jaykishan mutkawoa jaykishanmutkawoa

## gist:9e8353f3db748f1e0578c41d723266b6
The OpenSSL was compiled accordingly.

==============
[root@TLS1-3 curl]# openssl version
OpenSSL 1.1.1-pre8 (beta) 20 Jun 2018
=============


PHP was also compiled.

## gist:c7dea04d9dbe9441168a822b84d67799
--- SSLSocket.c.orig    2018-03-18 01:35:55.748629591 -0400
+++ SSLSocket.c 2018-03-18 01:46:42.564598773 -0400
@@ -264,6 +264,9 @@ char* SSLSocket_get_version_string(int v
 #if defined(TLS3_VERSION)
                { TLS3_VERSION, "TLS 1.2" },
 #endif
+#if defined(TLS4_VERSION)
+               { TLS4_VERSION, "TLS 1.3" },
+#endif
        };

## adding tls 1.3
root@Socat-TLS-Client:~/tls13_new/socat-1.7.3.2# diff -uNp sslcls.c.orig sslcls.c
--- sslcls.c.orig       2018-03-17 10:47:30.239634794 -0400
+++ sslcls.c    2018-03-17 04:40:53.144981137 -0400
@@ -147,6 +147,26 @@ const SSL_METHOD *sycTLSv1_2_server_meth
 }
 #endif

+#if HAVE_TLSv1_3_client_method
+const SSL_METHOD *sycTLSv1_3_client_method(void) {
+   const SSL_METHOD *result;

## gist:3d8f27fedceda7464d7a1f15381aa172
On server
socat OPENSSL-LISTEN:443,reuseaddr,cert=/etc/server.pem,cafile=/etc/client.crt echo

On client
socat stdio OPENSSL-CONNECT:Socat-TLS-Server:443,cert=/etc/client.pem,cafile=/etc/server.crt

Wirehark was launched, and we can noticed the tls 1.2 handshake

## gist:c97f5d67ded592f6ad04389a3ade623e
Stunnel running without the patch.

1. My stunnel.conf
=============================================================================================
[root@localhost ~]# cat /etc/stunnel/stunnel.conf
chroot = /var/run/stunnel
setuid = stunnel
setgid = stunnel
pid = /stunnel.pid
debug = 7

## gist:8b439876a808ec0fe5061b61d329d2ea
1.The stunnel beta version was compiled with openssl-dev 1.1

[root@localhost stunnel-5.43]# /usr/local/bin/stunnel version
[ ] Clients allowed=500
[.] stunnel 5.43 on x86_64-pc-linux-gnu platform
[.] Compiled/running with OpenSSL 1.1.1-dev  xx XXX xxxx
[.] Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI
[ ] errno: (*__errno_location ())

2.My stunnel configuration as follows:
	The OpenSSL was compiled accordingly.

	==============
	[root@TLS1-3 curl]# openssl version
	OpenSSL 1.1.1-pre8 (beta) 20 Jun 2018
	=============


	PHP was also compiled.
	--- SSLSocket.c.orig 2018-03-18 01:35:55.748629591 -0400
	+++ SSLSocket.c 2018-03-18 01:46:42.564598773 -0400
	@@ -264,6 +264,9 @@ char* SSLSocket_get_version_string(int v
	#if defined(TLS3_VERSION)
	{ TLS3_VERSION, "TLS 1.2" },
	#endif
	+#if defined(TLS4_VERSION)
	+ { TLS4_VERSION, "TLS 1.3" },
	+#endif
	};
	root@Socat-TLS-Client:~/tls13_new/socat-1.7.3.2# diff -uNp sslcls.c.orig sslcls.c
	--- sslcls.c.orig 2018-03-17 10:47:30.239634794 -0400
	+++ sslcls.c 2018-03-17 04:40:53.144981137 -0400
	@@ -147,6 +147,26 @@ const SSL_METHOD *sycTLSv1_2_server_meth
	}
	#endif

	+#if HAVE_TLSv1_3_client_method
	+const SSL_METHOD *sycTLSv1_3_client_method(void) {
	+ const SSL_METHOD *result;
	On server
	socat OPENSSL-LISTEN:443,reuseaddr,cert=/etc/server.pem,cafile=/etc/client.crt echo

	On client
	socat stdio OPENSSL-CONNECT:Socat-TLS-Server:443,cert=/etc/client.pem,cafile=/etc/server.crt

	Wirehark was launched, and we can noticed the tls 1.2 handshake
	Stunnel running without the patch.

	1. My stunnel.conf
	=============================================================================================
	[root@localhost ~]# cat /etc/stunnel/stunnel.conf
	chroot = /var/run/stunnel
	setuid = stunnel
	setgid = stunnel
	pid = /stunnel.pid
	debug = 7
	1.The stunnel beta version was compiled with openssl-dev 1.1

	[root@localhost stunnel-5.43]# /usr/local/bin/stunnel version
	[ ] Clients allowed=500
	[.] stunnel 5.43 on x86_64-pc-linux-gnu platform
	[.] Compiled/running with OpenSSL 1.1.1-dev xx XXX xxxx
	[.] Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI
	[ ] errno: (*__errno_location ())

	2.My stunnel configuration as follows: