Fix TLS 1.3 downgrade tests.

The client downgrade detection tests were not asserting on the error (would have caught the missing error string). Additionally, Downgrade-FalseStart-Draft isn't testing what it's supposed to; it doesn't actually configure a draft version or anything. Fix that and have it use ALPN rather than NPN, to match the test above. Change-Id: I0b759385641aa00994a912303a6f5bd65522b4bb Reviewed-on: https://boringssl-review.googlesource.com/31204 Reviewed-by: Steven Valdez <svaldez@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-08-21 21:30:42 -05:00 · 2018-08-21 21:30:42 -05:00 · 23849f09af
commit 23849f09af
parent 1c2532ffe6
1 changed files with 10 additions and 4 deletions
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@ -5902,6 +5902,7 @@ func addVersionNegotiationTests() {
 		tls13Variant:       TLS13RFC,
 		expectedVersion:    VersionTLS12,
 		shouldFail:         true,
+		expectedError:      ":TLS13_DOWNGRADE:",
 		expectedLocalError: "remote error: illegal parameter",
 	})
 	testCases = append(testCases, testCase{
@ -5928,6 +5929,7 @@ func addVersionNegotiationTests() {
 		tls13Variant:       TLS13RFC,
 		expectedVersion:    VersionTLS11,
 		shouldFail:         true,
+		expectedError:      ":TLS13_DOWNGRADE:",
 		expectedLocalError: "remote error: illegal parameter",
 	})
 	testCases = append(testCases, testCase{
@ -5992,23 +5994,27 @@ func addVersionNegotiationTests() {
 		expectedLocalError: "tls: peer did not false start: EOF",
 	})

+	// Test that draft TLS 1.3 versions do not trigger disabling False Start.
 	testCases = append(testCases, testCase{
 		name: "Downgrade-FalseStart-Draft",
 		config: Config{
 			MaxVersion:   VersionTLS13,
-			CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
+			TLS13Variant: TLS13RFC,
 			NextProtos:   []string{"foo"},
 			Bugs: ProtocolBugs{
 				ExpectFalseStart: true,
 			},
 		},
+		expectedVersion: VersionTLS12,
 		flags: []string{
 			"-false-start",
-			"-select-next-proto", "foo",
-			"-max-version", strconv.Itoa(VersionTLS12),
+			"-advertise-alpn", "\x03foo",
+			"-expect-alpn", "foo",
+			"-ignore-tls13-downgrade",
+			"-tls13-variant", strconv.Itoa(TLS13Draft28),
+			"-max-version", strconv.Itoa(VersionTLS13),
 		},
 		shimWritesFirst: true,
-		resumeSession:   true,
 	})

 	// SSL 3.0 support has been removed. Test that the shim does not