From 5b77cdf79751ec0ec2e3f2b0a0d159d7f16d9e21 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Wed, 22 Jan 2020 08:24:25 +0000
Subject: Enable the TLSv1.3 client in libssl.

This also makes it available to clients that use libtls, including ftp(1)
and nc(1).

Note that this does not expose additional defines via public headers, which
means that any code conditioning on defines like TLS1_3_VERSION or
SSL_OP_NO_TLSv1_3 will not enable or use TLSv1.3. This approach is
necessary since too many pieces of software assume that if TLS1_3_VERSION
is available, other OpenSSL 1.1 API will also be available, which is not
necessarily the case.

ok beck@ tb@
---
 src/lib/libssl/ssl_locl.h | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'src/lib/libssl/ssl_locl.h')

diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 6016b4f984..897f92f848 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.249 2020/01/22 07:49:33 beck Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.250 2020/01/22 08:24:25 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -186,7 +186,8 @@ __BEGIN_HIDDEN_DECLS
 #define s2n(s,c)	((c[0]=(unsigned char)(((s)>> 8)&0xff), \
 			  c[1]=(unsigned char)(((s)    )&0xff)),c+=2)
 
-/* #define LIBRESSL_HAS_TLS1_3_CLIENT */
+#define LIBRESSL_HAS_TLS1_3_CLIENT
+
 #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) || defined(LIBRESSL_HAS_TLS1_3_SERVER)
 #define LIBRESSL_HAS_TLS1_3
 #endif
-- 
cgit v1.2.3-55-g6feb