Get SSL 3.0 server tests working.

The missing SSL 3.0 client support in runner.go was fairly minor.

Change-Id: Ibbd440c9b6be99be08a214dec6b93ca358d8cf0a
Reviewed-on: https://boringssl-review.googlesource.com/1516
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/test/runner/handshake_client.go b/ssl/test/runner/handshake_client.go
index f2cbbe4..3fa02df 100644
--- a/ssl/test/runner/handshake_client.go
+++ b/ssl/test/runner/handshake_client.go
@@ -184,13 +184,11 @@
 		return unexpectedMessageError(serverHello, msg)
 	}
 
-	vers, ok := c.config.mutualVersion(serverHello.vers)
-	if !ok || vers < VersionTLS10 {
-		// TLS 1.0 is the minimum version supported as a client.
+	c.vers, ok = c.config.mutualVersion(serverHello.vers)
+	if !ok {
 		c.sendAlert(alertProtocolVersion)
 		return fmt.Errorf("tls: server selected unsupported protocol version %x", serverHello.vers)
 	}
-	c.vers = vers
 	c.haveVers = true
 
 	suite := mutualCipherSuite(c.config.cipherSuites(), serverHello.cipherSuite)
diff --git a/ssl/test/runner/key_agreement.go b/ssl/test/runner/key_agreement.go
index a678fee..2e2eff4 100644
--- a/ssl/test/runner/key_agreement.go
+++ b/ssl/test/runner/key_agreement.go
@@ -87,10 +87,14 @@
 		return nil, nil, err
 	}
 	ckx := new(clientKeyExchangeMsg)
-	ckx.ciphertext = make([]byte, len(encrypted)+2)
-	ckx.ciphertext[0] = byte(len(encrypted) >> 8)
-	ckx.ciphertext[1] = byte(len(encrypted))
-	copy(ckx.ciphertext[2:], encrypted)
+	if clientHello.vers != VersionSSL30 {
+		ckx.ciphertext = make([]byte, len(encrypted)+2)
+		ckx.ciphertext[0] = byte(len(encrypted) >> 8)
+		ckx.ciphertext[1] = byte(len(encrypted))
+		copy(ckx.ciphertext[2:], encrypted)
+	} else {
+		ckx.ciphertext = encrypted
+	}
 	return preMasterSecret, ckx, nil
 }
 
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 1d44f99..b39bced 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -755,26 +755,19 @@
 				resumeSession: resumeSession,
 			})
 
-			// Go's TLS implementation implements SSLv3 as a server,
-			// but not as a client.
-			//
-			// TODO(davidben): Implement SSLv3 as a client too to
-			// exercise that code.
-			if ver.version != VersionSSL30 {
-				testCases = append(testCases, testCase{
-					testType: serverTest,
-					name:     ver.name + "-" + suite.name + "-server",
-					config: Config{
-						MinVersion:   ver.version,
-						MaxVersion:   ver.version,
-						CipherSuites: []uint16{suite.id},
-						Certificates: []Certificate{cert},
-					},
-					certFile:      certFile,
-					keyFile:       keyFile,
-					resumeSession: resumeSession,
-				})
-			}
+			testCases = append(testCases, testCase{
+				testType: serverTest,
+				name:     ver.name + "-" + suite.name + "-server",
+				config: Config{
+					MinVersion:   ver.version,
+					MaxVersion:   ver.version,
+					CipherSuites: []uint16{suite.id},
+					Certificates: []Certificate{cert},
+				},
+				certFile:      certFile,
+				keyFile:       keyFile,
+				resumeSession: resumeSession,
+			})
 
 			// TODO(davidben): Fix DTLS 1.2 support and test that.
 			if ver.version == VersionTLS10 && strings.Index(suite.name, "RC4") == -1 {
@@ -1212,18 +1205,15 @@
 				expectedVersion: expectedVersion,
 			})
 
-			// TODO(davidben): Implement SSLv3 as a client in the runner.
-			if expectedVersion > VersionSSL30 {
-				testCases = append(testCases, testCase{
-					testType: serverTest,
-					name:     "VersionNegotiation-Server-" + suffix,
-					config: Config{
-						MaxVersion: runnerVers.version,
-					},
-					flags:           flags,
-					expectedVersion: expectedVersion,
-				})
-			}
+			testCases = append(testCases, testCase{
+				testType: serverTest,
+				name:     "VersionNegotiation-Server-" + suffix,
+				config: Config{
+					MaxVersion: runnerVers.version,
+				},
+				flags:           flags,
+				expectedVersion: expectedVersion,
+			})
 		}
 	}
 }