@@ -81,7 +81,7 @@ func ExampleConfig_keyLogWriter_TLS12() { | |||
// reproducible. | |||
server := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})) | |||
server.TLS = &tls.Config{ | |||
Rand: zeroSource{}, // for example only; don't do this. | |||
Rand: zeroSource{}, // for example only; don't do this. | |||
MaxVersion: tls.VersionTLS12, | |||
} | |||
server.StartTLS() | |||
@@ -681,7 +681,7 @@ func TestClientResumption(t *testing.T) { | |||
ClientSessionCache: NewLRUClientSessionCache(32), | |||
RootCAs: rootCAs, | |||
ServerName: "example.golang", | |||
MaxVersion: VersionTLS12, // Enforce TLSv1.2 | |||
MaxVersion: VersionTLS12, // Enforce TLSv1.2 | |||
} | |||
testResumeState := func(test string, didResume bool) { | |||
@@ -41,24 +41,24 @@ type clientHelloMsg struct { | |||
// Marshalling of signature_algorithms extension see https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 | |||
// for more details. Extension is serialized in data buffer | |||
// Function advances data slice and returns it, so that it can be used for further processing | |||
func marshallExtensionSignatureAlgorithms(data []byte, sigSchemes []SignatureScheme) ([]byte) { | |||
data[0] = byte(extensionSignatureAlgorithms >> 8) | |||
data[1] = byte(extensionSignatureAlgorithms) | |||
l := 2 + 2*len(sigSchemes) | |||
data[2] = byte(l >> 8) | |||
data[3] = byte(l) | |||
data = data[4:] | |||
l -= 2 | |||
data[0] = byte(l >> 8) | |||
data[1] = byte(l) | |||
data = data[2:] | |||
for _, sigAlgo := range sigSchemes { | |||
data[0] = byte(sigAlgo >> 8) | |||
data[1] = byte(sigAlgo) | |||
data = data[2:] | |||
} | |||
return data | |||
func marshallExtensionSignatureAlgorithms(data []byte, sigSchemes []SignatureScheme) []byte { | |||
data[0] = byte(extensionSignatureAlgorithms >> 8) | |||
data[1] = byte(extensionSignatureAlgorithms) | |||
l := 2 + 2*len(sigSchemes) | |||
data[2] = byte(l >> 8) | |||
data[3] = byte(l) | |||
data = data[4:] | |||
l -= 2 | |||
data[0] = byte(l >> 8) | |||
data[1] = byte(l) | |||
data = data[2:] | |||
for _, sigAlgo := range sigSchemes { | |||
data[0] = byte(sigAlgo >> 8) | |||
data[1] = byte(sigAlgo) | |||
data = data[2:] | |||
} | |||
return data | |||
} | |||
// Unmrshalling of signature_algorithms extension see https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 | |||
@@ -197,9 +197,9 @@ func TestDontSelectRSAWithECDSAKey(t *testing.T) { | |||
func TestRenegotiationExtension(t *testing.T) { | |||
clientHello := &clientHelloMsg{ | |||
vers: VersionTLS12, | |||
compressionMethods: []uint8{compressionNone}, | |||
random: make([]byte, 32), | |||
vers: VersionTLS12, | |||
compressionMethods: []uint8{compressionNone}, | |||
random: make([]byte, 32), | |||
secureRenegotiationSupported: true, | |||
cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA}, | |||
} | |||
@@ -344,7 +344,7 @@ func TestVersion(t *testing.T) { | |||
} | |||
clientConfig := &Config{ | |||
InsecureSkipVerify: true, | |||
MinVersion: VersionTLS10, | |||
MinVersion: VersionTLS10, | |||
} | |||
state, _, err := testHandshake(clientConfig, serverConfig) | |||
if err != nil { | |||
@@ -365,7 +365,7 @@ func TestCipherSuitePreference(t *testing.T) { | |||
clientConfig := &Config{ | |||
CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_RC4_128_SHA}, | |||
InsecureSkipVerify: true, | |||
MinVersion: VersionTLS10, | |||
MinVersion: VersionTLS10, | |||
} | |||
state, _, err := testHandshake(clientConfig, serverConfig) | |||
if err != nil { | |||
@@ -426,7 +426,7 @@ func TestCrossVersionResume(t *testing.T) { | |||
InsecureSkipVerify: true, | |||
ClientSessionCache: NewLRUClientSessionCache(1), | |||
ServerName: "servername", | |||
MinVersion: VersionTLS10, | |||
MinVersion: VersionTLS10, | |||
} | |||
// Establish a session at TLS 1.1. | |||
@@ -998,13 +998,13 @@ func TestResumptionDisabled(t *testing.T) { | |||
func TestFallbackSCSV(t *testing.T) { | |||
serverConfig := Config{ | |||
Certificates: testConfig.Certificates, | |||
MinVersion: VersionTLS10, | |||
MinVersion: VersionTLS10, | |||
} | |||
test := &serverTest{ | |||
name: "FallbackSCSV", | |||
config: &serverConfig, | |||
// OpenSSL 1.0.1j is needed for the -fallback_scsv option. | |||
command: []string{"openssl", "s_client", "-fallback_scsv"}, | |||
command: []string{"openssl", "s_client", "-fallback_scsv"}, | |||
expectHandshakeErrorIncluding: "inappropriate protocol fallback", | |||
} | |||
runServerTestTLS11(t, test) | |||