Hello folks,
We've updated the patch based on the master tree of wget. As the spec
is getting finalized, and OpenSSL pre-release is shipping with TLS 1.3
by default, we believe that a release is close by.
Please find it attached.
diff --git a/src/init.c b/src/init.c
index 6807e361..e4186abe 100644
--- a/src/init.c
+++ b/src/init.c
@@ -1711,6 +1711,7 @@ cmd_spec_secure_protocol (const char *com, const char *val, void *place)
{ "tlsv1", secure_protocol_tlsv1 },
{ "tlsv1_1", secure_protocol_tlsv1_1 },
{ "tlsv1_2", secure_protocol_tlsv1_2 },
+ { "tlsv1_3", secure_protocol_tlsv1_3 },
{ "pfs", secure_protocol_pfs },
};
int ok = decode_string (val, choices, countof (choices), place);
diff --git a/src/openssl.c b/src/openssl.c
index 6af38dbf..aed99e7c 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -263,6 +263,16 @@ ssl_init (void)
meth = TLSv1_2_client_method ();
#endif
break;
+
+ case secure_protocol_tlsv1_3:
+#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+ meth = TLS_client_method();
+ ssl_proto_version = TLS1_3_VERSION;
+#else
+ logprintf (LOG_NOTQUIET, _("Your OpenSSL version is too old to support TLS 1.3\n"));
+ goto error;
+#endif
+ break;
#else
case secure_protocol_tlsv1_1:
logprintf (LOG_NOTQUIET, _("Your OpenSSL version is too old to support TLSv1.1\n"));
@@ -271,6 +281,7 @@ ssl_init (void)
case secure_protocol_tlsv1_2:
logprintf (LOG_NOTQUIET, _("Your OpenSSL version is too old to support TLSv1.2\n"));
goto error;
+
#endif
default:
diff --git a/src/options.h b/src/options.h
index 2e8c8743..30845a1b 100644
--- a/src/options.h
+++ b/src/options.h
@@ -228,6 +228,7 @@ struct options
secure_protocol_tlsv1,
secure_protocol_tlsv1_1,
secure_protocol_tlsv1_2,
+ secure_protocol_tlsv1_3,
secure_protocol_pfs
} secure_protocol; /* type of secure protocol to use. */
int check_cert; /* whether to validate the server's cert */
