crypto/tls: check that client cipher suite matches version

handshake_client.go

@@ -186,6 +186,12 @@ NextCipherSuite:
 		c.sendAlert(alertHandshakeFailure)
 		return errors.New("tls: server chose an unconfigured cipher suite")
 	}
+	// Check that the chosen cipher suite matches the protocol version.
+	if c.vers >= VersionTLS13 && suite.flags&suiteTLS13 == 0 ||
+		c.vers < VersionTLS13 && suite.flags&suiteTLS13 != 0 {
+		c.sendAlert(alertHandshakeFailure)
+		return errors.New("tls: server chose an inappropriate cipher suite")
+	}
 
 	hs := &clientHandshakeState{
 		c:            c,