crypto/tls: support SSLv3

It would be nice not to have to support this since all the clients that we care about support TLSv1 by now. However, due to buggy implementations of SSLv3 on the Internet which can't do version negotiation correctly, browsers will sometimes switch to SSLv3. Since there's no good way for a browser tell a network problem from a buggy server, this downgrade can occur even if the server in question is actually working correctly. So we need to support SSLv3 for robustness :( Fixes #1703. R=bradfitz CC=golang-dev https://golang.org/cl/5018045
2025-12-08 06:10:04 +00:00 · 2011-09-14 15:32:19 -04:00 · 2011-09-14 15:32:19 -04:00 · a775fbf8a4
commit a775fbf8a4
parent 514c9243f2
12 changed files with 430 additions and 117 deletions
--- a/src/pkg/crypto/tls/common.go
+++ b/src/pkg/crypto/tls/common.go
@ -20,8 +20,11 @@ const (
 	recordHeaderLen = 5            // record header length
 	maxHandshake    = 65536        // maximum handshake we support (protocol max is 16 MB)

-	minVersion = 0x0301 // minimum supported version - TLS 1.0
-	maxVersion = 0x0301 // maximum supported version - TLS 1.0
+	versionSSL30 = 0x0300
+	versionTLS10 = 0x0301
+
+	minVersion = versionSSL30
+	maxVersion = versionTLS10
 )

 // TLS record types.