Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
update SSL tests to deal better with disabled protocols #65120
update SSL tests to deal better with disabled protocols #65120
Changes from 1 commit
9f2b1a1
318518c
6dddb96
36b4b36
bd6ee9c
429d7da
d1ad211
212fa5b
76a485a
c4add0d
371f08b
bc8c739
34cfde3
c5eb617
63e9638
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't mind the check, but this shouldn't happen should it? Based on the checks in
ProtocolMismatchData
. I'm just trying to make sure I understand this.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are two parts. The one side is guarded but the other is not. So we would not start server on unsupported version but the client can be anything.
We could possibly change that as well. We have tests where the client part is set of allowed protocols and the test would work as far as any of them is available. It is also somewhat more complicated as the protocol may not be supported by the SSL stack but on this case the server does support but it is disabled in registry. And when it does, some of the call fail with WIn32Exception. There is also some variations I run into on Linux: The protocols may not be disabled explicitly but all the ciphers suites used by it may - as deemed weak. In that case the API calls succeed but then the negotiation fails with protocol mismatch.
Perhaps we should construct this automatically e.g. create disjoined sets from all supported protocols.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this correlates anyhow with the new check for
IsWindows10Version20348OrGreater
ins_supportsNullEncryption
?If so, should it be the same check here as well? Or is this unrelated?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not necessarily. I'm not sure where the expected
PlatformNotSupportedException
would come from. On windows when the protocol are disabled in registry we get API failure. I mostly disabled this to pass the test so we have time to investigate. My intention is to stabilize the tests but leave #65098 open so we can investigate more.