tests: pin tests to a numbered TLS1.2 policy #4905
Conversation
There was a problem hiding this comment.
Test comment mentions TLS1.2
| /* Self-talk: Test interaction between TLS1.2 session resumption and serialization */ | ||
| { | ||
| DEFER_CLEANUP(struct s2n_config *resumption_config = s2n_config_new(), s2n_config_ptr_free); | ||
| EXPECT_SUCCESS(s2n_config_set_cipher_preferences(resumption_config, "20240501")); |
There was a problem hiding this comment.
Test comment mentions TLS1.2
tests/unit/s2n_renegotiate_test.c
Outdated
There was a problem hiding this comment.
renegotiation is only supported for TLS1.2
tests/unit/s2n_renegotiate_io_test.c
Outdated
There was a problem hiding this comment.
renegotiation is only supported for TLS1.2
There was a problem hiding this comment.
test comment mentions TLS1.2
There was a problem hiding this comment.
EMS supported for TLS1.2
| @@ -759,7 +759,7 @@ int main(int argc, char **argv) | |||
| struct s2n_connection *conn = NULL; | |||
| EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_CLIENT)); | |||
| EXPECT_SUCCESS(s2n_connection_set_config(conn, config)); | |||
| EXPECT_SUCCESS(s2n_connection_set_cipher_preferences(conn, "default")); | |||
| EXPECT_SUCCESS(s2n_connection_set_cipher_preferences(conn, "20240501")); | |||
There was a problem hiding this comment.
test comment specifies TLS1.2
| EXPECT_SUCCESS(s2n_config_set_cipher_preferences(client_configuration, "20240501")); | ||
|
|
||
| DEFER_CLEANUP(struct s2n_config *server_configuration = s2n_config_new(), | ||
| s2n_config_ptr_free); | ||
| EXPECT_NOT_NULL(server_configuration); | ||
| EXPECT_SUCCESS(s2n_config_set_session_tickets_onoff(server_configuration, 1)); | ||
| EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(server_configuration, | ||
| chain_and_key)); | ||
| EXPECT_SUCCESS(s2n_config_set_cipher_preferences(server_configuration, "20240501")); |
There was a problem hiding this comment.
Test checks for TLS1.2 below
| EXPECT_SUCCESS(s2n_connection_set_cipher_preferences(server_conn, "default")); | ||
| EXPECT_SUCCESS(s2n_connection_set_cipher_preferences(server_conn, "20240501")); |
There was a problem hiding this comment.
Test checks for TLS1.2 below
| EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, "default")); | ||
| EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, "20240501")); |
There was a problem hiding this comment.
Test checks for TLS1.2 below
tests/unit/s2n_self_talk_npn_test.c
Outdated
There was a problem hiding this comment.
npn is supported for TLS1.2
| @@ -78,6 +78,7 @@ int main(int argc, char **argv) | |||
| S2N_DEFAULT_TEST_CERT_CHAIN, S2N_DEFAULT_TEST_PRIVATE_KEY)); | |||
|
|
|||
| DEFER_CLEANUP(struct s2n_config *tls12_config = s2n_config_new(), s2n_config_ptr_free); | |||
| EXPECT_SUCCESS(s2n_config_set_cipher_preferences(tls12_config, "20240501")); | |||
There was a problem hiding this comment.
The name of the config is tls12_config
There was a problem hiding this comment.
Tests are all TLS1.2 specific eg. "Test that we ignore Warning Alerts in S2N_ALERT_IGNORE_WARNINGS mode in TLS1.2"
There was a problem hiding this comment.
hello request is only supported in TLS1.2
There was a problem hiding this comment.
Test checks that TLS1.2 was negotiated
toidiu
requested review from
lrstewart and
jmayclin
and removed request for
jmayclin
#4765
Description of changes:
This PR pins some tests that were relying on the "default" security policy to a numbered TLS1.2 policy. This paves the path to using TLS1.3 by default.
I have added comments to each file justifying why each change is safe.
Testing:
Existing tests should all pass.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.