Fix mac-then-encrypt test with enable-tls1_3

Commit b3618f44 added a test for mac-then-encrypt. However the test fails when running with "enable-tls1_3". The problem is that the test creates a connection, which ends up being TLSv1.3. However it also restricts the ciphers to a single mac-then-encrypt ciphersuite that is not TLSv1.3 compatible so the connection aborts and the test fails. Mac-then-encrypt is not relevant to TLSv1.3, so the test should disable that protocol version. Reviewed-by: Emilia Käsper <emilia@openssl.org>
author: Matt Caswell <matt@openssl.org> 2016-11-29 09:49:04 +0000
committer: Matt Caswell <matt@openssl.org> 2016-11-29 22:51:12 +0000
commit: 54d028aa0f5dc50ec64a8d99ed43b81519b0443b (patch)
tree: 9609734245b82c55753e674ae59e4ee3d7c2c55b /test/ssl-tests
parent: 5bdcd362d24cbbcf18c5eb9df655fe9f7bcf5850 (diff)
2 files changed, 12 insertions, 0 deletions
diff --git a/test/ssl-tests/19-mac-then-encrypt.conf b/test/ssl-tests/19-mac-then-encrypt.conf
index 40480edbf8..bba44d1703 100644
--- a/test/ssl-tests/19-mac-then-encrypt.conf
+++ b/test/ssl-tests/19-mac-then-encrypt.conf
@@ -25,6 +25,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [0-disable-encrypt-then-mac-server-sha-client]
 CipherString = AES128-SHA
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -48,6 +49,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [1-disable-encrypt-then-mac-client-sha-client]
 CipherString = AES128-SHA
+MaxProtocol = TLSv1.2
 Options = -EncryptThenMac
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
@@ -73,6 +75,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [2-disable-encrypt-then-mac-both-sha-client]
 CipherString = AES128-SHA
+MaxProtocol = TLSv1.2
 Options = -EncryptThenMac
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
@@ -93,6 +96,7 @@ client = 3-disable-encrypt-then-mac-server-sha2-client
 [3-disable-encrypt-then-mac-server-sha2-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 Options = -EncryptThenMac
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
@@ -121,6 +125,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [4-disable-encrypt-then-mac-client-sha2-client]
 CipherString = AES128-SHA256
+MaxProtocol = TLSv1.2
 Options = -EncryptThenMac
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
@@ -146,6 +151,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [5-disable-encrypt-then-mac-both-sha2-client]
 CipherString = AES128-SHA256
+MaxProtocol = TLSv1.2
 Options = -EncryptThenMac
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
diff --git a/test/ssl-tests/19-mac-then-encrypt.conf.in b/test/ssl-tests/19-mac-then-encrypt.conf.in
index 01afe251a7..096423bde2 100644
--- a/test/ssl-tests/19-mac-then-encrypt.conf.in
+++ b/test/ssl-tests/19-mac-then-encrypt.conf.in
@@ -19,6 +19,7 @@ our @tests = (
         },
         client => {
           "CipherString" => "AES128-SHA",
+          "MaxProtocol" => "TLSv1.2"
         },
         test   => {
           "ExpectedResult" => "Success",
@@ -31,6 +32,7 @@ our @tests = (
         client => {
           "CipherString" => "AES128-SHA",
           "Options" => "-EncryptThenMac",
+          "MaxProtocol" => "TLSv1.2"
         },
         test   => {
           "ExpectedResult" => "Success",
@@ -44,6 +46,7 @@ our @tests = (
         client => {
           "CipherString" => "AES128-SHA",
           "Options" => "-EncryptThenMac",
+          "MaxProtocol" => "TLSv1.2"
         },
         test   => {
           "ExpectedResult" => "Success",
@@ -53,6 +56,7 @@ our @tests = (
         name => "disable-encrypt-then-mac-server-sha2",
         server => {
           "Options" => "-EncryptThenMac",
+          "MaxProtocol" => "TLSv1.2"
         },
         client => {
           "CipherString" => "AES128-SHA256",
@@ -68,6 +72,7 @@ our @tests = (
         client => {
           "CipherString" => "AES128-SHA256",
           "Options" => "-EncryptThenMac",
+          "MaxProtocol" => "TLSv1.2"
         },
         test   => {
           "ExpectedResult" => "Success",
@@ -81,6 +86,7 @@ our @tests = (
         client => {
           "CipherString" => "AES128-SHA256",
           "Options" => "-EncryptThenMac",
+          "MaxProtocol" => "TLSv1.2"
         },
         test   => {
           "ExpectedResult" => "Success",
author	Matt Caswell <matt@openssl.org>	2016-11-29 09:49:04 +0000
committer	Matt Caswell <matt@openssl.org>	2016-11-29 22:51:12 +0000
commit	54d028aa0f5dc50ec64a8d99ed43b81519b0443b (patch)
tree	9609734245b82c55753e674ae59e4ee3d7c2c55b /test/ssl-tests
parent	5bdcd362d24cbbcf18c5eb9df655fe9f7bcf5850 (diff)