diff --git a/src/crypto/tls/bogo_shim_test.go b/src/crypto/tls/bogo_shim_test.go
index 2d8100d..6cc96b4 100644
--- a/src/crypto/tls/bogo_shim_test.go
+++ b/src/crypto/tls/bogo_shim_test.go
@@ -37,6 +37,9 @@
maxVersion = flag.Int("max-version", VersionTLS13, "")
expectVersion = flag.Int("expect-version", 0, "")
+ noTLS1 = flag.Bool("no-tls1", false, "")
+ noTLS11 = flag.Bool("no-tls11", false, "")
+ noTLS12 = flag.Bool("no-tls12", false, "")
noTLS13 = flag.Bool("no-tls13", false, "")
requireAnyClientCertificate = flag.Bool("require-any-client-certificate", false, "")
@@ -113,6 +116,32 @@
ClientSessionCache: NewLRUClientSessionCache(0),
}
+
+ // We do not check the MinVersion because by default BoringSSL uses VersionSSL30 as the MinVersion, but we only support VersionTLS10
+ if *noTLS1 {
+ cfg.MinVersion = VersionTLS11
+ }
+
+ if *noTLS11 {
+ if *noTLS1 {
+ cfg.MinVersion = VersionTLS12
+ } else if *noTLS12 && *noTLS13 {
+ cfg.MaxVersion = VersionTLS10
+ } else {
+ log.Fatal("recieved incompatible flags")
+ }
+ }
+
+ if *noTLS12 {
+ if *noTLS1 && *noTLS11 {
+ cfg.MinVersion = VersionTLS13
+ } else if *noTLS13 {
+ cfg.MaxVersion = VersionTLS11
+ } else {
+ log.Fatal("recieved incompatible flags")
+ }
+ }
+
if *noTLS13 && cfg.MaxVersion == VersionTLS13 {
cfg.MaxVersion = VersionTLS12
}