crypto/tls: Don't advertise TLS 1.3-only cipher unless attempting TLS 1.3

This commit is contained in:
Tom Thorogood 2017-03-26 21:26:40 +10:30 committed by Peter Wu
parent 3107d575a8
commit 599c1f949b

View File

@ -86,7 +86,12 @@ NextCipherSuite:
// Don't advertise TLS 1.2-only cipher suites unless // Don't advertise TLS 1.2-only cipher suites unless
// we're attempting TLS 1.2. // we're attempting TLS 1.2.
if hello.vers < VersionTLS12 && suite.flags&suiteTLS12 != 0 { if hello.vers < VersionTLS12 && suite.flags&suiteTLS12 != 0 {
continue continue NextCipherSuite
}
// Don't advertise TLS 1.3-only cipher suites unless
// we're attempting TLS 1.3.
if hello.vers < VersionTLS13 && suite.flags&suiteTLS13 != 0 {
continue NextCipherSuite
} }
hello.cipherSuites = append(hello.cipherSuites, suiteId) hello.cipherSuites = append(hello.cipherSuites, suiteId)
continue NextCipherSuite continue NextCipherSuite