Add TLS1.3 support for OpenSSL build

* src/init.c: Add 'tlsv1_3 for --secure-protocol * src/openssl.c (ssl_init): Enable TLS1.3 if possible * src/options.h: Add secure_protocol_tlsv1_3 * doc/wget.texi: Add description of TLSv1_3 Copyright-paperwork-exempt: Yes
2025-02-07 18:20:14 +08:00 · 2018-03-08 15:07:36 +01:00 · 2018-03-08 15:07:36 +01:00 · fde8cefd13
commit fde8cefd13
parent ba2b0654b4
3 changed files with 13 additions and 0 deletions
--- a/src/init.c
+++ b/src/init.c
@ -1711,6 +1711,7 @@ cmd_spec_secure_protocol (const char *com, const char *val, void *place)
    { "tlsv1", secure_protocol_tlsv1 },
    { "tlsv1_1", secure_protocol_tlsv1_1 },
    { "tlsv1_2", secure_protocol_tlsv1_2 },
+    { "tlsv1_3", secure_protocol_tlsv1_3 },
    { "pfs", secure_protocol_pfs },
  };
  int ok = decode_string (val, choices, countof (choices), place);
--- a/src/openssl.c
+++ b/src/openssl.c
@ -261,6 +261,16 @@ ssl_init (void)
      ssl_proto_version = TLS1_2_VERSION;
 #else
      meth = TLSv1_2_client_method ();
+#endif
+      break;
+
+    case secure_protocol_tlsv1_3:
+#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >=  0x10100000L)
+      meth = TLS_client_method();
+      ssl_proto_version = TLS1_3_VERSION;
+#else
+      logprintf (LOG_NOTQUIET, _("Your OpenSSL version is too old to support TLS 1.3\n"));
+      goto error;
 #endif
      break;
 #else
@ -271,6 +281,7 @@ ssl_init (void)
    case secure_protocol_tlsv1_2:
      logprintf (LOG_NOTQUIET, _("Your OpenSSL version is too old to support TLSv1.2\n"));
      goto error;
+
 #endif

    default:
--- a/src/options.h
+++ b/src/options.h
@ -228,6 +228,7 @@ struct options
    secure_protocol_tlsv1,
    secure_protocol_tlsv1_1,
    secure_protocol_tlsv1_2,
+    secure_protocol_tlsv1_3,
    secure_protocol_pfs
  } secure_protocol;            /* type of secure protocol to use. */
  int check_cert;               /* whether to validate the server's cert */