Only send sigalgs extension in 1.2-capable ClientHellos. BUG=https://code.google.com/p/webrtc/issues/detail?id=4223 Change-Id: I88eb036fdc6da17bc6a5179df02f35486abe9add Reviewed-on: https://boringssl-review.googlesource.com/3030 Reviewed-by: Adam Langley <agl@google.com> (cherry picked from commit 6ae7f072e3b220b17ca5182226de882d10080f50)

commit: 84edfee6a7fb91de52c2038fdf087a894d0fb03a [log] [tgz]
author: David Benjamin <davidben@chromium.org> Mon Jan 26 10:22:13 2015 -0500
committer: Adam Langley <agl@google.com> Mon Jan 26 10:47:11 2015 -0800
tree: 1fe350010556c3813c180d3b8e186471da205cb4
parent: ca9a538aa0f2ebdd261783efa032e69a2ea17fbc [diff]
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 5975f70..39627eb 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c

@@ -954,7 +954,7 @@
     }
   }
 
-  if (SSL_USE_SIGALGS(s)) {
+  if (ssl3_version_from_wire(s, s->client_version) >= TLS1_2_VERSION) {
     size_t salglen;
     const uint8_t *salg;
     salglen = tls12_get_psigalgs(s, &salg);

diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index 284f314..2b1b552 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go

@@ -172,6 +172,11 @@
 	}
 	c.clientVersion = hs.clientHello.vers
 
+	// Reject < 1.2 ClientHellos with signature_algorithms.
+	if c.clientVersion < VersionTLS12 && len(hs.clientHello.signatureAndHashes) > 0 {
+		return false, fmt.Errorf("tls: client included signature_algorithms before TLS 1.2")
+	}
+
 	c.vers, ok = config.mutualVersion(hs.clientHello.vers)
 	if !ok {
 		c.sendAlert(alertProtocolVersion)
commit	84edfee6a7fb91de52c2038fdf087a894d0fb03a	[log] [tgz]
author	David Benjamin <davidben@chromium.org>	Mon Jan 26 10:22:13 2015 -0500
committer	Adam Langley <agl@google.com>	Mon Jan 26 10:47:11 2015 -0800
tree	1fe350010556c3813c180d3b8e186471da205cb4
parent	ca9a538aa0f2ebdd261783efa032e69a2ea17fbc [diff]