Cypherpunks repositories - gostls13.git/commit

author	Adam Langley <agl@golang.org>
	Thu, 26 Sep 2013 21:09:56 +0000 (17:09 -0400)
committer	Adam Langley <agl@golang.org>
	Thu, 26 Sep 2013 21:09:56 +0000 (17:09 -0400)
commit	f752484c7493bd55e19174418f5cd5abcb46e0e4
tree	ab70743df01451185bde5565160861f16a3ee8c0	tree
parent	649a2a9be550abdacdaf45a7ad778d4f0b1f299a	commit \| diff

crypto/tls: don't select TLS 1.2 cipher suites in prior versions.

AES-GCM cipher suites are only defined for TLS 1.2, although there's
nothing really version specific about them. However, development
versions of NSS (meaning Firefox and Chrome) have an issue where
they'll advertise TLS 1.2-only cipher suites in a TLS 1.1 ClientHello
but then balk when the server selects one.

This change causes Go clients not to advertise TLS 1.2 cipher suites
unless TLS 1.2 is being used, and prevents servers from selecting them
unless TLS 1.2 has been negotiated.

https://code.google.com/p/chromium/issues/detail?id=297151
https://bugzilla.mozilla.org/show_bug.cgi?id=919677

R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/13573047

src/pkg/crypto/tls/cipher_suites.go		diff \| blob \| history
src/pkg/crypto/tls/handshake_client.go		diff \| blob \| history
src/pkg/crypto/tls/handshake_server.go		diff \| blob \| history
src/pkg/crypto/tls/handshake_server_test.go		diff \| blob \| history