Commit f315b665 authored by Matt Caswell's avatar Matt Caswell
Browse files

Add tests for version/ciphersuite sanity checks 



The previous commits added sanity checks for where the max enabled protocol
version does not have any configured ciphersuites. We should check that we
fail in those circumstances.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3334)
parent ae476539

test/ssl-tests/protocol_version.pm

+31 −0
Original line number Diff line number Diff line
@@ -125,6 +125,37 @@ sub generate_version_tests { 
            }

        }

    }

    return @tests if disabled("tls1_3") || disabled("tls1_2") || $dtls;



    #Add some version/ciphersuite sanity check tests

    push @tests, {

        "name" => "ciphersuite-sanity-check-client",

        "client" => {

            #Offering only <=TLSv1.2 ciphersuites with TLSv1.3 should fail

            "CipherString" => "AES128-SHA",

        },

        "server" => {

            "MaxProtocol" => "TLSv1.2"

        },

        "test" => {

            "ExpectedResult" => "InternalError",

        }

    };

    push @tests, {

        "name" => "ciphersuite-sanity-check-server",

        "client" => {

            "CipherString" => "AES128-SHA",

            "MaxProtocol" => "TLSv1.2"

        },

        "server" => {

            #Allowing only <=TLSv1.2 ciphersuites with TLSv1.3 should fail

            "CipherString" => "AES128-SHA",

        },

        "test" => {

            "ExpectedResult" => "ServerFail",

        }

    };



    return @tests;

}