Add options for TLS v1.3.

2026-01-27 06:32:08 +00:00 · 2018-11-05 23:03:56 +11:00
parent 6cdd5782aa
commit be95255430
2 changed files with 52 additions and 0 deletions
--- a/include/boost/asio/ssl/context_base.hpp
+++ b/include/boost/asio/ssl/context_base.hpp
@@ -86,6 +86,15 @@ public:
    /// TLS version 1.2 server.
    tlsv12_server,

+    /// Generic TLS version 1.3.
+    tlsv13,
+
+    /// TLS version 1.3 client.
+    tlsv13_client,
+
+    /// TLS version 1.3 server.
+    tlsv13_server,
+
    /// Generic TLS.
    tls,

@@ -121,6 +130,9 @@ public:
  /// Disable TLS v1.2.
  static const long no_tlsv1_2 = implementation_defined;

+  /// Disable TLS v1.3.
+  static const long no_tlsv1_3 = implementation_defined;
+
  /// Disable compression. Compression is disabled by default.
  static const long no_compression = implementation_defined;
 #else
@@ -139,6 +151,11 @@ public:
 # else // defined(SSL_OP_NO_TLSv1_2)
  BOOST_ASIO_STATIC_CONSTANT(long, no_tlsv1_2 = 0x08000000L);
 # endif // defined(SSL_OP_NO_TLSv1_2)
+# if defined(SSL_OP_NO_TLSv1_3)
+  BOOST_ASIO_STATIC_CONSTANT(long, no_tlsv1_3 = SSL_OP_NO_TLSv1_3);
+# else // defined(SSL_OP_NO_TLSv1_3)
+  BOOST_ASIO_STATIC_CONSTANT(long, no_tlsv1_3 = 0x20000000L);
+# endif // defined(SSL_OP_NO_TLSv1_3)
 # if defined(SSL_OP_NO_COMPRESSION)
  BOOST_ASIO_STATIC_CONSTANT(long, no_compression = SSL_OP_NO_COMPRESSION);
 # else // defined(SSL_OP_NO_COMPRESSION)
--- a/include/boost/asio/ssl/impl/context.ipp
+++ b/include/boost/asio/ssl/impl/context.ipp
@@ -260,6 +260,41 @@ context::context(context::method m)
    break;
 #endif // defined(SSL_TXT_TLSV1_1)

+    // TLS v1.3.
+#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER)
+  case context::tlsv13:
+    handle_ = ::SSL_CTX_new(::TLS_method());
+    if (handle_)
+    {
+      SSL_CTX_set_min_proto_version(handle_, TLS1_3_VERSION);
+      SSL_CTX_set_max_proto_version(handle_, TLS1_3_VERSION);
+    }
+    break;
+  case context::tlsv13_client:
+    handle_ = ::SSL_CTX_new(::TLS_client_method());
+    if (handle_)
+    {
+      SSL_CTX_set_min_proto_version(handle_, TLS1_3_VERSION);
+      SSL_CTX_set_max_proto_version(handle_, TLS1_3_VERSION);
+    }
+    break;
+  case context::tlsv13_server:
+    handle_ = ::SSL_CTX_new(::TLS_server_method());
+    if (handle_)
+    {
+      SSL_CTX_set_min_proto_version(handle_, TLS1_3_VERSION);
+      SSL_CTX_set_max_proto_version(handle_, TLS1_3_VERSION);
+    }
+    break;
+#else // (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER)
+  case context::tlsv13:
+  case context::tlsv13_client:
+  case context::tlsv13_server:
+    boost::asio::detail::throw_error(
+        boost::asio::error::invalid_argument, "context");
+    break;
+#endif // (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER)
+
    // Any supported SSL/TLS version.
  case context::sslv23:
    handle_ = ::SSL_CTX_new(::SSLv23_method());