diff --git a/ssl/test/runner/handshake_client.go b/ssl/test/runner/handshake_client.go index f2cbbe48..3fa02dfb 100644 --- a/ssl/test/runner/handshake_client.go +++ b/ssl/test/runner/handshake_client.go @@ -184,13 +184,11 @@ NextCipherSuite: return unexpectedMessageError(serverHello, msg) } - vers, ok := c.config.mutualVersion(serverHello.vers) - if !ok || vers < VersionTLS10 { - // TLS 1.0 is the minimum version supported as a client. + c.vers, ok = c.config.mutualVersion(serverHello.vers) + if !ok { c.sendAlert(alertProtocolVersion) return fmt.Errorf("tls: server selected unsupported protocol version %x", serverHello.vers) } - c.vers = vers c.haveVers = true suite := mutualCipherSuite(c.config.cipherSuites(), serverHello.cipherSuite) diff --git a/ssl/test/runner/key_agreement.go b/ssl/test/runner/key_agreement.go index a678feed..2e2eff4a 100644 --- a/ssl/test/runner/key_agreement.go +++ b/ssl/test/runner/key_agreement.go @@ -87,10 +87,14 @@ func (ka rsaKeyAgreement) generateClientKeyExchange(config *Config, clientHello return nil, nil, err } ckx := new(clientKeyExchangeMsg) - ckx.ciphertext = make([]byte, len(encrypted)+2) - ckx.ciphertext[0] = byte(len(encrypted) >> 8) - ckx.ciphertext[1] = byte(len(encrypted)) - copy(ckx.ciphertext[2:], encrypted) + if clientHello.vers != VersionSSL30 { + ckx.ciphertext = make([]byte, len(encrypted)+2) + ckx.ciphertext[0] = byte(len(encrypted) >> 8) + ckx.ciphertext[1] = byte(len(encrypted)) + copy(ckx.ciphertext[2:], encrypted) + } else { + ckx.ciphertext = encrypted + } return preMasterSecret, ckx, nil } diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index 1d44f990..b39bcedf 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -755,26 +755,19 @@ func addCipherSuiteTests() { resumeSession: resumeSession, }) - // Go's TLS implementation implements SSLv3 as a server, - // but not as a client. - // - // TODO(davidben): Implement SSLv3 as a client too to - // exercise that code. - if ver.version != VersionSSL30 { - testCases = append(testCases, testCase{ - testType: serverTest, - name: ver.name + "-" + suite.name + "-server", - config: Config{ - MinVersion: ver.version, - MaxVersion: ver.version, - CipherSuites: []uint16{suite.id}, - Certificates: []Certificate{cert}, - }, - certFile: certFile, - keyFile: keyFile, - resumeSession: resumeSession, - }) - } + testCases = append(testCases, testCase{ + testType: serverTest, + name: ver.name + "-" + suite.name + "-server", + config: Config{ + MinVersion: ver.version, + MaxVersion: ver.version, + CipherSuites: []uint16{suite.id}, + Certificates: []Certificate{cert}, + }, + certFile: certFile, + keyFile: keyFile, + resumeSession: resumeSession, + }) // TODO(davidben): Fix DTLS 1.2 support and test that. if ver.version == VersionTLS10 && strings.Index(suite.name, "RC4") == -1 { @@ -1212,18 +1205,15 @@ func addVersionNegotiationTests() { expectedVersion: expectedVersion, }) - // TODO(davidben): Implement SSLv3 as a client in the runner. - if expectedVersion > VersionSSL30 { - testCases = append(testCases, testCase{ - testType: serverTest, - name: "VersionNegotiation-Server-" + suffix, - config: Config{ - MaxVersion: runnerVers.version, - }, - flags: flags, - expectedVersion: expectedVersion, - }) - } + testCases = append(testCases, testCase{ + testType: serverTest, + name: "VersionNegotiation-Server-" + suffix, + config: Config{ + MaxVersion: runnerVers.version, + }, + flags: flags, + expectedVersion: expectedVersion, + }) } } }