Commit 975922fd authored by Matt Caswell's avatar Matt Caswell
Browse files

Add tests for version/ciphersuite sanity checks 



The previous commits added sanity checks for where the max enabled protocol
version does not have any configured ciphersuites. We should check that we
fail in those circumstances.

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3316)
parent 38a73150

test/ssl-tests/protocol_version.pm

+31 −0
Original line number Diff line number Diff line
@@ -129,6 +129,37 @@ sub generate_version_tests { 
            }

        }

    }

    return @tests if disabled("tls1_3") || disabled("tls1_2") || $dtls;



    #Add some version/ciphersuite sanity check tests

    push @tests, {

        "name" => "ciphersuite-sanity-check-client",

        "client" => {

            #Offering only <=TLSv1.2 ciphersuites with TLSv1.3 should fail

            "CipherString" => "AES128-SHA",

        },

        "server" => {

            "MaxProtocol" => "TLSv1.2"

        },

        "test" => {

            "ExpectedResult" => "ClientFail",

        }

    };

    push @tests, {

        "name" => "ciphersuite-sanity-check-server",

        "client" => {

            "CipherString" => "AES128-SHA",

            "MaxProtocol" => "TLSv1.2"

        },

        "server" => {

            #Allowing only <=TLSv1.2 ciphersuites with TLSv1.3 should fail

            "CipherString" => "AES128-SHA",

        },

        "test" => {

            "ExpectedResult" => "ServerFail",

        }

    };



    return @tests;

}