Add TLS 1.3 to SSLContext::SSLVersion enum

Summary: Since we're moving towards enabling TLS 1.3 by default in folly, add this version to the SSLVersion enum.

Reviewed By: yfeldblum

Differential Revision: D28908538

fbshipit-source-id: 19d9ee248fff4682eec59c6f3d699fc6c9fa1917

folly/io/async/SSLContext.cpp

@@ -69,6 +69,9 @@ void configureProtocolVersion(SSL_CTX* ctx, SSLContext::SSLVersion version) {
     case SSLContext::SSLVersion::TLSv1_2:
       minVersion = TLS1_2_VERSION;
       break;
+    // TODO: Handle this correctly once the max protocol version
+    // is no longer limited to TLS 1.2.
+    case SSLContext::SSLVersion::TLSv1_3:
     case SSLContext::SSLVersion::SSLv2:
     default:
       // do nothing
@@ -108,6 +111,15 @@ void configureProtocolVersion(SSL_CTX* ctx, SSLContext::SSLVersion version) {
 SSLContext::SSLContext(SSLVersion version) {
   folly::ssl::init();
 
+  // version represents the desired minimum protocol version. Since TLS 1.2
+  // is currently set as the maximum protocol version, we can't allow a min
+  // version of TLS 1.3.
+  // TODO: Remove this error once the max is no longer limited to TLS 1.2.
+  if (version == SSLContext::SSLVersion::TLSv1_3) {
+    throw std::runtime_error(
+        "A minimum TLS version of TLS 1.3 is currently unsupported.");
+  }
+
   ctx_ = SSL_CTX_new(SSLv23_method());
   if (ctx_ == nullptr) {
     throw std::runtime_error("SSL_CTX_new: " + getErrors());

folly/io/async/SSLContext.h

@@ -94,6 +94,7 @@ class SSLContext {
     SSLv3,
     TLSv1, // support TLS 1.0+
     TLSv1_2, // support for only TLS 1.2+
+    TLSv1_3,
   };
 
   /**

folly/io/async/test/SSLContextTest.cpp

@@ -231,4 +231,8 @@ TEST_F(SSLContextTest, TestSetInvalidCiphersuite) {
       std::runtime_error);
 }
 #endif // FOLLY_OPENSSL_PREREQ(1, 1, 1)
+
+TEST_F(SSLContextTest, TestTLS13MinVersionThrow) {
+  EXPECT_THROW(SSLContext{SSLContext::SSLVersion::TLSv1_3}, std::runtime_error);
+}
 } // namespace folly