crypto/tls: fix cipher suite check when doing 0-RTT resumption

Change-Id: Ia50898308b80149f862457f9cd9f1123da4e6b6f
Reviewed-on: https://go-review.googlesource.com/c/go/+/498215
Reviewed-by: Filippo Valsorda <[email protected]>
Reviewed-by: Macrombi Lux <[email protected]>
TryBot-Result: Gopher Robot <[email protected]>
Reviewed-by: Damien Neil <[email protected]>
Auto-Submit: Filippo Valsorda <[email protected]>
Reviewed-by: Michael Knyszek <[email protected]>
Run-TryBot: Filippo Valsorda <[email protected]>

Author: marten-seemann

src/crypto/tls/handshake_client.go

@@ -376,7 +376,7 @@ func (c *Conn) loadSession(hello *clientHelloMsg) (
 	if c.quic != nil && session.EarlyData {
 		// For 0-RTT, the cipher suite has to match exactly, and we need to be
 		// offering the same ALPN.
-		if mutualCipherSuite(hello.cipherSuites, session.cipherSuite) != nil {
+		if mutualCipherSuiteTLS13(hello.cipherSuites, session.cipherSuite) != nil {
 			for _, alpn := range hello.alpnProtocols {
 				if alpn == session.alpnProtocol {
 					hello.earlyData = true