crypto/tls: change default minimum version to 1.2

[gostls13.git] / src / crypto / tls / handshake_server_test.go

diff --git a/src/crypto/tls/handshake_server_test.go b/src/crypto/tls/handshake_server_test.go
index 04abdcca89040db2bec1c55a8cfbe2c92c008bbf..15db760716c3dfe7f7024264e99bda7e5d1903b0 100644 (file)
--- a/src/crypto/tls/handshake_server_test.go
+++ b/src/crypto/tls/handshake_server_test.go
@@ -389,21 +389,22 @@ func TestClose(t *testing.T) {
 func TestVersion(t *testing.T) {
        serverConfig := &Config{
                Certificates: testConfig.Certificates,
-               MaxVersion:   VersionTLS11,
+               MaxVersion:   VersionTLS13,
        }
        clientConfig := &Config{
                InsecureSkipVerify: true,
-               MinVersion:         VersionTLS10,
+               MinVersion:         VersionTLS12,
        }
        state, _, err := testHandshake(t, clientConfig, serverConfig)
        if err != nil {
                t.Fatalf("handshake failed: %s", err)
        }
-       if state.Version != VersionTLS11 {
+       if state.Version != VersionTLS13 {
                t.Fatalf("incorrect version %x, should be %x", state.Version, VersionTLS11)
        }
 
        clientConfig.MinVersion = 0
+       serverConfig.MaxVersion = VersionTLS11
        _, _, err = testHandshake(t, clientConfig, serverConfig)
        if err == nil {
                t.Fatalf("expected failure to connect with TLS 1.0/1.1")
@@ -487,17 +488,17 @@ func testCrossVersionResume(t *testing.T, version uint16) {
                InsecureSkipVerify: true,
                ClientSessionCache: NewLRUClientSessionCache(1),
                ServerName:         "servername",
-               MinVersion:         VersionTLS10,
+               MinVersion:         VersionTLS12,
        }
 
-       // Establish a session at TLS 1.1.
-       clientConfig.MaxVersion = VersionTLS11
+       // Establish a session at TLS 1.3.
+       clientConfig.MaxVersion = VersionTLS13
        _, _, err := testHandshake(t, clientConfig, serverConfig)
        if err != nil {
                t.Fatalf("handshake failed: %s", err)
        }
 
-       // The client session cache now contains a TLS 1.1 session.
+       // The client session cache now contains a TLS 1.3 session.
        state, _, err := testHandshake(t, clientConfig, serverConfig)
        if err != nil {
                t.Fatalf("handshake failed: %s", err)
@@ -507,7 +508,7 @@ func testCrossVersionResume(t *testing.T, version uint16) {
        }
 
        // Test that the server will decline to resume at a lower version.
-       clientConfig.MaxVersion = VersionTLS10
+       clientConfig.MaxVersion = VersionTLS12
        state, _, err = testHandshake(t, clientConfig, serverConfig)
        if err != nil {
                t.Fatalf("handshake failed: %s", err)
@@ -516,7 +517,7 @@ func testCrossVersionResume(t *testing.T, version uint16) {
                t.Fatalf("handshake resumed at a lower version")
        }
 
-       // The client session cache now contains a TLS 1.0 session.
+       // The client session cache now contains a TLS 1.2 session.
        state, _, err = testHandshake(t, clientConfig, serverConfig)
        if err != nil {
                t.Fatalf("handshake failed: %s", err)
@@ -526,7 +527,7 @@ func testCrossVersionResume(t *testing.T, version uint16) {
        }
 
        // Test that the server will decline to resume at a higher version.
-       clientConfig.MaxVersion = VersionTLS11
+       clientConfig.MaxVersion = VersionTLS13
        state, _, err = testHandshake(t, clientConfig, serverConfig)
        if err != nil {
                t.Fatalf("handshake failed: %s", err)
@@ -1170,6 +1171,7 @@ func TestServerResumptionDisabled(t *testing.T) {
 func TestFallbackSCSV(t *testing.T) {
        serverConfig := Config{
                Certificates: testConfig.Certificates,
+               MinVersion:   VersionTLS11,
        }
        test := &serverTest{
                name:   "FallbackSCSV",