Commit f315b665 authored by Matt Caswell's avatar Matt Caswell

Add tests for version/ciphersuite sanity checks

The previous commits added sanity checks for where the max enabled protocol
version does not have any configured ciphersuites. We should check that we
fail in those circumstances.
Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3334)
parent ae476539
......@@ -125,6 +125,37 @@ sub generate_version_tests {
}
}
}
return @tests if disabled("tls1_3") || disabled("tls1_2") || $dtls;
#Add some version/ciphersuite sanity check tests
push @tests, {
"name" => "ciphersuite-sanity-check-client",
"client" => {
#Offering only <=TLSv1.2 ciphersuites with TLSv1.3 should fail
"CipherString" => "AES128-SHA",
},
"server" => {
"MaxProtocol" => "TLSv1.2"
},
"test" => {
"ExpectedResult" => "InternalError",
}
};
push @tests, {
"name" => "ciphersuite-sanity-check-server",
"client" => {
"CipherString" => "AES128-SHA",
"MaxProtocol" => "TLSv1.2"
},
"server" => {
#Allowing only <=TLSv1.2 ciphersuites with TLSv1.3 should fail
"CipherString" => "AES128-SHA",
},
"test" => {
"ExpectedResult" => "ServerFail",
}
};
return @tests;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment