@@ -81,7 +81,7 @@ func ExampleConfig_keyLogWriter_TLS12() { | |||||
// reproducible. | // reproducible. | ||||
server := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})) | server := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})) | ||||
server.TLS = &tls.Config{ | server.TLS = &tls.Config{ | ||||
Rand: zeroSource{}, // for example only; don't do this. | |||||
Rand: zeroSource{}, // for example only; don't do this. | |||||
MaxVersion: tls.VersionTLS12, | MaxVersion: tls.VersionTLS12, | ||||
} | } | ||||
server.StartTLS() | server.StartTLS() | ||||
@@ -681,7 +681,7 @@ func TestClientResumption(t *testing.T) { | |||||
ClientSessionCache: NewLRUClientSessionCache(32), | ClientSessionCache: NewLRUClientSessionCache(32), | ||||
RootCAs: rootCAs, | RootCAs: rootCAs, | ||||
ServerName: "example.golang", | ServerName: "example.golang", | ||||
MaxVersion: VersionTLS12, // Enforce TLSv1.2 | |||||
MaxVersion: VersionTLS12, // Enforce TLSv1.2 | |||||
} | } | ||||
testResumeState := func(test string, didResume bool) { | testResumeState := func(test string, didResume bool) { | ||||
@@ -41,24 +41,24 @@ type clientHelloMsg struct { | |||||
// Marshalling of signature_algorithms extension see https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 | // Marshalling of signature_algorithms extension see https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 | ||||
// for more details. Extension is serialized in data buffer | // for more details. Extension is serialized in data buffer | ||||
// Function advances data slice and returns it, so that it can be used for further processing | // Function advances data slice and returns it, so that it can be used for further processing | ||||
func marshallExtensionSignatureAlgorithms(data []byte, sigSchemes []SignatureScheme) ([]byte) { | |||||
data[0] = byte(extensionSignatureAlgorithms >> 8) | |||||
data[1] = byte(extensionSignatureAlgorithms) | |||||
l := 2 + 2*len(sigSchemes) | |||||
data[2] = byte(l >> 8) | |||||
data[3] = byte(l) | |||||
data = data[4:] | |||||
l -= 2 | |||||
data[0] = byte(l >> 8) | |||||
data[1] = byte(l) | |||||
data = data[2:] | |||||
for _, sigAlgo := range sigSchemes { | |||||
data[0] = byte(sigAlgo >> 8) | |||||
data[1] = byte(sigAlgo) | |||||
data = data[2:] | |||||
} | |||||
return data | |||||
func marshallExtensionSignatureAlgorithms(data []byte, sigSchemes []SignatureScheme) []byte { | |||||
data[0] = byte(extensionSignatureAlgorithms >> 8) | |||||
data[1] = byte(extensionSignatureAlgorithms) | |||||
l := 2 + 2*len(sigSchemes) | |||||
data[2] = byte(l >> 8) | |||||
data[3] = byte(l) | |||||
data = data[4:] | |||||
l -= 2 | |||||
data[0] = byte(l >> 8) | |||||
data[1] = byte(l) | |||||
data = data[2:] | |||||
for _, sigAlgo := range sigSchemes { | |||||
data[0] = byte(sigAlgo >> 8) | |||||
data[1] = byte(sigAlgo) | |||||
data = data[2:] | |||||
} | |||||
return data | |||||
} | } | ||||
// Unmrshalling of signature_algorithms extension see https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 | // Unmrshalling of signature_algorithms extension see https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 | ||||
@@ -197,9 +197,9 @@ func TestDontSelectRSAWithECDSAKey(t *testing.T) { | |||||
func TestRenegotiationExtension(t *testing.T) { | func TestRenegotiationExtension(t *testing.T) { | ||||
clientHello := &clientHelloMsg{ | clientHello := &clientHelloMsg{ | ||||
vers: VersionTLS12, | |||||
compressionMethods: []uint8{compressionNone}, | |||||
random: make([]byte, 32), | |||||
vers: VersionTLS12, | |||||
compressionMethods: []uint8{compressionNone}, | |||||
random: make([]byte, 32), | |||||
secureRenegotiationSupported: true, | secureRenegotiationSupported: true, | ||||
cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA}, | cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA}, | ||||
} | } | ||||
@@ -344,7 +344,7 @@ func TestVersion(t *testing.T) { | |||||
} | } | ||||
clientConfig := &Config{ | clientConfig := &Config{ | ||||
InsecureSkipVerify: true, | InsecureSkipVerify: true, | ||||
MinVersion: VersionTLS10, | |||||
MinVersion: VersionTLS10, | |||||
} | } | ||||
state, _, err := testHandshake(clientConfig, serverConfig) | state, _, err := testHandshake(clientConfig, serverConfig) | ||||
if err != nil { | if err != nil { | ||||
@@ -365,7 +365,7 @@ func TestCipherSuitePreference(t *testing.T) { | |||||
clientConfig := &Config{ | clientConfig := &Config{ | ||||
CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_RC4_128_SHA}, | CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_RC4_128_SHA}, | ||||
InsecureSkipVerify: true, | InsecureSkipVerify: true, | ||||
MinVersion: VersionTLS10, | |||||
MinVersion: VersionTLS10, | |||||
} | } | ||||
state, _, err := testHandshake(clientConfig, serverConfig) | state, _, err := testHandshake(clientConfig, serverConfig) | ||||
if err != nil { | if err != nil { | ||||
@@ -426,7 +426,7 @@ func TestCrossVersionResume(t *testing.T) { | |||||
InsecureSkipVerify: true, | InsecureSkipVerify: true, | ||||
ClientSessionCache: NewLRUClientSessionCache(1), | ClientSessionCache: NewLRUClientSessionCache(1), | ||||
ServerName: "servername", | ServerName: "servername", | ||||
MinVersion: VersionTLS10, | |||||
MinVersion: VersionTLS10, | |||||
} | } | ||||
// Establish a session at TLS 1.1. | // Establish a session at TLS 1.1. | ||||
@@ -998,13 +998,13 @@ func TestResumptionDisabled(t *testing.T) { | |||||
func TestFallbackSCSV(t *testing.T) { | func TestFallbackSCSV(t *testing.T) { | ||||
serverConfig := Config{ | serverConfig := Config{ | ||||
Certificates: testConfig.Certificates, | Certificates: testConfig.Certificates, | ||||
MinVersion: VersionTLS10, | |||||
MinVersion: VersionTLS10, | |||||
} | } | ||||
test := &serverTest{ | test := &serverTest{ | ||||
name: "FallbackSCSV", | name: "FallbackSCSV", | ||||
config: &serverConfig, | config: &serverConfig, | ||||
// OpenSSL 1.0.1j is needed for the -fallback_scsv option. | // OpenSSL 1.0.1j is needed for the -fallback_scsv option. | ||||
command: []string{"openssl", "s_client", "-fallback_scsv"}, | |||||
command: []string{"openssl", "s_client", "-fallback_scsv"}, | |||||
expectHandshakeErrorIncluding: "inappropriate protocol fallback", | expectHandshakeErrorIncluding: "inappropriate protocol fallback", | ||||
} | } | ||||
runServerTestTLS11(t, test) | runServerTestTLS11(t, test) | ||||