Add Server.PermitProhibitedCipherSuites option; update curl tests.
Update tatsuhiro-t/nghttp2#140
diff --git a/server.go b/server.go
index d47ae96..9b9c949 100644
--- a/server.go
+++ b/server.go
@@ -108,6 +108,10 @@
// 16k and 16M, inclusive. If zero or otherwise invalid, a
// default value is used.
MaxReadFrameSize uint32
+
+ // PermitProhibitedCipherSuites, if true, permits the use of
+ // cipher suites prohibited by the HTTP/2 spec.
+ PermitProhibitedCipherSuites bool
}
func (s *Server) maxReadFrameSize() uint32 {
@@ -246,7 +250,7 @@
// So for now, do nothing here again.
}
- if isBadCipher(sc.tlsState.CipherSuite) {
+ if !srv.PermitProhibitedCipherSuites && isBadCipher(sc.tlsState.CipherSuite) {
// "Endpoints MAY choose to generate a connection error
// (Section 5.4.1) of type INADEQUATE_SECURITY if one of
// the prohibited cipher suites are negotiated."
