From 4728f31b2f455a3fb8e2928d0b41b1872e24236c Mon Sep 17 00:00:00 2001
From: Marten Seemann <martenseemann@gmail.com>
Date: Thu, 25 May 2023 11:06:41 +0300
Subject: [PATCH] crypto/tls: fix cipher suite check when doing 0-RTT
 resumption

Change-Id: Ia50898308b80149f862457f9cd9f1123da4e6b6f
Reviewed-on: https://go-review.googlesource.com/c/go/+/498215
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Macrombi Lux <macrentals502@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
---
 handshake_client.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/handshake_client.go b/handshake_client.go
index 44949c8..2ea74c5 100644
--- a/handshake_client.go
+++ b/handshake_client.go
@@ -376,7 +376,7 @@ func (c *Conn) loadSession(hello *clientHelloMsg) (
 	if c.quic != nil && session.EarlyData {
 		// For 0-RTT, the cipher suite has to match exactly, and we need to be
 		// offering the same ALPN.
-		if mutualCipherSuite(hello.cipherSuites, session.cipherSuite) != nil {
+		if mutualCipherSuiteTLS13(hello.cipherSuites, session.cipherSuite) != nil {
 			for _, alpn := range hello.alpnProtocols {
 				if alpn == session.alpnProtocol {
 					hello.earlyData = true