[dev.boringcrypto] all: merge master into dev.boringcrypto

[gostls13.git] / src / crypto / tls / handshake_server_tls13.go

diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go
index 109ff7a01d4606fda81bd8289e72383f0cf72710..09674764e2cf8c0ef2a0e6393ae704793985fa52 100644 (file)
--- a/src/crypto/tls/handshake_server_tls13.go
+++ b/src/crypto/tls/handshake_server_tls13.go
@@ -114,7 +114,7 @@ func (hs *serverHandshakeStateTLS13) processClientHello() error {
                if id == TLS_FALLBACK_SCSV {
                        // Use c.vers instead of max(supported_versions) because an attacker
                        // could defeat this by adding an arbitrary high version otherwise.
-                       if c.vers < c.config.maxSupportedVersion() {
+                       if c.vers < c.config.maxSupportedVersion(roleServer) {
                                c.sendAlert(alertInappropriateFallback)
                                return errors.New("tls: client using inappropriate protocol fallback")
                        }