mirror of
https://github.com/golang/go.git
synced 2025-12-08 06:10:04 +00:00
crypto/tls: enable TLS_FALLBACK_SCSV in server with default max version
Fix TLS_FALLBACK_SCSV check when comparing the client version to the default max version. This enables the TLS_FALLBACK_SCSV check by default in servers that do not explicitly set a max version in the tls config. Change-Id: I5a51f9da6d71b79bc6c2ba45032be51d0f704b5e Reviewed-on: https://go-review.googlesource.com/1776 Reviewed-by: Adam Langley <agl@golang.org>
This commit is contained in:
Ben Burkert
Adam Langley
parent
8e0686a071
commit
1965b03584
2 changed files with 6 additions and 2 deletions
|
|
@ -716,8 +716,12 @@ func TestResumptionDisabled(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestFallbackSCSV(t *testing.T) {
|
||||
serverConfig := &Config{
|
||||
Certificates: testConfig.Certificates,
|
||||
}
|
||||
test := &serverTest{
|
||||
name: "FallbackSCSV",
|
||||
name: "FallbackSCSV",
|
||||
config: serverConfig,
|
||||
// OpenSSL 1.0.1j is needed for the -fallback_scsv option.
|
||||
command: []string{"openssl", "s_client", "-fallback_scsv"},
|
||||
expectHandshakeErrorIncluding: "inppropriate protocol fallback",
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue