Enable TLSv1.3 by default

[extended tests] Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5266)
author: Matt Caswell <matt@openssl.org> 2018-02-06 17:27:25 +0000
committer: Matt Caswell <matt@openssl.org> 2018-02-07 21:34:18 +0000
commit: f518cef40c431188b4910ca9bd8ef3778f599bb5 (patch)
tree: 349bb1a8356f86a09c0a4bc0b3a53e058882bc02 /INSTALL
parent: c517ac4c3f6d48cf35b75f148515ce7f3677a03b (diff)
download: openssl-new-f518cef40c431188b4910ca9bd8ef3778f599bb5.tar.gz
1 files changed, 12 insertions, 15 deletions
diff --git a/INSTALL b/INSTALL
index 48c25e6519..9d1f90d15e 100644
--- a/INSTALL
+++ b/INSTALL
@@ -482,27 +482,24 @@
                    likely to complement configuration command line with
                    suitable compiler-specific option.
 
-  enable-tls1_3
-                   TODO(TLS1.3): Make this enabled by default
-                   Build support for TLS1.3. Note: This is a WIP feature and
-                   only a single draft version is supported.  Implementations
-                   of different draft versions will negotiate TLS 1.2 instead
-                   of (draft) TLS 1.3.  Use with caution!!
-
   no-<prot>
                    Don't build support for negotiating the specified SSL/TLS
-                   protocol (one of ssl, ssl3, tls, tls1, tls1_1, tls1_2, dtls,
-                   dtls1 or dtls1_2). If "no-tls" is selected then all of tls1,
-                   tls1_1 and tls1_2 are disabled. Similarly "no-dtls" will
-                   disable dtls1 and dtls1_2. The "no-ssl" option is synonymous
-                   with "no-ssl3". Note this only affects version negotiation.
-                   OpenSSL will still provide the methods for applications to
-                   explicitly select the individual protocol versions.
+                   protocol (one of ssl, ssl3, tls, tls1, tls1_1, tls1_2,
+                   tls1_3, dtls, dtls1 or dtls1_2). If "no-tls" is selected then
+                   all of tls1, tls1_1, tls1_2 and tls1_3 are disabled.
+                   Similarly "no-dtls" will disable dtls1 and dtls1_2. The
+                   "no-ssl" option is synonymous with "no-ssl3". Note this only
+                   affects version negotiation. OpenSSL will still provide the
+                   methods for applications to explicitly select the individual
+                   protocol versions.
 
   no-<prot>-method
                    As for no-<prot> but in addition do not build the methods for
                    applications to explicitly select individual protocol
-                   versions.
+                   versions. Note that there is no "no-tls1_3-method" option
+                   because there is no application method for TLSv1.3. Using
+                   invidivial protocol methods directly is deprecated.
+                   Applications should use TLS_method() instead.
 
   enable-<alg>
                    Build with support for the specified algorithm, where <alg>
author	Matt Caswell <matt@openssl.org>	2018-02-06 17:27:25 +0000
committer	Matt Caswell <matt@openssl.org>	2018-02-07 21:34:18 +0000
commit	f518cef40c431188b4910ca9bd8ef3778f599bb5 (patch)
tree	349bb1a8356f86a09c0a4bc0b3a53e058882bc02 /INSTALL
parent	c517ac4c3f6d48cf35b75f148515ce7f3677a03b (diff)
download	openssl-new-f518cef40c431188b4910ca9bd8ef3778f599bb5.tar.gz