From: Heschi Kreinick <heschi@google.com>
Date: Mon, 8 Nov 2021 19:46:41 +0000 (-0500)
Subject: [dev.boringcrypto] all: merge master into dev.boringcrypto
X-Git-Tag: go1.19beta1~484^2~34
X-Git-Url: http://www.git.cypherpunks.ru/?a=commitdiff_plain;h=c9858c7bdc8493f471f9914cc4c79d41ef483265;p=gostls13.git

[dev.boringcrypto] all: merge master into dev.boringcrypto

Change-Id: If0a6a3d0abf15d9584ce572510b5bb31872d432f
---

c9858c7bdc8493f471f9914cc4c79d41ef483265
diff --cc src/crypto/tls/common.go
index 0da93677b5,bb5bec3c4d..d17cac30eb
--- a/src/crypto/tls/common.go
+++ b/src/crypto/tls/common.go
@@@ -967,12 -974,21 +977,24 @@@ var supportedVersions = []uint16
  	VersionTLS10,
  }
  
- func (c *Config) supportedVersions() []uint16 {
+ // debugEnableTLS10 enables TLS 1.0. See issue 45428.
+ var debugEnableTLS10 = godebug.Get("tls10default") == "1"
+ 
+ // roleClient and roleServer are meant to call supportedVersions and parents
+ // with more readability at the callsite.
+ const roleClient = true
+ const roleServer = false
+ 
+ func (c *Config) supportedVersions(isClient bool) []uint16 {
  	versions := make([]uint16, 0, len(supportedVersions))
  	for _, v := range supportedVersions {
 +		if needFIPS() && (v < fipsMinVersion(c) || v > fipsMaxVersion(c)) {
 +			continue
 +		}
+ 		if (c == nil || c.MinVersion == 0) && !debugEnableTLS10 &&
+ 			isClient && v < VersionTLS12 {
+ 			continue
+ 		}
  		if c != nil && c.MinVersion != 0 && v < c.MinVersion {
  			continue
  		}