Make the TLSv1.3 downgrade mechanism a configurable option Make it disabled by default. When TLSv1.3 is out of draft we can remove this option and have it enabled all the time. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3022)

commit: 3556b83ea2a00d0dd3e4f1ec38adb6837553e451 [log] [tgz]
author: Matt Caswell <matt@openssl.org> Wed Mar 22 11:52:45 2017 +0000
committer: Matt Caswell <matt@openssl.org> Fri Mar 24 14:07:11 2017 +0000
tree: 06b2350955e46509b54608bca0db9c057eca20d1
parent: c3043dcd55d81617408025b1cdb8241ef753b805 [diff] [blame]
diff --git a/Configure b/Configure
index b7d669c..191fe73 100755
--- a/Configure
+++ b/Configure

@@ -407,6 +407,7 @@
     "tests",
     "threads",
     "tls",
+    "tls13downgrade",
     "ts",
     "ubsan",
     "ui",
@@ -451,6 +452,7 @@
                   "ubsan"		=> "default",
           #TODO(TLS1.3): Temporarily disabled while this is a WIP
 		  "tls1_3"              => "default",
+		  "tls13downgrade"      => "default",
 		  "unit-test"           => "default",
 		  "weak-ssl-ciphers"    => "default",
 		  "zlib"                => "default",
commit	3556b83ea2a00d0dd3e4f1ec38adb6837553e451	[log] [tgz]
author	Matt Caswell <matt@openssl.org>	Wed Mar 22 11:52:45 2017 +0000
committer	Matt Caswell <matt@openssl.org>	Fri Mar 24 14:07:11 2017 +0000
tree	06b2350955e46509b54608bca0db9c057eca20d1
parent	c3043dcd55d81617408025b1cdb8241ef753b805 [diff] [blame]