Skip to content

Commit

Permalink
quic: disable X25519Kyber768Draft00 in tests
Browse files Browse the repository at this point in the history
Enabling this bloats the TLS handshake so flights no longer
fit in a single datagram. Disable it in tests. Add a test
using the crypto/tls defaults, to ensure we do handshake
properly with them.

Fixes golang/go#67783

Change-Id: I521188e7b5a313e9289e726935e5b26994090b4a
Reviewed-on: https://go-review.googlesource.com/c/net/+/589855
Auto-Submit: Damien Neil <[email protected]>
Reviewed-by: Jonathan Amsterdam <[email protected]>
Reviewed-by: Filippo Valsorda <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
  • Loading branch information
neild authored and gopherbot committed Jun 3, 2024
1 parent 67e8d0c commit 603e3e6
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 0 deletions.
6 changes: 6 additions & 0 deletions quic/endpoint_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,12 @@ func TestConnect(t *testing.T) {
newLocalConnPair(t, &Config{}, &Config{})
}

func TestConnectDefaultTLSConfig(t *testing.T) {
serverConfig := newTestTLSConfigWithMoreDefaults(serverSide)
clientConfig := newTestTLSConfigWithMoreDefaults(clientSide)
newLocalConnPair(t, &Config{TLSConfig: serverConfig}, &Config{TLSConfig: clientConfig})
}

func TestStreamTransfer(t *testing.T) {
ctx := context.Background()
cli, srv := newLocalConnPair(t, &Config{}, &Config{})
Expand Down
19 changes: 19 additions & 0 deletions quic/tlsconfig_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,13 +20,32 @@ func newTestTLSConfig(side connSide) *tls.Config {
tls.TLS_CHACHA20_POLY1305_SHA256,
},
MinVersion: tls.VersionTLS13,
// Default key exchange mechanisms as of Go 1.23 minus X25519Kyber768Draft00,
// which bloats the client hello enough to spill into a second datagram.
// Tests were written with the assuption each flight in the handshake
// fits in one datagram, and it's simpler to keep that property.
CurvePreferences: []tls.CurveID{
tls.X25519, tls.CurveP256, tls.CurveP384, tls.CurveP521,
},
}
if side == serverSide {
config.Certificates = []tls.Certificate{testCert}
}
return config
}

// newTestTLSConfigWithMoreDefaults returns a *tls.Config for testing
// which behaves more like a default, empty config.
//
// In particular, it uses the default curve preferences, which can increase
// the size of the handshake.
func newTestTLSConfigWithMoreDefaults(side connSide) *tls.Config {
config := newTestTLSConfig(side)
config.CipherSuites = nil
config.CurvePreferences = nil
return config
}

var testCert = func() tls.Certificate {
cert, err := tls.X509KeyPair(localhostCert, localhostKey)
if err != nil {
Expand Down

0 comments on commit 603e3e6

Please sign in to comment.