From 0fa40123319f02d739c0bf636bfdfbc9b7bb29d7 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sat, 30 May 2015 17:13:12 -0400 Subject: [PATCH] Add a test that DTLS does not support RC4. Make sure we don't break that on accident. Change-Id: I22d58d35170d43375622fe61e4a588d1d626a054 Reviewed-on: https://boringssl-review.googlesource.com/4960 Reviewed-by: Adam Langley --- ssl/test/runner/common.go | 3 +++ ssl/test/runner/handshake_client.go | 2 +- ssl/test/runner/runner.go | 13 +++++++++++++ 3 files changed, 17 insertions(+), 1 deletion(-) diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go index 864f5266..feef5511 100644 --- a/ssl/test/runner/common.go +++ b/ssl/test/runner/common.go @@ -723,6 +723,9 @@ type ProtocolBugs struct { // PackHandshakeRecords, if true, causes handshake records to be packed // into individual packets, up to the specified packet size. PackHandshakeRecords int + + // EnableAllCiphersInDTLS, if true, causes RC4 to be enabled in DTLS. + EnableAllCiphersInDTLS bool } func (c *Config) serverInit() { diff --git a/ssl/test/runner/handshake_client.go b/ssl/test/runner/handshake_client.go index 1f9e84ff..0c5df738 100644 --- a/ssl/test/runner/handshake_client.go +++ b/ssl/test/runner/handshake_client.go @@ -115,7 +115,7 @@ NextCipherSuite: continue } // Don't advertise non-DTLS cipher suites on DTLS. - if c.isDTLS && suite.flags&suiteNoDTLS != 0 { + if c.isDTLS && suite.flags&suiteNoDTLS != 0 && !c.config.Bugs.EnableAllCiphersInDTLS { continue } hello.cipherSuites = append(hello.cipherSuites, suiteId) diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index 6c0d2943..40d8e7db 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -1116,6 +1116,19 @@ var testCases = []testCase{ }, }, }, + { + testType: serverTest, + protocol: dtls, + name: "NoRC4-DTLS", + config: Config{ + CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_RC4_128_SHA}, + Bugs: ProtocolBugs{ + EnableAllCiphersInDTLS: true, + }, + }, + shouldFail: true, + expectedError: ":NO_SHARED_CIPHER:", + }, } func doExchange(test *testCase, config *Config, conn net.Conn, messageLen int, isResume bool) error {