crypto/tls: better error message when connecting to SSLv3 servers.

We support SSLv3 as a server but not as a client (and we don't want to
support it as a client). This change fixes the error message when
connecting to an SSLv3 server since SSLv3 support on the server side
made mutualVersion accept SSLv3.

R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/5545073

diff --git a/src/pkg/crypto/tls/handshake_client.go b/src/pkg/crypto/tls/handshake_client.go
index 632ceea9c1a2adbdfb7261cd373666770d519c6c..687e5ef11b462baab95cf01ce36f1ce74e1fe10d 100644 (file)
--- a/src/pkg/crypto/tls/handshake_client.go
+++ b/src/pkg/crypto/tls/handshake_client.go
@@ -59,7 +59,8 @@ func (c *Conn) clientHandshake() error {
        finishedHash.Write(serverHello.marshal())
 
        vers, ok := mutualVersion(serverHello.vers)
-       if !ok {
+       if !ok || vers < versionTLS10 {
+               // TLS 1.0 is the minimum version supported as a client.
                return c.sendAlert(alertProtocolVersion)
        }
        c.vers = vers