Commit 46d4aa27 authored by Filippo Valsorda's avatar Filippo Valsorda
Browse files

crypto/tls: implement TLS 1.3 downgrade protection

TLS_FALLBACK_SCSV is extremely fragile in the presence of sparse
supported_version, but gave it the best try I could.

Set the server random canaries but don't check them yet, waiting for the
browsers to clear the way of misbehaving middleboxes.

Updates #9671

Change-Id: Ie55efdec671d639cf1e716acef0c5f103e91a7ce
Reviewed-on: https://go-review.googlesource.com/c/147617


Reviewed-by: default avatarAdam Langley <agl@golang.org>
parent 106db71f
Loading
Loading
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment