Allow CECPQ1 cipher suites to do False Start.

Since they include an ECDHE exchange in them, they are equally-well
suited to False Start.

Change-Id: I75d31493a614a78ccbf337574c359271831d654d
Reviewed-on: https://boringssl-review.googlesource.com/8732
Reviewed-by: David Benjamin <davidben@google.com>

ssl/ssl_lib.c

@@ -2497,7 +2497,8 @@ int ssl3_can_false_start(const SSL *ssl) {
       SSL_version(ssl) == TLS1_2_VERSION &&
       (ssl->s3->alpn_selected || ssl->s3->next_proto_neg_seen) &&
       cipher != NULL &&
-      cipher->algorithm_mkey == SSL_kECDHE &&
+      (cipher->algorithm_mkey == SSL_kECDHE ||
+       cipher->algorithm_mkey == SSL_kCECPQ1) &&
       cipher->algorithm_mac == SSL_AEAD;
 }
 

ssl/test/runner/runner.go

@@ -3303,6 +3303,25 @@ func addStateMachineCoverageTests(async, splitHandshake bool, protocol protocol)
 			shimWritesFirst: true,
 		})
 
+		tests = append(tests, testCase{
+			name: "FalseStart-CECPQ1",
+			config: Config{
+				MaxVersion:   VersionTLS12,
+				CipherSuites: []uint16{TLS_CECPQ1_RSA_WITH_AES_256_GCM_SHA384},
+				NextProtos:   []string{"foo"},
+				Bugs: ProtocolBugs{
+					ExpectFalseStart: true,
+				},
+			},
+			flags: []string{
+				"-false-start",
+				"-cipher", "DEFAULT:kCECPQ1",
+				"-select-next-proto", "foo",
+			},
+			shimWritesFirst: true,
+			resumeSession:   true,
+		})
+
 		// Server parses a V2ClientHello.
 		tests = append(tests, testCase{
 			testType: serverTest,