summaryrefslogtreecommitdiff
path: root/src/crypto/tls/handshake_client.go
diff options
context:
space:
mode:
Diffstat (limited to 'src/crypto/tls/handshake_client.go')
-rw-r--r--src/crypto/tls/handshake_client.go36
1 files changed, 21 insertions, 15 deletions
diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go
index 92e33e7169..13a7f3442c 100644
--- a/src/crypto/tls/handshake_client.go
+++ b/src/crypto/tls/handshake_client.go
@@ -84,22 +84,24 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, ecdheParameters, error) {
hello.secureRenegotiation = c.clientFinished[:]
}
- possibleCipherSuites := config.cipherSuites()
- hello.cipherSuites = make([]uint16, 0, len(possibleCipherSuites))
+ preferenceOrder := cipherSuitesPreferenceOrder
+ if !hasAESGCMHardwareSupport {
+ preferenceOrder = cipherSuitesPreferenceOrderNoAES
+ }
+ configCipherSuites := config.cipherSuites()
+ hello.cipherSuites = make([]uint16, 0, len(configCipherSuites))
- for _, suiteId := range possibleCipherSuites {
- for _, suite := range cipherSuites {
- if suite.id != suiteId {
- continue
- }
- // Don't advertise TLS 1.2-only cipher suites unless
- // we're attempting TLS 1.2.
- if hello.vers < VersionTLS12 && suite.flags&suiteTLS12 != 0 {
- break
- }
- hello.cipherSuites = append(hello.cipherSuites, suiteId)
- break
+ for _, suiteId := range preferenceOrder {
+ suite := mutualCipherSuite(configCipherSuites, suiteId)
+ if suite == nil {
+ continue
}
+ // Don't advertise TLS 1.2-only cipher suites unless
+ // we're attempting TLS 1.2.
+ if hello.vers < VersionTLS12 && suite.flags&suiteTLS12 != 0 {
+ continue
+ }
+ hello.cipherSuites = append(hello.cipherSuites, suiteId)
}
_, err := io.ReadFull(config.rand(), hello.random)
@@ -120,7 +122,11 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, ecdheParameters, error) {
var params ecdheParameters
if hello.supportedVersions[0] == VersionTLS13 {
- hello.cipherSuites = append(hello.cipherSuites, defaultCipherSuitesTLS13()...)
+ if hasAESGCMHardwareSupport {
+ hello.cipherSuites = append(hello.cipherSuites, defaultCipherSuitesTLS13...)
+ } else {
+ hello.cipherSuites = append(hello.cipherSuites, defaultCipherSuitesTLS13NoAES...)
+ }
curveID := config.curvePreferences()[0]
if _, ok := curveForCurveID(curveID); curveID != X25519 && !ok {
View Lorry Controller Status