crypto/tls: implement TLS 1.3 version negotiation - go - Fork of Go programming language with my patches.

diff options

author	Filippo Valsorda <filippo@golang.org>	2018-10-31 09:34:10 -0400
committer	Filippo Valsorda <filippo@golang.org>	2018-11-02 22:05:06 +0000
commit	7f5dce08ad77519bfea58880492e1d290cd13cb0 (patch)
tree	a72ef5006dace9ac6c6cc95e9099cd417537f3c6 /src/crypto/tls/testdata/Server-TLSv12-RSA-RSAPSS
parent	0663fe9862951a52cc67e3af8213ee99b76297e0 (diff)
download	go-7f5dce08ad77519bfea58880492e1d290cd13cb0.tar.xz

crypto/tls: implement TLS 1.3 version negotiation

RFC 8446 recommends using the supported_versions extension to negotiate lower versions as well, so begin by implementing it to negotiate the currently supported versions. Note that pickTLSVersion was incorrectly negotiating the ServerHello version down on the client. If the server had illegally sent a version higher than the ClientHello version, the client would have just downgraded it, hopefully failing later in the handshake. In TestGetConfigForClient, we were hitting the record version check because the server would select TLS 1.1, the handshake would fail on the client which required TLS 1.2, which would then send a TLS 1.0 record header on its fatal alert (not having negotiated a version), while the server would expect a TLS 1.1 header at that point. Now, the client gets to communicate the minimum version through the extension and the handshake fails on the server. Updates #9671 Change-Id: Ie33c7124c0c769f62e10baad51cbed745c424e5b Reviewed-on: https://go-review.googlesource.com/c/146217 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Adam Langley <agl@golang.org>

Diffstat (limited to 'src/crypto/tls/testdata/Server-TLSv12-RSA-RSAPSS')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: