From 421c897dd3a19478870c8e53cfcffeeb58b1aa08 Mon Sep 17 00:00:00 2001 From: Bruno Silvestre Date: Wed, 12 Sep 2018 19:06:46 -0300 Subject: [PATCH] Support for TLS 1.3 from OpenSSL 1.1.1 Based on PR #97 from @wmark. --- src/config.c | 5 +++++ src/context.c | 8 +++++++- src/options.h | 17 ++++++++++++++++- 3 files changed, 28 insertions(+), 2 deletions(-) diff --git a/src/config.c b/src/config.c index ebbe85c..42598e1 100644 --- a/src/config.c +++ b/src/config.c @@ -41,6 +41,11 @@ LSEC_API int luaopen_ssl_config(lua_State *L) lua_pushstring(L, "tlsv1_2"); lua_pushboolean(L, 1); lua_rawset(L, -3); +#if defined(TLS1_3_VERSION) + lua_pushstring(L, "tlsv1_3"); + lua_pushboolean(L, 1); + lua_rawset(L, -3); +#endif lua_rawset(L, -3); diff --git a/src/context.c b/src/context.c index 4372d0b..cb96be0 100644 --- a/src/context.c +++ b/src/context.c @@ -102,7 +102,13 @@ static const SSL_METHOD* str2method(const char *method, int *vmin, int *vmax) *vmax = TLS1_2_VERSION; return TLS_method(); } - +#if defined(TLS1_3_VERSION) + else if (!strcmp(method, "tlsv1_3")) { + *vmin = TLS1_3_VERSION; + *vmax = TLS1_3_VERSION; + return TLS_method(); + } +#endif return NULL; } #endif diff --git a/src/options.h b/src/options.h index c4756f8..cdd5e23 100644 --- a/src/options.h +++ b/src/options.h @@ -13,7 +13,7 @@ /* If you need to generate these options again, see options.lua */ /* - OpenSSL version: OpenSSL 1.1.0h + OpenSSL version: OpenSSL 1.1.1 */ struct ssl_option_s { @@ -26,6 +26,9 @@ static ssl_option_t ssl_options[] = { #if defined(SSL_OP_ALL) {"all", SSL_OP_ALL}, #endif +#if defined(SSL_OP_ALLOW_NO_DHE_KEX) + {"allow_no_dhe_kex", SSL_OP_ALLOW_NO_DHE_KEX}, +#endif #if defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) {"allow_unsafe_legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION}, #endif @@ -44,6 +47,9 @@ static ssl_option_t ssl_options[] = { #if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) {"dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS}, #endif +#if defined(SSL_OP_ENABLE_MIDDLEBOX_COMPAT) + {"enable_middlebox_compat", SSL_OP_ENABLE_MIDDLEBOX_COMPAT}, +#endif #if defined(SSL_OP_EPHEMERAL_RSA) {"ephemeral_rsa", SSL_OP_EPHEMERAL_RSA}, #endif @@ -71,6 +77,9 @@ static ssl_option_t ssl_options[] = { #if defined(SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) {"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG}, #endif +#if defined(SSL_OP_NO_ANTI_REPLAY) + {"no_anti_replay", SSL_OP_NO_ANTI_REPLAY}, +#endif #if defined(SSL_OP_NO_COMPRESSION) {"no_compression", SSL_OP_NO_COMPRESSION}, #endif @@ -116,12 +125,18 @@ static ssl_option_t ssl_options[] = { #if defined(SSL_OP_NO_TLSv1_2) {"no_tlsv1_2", SSL_OP_NO_TLSv1_2}, #endif +#if defined(SSL_OP_NO_TLSv1_3) + {"no_tlsv1_3", SSL_OP_NO_TLSv1_3}, +#endif #if defined(SSL_OP_PKCS1_CHECK_1) {"pkcs1_check_1", SSL_OP_PKCS1_CHECK_1}, #endif #if defined(SSL_OP_PKCS1_CHECK_2) {"pkcs1_check_2", SSL_OP_PKCS1_CHECK_2}, #endif +#if defined(SSL_OP_PRIORITIZE_CHACHA) + {"prioritize_chacha", SSL_OP_PRIORITIZE_CHACHA}, +#endif #if defined(SSL_OP_SAFARI_ECDHE_ECDSA_BUG) {"safari_ecdhe_ecdsa_bug", SSL_OP_SAFARI_ECDHE_ECDSA_BUG}, #endif