crypto/tls: have servers prefer TLS 1.3 when supported - go - Fork of Go programming language with my patches.

diff options

author	Daniel McCarney <daniel@binaryparadox.net>	2025-05-15 13:41:14 -0400
committer	Gopher Robot <gobot@golang.org>	2025-05-21 12:17:01 -0700
commit	a21b71daf57a54a12c2aedff0fba0860fa977590 (patch)
tree	7a3c34843f27ee5626291b2a37643af2d38ca4f9 /test/codegen
parent	c5a1fc1f97b4b6b384a9852d96a77868e0f5e6a9 (diff)
download	go-a21b71daf57a54a12c2aedff0fba0860fa977590.tar.xz

crypto/tls: have servers prefer TLS 1.3 when supported

Previously the common Config.mutualVersion() code prioritized the selected version based on the provided peerVersions being sent in peer preference order. Instead we would prefer to see TLS 1.3 used whenever it is supported, even if the peer would prefer an older protocol version. This commit updates mutualVersions() to implement this policy change. Our new behaviour matches the behaviour of other TLS stacks, notably BoringSSL, and so also allows enabling the IgnoreClientVersionOrder BoGo test that we otherwise must skip. Updates #72006 Change-Id: I27a2cd231e4b8762b0d9e2dbd3d8ddd5b87fd5cb Reviewed-on: https://go-review.googlesource.com/c/go/+/673236 Auto-Submit: Daniel McCarney <daniel@binaryparadox.net> TryBot-Bypass: Daniel McCarney <daniel@binaryparadox.net> Reviewed-by: David Chase <drchase@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org>

Diffstat (limited to 'test/codegen')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: