Cover DTLS 1.3 in the TLS fuzzers Also restore 1.0 and 1.1 coverage. We need to explicitly configure the minimum and maximum supported, since the default may be narrower. Bug: 42290594 Change-Id: I690bd7b98401bfd48ea819053152d21120c5922f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/73888 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Nick Harper <nharper@chromium.org>

commit: 9559c4566a6d12194c42db5f3dbbcb5de35cfec2 [log] [tgz]
author: David Benjamin <davidben@google.com> Tue Dec 03 15:31:14 2024 -0500
committer: Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> Fri Dec 06 23:19:02 2024 +0000
tree: 5f195427e751830ed89847211706065f574d5730
parent: 4c647a5623c3da9bfa8f9cd7d4f60c992b0685c3 [diff]
diff --git a/ssl/test/fuzzer.h b/ssl/test/fuzzer.h
index ca7b55a..01b689a 100644
--- a/ssl/test/fuzzer.h
+++ b/ssl/test/fuzzer.h

@@ -414,7 +414,12 @@
     SSL_CTX_enable_ocsp_stapling(ctx_.get());
 
     // Enable versions and ciphers that are off by default.
-    if (!SSL_CTX_set_strict_cipher_list(ctx_.get(), "ALL:3DES")) {
+    uint16_t min_version = protocol_ == kDTLS ? DTLS1_VERSION : TLS1_VERSION;
+    uint16_t max_version =
+        protocol_ == kDTLS ? DTLS1_3_VERSION : TLS1_3_VERSION;
+    if (!SSL_CTX_set_min_proto_version(ctx_.get(), min_version) ||
+        !SSL_CTX_set_max_proto_version(ctx_.get(), max_version) ||
+        !SSL_CTX_set_strict_cipher_list(ctx_.get(), "ALL:3DES")) {
       return false;
     }
commit	9559c4566a6d12194c42db5f3dbbcb5de35cfec2	[log] [tgz]
author	David Benjamin <davidben@google.com>	Tue Dec 03 15:31:14 2024 -0500
committer	Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>	Fri Dec 06 23:19:02 2024 +0000
tree	5f195427e751830ed89847211706065f574d5730
parent	4c647a5623c3da9bfa8f9cd7d4f60c992b0685c3 [diff]