Negotiate draft-TLS1.3draft-ietf-tls-tls13-21

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

3 files changed, 32 insertions, 9 deletions

diff --git a/lib/algorithms/protocols.c b/lib/algorithms/protocols.c
index 7b3ca2a3a7..1219755256 100644
--- a/lib/algorithms/protocols.c
+++ b/lib/algorithms/protocols.c
@@ -87,18 +87,39 @@ static const version_entry_st sup_versions[] = {
 	 .only_extension = 0,
 	 .false_start = 1
 	},
+#if 0
 	{.name = "TLS1.3",
 	 .id = GNUTLS_TLS1_3,
-	 .age = 4,
+	 .age = 5,
 	 .major = 3,
 	 .minor = 4,
 	 .transport = GNUTLS_STREAM,
 	 .supported = 1,
-	 .explicit_iv = 1,
+	 .explicit_iv = 0,
+	 .extensions = 1,
+	 .selectable_sighash = 1,
+	 .selectable_prf = 1,
+	 .tls13_sem = 1,
+	 .obsolete = 0,
+	 .only_extension = 1,
+	 .post_handshake_auth = 1,
+	 .key_shares = 1,
+	 .false_start = 0, /* doesn't make sense */
+	 .tls_sig_sem = 1
+	},
+#else
+	{.name = "TLS1.3",
+	 .id = GNUTLS_TLS1_3,
+	 .age = 5,
+	 .major = 0x7f,
+ 	 .minor = 21,
+	 .transport = GNUTLS_STREAM,
+	 .supported = 1,
+	 .explicit_iv = 0,
 	 .extensions = 1,
 	 .selectable_sighash = 1,
 	 .selectable_prf = 1,
-	 .compact_hello = 1,
+	 .tls13_sem = 1,
 	 .obsolete = 0,
 	 .only_extension = 1,
 	 .post_handshake_auth = 1,
@@ -106,6 +127,7 @@ static const version_entry_st sup_versions[] = {
 	 .false_start = 0, /* doesn't make sense */
 	 .tls_sig_sem = 1
 	},
+#endif
 	{.name = "DTLS0.9", /* Cisco AnyConnect (based on about OpenSSL 0.9.8e) */
 	 .id = GNUTLS_DTLS0_9,
 	 .age = 200,
@@ -302,6 +324,7 @@ int _gnutls_write_supported_versions(gnutls_session_t session, uint8_t *buffer,
 					at_least_one_new = 1;
 
 				if (buffer_size > 2) {
+					_gnutls_debug_log("Advertizing version %x.%x\n", (int)p->major, (int)p->minor);
 					buffer[0] = p->major;
 					buffer[1] = p->minor;
 					written_bytes += 2;
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 8623ed0d2d..28b7cee671 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -527,7 +527,7 @@ typedef struct {
 	/* if SSL3 is disabled this flag indicates that this protocol is a placeholder,
 	 * otherwise it prevents this protocol from being set as record version */
 	bool obsolete;
-	bool compact_hello;	/* The TLS 1.3 client and server hello form */
+	bool tls13_sem;		/* The TLS 1.3 handshake semantics */
 	bool false_start;	/* That version can be used with false start */
 	bool only_extension;	/* negotiated only with an extension */
 	bool post_handshake_auth;	/* Supports the TLS 1.3 post handshake auth */
diff --git a/lib/handshake.c b/lib/handshake.c
index 234ab34725..e260aa5a20 100644
--- a/lib/handshake.c
+++ b/lib/handshake.c
@@ -1528,7 +1528,7 @@ read_server_hello(gnutls_session_t session,
 
 	pos += GNUTLS_RANDOM_SIZE;
 
-	if (!vers->compact_hello) {
+	if (!vers->tls13_sem) {
 		/* Read session ID
 		 */
 		DECR_LEN(len, 1);
@@ -1573,7 +1573,7 @@ read_server_hello(gnutls_session_t session,
 	}
 	pos += 2;
 
-	if (!vers->compact_hello) {
+	if (!vers->tls13_sem) {
 		/* move to compression
 		 */
 		DECR_LEN(len, 1);
@@ -1868,7 +1868,7 @@ static int send_server_hello(gnutls_session_t session, int again)
 			goto fail;
 		}
 
-		if (!vers->compact_hello) {
+		if (!vers->tls13_sem) {
 			datalen = 2 + session_id_len + 1 + GNUTLS_RANDOM_SIZE + 3 + extdata.length;
 		} else {
 			datalen = 2 + GNUTLS_RANDOM_SIZE + 2 + extdata.length;
@@ -1891,7 +1891,7 @@ static int send_server_hello(gnutls_session_t session, int again)
 		       GNUTLS_RANDOM_SIZE);
 		pos += GNUTLS_RANDOM_SIZE;
 
-		if (!vers->compact_hello) {
+		if (!vers->tls13_sem) {
 			data[pos++] = session_id_len;
 			if (session_id_len > 0) {
 				memcpy(&data[pos],
@@ -1911,7 +1911,7 @@ static int send_server_hello(gnutls_session_t session, int again)
 		       session->security_parameters.cs->id, 2);
 		pos += 2;
 
-		if (!vers->compact_hello) {
+		if (!vers->tls13_sem) {
 			data[pos++] = 0x00;
 		}