crypto/tls: remove SSLv3 support

SSLv3 has been irreparably broken since the POODLE attack 5 years ago and RFC 7568 (f.k.a. draft-ietf-tls-sslv3-diediedie) prohibits its use in no uncertain terms. As announced in the Go 1.13 release notes, remove support for it entirely in Go 1.14. Updates #32716 Change-Id: Id653557961d8f75f484a01e6afd2e104a4ccceaf Reviewed-on: https://go-review.googlesource.com/c/go/+/191976 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2025-04-03 20:17:36 +03:00 · 2019-08-27 17:27:45 -04:00 · 2019-08-27 17:27:45 -04:00 · 018f13d1a3
commit 018f13d1a3
parent 63a961538b
16 changed files with 34 additions and 474 deletions
--- a/handshake_test.go
+++ b/handshake_test.go
@ -71,7 +71,7 @@ func checkOpenSSLVersion() error {
 	println("to update the test data.")
 	println("")
 	println("Configure it with:")
-	println("./Configure enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method")
+	println("./Configure enable-weak-ssl-ciphers")
 	println("and then add the apps/ directory at the front of your PATH.")
 	println("***********************************************")

@ -345,7 +345,6 @@ func runMain(m *testing.M) int {
 		Rand:               zeroSource{},
 		Certificates:       make([]Certificate, 2),
 		InsecureSkipVerify: true,
-		MinVersion:         VersionSSL30,
 		MaxVersion:         VersionTLS13,
 		CipherSuites:       allCipherSuites(),
 	}