crypto/tls: support TLS 1.1.

The significant change between TLS 1.0 and 1.1 is the addition of an explicit IV in the case of CBC encrypted records. Support for TLS 1.1 is needed in order to support TLS 1.2. R=golang-dev, bradfitz CC=golang-dev https://golang.org/cl/7880043
2025-12-08 06:10:04 +00:00 · 2013-06-04 20:02:22 -04:00 · 2013-06-04 20:02:22 -04:00 · 2112fed743
commit 2112fed743
parent eec014de66
12 changed files with 587 additions and 67 deletions
--- a/src/pkg/crypto/tls/handshake_client.go
+++ b/src/pkg/crypto/tls/handshake_client.go
@ -16,14 +16,14 @@ import (
 )

 func (c *Conn) clientHandshake() error {
-	finishedHash := newFinishedHash(versionTLS10)
+	finishedHash := newFinishedHash(VersionTLS10)

 	if c.config == nil {
 		c.config = defaultConfig()
 	}

 	hello := &clientHelloMsg{
-		vers:               maxVersion,
+		vers:               c.config.maxVersion(),
 		cipherSuites:       c.config.cipherSuites(),
 		compressionMethods: []uint8{compressionNone},
 		random:             make([]byte, 32),
@ -58,8 +58,8 @@ func (c *Conn) clientHandshake() error {
 	}
 	finishedHash.Write(serverHello.marshal())

-	vers, ok := mutualVersion(serverHello.vers)
-	if !ok || vers < versionTLS10 {
+	vers, ok := c.config.mutualVersion(serverHello.vers)
+	if !ok || vers < VersionTLS10 {
 		// TLS 1.0 is the minimum version supported as a client.
 		return c.sendAlert(alertProtocolVersion)
 	}