From: Adam Langley <agl@golang.org>
Date: Tue, 31 Jan 2012 16:22:47 +0000 (-0500)
Subject: crypto/tls: better error message when connecting to SSLv3 servers.
X-Git-Tag: weekly.2012-02-07~177
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=c86e03975ce6fd0fcf7dcf35e8110057234170ab;p=gostls13.git

crypto/tls: better error message when connecting to SSLv3 servers.

We support SSLv3 as a server but not as a client (and we don't want to
support it as a client). This change fixes the error message when
connecting to an SSLv3 server since SSLv3 support on the server side
made mutualVersion accept SSLv3.

R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/5545073
---

diff --git a/src/pkg/crypto/tls/handshake_client.go b/src/pkg/crypto/tls/handshake_client.go
index 632ceea9c1..687e5ef11b 100644
--- a/src/pkg/crypto/tls/handshake_client.go
+++ b/src/pkg/crypto/tls/handshake_client.go
@@ -59,7 +59,8 @@ func (c *Conn) clientHandshake() error {
 	finishedHash.Write(serverHello.marshal())
 
 	vers, ok := mutualVersion(serverHello.vers)
-	if !ok {
+	if !ok || vers < versionTLS10 {
+		// TLS 1.0 is the minimum version supported as a client.
 		return c.sendAlert(alertProtocolVersion)
 	}
 	c.vers = vers