[dev.boringcrypto] all: merge master (2f0da6d) into dev.boringcrypto

[gostls13.git] / src / crypto / tls / handshake_server.go

diff --git a/src/crypto/tls/handshake_server.go b/src/crypto/tls/handshake_server.go
index 9c3e0f636ea7b548776ad75bf7ff112c65e7c571..9b05a27251c079ae1b97ec173c92fa06beb0da88 100644 (file)
--- a/src/crypto/tls/handshake_server.go
+++ b/src/crypto/tls/handshake_server.go
@@ -313,7 +313,8 @@ func (hs *serverHandshakeState) pickCipherSuite() error {
 
                // If we don't have hardware support for AES-GCM, prefer other AEAD
                // ciphers even if the client prioritized AES-GCM.
-               if !hasAESGCMHardwareSupport {
+               // If BoringCrypto is enabled, always prioritize AES-GCM.
+               if !hasAESGCMHardwareSupport && !boringEnabled {
                        preferenceList = deprioritizeAES(preferenceList)
                }
        }
@@ -515,7 +516,7 @@ func (hs *serverHandshakeState) doFullHandshake() error {
                }
                if c.vers >= VersionTLS12 {
                        certReq.hasSignatureAlgorithm = true
-                       certReq.supportedSignatureAlgorithms = supportedSignatureAlgorithms
+                       certReq.supportedSignatureAlgorithms = supportedSignatureAlgorithms()
                }
 
                // An empty list of certificateAuthorities signals to
@@ -786,6 +787,8 @@ func (c *Conn) processCertsFromClient(certificate Certificate) error {
 
        if c.config.ClientAuth >= VerifyClientCertIfGiven && len(certs) > 0 {
                opts := x509.VerifyOptions{
+                       IsBoring: isBoringCertificate,
+
                        Roots:         c.config.ClientCAs,
                        CurrentTime:   c.config.time(),
                        Intermediates: x509.NewCertPool(),