crypto/tls: better error message when connecting to SSLv3 servers.

We support SSLv3 as a server but not as a client (and we don't want to support it as a client). This change fixes the error message when connecting to an SSLv3 server since SSLv3 support on the server side made mutualVersion accept SSLv3. R=golang-dev, rsc CC=golang-dev https://golang.org/cl/5545073

crypto/tls: better error message when connecting to SSLv3 servers.
We support SSLv3 as a server but not as a client (and we don't want to support it as a client). This change fixes the error message when connecting to an SSLv3 server since SSLv3 support on the server side made mutualVersion accept SSLv3. R=golang-dev, rsc CC=golang-dev https://golang.org/cl/5545073
c86e0397 · Adam Langley · 31d908ba · c86e0397
Commit c86e0397 authored Jan 31, 2012 by Adam Langley
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

handshake_client.go src/pkg/crypto/tls/handshake_client.go +2 -1

No files found.
--- a/src/pkg/crypto/tls/handshake_client.go
+++ b/src/pkg/crypto/tls/handshake_client.go
@@ -59,7 +59,8 @@ func (c *Conn) clientHandshake() error {
 	finishedHash.Write(serverHello.marshal())

 	vers, ok := mutualVersion(serverHello.vers)
-	if !ok {
+	if !ok || vers < versionTLS10 {
+		// TLS 1.0 is the minimum version supported as a client.
 		return c.sendAlert(alertProtocolVersion)
 	}
 	c.vers = vers