crypto/tls: fix cipher suite check when doing 0-RTT resumption

Change-Id: Ia50898308b80149f862457f9cd9f1123da4e6b6f
Reviewed-on: https://go-review.googlesource.com/c/go/+/498215
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Macrombi Lux <macrentals502@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Run-TryBot: Filippo Valsorda <filippo@golang.org>

diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go
index 44949c8a225528c187c67bee2c79803d8e3a3ca5..2ea74c54945003ef8cd55e58a00c677781228316 100644 (file)
--- a/src/crypto/tls/handshake_client.go
+++ b/src/crypto/tls/handshake_client.go
@@ -376,7 +376,7 @@ func (c *Conn) loadSession(hello *clientHelloMsg) (
        if c.quic != nil && session.EarlyData {
                // For 0-RTT, the cipher suite has to match exactly, and we need to be
                // offering the same ALPN.
-               if mutualCipherSuite(hello.cipherSuites, session.cipherSuite) != nil {
+               if mutualCipherSuiteTLS13(hello.cipherSuites, session.cipherSuite) != nil {
                        for _, alpn := range hello.alpnProtocols {
                                if alpn == session.alpnProtocol {
                                        hello.earlyData = true