Support for SSL version 3.0 (SSLv3)
- is now deprecated and will be removed in Go 1.14. Note that SSLv3
- is cryptographically
- broken, is already disabled by default in crypto/tls,
- and was never supported by Go clients.
+ is now deprecated and will be removed in Go 1.14. Note that SSLv3 is the
+ cryptographically broken
+ protocol predating TLS.
+
+ SSLv3 was always disabled by default, other than in Go 1.12, when it was + mistakenly enabled by default server-side. It is now again disabled by + default. (SSLv3 was never supported client-side.)
diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go index da1eae08009f1ee2acfd64aa144c378572650198..ef0b38584876c6b91ce445296959e893a8406268 100644 --- a/src/crypto/tls/common.go +++ b/src/crypto/tls/common.go @@ -794,6 +794,10 @@ func (c *Config) supportedVersions(isClient bool) []uint16 { versions := make([]uint16, 0, len(supportedVersions)) for _, v := range supportedVersions { + // TLS 1.0 is the default minimum version. + if (c == nil || c.MinVersion == 0) && v < VersionTLS10 { + continue + } if c != nil && c.MinVersion != 0 && v < c.MinVersion { continue } diff --git a/src/crypto/tls/handshake_server_test.go b/src/crypto/tls/handshake_server_test.go index 22b126fa22dc5ce8c62be8000041b7961fd11132..a9c1c08cbc429ed3eba18a4e9d14d4222293265a 100644 --- a/src/crypto/tls/handshake_server_test.go +++ b/src/crypto/tls/handshake_server_test.go @@ -77,6 +77,20 @@ random: make([]byte, 32), }, "unsupported versions") } +func TestSSLv3OptIn(t *testing.T) { + config := testConfig.Clone() + config.MinVersion = 0 + testClientHelloFailure(t, config, &clientHelloMsg{ + vers: VersionSSL30, + random: make([]byte, 32), + }, "unsupported versions") + testClientHelloFailure(t, config, &clientHelloMsg{ + vers: VersionTLS12, + supportedVersions: []uint16{VersionSSL30}, + random: make([]byte, 32), + }, "unsupported versions") +} + func TestNoSuiteOverlap(t *testing.T) { clientHello := &clientHelloMsg{ vers: VersionTLS10,