Add UnauthenticatedECDH bug test.

This works, but there's enough shared codepaths that it's worth a test to
ensure it stays that way.

Change-Id: I5d5a729811e35832170322957258304213204e3b
Reviewed-by: Adam Langley <>
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index dca3e9d..328807a 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -353,6 +353,12 @@
 	// DuplicateExtension causes an extra empty extension of bogus type to
 	// be emitted in either the ClientHello or the ServerHello.
 	DuplicateExtension bool
+	// UnauthenticatedECDH causes the server to pretend ECDHE_RSA
+	// and ECDHE_ECDSA cipher suites are actually ECDH_anon. No
+	// Certificate message is sent and no signature is added to
+	// ServerKeyExchange.
+	UnauthenticatedECDH bool
 func (c *Config) serverInit() {