From 599c1f949b5058d7da5bf648de7741bb0c7c57b8 Mon Sep 17 00:00:00 2001
From: Tom Thorogood <me+github@tomthorogood.co.uk>
Date: Sun, 26 Mar 2017 21:26:40 +1030
Subject: [PATCH] crypto/tls: Don't advertise TLS 1.3-only cipher unless
 attempting TLS 1.3

---
 handshake_client.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/handshake_client.go b/handshake_client.go
index e64971d..4dce059 100644
--- a/handshake_client.go
+++ b/handshake_client.go
@@ -86,7 +86,12 @@ NextCipherSuite:
 			// Don't advertise TLS 1.2-only cipher suites unless
 			// we're attempting TLS 1.2.
 			if hello.vers < VersionTLS12 && suite.flags&suiteTLS12 != 0 {
-				continue
+				continue NextCipherSuite
+			}
+			// Don't advertise TLS 1.3-only cipher suites unless
+			// we're attempting TLS 1.3.
+			if hello.vers < VersionTLS13 && suite.flags&suiteTLS13 != 0 {
+				continue NextCipherSuite
 			}
 			hello.cipherSuites = append(hello.cipherSuites, suiteId)
 			continue NextCipherSuite