From e303a45dd1ac2cb298e9536a0f439355b47cb701 Mon Sep 17 00:00:00 2001
From: Ryan Richard <richardry@vmware.com>
Date: Thu, 8 Feb 2024 09:39:01 -0800
Subject: [PATCH] Test util AssertTLS supports both old and new goboring

- Current goboring only allows TLS 1.2.
- The next goboring will allow TLS 1.2 and TLS 1.3. We got a preview
  of this when the Go team upgraded goboring in Go 1.21.6, but then
  downgraded it again in the next Go releases.
---
 internal/testutil/tlsserver/tlsserver.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/internal/testutil/tlsserver/tlsserver.go b/internal/testutil/tlsserver/tlsserver.go
index 56eddba39..9669764d4 100644
--- a/internal/testutil/tlsserver/tlsserver.go
+++ b/internal/testutil/tlsserver/tlsserver.go
@@ -85,6 +85,10 @@ func AssertTLS(t *testing.T, r *http.Request, clientTLSConfigFunc ptls.ConfigFun
 	var wantClientSupportedCiphers []uint16
 
 	switch {
+	// When the provided config only supports TLS 1.2, then set up the expected values for TLS 1.2.
+	case clientTLSConfig.MinVersion == tls.VersionTLS12 && clientTLSConfig.MaxVersion == tls.VersionTLS12:
+		wantClientSupportedVersions = []uint16{tls.VersionTLS12}
+		wantClientSupportedCiphers = clientTLSConfig.CipherSuites
 	// When the provided config only supports TLS 1.3, then set up the expected values for TLS 1.3.
 	case clientTLSConfig.MinVersion == tls.VersionTLS13:
 		wantClientSupportedVersions = []uint16{tls.VersionTLS13}