From a42b12e32a6d262713531dffeac718b5aa06ed62 Mon Sep 17 00:00:00 2001
From: Marten Seemann <martenseemann@gmail.com>
Date: Fri, 31 Mar 2023 00:50:14 +0900
Subject: [PATCH] offer only TLS 1.3 cipher suites for TLS 1.3 ClientHellos

---
 handshake_client.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/handshake_client.go b/handshake_client.go
index 778e269..1a26e41 100644
--- a/handshake_client.go
+++ b/handshake_client.go
@@ -144,6 +144,9 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, *ecdh.PrivateKey, error) {
 
 	var key *ecdh.PrivateKey
 	if hello.supportedVersions[0] == VersionTLS13 {
+		if len(hello.supportedVersions) == 1 {
+			hello.cipherSuites = hello.cipherSuites[:0]
+		}
 		if hasAESGCMHardwareSupport {
 			hello.cipherSuites = append(hello.cipherSuites, defaultCipherSuitesTLS13...)
 		} else {