Improve version extension tests.
ConflictingVersionNegotiation really should be about, say 1.1 and 1.2 since those may be negotiated via either mechanism. (Those two cases are actually kinda weird and we may wish to change the spec. But, in the meantime, test that we have the expected semantics.) Also test that we ignore true TLS 1.3's number for now, until we use it, and that TLS 1.3 suitably ignores ClientHello.version. Change-Id: I76c660ddd179313fa68b15a6fda7a698bef4d9c9 Reviewed-on: https://boringssl-review.googlesource.com/11407 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
parent
592b532dda
commit
ad75a661bf
@ -4284,12 +4284,38 @@ func addVersionNegotiationTests() {
|
|||||||
testType: serverTest,
|
testType: serverTest,
|
||||||
name: "ConflictingVersionNegotiation",
|
name: "ConflictingVersionNegotiation",
|
||||||
config: Config{
|
config: Config{
|
||||||
MaxVersion: VersionTLS13,
|
|
||||||
Bugs: ProtocolBugs{
|
Bugs: ProtocolBugs{
|
||||||
SendClientVersion: 0x0304,
|
SendClientVersion: VersionTLS12,
|
||||||
SendSupportedVersions: []uint16{0x0303},
|
SendSupportedVersions: []uint16{VersionTLS11},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
// The extension takes precedence over the ClientHello version.
|
||||||
|
expectedVersion: VersionTLS11,
|
||||||
|
})
|
||||||
|
|
||||||
|
testCases = append(testCases, testCase{
|
||||||
|
testType: serverTest,
|
||||||
|
name: "ConflictingVersionNegotiation-2",
|
||||||
|
config: Config{
|
||||||
|
Bugs: ProtocolBugs{
|
||||||
|
SendClientVersion: VersionTLS11,
|
||||||
|
SendSupportedVersions: []uint16{VersionTLS12},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
// The extension takes precedence over the ClientHello version.
|
||||||
|
expectedVersion: VersionTLS12,
|
||||||
|
})
|
||||||
|
|
||||||
|
testCases = append(testCases, testCase{
|
||||||
|
testType: serverTest,
|
||||||
|
name: "RejectFinalTLS13",
|
||||||
|
config: Config{
|
||||||
|
Bugs: ProtocolBugs{
|
||||||
|
SendSupportedVersions: []uint16{VersionTLS13, VersionTLS12},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
// We currently implement a draft TLS 1.3 version. Ensure that
|
||||||
|
// the true TLS 1.3 value is ignored for now.
|
||||||
expectedVersion: VersionTLS12,
|
expectedVersion: VersionTLS12,
|
||||||
})
|
})
|
||||||
|
|
||||||
@ -4314,8 +4340,23 @@ func addVersionNegotiationTests() {
|
|||||||
OmitSupportedVersions: true,
|
OmitSupportedVersions: true,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
// TLS 1.3 must be negotiated with the supported_versions
|
||||||
|
// extension, not ClientHello.version.
|
||||||
expectedVersion: VersionTLS12,
|
expectedVersion: VersionTLS12,
|
||||||
})
|
})
|
||||||
|
testCases = append(testCases, testCase{
|
||||||
|
testType: serverTest,
|
||||||
|
name: "VersionTolerance-TLS13",
|
||||||
|
config: Config{
|
||||||
|
Bugs: ProtocolBugs{
|
||||||
|
// Although TLS 1.3 does not use
|
||||||
|
// ClientHello.version, it still tolerates high
|
||||||
|
// values there.
|
||||||
|
SendClientVersion: 0x0400,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
expectedVersion: VersionTLS13,
|
||||||
|
})
|
||||||
|
|
||||||
testCases = append(testCases, testCase{
|
testCases = append(testCases, testCase{
|
||||||
protocol: dtls,
|
protocol: dtls,
|
||||||
|
Loading…
Reference in New Issue
Block a user