From 07a8bd3143203354f6a4b59f99d1505f83c23066 Mon Sep 17 00:00:00 2001
From: David Cooper <dcooper16@gmail.com>
Date: Wed, 11 May 2016 09:24:07 -0400
Subject: [PATCH] Support version negotiation test

The new test in PR #346 sends a TLSv1.4 ClientHello, so socksend_tls_clienthello() needs to include the signature algorithms extension if $tls_low_byte >= 3 rather than only if it is equal to 3.
---
 testssl.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/testssl.sh b/testssl.sh
index 8bc6fc0..83a05f6 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -4278,7 +4278,7 @@ socksend_tls_clienthello() {
 
           # RFC 5246 says that clients MUST NOT offer the signature algorithms
           # extension if they are offering TLS versions prior to 1.2.
-          if [[ "$tls_low_byte" == "03" ]]; then
+          if [[ "0x$tls_low_byte" -ge "0x03" ]]; then
                all_extensions="$all_extensions
                ,$extension_signature_algorithms"
           fi