Description
Problem:
Our code currently uses a mix of ">= S2N_TLS13" and "== S2N_TLS13" checks. I would like to argue for switching all of the "=="s over to ">=": I believe "==" is shortsighted and will inevitably cause future developers pain.
When implementing TLS1.3, we have repeatedly run into problems because of "== S2N_TLS12" checks. We expect TLS1.3 code to behave like TLS1.2 code unless we specify otherwise, not like TLS1.1 code. Code regressing to pre-TLS1.2 because we raise the protocol version causes unexpected and sometimes difficult to diagnose issues (and could unexpectedly re-introduce vulnerabilities). It is unintuitive for code to default to the oldest implementation instead of the newest implementation. When we add a hypothetical TLS1.4, it is FAR more likely to build off of TLS1.3 than off of TLS1.1 or TLS1.0.
Examples of pain with "== S2N_TLS12":
- We had a fun bug with transcript hashes caused by a "== S2N_TLS12" check: s2n can't self-talk #1545
- Nicole had to correct MANY "== S2N_TLS12" checks when working on Client Auth because the cert code was updated between 1.1 and 1.2.
Proposed Solution:
- Find all "== S2N_TLS13" references and update them to ">= S2N_TLS13".
- Preemptively update any remaining "== S2N_TLS12" (I checked-- most of them look like they're in files that TLS1.3 no longer uses, but updating them won't hurt).
- Possibly add some code to our simple mistakes grepping script to check for "== S2N_TLS[0-9]+".