Check the server did not use a TLS 1.2 cipher suite pre-TLS 1.2.

This check got refactored in OpenSSL 1.0.2 and broke in the process. Fix this
and add a test. Otherwise things like client auth can get slightly confused; it
will try to sign the MD5/SHA-1 hash, but the TLS 1.2 cipher suite may not use
SSL_HANDSHAKE_MAC_DEFAULT, so those digests won't be available.

Based on upstream's 226751ae4a1f3e00021c43399d7bb51a99c22c17.

Change-Id: I5b864d3a696f3187b849c53b872c24fb7df27924
Reviewed-by: Adam Langley <>
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index fa0e6d8..f22f95a 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -445,6 +445,10 @@
 	// ClientKeyExchange message without the two-byte length
 	// prefix, as if it were SSL3.
 	SSL3RSAKeyExchange bool
+	// SkipCipherVersionCheck causes the server to negotiate
+	// TLS 1.2 ciphers in earlier versions of TLS.
+	SkipCipherVersionCheck bool
 func (c *Config) serverInit() {