]> Cypherpunks.ru repositories - gostls13.git/blobdiff - src/crypto/tls/handshake_server.go
projects / gostls13.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
[dev.boringcrypto] all: merge master into dev.boringcrypto
[gostls13.git] / src / crypto / tls / handshake_server.go
diff --git a/src/crypto/tls/handshake_server.go b/src/crypto/tls/handshake_server.go
index 497e196a856dcef64a610cb75c1ea1e1ef24ce91..be6424889105cfbba8ff2e1afbac0f1403f6d6d6 100644 (file)
--- a/src/crypto/tls/handshake_server.go
+++ b/src/crypto/tls/handshake_server.go
@@ -156,7 +156,7 @@ func (c *Conn) readClientHello(ctx context.Context) (*clientHelloMsg, error) {
        if len(clientHello.supportedVersions) == 0 {
                clientVersions = supportedVersionsFromMax(clientHello.vers)
        }
-       c.vers, ok = c.config.mutualVersion(clientVersions)
+       c.vers, ok = c.config.mutualVersion(roleServer, clientVersions)
        if !ok {
                c.sendAlert(alertProtocolVersion)
                return nil, fmt.Errorf("tls: client offered only unsupported versions: %x", clientVersions)
@@ -191,7 +191,7 @@ func (hs *serverHandshakeState) processClientHello() error {
        hs.hello.random = make([]byte, 32)
        serverRandom := hs.hello.random
        // Downgrade protection canaries. See RFC 8446, Section 4.1.3.
-       maxVers := c.config.maxSupportedVersion()
+       maxVers := c.config.maxSupportedVersion(roleServer)
        if maxVers >= VersionTLS12 && c.vers < maxVers || testingOnlyForceDowngradeCanary {
                if c.vers == VersionTLS12 {
                        copy(serverRandom[24:], downgradeCanaryTLS12)
@@ -354,7 +354,7 @@ func (hs *serverHandshakeState) pickCipherSuite() error {
        for _, id := range hs.clientHello.cipherSuites {
                if id == TLS_FALLBACK_SCSV {
                        // The client is doing a fallback connection. See RFC 7507.
-                       if hs.clientHello.vers < c.config.maxSupportedVersion() {
+                       if hs.clientHello.vers < c.config.maxSupportedVersion(roleServer) {
                                c.sendAlert(alertInappropriateFallback)
                                return errors.New("tls: client using inappropriate protocol fallback")
                        }
Go GOST TLS 1.3