From 6ad3add60654182a747f5971afb40817488ef0e8 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Thu, 27 Oct 2016 14:57:11 +0200
Subject: vtls: support TLS 1.3 via CURL_SSLVERSION_TLSv1_3

Fully implemented with the NSS backend only for now.

Reviewed-by: Ray Satiro
---
 lib/vtls/gtls.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'lib/vtls/gtls.c')

diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index 5c87c7fe3..d47d80fc5 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -569,6 +569,9 @@ gtls_connect_step1(struct connectdata *conn,
       break;
     case CURL_SSLVERSION_TLSv1_2:
       protocol_priority[0] = GNUTLS_TLS1_2;
+    case CURL_SSLVERSION_TLSv1_3:
+      failf(data, "GnuTLS does not support TLSv1.3");
+      return CURLE_SSL_CONNECT_ERROR;
     break;
       case CURL_SSLVERSION_SSLv2:
     default:
@@ -607,6 +610,9 @@ gtls_connect_step1(struct connectdata *conn,
       prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
                      "+VERS-TLS1.2:" GNUTLS_SRP;
       break;
+    case CURL_SSLVERSION_TLSv1_3:
+      failf(data, "GnuTLS does not support TLSv1.3");
+      return CURLE_SSL_CONNECT_ERROR;
     case CURL_SSLVERSION_SSLv2:
     default:
       failf(data, "GnuTLS does not support SSLv2");
-- 
cgit v1.2.3