crypto/tls: make SSLv3 again disabled by default

It was mistakenly re-enabled in CL 146217. Fixes #33837 Change-Id: I8c0e1787114c6232df5888e51e355906622295bc Reviewed-on: https://go-review.googlesource.com/c/go/+/191877 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
2025-04-03 20:17:36 +03:00 · 2019-08-26 16:18:24 -04:00 · 2019-08-26 16:18:24 -04:00 · 63a961538b
commit 63a961538b
parent ea863787e2
2 changed files with 18 additions and 0 deletions
--- a/handshake_server_test.go
+++ b/handshake_server_test.go
@ -77,6 +77,20 @@ func TestRejectBadProtocolVersion(t *testing.T) {
 	}, "unsupported versions")
 }

+func TestSSLv3OptIn(t *testing.T) {
+	config := testConfig.Clone()
+	config.MinVersion = 0
+	testClientHelloFailure(t, config, &clientHelloMsg{
+		vers:   VersionSSL30,
+		random: make([]byte, 32),
+	}, "unsupported versions")
+	testClientHelloFailure(t, config, &clientHelloMsg{
+		vers:              VersionTLS12,
+		supportedVersions: []uint16{VersionSSL30},
+		random:            make([]byte, 32),
+	}, "unsupported versions")
+}
+
 func TestNoSuiteOverlap(t *testing.T) {
 	clientHello := &clientHelloMsg{
 		vers:               VersionTLS10,