kris/th5
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

crypto/tls: Don't advertise TLS 1.3-only cipher unless attempting TLS 1.3

Browse Source
This commit is contained in:
Tom Thorogood 2017-03-26 21:26:40 +10:30 committed by Peter Wu
parent 3107d575a8
commit 599c1f949b
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
handshake_client.go
View File

@ -86,7 +86,12 @@ NextCipherSuite:
// Don't advertise TLS 1.2-only cipher suites unless // Don't advertise TLS 1.2-only cipher suites unless
// we're attempting TLS 1.2. // we're attempting TLS 1.2.
if hello.vers < VersionTLS12 && suite.flags&suiteTLS12 != 0 { if hello.vers < VersionTLS12 && suite.flags&suiteTLS12 != 0 {
continue continue NextCipherSuite
}
// Don't advertise TLS 1.3-only cipher suites unless
// we're attempting TLS 1.3.
if hello.vers < VersionTLS13 && suite.flags&suiteTLS13 != 0 {
continue NextCipherSuite
} }
hello.cipherSuites = append(hello.cipherSuites, suiteId) hello.cipherSuites = append(hello.cipherSuites, suiteId)
continue NextCipherSuite continue NextCipherSuite