crypto/tls: enable TLS_FALLBACK_SCSV in server with default max version Fix TLS_FALLBACK_SCSV check when comparing the client version to the default max version. This enables the TLS_FALLBACK_SCSV check by default in servers that do not explicitly set a max version in the tls config. Change-Id: I5a51f9da6d71b79bc6c2ba45032be51d0f704b5e Reviewed-on: https://go-review.googlesource.com/1776 Reviewed-by: Adam Langley <agl@golang.org>

commit: 1965b035844b3e8e8b9dd3c21a113345c7eee8b1 [log] [tgz]
author: Ben Burkert <ben@benburkert.com> Thu Dec 18 10:17:54 2014 -0800
committer: Adam Langley <agl@golang.org> Thu Dec 18 19:36:01 2014 +0000
tree: 9b5d938bed4fdc3add8de19fb64947a516909a40
parent: 8e0686a07104f78d182ad6e63f1575b19ff6e1b9 [diff] [blame]
diff --git a/src/crypto/tls/handshake_server.go b/src/crypto/tls/handshake_server.go
index 0d90765..8f0ed1f 100644
--- a/src/crypto/tls/handshake_server.go
+++ b/src/crypto/tls/handshake_server.go

@@ -228,7 +228,7 @@
 	for _, id := range hs.clientHello.cipherSuites {
 		if id == TLS_FALLBACK_SCSV {
 			// The client is doing a fallback connection.
-			if hs.clientHello.vers < c.config.MaxVersion {
+			if hs.clientHello.vers < c.config.maxVersion() {
 				c.sendAlert(alertInappropriateFallback)
 				return false, errors.New("tls: client using inppropriate protocol fallback")
 			}
commit	1965b035844b3e8e8b9dd3c21a113345c7eee8b1	[log] [tgz]
author	Ben Burkert <ben@benburkert.com>	Thu Dec 18 10:17:54 2014 -0800
committer	Adam Langley <agl@golang.org>	Thu Dec 18 19:36:01 2014 +0000
tree	9b5d938bed4fdc3add8de19fb64947a516909a40
parent	8e0686a07104f78d182ad6e63f1575b19ff6e1b9 [diff] [blame]