Index: aclocal/tcltls_openssl.m4
==================================================================
--- aclocal/tcltls_openssl.m4
+++ aclocal/tcltls_openssl.m4
@@ -158,10 +158,11 @@
TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_ssl2], [SSLv2_method], [sslv2], [NO_SSL2])
TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_ssl3], [SSLv3_method], [sslv3], [NO_SSL3])
TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_tls1_0], [TLSv1_method], [tlsv1.0], [NO_TLS1])
TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_tls1_1], [TLSv1_1_method], [tlsv1.1], [NO_TLS1_1])
TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_tls1_2], [TLSv1_2_method], [tlsv1.2], [NO_TLS1_2])
+ TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_tls1_3], [TLSv1_3_method], [tlsv1.3], [NO_TLS1_3])
AC_CACHE_VAL([tcltls_cv_func_tlsext_hostname], [
AC_LANG_PUSH(C)
AC_MSG_CHECKING([for SSL_set_tlsext_host_name])
AC_LINK_IFELSE([AC_LANG_PROGRAM([
Index: configure.ac
==================================================================
--- configure.ac
+++ configure.ac
@@ -108,19 +108,30 @@
else
tcltls_ssl_tls1_1='false'
fi
])
-dnl ## TLSv1.1: Enabled by default
+dnl ## TLSv1.2: Enabled by default
tcltls_ssl_tls1_2='true'
AC_ARG_ENABLE([tlsv1.2], AS_HELP_STRING([--disable-tlsv1.2], [disable TLSv1.2 protocol]), [
if test "$enableval" = "yes"; then
tcltls_ssl_tls1_2='force'
else
tcltls_ssl_tls1_2='false'
fi
])
+
+dnl ## TLSv1.3: Enabled by default
+tcltls_ssl_tls1_3='true'
+AC_ARG_ENABLE([tlsv1.3], AS_HELP_STRING([--disable-tlsv1.3], [disable TLSv1.3 protocol]), [
+ if test "$enableval" = "yes"; then
+ tcltls_ssl_tls1_3='force'
+ else
+ tcltls_ssl_tls1_3='false'
+ fi
+])
+
dnl Enable support for a debugging build
tcltls_debug='false'
AC_ARG_ENABLE([debug], AS_HELP_STRING([--enable-debug], [enable debugging parameters]), [
if test "$enableval" = "yes"; then
Index: tls.c
==================================================================
--- tls.c
+++ tls.c
@@ -496,14 +496,14 @@
Tcl_Interp *interp;
int objc;
Tcl_Obj *CONST objv[];
{
static CONST84 char *protocols[] = {
- "ssl2", "ssl3", "tls1", "tls1.1", "tls1.2", NULL
+ "ssl2", "ssl3", "tls1", "tls1.1", "tls1.2", "tls1.3", NULL
};
enum protocol {
- TLS_SSL2, TLS_SSL3, TLS_TLS1, TLS_TLS1_1, TLS_TLS1_2, TLS_NONE
+ TLS_SSL2, TLS_SSL3, TLS_TLS1, TLS_TLS1_1, TLS_TLS1_2, TLS_TLS1_3, TLS_NONE
};
Tcl_Obj *objPtr;
SSL_CTX *ctx = NULL;
SSL *ssl = NULL;
STACK_OF(SSL_CIPHER) *sk;
@@ -558,10 +558,17 @@
Tcl_AppendResult(interp, "protocol not supported", NULL);
return TCL_ERROR;
#else
ctx = SSL_CTX_new(TLSv1_2_method()); break;
#endif
+ case TLS_TLS1_3:
+#if defined(NO_TLS1_3)
+ Tcl_AppendResult(interp, "protocol not supported", NULL);
+ return TCL_ERROR;
+#else
+ ctx = SSL_CTX_new(TLSv1_3_method()); break;
+#endif
default:
break;
}
if (ctx == NULL) {
Tcl_AppendResult(interp, REASON(), (char *) NULL);
Index: tls.htm
==================================================================
--- tls.htm
+++ tls.htm
@@ -219,10 +219,12 @@
Enable use of TLS v1. (default: true)
-tls1.1 bool
Enable use of TLS v1.1 (default: true)
-tls1.2 bool
Enable use of TLS v1.2 (default: true)
+ -tls1.3 bool
+ Enable use of TLS v1.3 (default: true)
- tls::unimport channel
Index: tls.tcl
==================================================================
--- tls.tcl
+++ tls.tcl
@@ -47,10 +47,11 @@
{* -ssl2 iopts 1}
{* -ssl3 iopts 1}
{* -tls1 iopts 1}
{* -tls1.1 iopts 1}
{* -tls1.2 iopts 1}
+ {* -tls1.3 iopts 1}
}
# tls::socket and tls::init options as a humane readable string
variable socketOptionsNoServer
variable socketOptionsServer