Join GitHub today
TLS1.3 support #26209
@bnoordhuis note that I renamed the CLI options you introduced in #23814 that set the min TLS version, because I added options to limit the max, and I wanted whether it was setting the max or min to be clear. The original options haven't landed anywhere because they came with a change to disable TLS1.0 and 1.1, so that rename shouldn't affect anyone, though I'll have to backport part of #23814 with this PR if/when it gets backported
This was referenced
Feb 19, 2019
referenced this pull request
Feb 24, 2019
2 times, most recently
Feb 27, 2019
A note on the test approach: I tried to make as few changes to the tests as possible, since its supposed to be API almost-compatible. When I had to make significant changes to a test, I often wrapped it, so that the test is run with both TLS1.2 and TLS1.3 as the default (the tests usually negotiate the default max).
Since I want to backport this to release lines where TLS1.2 is the default max, I hacked the default max to be TLSv1.2, and ran
In theory, the entire test suite could be run with TLS1.2 and 1.3 (and 1.0, and...), but that seemed excessive. If anyone has concerns about specific tests, I can add coverage for them.
last one didn't even start, try again: