runner: Refuse to resume sessions on mismatching versions.

Clients all consistently reject mismatches. If a different version was negotiated, a server should ignore the resumption. This doesn't actually affect current tests. We really want to be making this change in BoringSSL (and then upstream), but get the Go half into shape first. Change-Id: Ieee7e141331d9e08573592e661889bd756dccfa9 Reviewed-on: https://boringssl-review.googlesource.com/2243 Reviewed-by: Adam Langley <agl@google.com>
author: David Benjamin <davidben@chromium.org> 2014-11-10 10:37:15 +0300
committer: Adam Langley <agl@google.com> 2014-11-11 21:25:28 +0300
commit: e18d821dfcc32532caeeb1a2d15090672f592ce3 (patch)
tree: 6e1b335fb47048f24a06c772aefc42a482430cbf /ssl/test
parent: d0297db1085eab113f93db2b2059ce9a0c110bbe (diff)
1 files changed, 3 insertions, 7 deletions
diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index 41d588aa..89c7b8d6 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go
@@ -327,13 +327,9 @@ func (hs *serverHandshakeState) checkForResumption() bool {
 		return false
 	}
 
-	if !c.config.Bugs.AllowSessionVersionMismatch {
-		if hs.sessionState.vers > hs.clientHello.vers {
-			return false
-		}
-		if vers, ok := c.config.mutualVersion(hs.sessionState.vers); !ok || vers != hs.sessionState.vers {
-			return false
-		}
+	// Never resume a session for a different SSL version.
+	if !c.config.Bugs.AllowSessionVersionMismatch && c.vers != hs.sessionState.vers {
+		return false
 	}
 
 	cipherSuiteOk := false
author	David Benjamin <davidben@chromium.org>	2014-11-10 10:37:15 +0300
committer	Adam Langley <agl@google.com>	2014-11-11 21:25:28 +0300
commit	e18d821dfcc32532caeeb1a2d15090672f592ce3 (patch)
tree	6e1b335fb47048f24a06c772aefc42a482430cbf /ssl/test
parent	d0297db1085eab113f93db2b2059ce9a0c110bbe (diff)