@@ -39,7 +39,7 @@ const ( | |||||
maxHandshake = 65536 // maximum handshake we support (protocol max is 16 MB) | maxHandshake = 65536 // maximum handshake we support (protocol max is 16 MB) | ||||
maxWarnAlertCount = 5 // maximum number of consecutive warning alerts | maxWarnAlertCount = 5 // maximum number of consecutive warning alerts | ||||
minVersion = VersionTLS10 | |||||
minVersion = VersionTLS12 | |||||
maxVersion = VersionTLS13Draft22 | maxVersion = VersionTLS13Draft22 | ||||
) | ) | ||||
@@ -115,7 +115,6 @@ func ExampleConfig_keyLogWriter_TLS12() { | |||||
// CLIENT_RANDOM 0000000000000000000000000000000000000000000000000000000000000000 baca0df460a688e44ce018b025183cc2353ae01f89755ef766eedd3ecc302888ee3b3a22962e45f48c20df15a98c0e80 | // CLIENT_RANDOM 0000000000000000000000000000000000000000000000000000000000000000 baca0df460a688e44ce018b025183cc2353ae01f89755ef766eedd3ecc302888ee3b3a22962e45f48c20df15a98c0e80 | ||||
} | } | ||||
func ExampleConfig_keyLogWriter_TLS13() { | func ExampleConfig_keyLogWriter_TLS13() { | ||||
// Debugging TLS applications by decrypting a network traffic capture. | // Debugging TLS applications by decrypting a network traffic capture. | ||||
@@ -156,8 +155,8 @@ func ExampleConfig_keyLogWriter_TLS13() { | |||||
// preferences. | // preferences. | ||||
// Output: | // Output: | ||||
// CLIENT_HANDSHAKE_TRAFFIC_SECRET 0000000000000000000000000000000000000000000000000000000000000000 dd81138732f799edb6fbc3d99132544d7f9cfa324e06a870f54dcf7ae514f07a | |||||
// SERVER_HANDSHAKE_TRAFFIC_SECRET 0000000000000000000000000000000000000000000000000000000000000000 7ded606632ac89e595f01a52228afe8e8f8833396ececf4e6e2196acda4a4eec | |||||
// SERVER_TRAFFIC_SECRET_0 0000000000000000000000000000000000000000000000000000000000000000 53f0129133343e630d989c0c8a30ca217d754f33e85787f07c06ebcfd3d333cb | |||||
// CLIENT_TRAFFIC_SECRET_0 0000000000000000000000000000000000000000000000000000000000000000 c388383316a48082800ca08f8b8348fbb9039bda7569d51a93b397c83044344e | |||||
// CLIENT_HANDSHAKE_TRAFFIC_SECRET 0000000000000000000000000000000000000000000000000000000000000000 ab02b68658d18ef1a4056b3094fe511b43084d40e9a6518753a7f832da724292 | |||||
// SERVER_HANDSHAKE_TRAFFIC_SECRET 0000000000000000000000000000000000000000000000000000000000000000 d2e96648d170e2524bee07b651f4cca932a52247493ca33cc0714260a7424b2d | |||||
// SERVER_TRAFFIC_SECRET_0 0000000000000000000000000000000000000000000000000000000000000000 371fab23269e3cd73496e0e78f3dbc487f7cd5a563cc9f8c1a71be242268c375 | |||||
// CLIENT_TRAFFIC_SECRET_0 0000000000000000000000000000000000000000000000000000000000000000 ca30484e48ec9a6f3b05b41c7492dbed8dea8e92d2abece2824a96052ac8ed8d | |||||
} | } |
@@ -340,9 +340,11 @@ func TestVersion(t *testing.T) { | |||||
serverConfig := &Config{ | serverConfig := &Config{ | ||||
Certificates: testConfig.Certificates, | Certificates: testConfig.Certificates, | ||||
MaxVersion: VersionTLS11, | MaxVersion: VersionTLS11, | ||||
MinVersion: VersionTLS10, | |||||
} | } | ||||
clientConfig := &Config{ | clientConfig := &Config{ | ||||
InsecureSkipVerify: true, | InsecureSkipVerify: true, | ||||
MinVersion: VersionTLS10, | |||||
} | } | ||||
state, _, err := testHandshake(clientConfig, serverConfig) | state, _, err := testHandshake(clientConfig, serverConfig) | ||||
if err != nil { | if err != nil { | ||||
@@ -358,10 +360,12 @@ func TestCipherSuitePreference(t *testing.T) { | |||||
CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA}, | CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA}, | ||||
Certificates: testConfig.Certificates, | Certificates: testConfig.Certificates, | ||||
MaxVersion: VersionTLS11, | MaxVersion: VersionTLS11, | ||||
MinVersion: VersionTLS10, | |||||
} | } | ||||
clientConfig := &Config{ | clientConfig := &Config{ | ||||
CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_RC4_128_SHA}, | CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_RC4_128_SHA}, | ||||
InsecureSkipVerify: true, | InsecureSkipVerify: true, | ||||
MinVersion: VersionTLS10, | |||||
} | } | ||||
state, _, err := testHandshake(clientConfig, serverConfig) | state, _, err := testHandshake(clientConfig, serverConfig) | ||||
if err != nil { | if err != nil { | ||||
@@ -415,12 +419,14 @@ func TestCrossVersionResume(t *testing.T) { | |||||
serverConfig := &Config{ | serverConfig := &Config{ | ||||
CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA}, | CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA}, | ||||
Certificates: testConfig.Certificates, | Certificates: testConfig.Certificates, | ||||
MinVersion: VersionTLS10, | |||||
} | } | ||||
clientConfig := &Config{ | clientConfig := &Config{ | ||||
CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA}, | CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA}, | ||||
InsecureSkipVerify: true, | InsecureSkipVerify: true, | ||||
ClientSessionCache: NewLRUClientSessionCache(1), | ClientSessionCache: NewLRUClientSessionCache(1), | ||||
ServerName: "servername", | ServerName: "servername", | ||||
MinVersion: VersionTLS10, | |||||
} | } | ||||
// Establish a session at TLS 1.1. | // Establish a session at TLS 1.1. | ||||
@@ -992,6 +998,7 @@ func TestResumptionDisabled(t *testing.T) { | |||||
func TestFallbackSCSV(t *testing.T) { | func TestFallbackSCSV(t *testing.T) { | ||||
serverConfig := Config{ | serverConfig := Config{ | ||||
Certificates: testConfig.Certificates, | Certificates: testConfig.Certificates, | ||||
MinVersion: VersionTLS10, | |||||
} | } | ||||
test := &serverTest{ | test := &serverTest{ | ||||
name: "FallbackSCSV", | name: "FallbackSCSV", | ||||