Test that the client doesn't offer TLS 1.2 ciphers when it shouldn't.

Change-Id: I20541e6eb5cfd48e53de5950bce312aae9801a54 Reviewed-on: https://boringssl-review.googlesource.com/6451 Reviewed-by: Adam Langley <agl@google.com>
author: David Benjamin <davidben@chromium.org> 2015-11-06 02:23:20 +0300
committer: Adam Langley <agl@google.com> 2015-11-06 22:18:24 +0300
commit: f93995be609ee204e7fe208bf683b901140ce584 (patch)
tree: 7aca67631fc5568c16774576fd2707c0e04f0e6c
parent: 5f88999a1edd11d8b5e8a72a627a5714c95373cf (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index 9647715d..568f836e 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go
@@ -203,6 +203,15 @@ func (hs *serverHandshakeState) readClientHello() (isResume bool, err error) {
 		hs.clientHello.signatureAndHashes = config.signatureAndHashesForServer()
 	}
 
+	// Check the client cipher list is consistent with the version.
+	if hs.clientHello.vers < VersionTLS12 {
+		for _, id := range hs.clientHello.cipherSuites {
+			if isTLS12Cipher(id) {
+				return false, fmt.Errorf("tls: client offered TLS 1.2 cipher before TLS 1.2")
+			}
+		}
+	}
+
 	c.vers, ok = config.mutualVersion(hs.clientHello.vers)
 	if !ok {
 		c.sendAlert(alertProtocolVersion)
@@ -1053,3 +1062,14 @@ func (c *Conn) tryCipherSuite(id uint16, supportedCipherSuites []uint16, version
 
 	return nil
 }
+
+func isTLS12Cipher(id uint16) bool {
+	for _, cipher := range cipherSuites {
+		if cipher.id != id {
+			continue
+		}
+		return cipher.flags&suiteTLS12 != 0
+	}
+	// Unknown cipher.
+	return false
+}
author	David Benjamin <davidben@chromium.org>	2015-11-06 02:23:20 +0300
committer	Adam Langley <agl@google.com>	2015-11-06 22:18:24 +0300
commit	f93995be609ee204e7fe208bf683b901140ce584 (patch)
tree	7aca67631fc5568c16774576fd2707c0e04f0e6c
parent	5f88999a1edd11d8b5e8a72a627a5714c95373cf (diff)