Test that the client doesn't offer TLS 1.2 ciphers when it shouldn't.
Change-Id: I20541e6eb5cfd48e53de5950bce312aae9801a54
Reviewed-on: https://boringssl-review.googlesource.com/6451
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index 9647715..568f836 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go
@@ -203,6 +203,15 @@
hs.clientHello.signatureAndHashes = config.signatureAndHashesForServer()
}
+ // Check the client cipher list is consistent with the version.
+ if hs.clientHello.vers < VersionTLS12 {
+ for _, id := range hs.clientHello.cipherSuites {
+ if isTLS12Cipher(id) {
+ return false, fmt.Errorf("tls: client offered TLS 1.2 cipher before TLS 1.2")
+ }
+ }
+ }
+
c.vers, ok = config.mutualVersion(hs.clientHello.vers)
if !ok {
c.sendAlert(alertProtocolVersion)
@@ -1053,3 +1062,14 @@
return nil
}
+
+func isTLS12Cipher(id uint16) bool {
+ for _, cipher := range cipherSuites {
+ if cipher.id != id {
+ continue
+ }
+ return cipher.flags&suiteTLS12 != 0
+ }
+ // Unknown cipher.
+ return false
+}
