diff options
author | Matt Caswell <matt@openssl.org> | 2016-11-29 09:49:04 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-11-29 22:51:12 +0000 |
commit | 54d028aa0f5dc50ec64a8d99ed43b81519b0443b (patch) | |
tree | 9609734245b82c55753e674ae59e4ee3d7c2c55b /test | |
parent | 5bdcd362d24cbbcf18c5eb9df655fe9f7bcf5850 (diff) |
Fix mac-then-encrypt test with enable-tls1_3
Commit b3618f44 added a test for mac-then-encrypt. However the test fails
when running with "enable-tls1_3". The problem is that the test creates a
connection, which ends up being TLSv1.3. However it also restricts the
ciphers to a single mac-then-encrypt ciphersuite that is not TLSv1.3
compatible so the connection aborts and the test fails. Mac-then-encrypt
is not relevant to TLSv1.3, so the test should disable that protocol
version.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Diffstat (limited to 'test')
-rw-r--r-- | test/recipes/80-test_ssl_new.t | 3 | ||||
-rw-r--r-- | test/ssl-tests/19-mac-then-encrypt.conf | 6 | ||||
-rw-r--r-- | test/ssl-tests/19-mac-then-encrypt.conf.in | 6 |
3 files changed, 15 insertions, 0 deletions
diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t index de94495e0d..7b624acd22 100644 --- a/test/recipes/80-test_ssl_new.t +++ b/test/recipes/80-test_ssl_new.t @@ -39,7 +39,9 @@ my $is_default_tls = (disabled("ssl3") && !disabled("tls1") && my $is_default_dtls = (!disabled("dtls1") && !disabled("dtls1_2")); +my @all_pre_tls1_3 = ("ssl3", "tls1", "tls1_1", "tls1_2"); my $no_tls = alldisabled(available_protocols("tls")); +my $no_pre_tls1_3 = alldisabled(@all_pre_tls1_3); my $no_dtls = alldisabled(available_protocols("dtls")); my $no_npn = disabled("nextprotoneg"); my $no_ct = disabled("ct"); @@ -76,6 +78,7 @@ my %skip = ( "15-certstatus.conf" => $no_tls || $no_ocsp, "16-dtls-certstatus.conf" => $no_dtls || $no_ocsp, "18-dtls-renegotiate.conf" => $no_dtls, + "19-mac-then-encrypt.conf" => $no_pre_tls1_3 ); foreach my $conf (@conf_files) { diff --git a/test/ssl-tests/19-mac-then-encrypt.conf b/test/ssl-tests/19-mac-then-encrypt.conf index 40480edbf8..bba44d1703 100644 --- a/test/ssl-tests/19-mac-then-encrypt.conf +++ b/test/ssl-tests/19-mac-then-encrypt.conf @@ -25,6 +25,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [0-disable-encrypt-then-mac-server-sha-client] CipherString = AES128-SHA +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -48,6 +49,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [1-disable-encrypt-then-mac-client-sha-client] CipherString = AES128-SHA +MaxProtocol = TLSv1.2 Options = -EncryptThenMac VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -73,6 +75,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [2-disable-encrypt-then-mac-both-sha-client] CipherString = AES128-SHA +MaxProtocol = TLSv1.2 Options = -EncryptThenMac VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -93,6 +96,7 @@ client = 3-disable-encrypt-then-mac-server-sha2-client [3-disable-encrypt-then-mac-server-sha2-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = -EncryptThenMac PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem @@ -121,6 +125,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [4-disable-encrypt-then-mac-client-sha2-client] CipherString = AES128-SHA256 +MaxProtocol = TLSv1.2 Options = -EncryptThenMac VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -146,6 +151,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [5-disable-encrypt-then-mac-both-sha2-client] CipherString = AES128-SHA256 +MaxProtocol = TLSv1.2 Options = -EncryptThenMac VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer diff --git a/test/ssl-tests/19-mac-then-encrypt.conf.in b/test/ssl-tests/19-mac-then-encrypt.conf.in index 01afe251a7..096423bde2 100644 --- a/test/ssl-tests/19-mac-then-encrypt.conf.in +++ b/test/ssl-tests/19-mac-then-encrypt.conf.in @@ -19,6 +19,7 @@ our @tests = ( }, client => { "CipherString" => "AES128-SHA", + "MaxProtocol" => "TLSv1.2" }, test => { "ExpectedResult" => "Success", @@ -31,6 +32,7 @@ our @tests = ( client => { "CipherString" => "AES128-SHA", "Options" => "-EncryptThenMac", + "MaxProtocol" => "TLSv1.2" }, test => { "ExpectedResult" => "Success", @@ -44,6 +46,7 @@ our @tests = ( client => { "CipherString" => "AES128-SHA", "Options" => "-EncryptThenMac", + "MaxProtocol" => "TLSv1.2" }, test => { "ExpectedResult" => "Success", @@ -53,6 +56,7 @@ our @tests = ( name => "disable-encrypt-then-mac-server-sha2", server => { "Options" => "-EncryptThenMac", + "MaxProtocol" => "TLSv1.2" }, client => { "CipherString" => "AES128-SHA256", @@ -68,6 +72,7 @@ our @tests = ( client => { "CipherString" => "AES128-SHA256", "Options" => "-EncryptThenMac", + "MaxProtocol" => "TLSv1.2" }, test => { "ExpectedResult" => "Success", @@ -81,6 +86,7 @@ our @tests = ( client => { "CipherString" => "AES128-SHA256", "Options" => "-EncryptThenMac", + "MaxProtocol" => "TLSv1.2" }, test => { "ExpectedResult" => "Success", |