From be952554307abefb3d86cd072ec74dd6064fcd06 Mon Sep 17 00:00:00 2001
From: Christopher Kohlhoff <chris@kohlhoff.com>
Date: Mon, 5 Nov 2018 23:03:56 +1100
Subject: [PATCH] Add options for TLS v1.3.

---
 include/boost/asio/ssl/context_base.hpp | 17 ++++++++++++
 include/boost/asio/ssl/impl/context.ipp | 35 +++++++++++++++++++++++++
 2 files changed, 52 insertions(+)

diff --git a/include/boost/asio/ssl/context_base.hpp b/include/boost/asio/ssl/context_base.hpp
index 8671ee67..625ccc7b 100644
--- a/include/boost/asio/ssl/context_base.hpp
+++ b/include/boost/asio/ssl/context_base.hpp
@@ -86,6 +86,15 @@ public:
     /// TLS version 1.2 server.
     tlsv12_server,
 
+    /// Generic TLS version 1.3.
+    tlsv13,
+
+    /// TLS version 1.3 client.
+    tlsv13_client,
+
+    /// TLS version 1.3 server.
+    tlsv13_server,
+
     /// Generic TLS.
     tls,
 
@@ -121,6 +130,9 @@ public:
   /// Disable TLS v1.2.
   static const long no_tlsv1_2 = implementation_defined;
 
+  /// Disable TLS v1.3.
+  static const long no_tlsv1_3 = implementation_defined;
+
   /// Disable compression. Compression is disabled by default.
   static const long no_compression = implementation_defined;
 #else
@@ -139,6 +151,11 @@ public:
 # else // defined(SSL_OP_NO_TLSv1_2)
   BOOST_ASIO_STATIC_CONSTANT(long, no_tlsv1_2 = 0x08000000L);
 # endif // defined(SSL_OP_NO_TLSv1_2)
+# if defined(SSL_OP_NO_TLSv1_3)
+  BOOST_ASIO_STATIC_CONSTANT(long, no_tlsv1_3 = SSL_OP_NO_TLSv1_3);
+# else // defined(SSL_OP_NO_TLSv1_3)
+  BOOST_ASIO_STATIC_CONSTANT(long, no_tlsv1_3 = 0x20000000L);
+# endif // defined(SSL_OP_NO_TLSv1_3)
 # if defined(SSL_OP_NO_COMPRESSION)
   BOOST_ASIO_STATIC_CONSTANT(long, no_compression = SSL_OP_NO_COMPRESSION);
 # else // defined(SSL_OP_NO_COMPRESSION)
diff --git a/include/boost/asio/ssl/impl/context.ipp b/include/boost/asio/ssl/impl/context.ipp
index f35e43c2..e0b27ea9 100644
--- a/include/boost/asio/ssl/impl/context.ipp
+++ b/include/boost/asio/ssl/impl/context.ipp
@@ -260,6 +260,41 @@ context::context(context::method m)
     break;
 #endif // defined(SSL_TXT_TLSV1_1)
 
+    // TLS v1.3.
+#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER)
+  case context::tlsv13:
+    handle_ = ::SSL_CTX_new(::TLS_method());
+    if (handle_)
+    {
+      SSL_CTX_set_min_proto_version(handle_, TLS1_3_VERSION);
+      SSL_CTX_set_max_proto_version(handle_, TLS1_3_VERSION);
+    }
+    break;
+  case context::tlsv13_client:
+    handle_ = ::SSL_CTX_new(::TLS_client_method());
+    if (handle_)
+    {
+      SSL_CTX_set_min_proto_version(handle_, TLS1_3_VERSION);
+      SSL_CTX_set_max_proto_version(handle_, TLS1_3_VERSION);
+    }
+    break;
+  case context::tlsv13_server:
+    handle_ = ::SSL_CTX_new(::TLS_server_method());
+    if (handle_)
+    {
+      SSL_CTX_set_min_proto_version(handle_, TLS1_3_VERSION);
+      SSL_CTX_set_max_proto_version(handle_, TLS1_3_VERSION);
+    }
+    break;
+#else // (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER)
+  case context::tlsv13:
+  case context::tlsv13_client:
+  case context::tlsv13_server:
+    boost::asio::detail::throw_error(
+        boost::asio::error::invalid_argument, "context");
+    break;
+#endif // (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER)
+
     // Any supported SSL/TLS version.
   case context::sslv23:
     handle_ = ::SSL_CTX_new(::SSLv23_method());