Set default MinVersion of protocol to TLSv12

2018-03-27 15:50:10 +01:00 · 2018-03-27 15:50:10 +01:00 · 42d5f61fd6
commit 42d5f61fd6
parent c1206cd452
3 changed files with 12 additions and 6 deletions
--- a/common.go
+++ b/common.go
@ -39,7 +39,7 @@ const (
 	maxHandshake      = 65536        // maximum handshake we support (protocol max is 16 MB)
 	maxWarnAlertCount = 5            // maximum number of consecutive warning alerts

-	minVersion = VersionTLS10
+	minVersion = VersionTLS12
 	maxVersion = VersionTLS13Draft22
 )

--- a/example_test.go
+++ b/example_test.go
@ -115,7 +115,6 @@ func ExampleConfig_keyLogWriter_TLS12() {
 	// CLIENT_RANDOM 0000000000000000000000000000000000000000000000000000000000000000 baca0df460a688e44ce018b025183cc2353ae01f89755ef766eedd3ecc302888ee3b3a22962e45f48c20df15a98c0e80
 }

-
 func ExampleConfig_keyLogWriter_TLS13() {
 	// Debugging TLS applications by decrypting a network traffic capture.

@ -156,8 +155,8 @@ func ExampleConfig_keyLogWriter_TLS13() {
 	// preferences.

 	// Output:
-	// CLIENT_HANDSHAKE_TRAFFIC_SECRET 0000000000000000000000000000000000000000000000000000000000000000 dd81138732f799edb6fbc3d99132544d7f9cfa324e06a870f54dcf7ae514f07a
-	// SERVER_HANDSHAKE_TRAFFIC_SECRET 0000000000000000000000000000000000000000000000000000000000000000 7ded606632ac89e595f01a52228afe8e8f8833396ececf4e6e2196acda4a4eec
-	// SERVER_TRAFFIC_SECRET_0 0000000000000000000000000000000000000000000000000000000000000000 53f0129133343e630d989c0c8a30ca217d754f33e85787f07c06ebcfd3d333cb
-	// CLIENT_TRAFFIC_SECRET_0 0000000000000000000000000000000000000000000000000000000000000000 c388383316a48082800ca08f8b8348fbb9039bda7569d51a93b397c83044344e
+	// CLIENT_HANDSHAKE_TRAFFIC_SECRET 0000000000000000000000000000000000000000000000000000000000000000 ab02b68658d18ef1a4056b3094fe511b43084d40e9a6518753a7f832da724292
+	// SERVER_HANDSHAKE_TRAFFIC_SECRET 0000000000000000000000000000000000000000000000000000000000000000 d2e96648d170e2524bee07b651f4cca932a52247493ca33cc0714260a7424b2d
+	// SERVER_TRAFFIC_SECRET_0 0000000000000000000000000000000000000000000000000000000000000000 371fab23269e3cd73496e0e78f3dbc487f7cd5a563cc9f8c1a71be242268c375
+	// CLIENT_TRAFFIC_SECRET_0 0000000000000000000000000000000000000000000000000000000000000000 ca30484e48ec9a6f3b05b41c7492dbed8dea8e92d2abece2824a96052ac8ed8d
 }
--- a/handshake_server_test.go
+++ b/handshake_server_test.go
@ -340,9 +340,11 @@ func TestVersion(t *testing.T) {
 	serverConfig := &Config{
 		Certificates: testConfig.Certificates,
 		MaxVersion:   VersionTLS11,
+		MinVersion:   VersionTLS10,
 	}
 	clientConfig := &Config{
 		InsecureSkipVerify: true,
+		MinVersion:   VersionTLS10,
 	}
 	state, _, err := testHandshake(clientConfig, serverConfig)
 	if err != nil {
@ -358,10 +360,12 @@ func TestCipherSuitePreference(t *testing.T) {
 		CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA},
 		Certificates: testConfig.Certificates,
 		MaxVersion:   VersionTLS11,
+		MinVersion:   VersionTLS10,
 	}
 	clientConfig := &Config{
 		CipherSuites:       []uint16{TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_RC4_128_SHA},
 		InsecureSkipVerify: true,
+		MinVersion:   VersionTLS10,
 	}
 	state, _, err := testHandshake(clientConfig, serverConfig)
 	if err != nil {
@ -415,12 +419,14 @@ func TestCrossVersionResume(t *testing.T) {
 	serverConfig := &Config{
 		CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
 		Certificates: testConfig.Certificates,
+		MinVersion:   VersionTLS10,
 	}
 	clientConfig := &Config{
 		CipherSuites:       []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
 		InsecureSkipVerify: true,
 		ClientSessionCache: NewLRUClientSessionCache(1),
 		ServerName:         "servername",
+		MinVersion:   VersionTLS10,
 	}

 	// Establish a session at TLS 1.1.
@ -992,6 +998,7 @@ func TestResumptionDisabled(t *testing.T) {
 func TestFallbackSCSV(t *testing.T) {
 	serverConfig := Config{
 		Certificates: testConfig.Certificates,
+		MinVersion: VersionTLS10,
 	}
 	test := &serverTest{
 		name:   "FallbackSCSV",