[release-branch.go1.13] crypto/tls: make SSLv3 again disabled by default

It was mistakenly re-enabled in CL 146217. Updates #33837 Change-Id: I8c0e1787114c6232df5888e51e355906622295bc Reviewed-on: https://go-review.googlesource.com/c/go/+/191877 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> (cherry picked from commit 2ebc3d8157fedba633ce90c5454827512734a793) Reviewed-on: https://go-review.googlesource.com/c/go/+/191998
author: Filippo Valsorda <filippo@golang.org> 2019-08-26 16:18:24 -0400
committer: Filippo Valsorda <filippo@golang.org> 2019-08-27 20:56:38 +0000
commit: c11853c09b71ebdcc2b960bc30ee8e6e61b0c35b (patch)
tree: 09de4ddb3675300bc19bd092b1f731a5a4f3130f
parent: 44a66acc716f39325f78ff8bc9be4567326591c9 (diff)
download: go-c11853c09b71ebdcc2b960bc30ee8e6e61b0c35b.tar.gz
go-c11853c09b71ebdcc2b960bc30ee8e6e61b0c35b.zip
3 files changed, 27 insertions, 4 deletions
diff --git a/doc/go1.13.html b/doc/go1.13.html
index ef56a862a5..f13c0e58e7 100644
--- a/doc/go1.13.html
+++ b/doc/go1.13.html
@@ -593,10 +593,15 @@ godoc
   <dd>
     <p>
       Support for SSL version 3.0 (SSLv3) <a href="https://golang.org/issue/32716">
-      is now deprecated and will be removed in Go 1.14</a>. Note that SSLv3
-      <a href="https://tools.ietf.org/html/rfc7568">is cryptographically
-      broken</a>, is already disabled by default in <code>crypto/tls</code>,
-      and was never supported by Go clients.
+      is now deprecated and will be removed in Go 1.14</a>. Note that SSLv3 is the
+      <a href="https://tools.ietf.org/html/rfc7568">cryptographically broken</a>
+      protocol predating TLS.
+    </p>
+
+    <p>
+      SSLv3 was always disabled by default, other than in Go 1.12, when it was
+      mistakenly enabled by default server-side. It is now again disabled by
+      default. (SSLv3 was never supported client-side.)
     </p>
 
     <p><!-- CL 177698 -->
diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go
index da1eae0800..ef0b385848 100644
--- a/src/crypto/tls/common.go
+++ b/src/crypto/tls/common.go
@@ -794,6 +794,10 @@ var supportedVersions = []uint16{
 func (c *Config) supportedVersions(isClient bool) []uint16 {
 	versions := make([]uint16, 0, len(supportedVersions))
 	for _, v := range supportedVersions {
+		// TLS 1.0 is the default minimum version.
+		if (c == nil || c.MinVersion == 0) && v < VersionTLS10 {
+			continue
+		}
 		if c != nil && c.MinVersion != 0 && v < c.MinVersion {
 			continue
 		}
diff --git a/src/crypto/tls/handshake_server_test.go b/src/crypto/tls/handshake_server_test.go
index 22b126fa22..a9c1c08cbc 100644
--- a/src/crypto/tls/handshake_server_test.go
+++ b/src/crypto/tls/handshake_server_test.go
@@ -77,6 +77,20 @@ func TestRejectBadProtocolVersion(t *testing.T) {
 	}, "unsupported versions")
 }
 
+func TestSSLv3OptIn(t *testing.T) {
+	config := testConfig.Clone()
+	config.MinVersion = 0
+	testClientHelloFailure(t, config, &clientHelloMsg{
+		vers:   VersionSSL30,
+		random: make([]byte, 32),
+	}, "unsupported versions")
+	testClientHelloFailure(t, config, &clientHelloMsg{
+		vers:              VersionTLS12,
+		supportedVersions: []uint16{VersionSSL30},
+		random:            make([]byte, 32),
+	}, "unsupported versions")
+}
+
 func TestNoSuiteOverlap(t *testing.T) {
 	clientHello := &clientHelloMsg{
 		vers:               VersionTLS10,
author	Filippo Valsorda <filippo@golang.org>	2019-08-26 16:18:24 -0400
committer	Filippo Valsorda <filippo@golang.org>	2019-08-27 20:56:38 +0000
commit	c11853c09b71ebdcc2b960bc30ee8e6e61b0c35b (patch)
tree	09de4ddb3675300bc19bd092b1f731a5a4f3130f
parent	44a66acc716f39325f78ff8bc9be4567326591c9 (diff)
download	go-c11853c09b71ebdcc2b960bc30ee8e6e61b0c35b.tar.gz go-c11853c09b71ebdcc2b960bc30ee8e6e61b0c35b.zip