diff --git a/common.go b/common.go index 986b917..22d75f2 100644 --- a/common.go +++ b/common.go @@ -39,7 +39,7 @@ const ( maxHandshake = 65536 // maximum handshake we support (protocol max is 16 MB) maxWarnAlertCount = 5 // maximum number of consecutive warning alerts - minVersion = VersionTLS10 + minVersion = VersionTLS12 maxVersion = VersionTLS13Draft22 ) diff --git a/example_test.go b/example_test.go index 5b4106f..ae5263c 100644 --- a/example_test.go +++ b/example_test.go @@ -115,7 +115,6 @@ func ExampleConfig_keyLogWriter_TLS12() { // CLIENT_RANDOM 0000000000000000000000000000000000000000000000000000000000000000 baca0df460a688e44ce018b025183cc2353ae01f89755ef766eedd3ecc302888ee3b3a22962e45f48c20df15a98c0e80 } - func ExampleConfig_keyLogWriter_TLS13() { // Debugging TLS applications by decrypting a network traffic capture. @@ -156,8 +155,8 @@ func ExampleConfig_keyLogWriter_TLS13() { // preferences. // Output: - // CLIENT_HANDSHAKE_TRAFFIC_SECRET 0000000000000000000000000000000000000000000000000000000000000000 dd81138732f799edb6fbc3d99132544d7f9cfa324e06a870f54dcf7ae514f07a - // SERVER_HANDSHAKE_TRAFFIC_SECRET 0000000000000000000000000000000000000000000000000000000000000000 7ded606632ac89e595f01a52228afe8e8f8833396ececf4e6e2196acda4a4eec - // SERVER_TRAFFIC_SECRET_0 0000000000000000000000000000000000000000000000000000000000000000 53f0129133343e630d989c0c8a30ca217d754f33e85787f07c06ebcfd3d333cb - // CLIENT_TRAFFIC_SECRET_0 0000000000000000000000000000000000000000000000000000000000000000 c388383316a48082800ca08f8b8348fbb9039bda7569d51a93b397c83044344e + // CLIENT_HANDSHAKE_TRAFFIC_SECRET 0000000000000000000000000000000000000000000000000000000000000000 ab02b68658d18ef1a4056b3094fe511b43084d40e9a6518753a7f832da724292 + // SERVER_HANDSHAKE_TRAFFIC_SECRET 0000000000000000000000000000000000000000000000000000000000000000 d2e96648d170e2524bee07b651f4cca932a52247493ca33cc0714260a7424b2d + // SERVER_TRAFFIC_SECRET_0 0000000000000000000000000000000000000000000000000000000000000000 371fab23269e3cd73496e0e78f3dbc487f7cd5a563cc9f8c1a71be242268c375 + // CLIENT_TRAFFIC_SECRET_0 0000000000000000000000000000000000000000000000000000000000000000 ca30484e48ec9a6f3b05b41c7492dbed8dea8e92d2abece2824a96052ac8ed8d } diff --git a/handshake_server_test.go b/handshake_server_test.go index 7ff06eb..e97169a 100644 --- a/handshake_server_test.go +++ b/handshake_server_test.go @@ -340,9 +340,11 @@ func TestVersion(t *testing.T) { serverConfig := &Config{ Certificates: testConfig.Certificates, MaxVersion: VersionTLS11, + MinVersion: VersionTLS10, } clientConfig := &Config{ InsecureSkipVerify: true, + MinVersion: VersionTLS10, } state, _, err := testHandshake(clientConfig, serverConfig) if err != nil { @@ -358,10 +360,12 @@ func TestCipherSuitePreference(t *testing.T) { CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA}, Certificates: testConfig.Certificates, MaxVersion: VersionTLS11, + MinVersion: VersionTLS10, } clientConfig := &Config{ CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_RC4_128_SHA}, InsecureSkipVerify: true, + MinVersion: VersionTLS10, } state, _, err := testHandshake(clientConfig, serverConfig) if err != nil { @@ -415,12 +419,14 @@ func TestCrossVersionResume(t *testing.T) { serverConfig := &Config{ CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA}, Certificates: testConfig.Certificates, + MinVersion: VersionTLS10, } clientConfig := &Config{ CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA}, InsecureSkipVerify: true, ClientSessionCache: NewLRUClientSessionCache(1), ServerName: "servername", + MinVersion: VersionTLS10, } // Establish a session at TLS 1.1. @@ -992,6 +998,7 @@ func TestResumptionDisabled(t *testing.T) { func TestFallbackSCSV(t *testing.T) { serverConfig := Config{ Certificates: testConfig.Certificates, + MinVersion: VersionTLS10, } test := &serverTest{ name: "FallbackSCSV",