Delete the variants/draft code.
Change-Id: I84abfedc30e4c34e42285f3c366c2f504a3b9cf2
Reviewed-on: https://boringssl-review.googlesource.com/c/34144
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 2f0b1b5..c128605 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -619,9 +619,6 @@
#define DTLS1_VERSION 0xfeff
#define DTLS1_2_VERSION 0xfefd
-#define TLS1_3_DRAFT23_VERSION 0x7f17
-#define TLS1_3_DRAFT28_VERSION 0x7f1c
-
// SSL_CTX_set_min_proto_version sets the minimum protocol version for |ctx| to
// |version|. If |version| is zero, the default minimum version is used. It
// returns one on success and zero if |version| is invalid.
@@ -3518,28 +3515,6 @@
// performed by |ssl|. This includes the pending renegotiation, if any.
OPENSSL_EXPORT int SSL_total_renegotiations(const SSL *ssl);
-// tls13_variant_t determines what TLS 1.3 variant to negotiate.
-enum tls13_variant_t {
- tls13_rfc = 0,
- tls13_draft23,
- tls13_draft28,
- // tls13_all enables all variants of TLS 1.3, to keep the transition smooth as
- // early adopters move to the final version.
- tls13_all,
-};
-
-// SSL_CTX_set_tls13_variant sets which variant of TLS 1.3 we negotiate. On the
-// server, if |variant| is not |tls13_default|, all variants are enabled. On the
-// client, only the configured variant is enabled.
-OPENSSL_EXPORT void SSL_CTX_set_tls13_variant(SSL_CTX *ctx,
- enum tls13_variant_t variant);
-
-// SSL_set_tls13_variant sets which variant of TLS 1.3 we negotiate. On the
-// server, if |variant| is not |tls13_default|, all variants are enabled. On the
-// client, only the configured variant is enabled.
-OPENSSL_EXPORT void SSL_set_tls13_variant(SSL *ssl,
- enum tls13_variant_t variant);
-
// SSL_MAX_CERT_LIST_DEFAULT is the default maximum length, in bytes, of a peer
// certificate chain.
#define SSL_MAX_CERT_LIST_DEFAULT (1024 * 100)
diff --git a/ssl/handshake_client.cc b/ssl/handshake_client.cc
index 4d57ae5..e2b1ffe 100644
--- a/ssl/handshake_client.cc
+++ b/ssl/handshake_client.cc
@@ -416,8 +416,6 @@
return ssl_hs_error;
}
- // Initialize a random session ID for the experimental TLS 1.3 variant
- // requiring a session id.
if (ssl->session != nullptr &&
!ssl->s3->initial_handshake_complete &&
ssl->session->session_id_length > 0) {
@@ -425,6 +423,7 @@
OPENSSL_memcpy(hs->session_id, ssl->session->session_id,
hs->session_id_len);
} else if (hs->max_version >= TLS1_3_VERSION) {
+ // Initialize a random session ID.
hs->session_id_len = sizeof(hs->session_id);
if (!RAND_bytes(hs->session_id, hs->session_id_len)) {
return ssl_hs_error;
diff --git a/ssl/internal.h b/ssl/internal.h
index 9846966..07e1b89 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -359,8 +359,7 @@
// Protocol versions.
//
-// Due to DTLS's historical wire version differences and to support multiple
-// variants of the same protocol during development, we maintain two notions of
+// Due to DTLS's historical wire version differences, we maintain two notions of
// version.
//
// The "version" or "wire version" is the actual 16-bit value that appears on
@@ -369,9 +368,8 @@
// versions are opaque values and may not be compared numerically.
//
// The "protocol version" identifies the high-level handshake variant being
-// used. DTLS versions map to the corresponding TLS versions. Draft TLS 1.3
-// variants all map to TLS 1.3. Protocol versions are sequential and may be
-// compared numerically.
+// used. DTLS versions map to the corresponding TLS versions. Protocol versions
+// are sequential and may be compared numerically.
// ssl_protocol_version_from_wire sets |*out| to the protocol version
// corresponding to wire version |version| and returns true. If |version| is not
@@ -408,10 +406,6 @@
// call this function before the version is determined.
uint16_t ssl_protocol_version(const SSL *ssl);
-// ssl_is_draft28 returns whether the version corresponds to a draft28 TLS 1.3
-// variant.
-bool ssl_is_draft28(uint16_t version);
-
// Cipher suites.
BSSL_NAMESPACE_END
@@ -785,8 +779,6 @@
// omit_length_in_ad_ is true if the length should be omitted in the
// AEAD's ad parameter.
bool omit_length_in_ad_ : 1;
- // omit_ad_ is true if the AEAD's ad parameter should be omitted.
- bool omit_ad_ : 1;
// ad_is_header_ is true if the AEAD's ad parameter is the record header.
bool ad_is_header_ : 1;
};
@@ -1613,8 +1605,7 @@
// record layer.
uint16_t early_data_written = 0;
- // session_id is the session ID in the ClientHello, used for the experimental
- // TLS 1.3 variant.
+ // session_id is the session ID in the ClientHello.
uint8_t session_id[SSL_MAX_SSL_SESSION_ID_LENGTH] = {0};
uint8_t session_id_len = 0;
@@ -2834,10 +2825,6 @@
// quic_method is the method table corresponding to the QUIC hooks.
const SSL_QUIC_METHOD *quic_method = nullptr;
- // tls13_variant is the variant of TLS 1.3 we are using for this
- // configuration.
- tls13_variant_t tls13_variant = tls13_rfc;
-
bssl::UniquePtr<bssl::SSLCipherPreferenceList> cipher_list;
X509_STORE *cert_store = nullptr;
@@ -3163,10 +3150,6 @@
// second.
unsigned initial_timeout_duration_ms = 1000;
- // tls13_variant is the variant of TLS 1.3 we are using for this
- // configuration.
- tls13_variant_t tls13_variant = tls13_rfc;
-
// session is the configured session to be offered by the client. This session
// is immutable.
bssl::UniquePtr<SSL_SESSION> session;
diff --git a/ssl/s3_both.cc b/ssl/s3_both.cc
index f835dc2..02bc3bb 100644
--- a/ssl/s3_both.cc
+++ b/ssl/s3_both.cc
@@ -188,14 +188,12 @@
// unnecessary encryption overhead, notably in TLS 1.3 where we send several
// encrypted messages in a row. For now, we do not do this for the null
// cipher. The benefit is smaller and there is a risk of breaking buggy
- // implementations. Additionally, we tie this to draft-28 as a sanity check,
- // on the off chance middleboxes have fixated on sizes.
+ // implementations.
//
// TODO(davidben): See if we can do this uniformly.
Span<const uint8_t> rest = msg;
if (ssl->ctx->quic_method == nullptr &&
- (ssl->s3->aead_write_ctx->is_null_cipher() ||
- ssl->version == TLS1_3_DRAFT23_VERSION)) {
+ ssl->s3->aead_write_ctx->is_null_cipher()) {
while (!rest.empty()) {
Span<const uint8_t> chunk = rest.subspan(0, ssl->max_send_fragment);
rest = rest.subspan(chunk.size());
diff --git a/ssl/ssl_aead_ctx.cc b/ssl/ssl_aead_ctx.cc
index f01b57d..0bad266 100644
--- a/ssl/ssl_aead_ctx.cc
+++ b/ssl/ssl_aead_ctx.cc
@@ -42,7 +42,6 @@
random_variable_nonce_(false),
xor_fixed_nonce_(false),
omit_length_in_ad_(false),
- omit_ad_(false),
ad_is_header_(false) {
OPENSSL_memset(fixed_nonce_, 0, sizeof(fixed_nonce_));
}
@@ -134,11 +133,7 @@
aead_ctx->xor_fixed_nonce_ = true;
aead_ctx->variable_nonce_len_ = 8;
aead_ctx->variable_nonce_included_in_record_ = false;
- if (ssl_is_draft28(version)) {
- aead_ctx->ad_is_header_ = true;
- } else {
- aead_ctx->omit_ad_ = true;
- }
+ aead_ctx->ad_is_header_ = true;
assert(fixed_iv.size() >= aead_ctx->variable_nonce_len_);
}
} else {
@@ -231,10 +226,6 @@
return header;
}
- if (omit_ad_) {
- return {};
- }
-
OPENSSL_memcpy(storage, seqnum, 8);
size_t len = 8;
storage[len++] = type;
diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index 313a0fa..bbc3758 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc
@@ -640,7 +640,6 @@
max_send_fragment(ctx_arg->max_send_fragment),
msg_callback(ctx_arg->msg_callback),
msg_callback_arg(ctx_arg->msg_callback_arg),
- tls13_variant(ctx_arg->tls13_variant),
ctx(UpRef(ctx_arg)),
session_ctx(UpRef(ctx_arg)),
options(ctx->options),
@@ -1261,14 +1260,6 @@
ctx->enable_early_data = !!enabled;
}
-void SSL_CTX_set_tls13_variant(SSL_CTX *ctx, enum tls13_variant_t variant) {
- ctx->tls13_variant = variant;
-}
-
-void SSL_set_tls13_variant(SSL *ssl, enum tls13_variant_t variant) {
- ssl->tls13_variant = variant;
-}
-
void SSL_set_early_data_enabled(SSL *ssl, int enabled) {
ssl->enable_early_data = !!enabled;
}
diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
index 1f09156..f3f7923 100644
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc
@@ -2628,11 +2628,6 @@
// SSL 3.0 is not available.
EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), SSL3_VERSION));
- // TLS1_3_DRAFT_VERSION is not an API-level version.
- EXPECT_FALSE(
- SSL_CTX_set_max_proto_version(ctx.get(), TLS1_3_DRAFT23_VERSION));
- ERR_clear_error();
-
ctx.reset(SSL_CTX_new(DTLS_method()));
ASSERT_TRUE(ctx);
diff --git a/ssl/ssl_versions.cc b/ssl/ssl_versions.cc
index 8616967..39540f1 100644
--- a/ssl/ssl_versions.cc
+++ b/ssl/ssl_versions.cc
@@ -34,11 +34,6 @@
*out = version;
return true;
- case TLS1_3_DRAFT23_VERSION:
- case TLS1_3_DRAFT28_VERSION:
- *out = TLS1_3_VERSION;
- return true;
-
case DTLS1_VERSION:
// DTLS 1.0 is analogous to TLS 1.1, not TLS 1.0.
*out = TLS1_1_VERSION;
@@ -58,8 +53,6 @@
static const uint16_t kTLSVersions[] = {
TLS1_3_VERSION,
- TLS1_3_DRAFT28_VERSION,
- TLS1_3_DRAFT23_VERSION,
TLS1_2_VERSION,
TLS1_1_VERSION,
TLS1_VERSION,
@@ -95,14 +88,10 @@
}
// The following functions map between API versions and wire versions. The
-// public API works on wire versions, except that TLS 1.3 draft versions all
-// appear as TLS 1.3. This will get collapsed back down when TLS 1.3 is
-// finalized.
+// public API works on wire versions.
static const char *ssl_version_to_string(uint16_t version) {
switch (version) {
- case TLS1_3_DRAFT23_VERSION:
- case TLS1_3_DRAFT28_VERSION:
case TLS1_3_VERSION:
return "TLSv1.3";
@@ -127,26 +116,11 @@
}
static uint16_t wire_version_to_api(uint16_t version) {
- switch (version) {
- // Report TLS 1.3 draft versions as TLS 1.3 in the public API.
- case TLS1_3_DRAFT23_VERSION:
- case TLS1_3_DRAFT28_VERSION:
- case TLS1_3_VERSION:
- return TLS1_3_VERSION;
- default:
- return version;
- }
+ return version;
}
-// api_version_to_wire maps |version| to some representative wire version. In
-// particular, it picks an arbitrary TLS 1.3 representative. This should only be
-// used in context where that does not matter.
+// api_version_to_wire maps |version| to some representative wire version.
static bool api_version_to_wire(uint16_t *out, uint16_t version) {
- if (version == TLS1_3_DRAFT23_VERSION ||
- version == TLS1_3_DRAFT28_VERSION) {
- return false;
- }
-
// Check it is a real protocol version.
uint16_t unused;
if (!ssl_protocol_version_from_wire(&unused, version)) {
@@ -299,21 +273,6 @@
return false;
}
- // If the TLS 1.3 variant is set to |tls13_default|, all variants are enabled,
- // otherwise only the matching version is enabled.
- if (protocol_version == TLS1_3_VERSION) {
- switch (ssl->tls13_variant) {
- case tls13_draft23:
- return version == TLS1_3_DRAFT23_VERSION;
- case tls13_draft28:
- return version == TLS1_3_DRAFT28_VERSION;
- case tls13_rfc:
- return version == TLS1_3_VERSION;
- case tls13_all:
- return true;
- }
- }
-
return true;
}
@@ -373,10 +332,6 @@
return false;
}
-bool ssl_is_draft28(uint16_t version) {
- return version == TLS1_3_DRAFT28_VERSION || version == TLS1_3_VERSION;
-}
-
BSSL_NAMESPACE_END
using namespace bssl;
diff --git a/ssl/test/fuzzer.h b/ssl/test/fuzzer.h
index 1ca970d..de058e5 100644
--- a/ssl/test/fuzzer.h
+++ b/ssl/test/fuzzer.h
@@ -489,16 +489,6 @@
SSL_set_verify(ssl.get(), SSL_VERIFY_PEER, nullptr);
break;
- case kTLS13Variant: {
- uint8_t variant;
- if (!CBS_get_u8(cbs, &variant)) {
- return nullptr;
- }
- SSL_set_tls13_variant(ssl.get(),
- static_cast<tls13_variant_t>(variant));
- break;
- }
-
case kHandoffTag: {
CBS handoff;
if (!CBS_get_u24_length_prefixed(cbs, &handoff)) {
diff --git a/ssl/test/fuzzer_tags.h b/ssl/test/fuzzer_tags.h
index c21aca3..eb9991d 100644
--- a/ssl/test/fuzzer_tags.h
+++ b/ssl/test/fuzzer_tags.h
@@ -39,13 +39,10 @@
// certificates.
static const uint16_t kRequestClientCert = 2;
-// kTLS13Variant is followed by a u8 denoting the TLS 1.3 variant to configure.
-static const uint16_t kTLS13Variant = 3;
-
// kHandoffTag is followed by the output of |SSL_serialize_handoff|.
-static const uint16_t kHandoffTag = 4;
+static const uint16_t kHandoffTag = 3;
// kHandbackTag is followed by te output of |SSL_serialize_handback|.
-static const uint16_t kHandbackTag = 5;
+static const uint16_t kHandbackTag = 4;
#endif // HEADER_SSL_TEST_FUZZER_TAGS
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index d99518c..86f5a2c 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -32,23 +32,8 @@
VersionDTLS12 = 0xfefd
)
-// A draft version of TLS 1.3 that is sent over the wire for the current draft.
-const (
- tls13Draft23Version = 0x7f17
- tls13Draft28Version = 0x7f1c
-)
-
-const (
- TLS13RFC = 0
- TLS13Draft23 = 1
- TLS13Draft28 = 2
- TLS13All = 3
-)
-
var allTLSWireVersions = []uint16{
VersionTLS13,
- tls13Draft28Version,
- tls13Draft23Version,
VersionTLS12,
VersionTLS11,
VersionTLS10,
@@ -447,9 +432,6 @@
// which is currently TLS 1.2.
MaxVersion uint16
- // TLS13Variant is the variant of TLS 1.3 to use.
- TLS13Variant int
-
// CurvePreferences contains the elliptic curves that will be used in
// an ECDHE handshake, in preference order. If empty, the default will
// be used.
@@ -1531,10 +1513,6 @@
// specified number of plaintext bytes per record.
ExpectPackedEncryptedHandshake int
- // ForbidHandshakePacking, if true, requires the peer place a record
- // boundary after every handshake message.
- ForbidHandshakePacking bool
-
// SendTicketLifetime, if non-zero, is the ticket lifetime to send in
// NewSessionTicket messages.
SendTicketLifetime time.Duration
@@ -1770,18 +1748,12 @@
switch vers {
case VersionSSL30, VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13:
return vers, true
- case tls13Draft23Version, tls13Draft28Version:
- return VersionTLS13, true
}
}
return 0, false
}
-func isDraft28(vers uint16) bool {
- return vers == tls13Draft28Version || vers == VersionTLS13
-}
-
// isSupportedVersion checks if the specified wire version is acceptable. If so,
// it returns true and the corresponding protocol version. Otherwise, it returns
// false.
@@ -1790,26 +1762,6 @@
if !ok || c.minVersion(isDTLS) > vers || vers > c.maxVersion(isDTLS) {
return 0, false
}
- if vers == VersionTLS13 {
- switch c.TLS13Variant {
- case TLS13Draft23:
- if wireVers != tls13Draft23Version {
- return 0, false
- }
- case TLS13Draft28:
- if wireVers != tls13Draft28Version {
- return 0, false
- }
- case TLS13RFC:
- if wireVers != VersionTLS13 {
- return 0, false
- }
- case TLS13All:
- // Allow all of them.
- default:
- panic(c.TLS13Variant)
- }
- }
return vers, true
}
diff --git a/ssl/test/runner/conn.go b/ssl/test/runner/conn.go
index 816ffca..8a3ed5d 100644
--- a/ssl/test/runner/conn.go
+++ b/ssl/test/runner/conn.go
@@ -454,7 +454,7 @@
n := len(payload) - c.Overhead()
additionalData[11] = byte(n >> 8)
additionalData[12] = byte(n)
- } else if isDraft28(hc.wireVersion) {
+ } else {
additionalData = b.data[:recordHeaderLen]
}
var err error
@@ -620,7 +620,7 @@
copy(additionalData[8:], b.data[:3])
additionalData[11] = byte(payloadLen >> 8)
additionalData[12] = byte(payloadLen)
- } else if isDraft28(hc.wireVersion) {
+ } else {
additionalData = make([]byte, 5)
copy(additionalData, b.data[:3])
n := len(b.data) - recordHeaderLen
@@ -1322,9 +1322,6 @@
return nil, err
}
}
- if c.hand.Len() > 4+n && c.config.Bugs.ForbidHandshakePacking {
- return nil, errors.New("tls: forbidden trailing data after a handshake message")
- }
return c.hand.Next(4 + n), nil
}
diff --git a/ssl/test/runner/handshake_client.go b/ssl/test/runner/handshake_client.go
index 5234462..8003514 100644
--- a/ssl/test/runner/handshake_client.go
+++ b/ssl/test/runner/handshake_client.go
@@ -424,10 +424,9 @@
if len(hello.pskIdentities) > 0 {
version := session.wireVersion
// We may have a pre-1.3 session if SendBothTickets is
- // set. Fill in an arbitrary TLS 1.3 version to compute
- // the binder.
+ // set.
if session.vers < VersionTLS13 {
- version = tls13Draft23Version
+ version = VersionTLS13
}
generatePSKBinders(version, hello, pskCipherSuite, session.masterSecret, []byte{}, []byte{}, c.config)
}
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index d64e95f..e0f75c3 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -489,10 +489,6 @@
// resumeShimPrefix is the prefix that the shim will send to the server on a
// resumption.
resumeShimPrefix string
- // tls13Variant, if non-zero, causes both runner and shim to be
- // configured with the specified TLS 1.3 variant. This is a convenience
- // option for configuring both concurrently.
- tls13Variant int
// expectedQUICTransportParams contains the QUIC transport
// parameters that are expected to be sent by the peer.
expectedQUICTransportParams []byte
@@ -572,9 +568,6 @@
if *deterministic {
config.Time = func() time.Time { return time.Unix(1234, 1234) }
}
- if test.tls13Variant != 0 {
- config.TLS13Variant = test.tls13Variant
- }
conn = &timeoutConn{conn, *idleTimeout}
@@ -1072,20 +1065,6 @@
if test.config.MaxVersion == 0 && test.config.MinVersion == 0 && test.expectedVersion == 0 {
panic(fmt.Sprintf("The name of test %q suggests that it's version specific, but min/max version in the Config is %x/%x. One of them should probably be %x", test.name, test.config.MinVersion, test.config.MaxVersion, ver.version))
}
-
- if ver.tls13Variant != 0 {
- var foundFlag bool
- for _, flag := range test.flags {
- if flag == "-tls13-variant" {
- foundFlag = true
- break
- }
- }
- if !foundFlag && test.config.TLS13Variant != ver.tls13Variant && test.tls13Variant != ver.tls13Variant {
- panic(fmt.Sprintf("The name of test %q suggests that uses an experimental TLS 1.3 variant, but neither the shim nor the runner configures it", test.name))
- }
- }
-
}
listener, err := net.ListenTCP("tcp", &net.TCPAddr{IP: net.IPv6loopback})
@@ -1174,10 +1153,6 @@
flags = append(flags, "-tls-unique")
}
- if test.tls13Variant != 0 {
- flags = append(flags, "-tls13-variant", strconv.Itoa(test.tls13Variant))
- }
-
flags = append(flags, "-handshaker-path", *handshakerPath)
var transcriptPrefix string
@@ -1385,8 +1360,7 @@
// versionWire, if non-zero, is the wire representation of the
// version. Otherwise the wire version is the protocol version or
// versionDTLS.
- versionWire uint16
- tls13Variant int
+ versionWire uint16
}
func (vers tlsVersion) shimFlag(protocol protocol) string {
@@ -1429,25 +1403,10 @@
versionDTLS: VersionDTLS12,
},
{
- name: "TLS13",
- version: VersionTLS13,
- excludeFlag: "-no-tls13",
- versionWire: VersionTLS13,
- tls13Variant: TLS13RFC,
- },
- {
- name: "TLS13Draft23",
- version: VersionTLS13,
- excludeFlag: "-no-tls13",
- versionWire: tls13Draft23Version,
- tls13Variant: TLS13Draft23,
- },
- {
- name: "TLS13Draft28",
- version: VersionTLS13,
- excludeFlag: "-no-tls13",
- versionWire: tls13Draft28Version,
- tls13Variant: TLS13Draft28,
+ name: "TLS13",
+ version: VersionTLS13,
+ excludeFlag: "-no-tls13",
+ versionWire: VersionTLS13,
},
}
@@ -1465,23 +1424,6 @@
return ret
}
-func allShimVersions(protocol protocol) []tlsVersion {
- if protocol == dtls {
- return allVersions(protocol)
- }
- tls13Default := tlsVersion{
- name: "TLS13All",
- version: VersionTLS13,
- excludeFlag: "-no-tls13",
- versionWire: 0,
- tls13Variant: TLS13All,
- }
-
- var shimVersions []tlsVersion
- shimVersions = append(shimVersions, allVersions(protocol)...)
- return append(shimVersions, tls13Default)
-}
-
type testCipherSuite struct {
name string
id uint16
@@ -2985,20 +2927,19 @@
},
{
testType: clientTest,
- name: "TLS13Draft23-InvalidCompressionMethod",
+ name: "TLS13-InvalidCompressionMethod",
config: Config{
MaxVersion: VersionTLS13,
Bugs: ProtocolBugs{
SendCompressionMethod: 1,
},
},
- tls13Variant: TLS13Draft23,
shouldFail: true,
expectedError: ":DECODE_ERROR:",
},
{
testType: clientTest,
- name: "TLS13Draft23-HRR-InvalidCompressionMethod",
+ name: "TLS13-HRR-InvalidCompressionMethod",
config: Config{
MaxVersion: VersionTLS13,
CurvePreferences: []CurveID{CurveP384},
@@ -3006,7 +2947,6 @@
SendCompressionMethod: 1,
},
},
- tls13Variant: TLS13Draft23,
shouldFail: true,
expectedError: ":DECODE_ERROR:",
expectedLocalError: "remote error: error decoding message",
@@ -3095,8 +3035,7 @@
ExpectPackedEncryptedHandshake: 512,
},
},
- tls13Variant: TLS13Draft28,
- messageLen: 1024,
+ messageLen: 1024,
flags: []string{
"-max-send-fragment", "512",
"-read-size", "1024",
@@ -3124,30 +3063,15 @@
expectedLocalError: "local error: record overflow",
},
{
- // Test that handshake data is not packed in TLS 1.3
- // draft-23.
+ // Test that handshake data is tightly packed in TLS 1.3.
testType: serverTest,
- name: "ForbidHandshakePacking-TLS13Draft23",
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- ForbidHandshakePacking: true,
- },
- },
- tls13Variant: TLS13Draft23,
- },
- {
- // Test that handshake data is tightly packed in TLS 1.3
- // draft-28.
- testType: serverTest,
- name: "PackedEncryptedHandshake-TLS13Draft28",
+ name: "PackedEncryptedHandshake-TLS13",
config: Config{
MaxVersion: VersionTLS13,
Bugs: ProtocolBugs{
ExpectPackedEncryptedHandshake: 16384,
},
},
- tls13Variant: TLS13Draft28,
},
{
// Test that DTLS can handle multiple application data
@@ -3306,7 +3230,6 @@
AdvertiseAllConfiguredCiphers: true,
},
},
- tls13Variant: ver.tls13Variant,
certFile: certFile,
keyFile: keyFile,
flags: flags,
@@ -3332,7 +3255,6 @@
SendCipherSuite: sendCipherSuite,
},
},
- tls13Variant: ver.tls13Variant,
flags: flags,
resumeSession: true,
shouldFail: shouldFail,
@@ -3356,9 +3278,8 @@
PreSharedKey: []byte(psk),
PreSharedKeyIdentity: pskIdentity,
},
- tls13Variant: ver.tls13Variant,
- flags: flags,
- messageLen: maxPlaintext,
+ flags: flags,
+ messageLen: maxPlaintext,
})
// Test bad records for all ciphers. Bad records are fatal in TLS
@@ -3380,7 +3301,6 @@
PreSharedKey: []byte(psk),
PreSharedKeyIdentity: pskIdentity,
},
- tls13Variant: ver.tls13Variant,
flags: flags,
damageFirstWrite: true,
messageLen: maxPlaintext,
@@ -3854,7 +3774,6 @@
ClientAuth: RequireAnyClientCert,
ClientCAs: certPool,
},
- tls13Variant: ver.tls13Variant,
flags: []string{
"-cert-file", path.Join(*resourceDir, rsaCertificateFile),
"-key-file", path.Join(*resourceDir, rsaKeyFile),
@@ -3868,8 +3787,7 @@
MaxVersion: ver.version,
Certificates: []Certificate{rsaCertificate},
},
- tls13Variant: ver.tls13Variant,
- flags: []string{"-require-any-client-certificate"},
+ flags: []string{"-require-any-client-certificate"},
})
testCases = append(testCases, testCase{
testType: serverTest,
@@ -3879,8 +3797,7 @@
MaxVersion: ver.version,
Certificates: []Certificate{ecdsaP256Certificate},
},
- tls13Variant: ver.tls13Variant,
- flags: []string{"-require-any-client-certificate"},
+ flags: []string{"-require-any-client-certificate"},
})
testCases = append(testCases, testCase{
testType: clientTest,
@@ -3891,7 +3808,6 @@
ClientAuth: RequireAnyClientCert,
ClientCAs: certPool,
},
- tls13Variant: ver.tls13Variant,
flags: []string{
"-cert-file", path.Join(*resourceDir, ecdsaP256CertificateFile),
"-key-file", path.Join(*resourceDir, ecdsaP256KeyFile),
@@ -3905,7 +3821,6 @@
MaxVersion: ver.version,
ClientAuth: RequireAnyClientCert,
},
- tls13Variant: ver.tls13Variant,
shouldFail: true,
expectedLocalError: "client didn't provide a certificate",
})
@@ -3919,7 +3834,6 @@
MinVersion: ver.version,
MaxVersion: ver.version,
},
- tls13Variant: ver.tls13Variant,
flags: []string{
"-expect-verify-result",
},
@@ -3935,7 +3849,6 @@
MinVersion: ver.version,
MaxVersion: ver.version,
},
- tls13Variant: ver.tls13Variant,
flags: []string{
"-expect-verify-result",
"-verify-peer",
@@ -3957,7 +3870,6 @@
MaxVersion: ver.version,
},
flags: []string{"-require-any-client-certificate"},
- tls13Variant: ver.tls13Variant,
shouldFail: true,
expectedError: ":PEER_DID_NOT_RETURN_A_CERTIFICATE:",
expectedLocalError: certificateRequired,
@@ -3975,7 +3887,6 @@
},
// Setting SSL_VERIFY_PEER allows anonymous clients.
flags: []string{"-verify-peer"},
- tls13Variant: ver.tls13Variant,
shouldFail: true,
expectedError: ":UNEXPECTED_MESSAGE:",
})
@@ -3991,7 +3902,6 @@
"-enable-channel-id",
"-verify-peer-if-no-obc",
},
- tls13Variant: ver.tls13Variant,
shouldFail: true,
expectedError: ":PEER_DID_NOT_RETURN_A_CERTIFICATE:",
expectedLocalError: certificateRequired,
@@ -4006,7 +3916,6 @@
ChannelID: channelIDKey,
},
expectChannelID: true,
- tls13Variant: ver.tls13Variant,
flags: []string{
"-enable-channel-id",
"-verify-peer-if-no-obc",
@@ -4024,7 +3933,6 @@
ExpectCertificateReqNames: caNames,
},
},
- tls13Variant: ver.tls13Variant,
flags: []string{
"-require-any-client-certificate",
"-use-client-ca-list", encodeDERValues(caNames),
@@ -4041,7 +3949,6 @@
ClientAuth: RequireAnyClientCert,
ClientCAs: certPool,
},
- tls13Variant: ver.tls13Variant,
flags: []string{
"-cert-file", path.Join(*resourceDir, rsaCertificateFile),
"-key-file", path.Join(*resourceDir, rsaKeyFile),
@@ -4107,7 +4014,7 @@
// Test that an empty client CA list doesn't send a CA extension.
testCases = append(testCases, testCase{
testType: serverTest,
- name: "TLS13Draft23-Empty-Client-CA-List",
+ name: "TLS13-Empty-Client-CA-List",
config: Config{
MaxVersion: VersionTLS13,
Certificates: []Certificate{rsaCertificate},
@@ -4115,7 +4022,6 @@
ExpectNoCertificateAuthoritiesExtension: true,
},
},
- tls13Variant: TLS13Draft23,
flags: []string{
"-require-any-client-certificate",
"-use-client-ca-list", "<EMPTY>",
@@ -4160,8 +4066,7 @@
RequireExtendedMasterSecret: with,
},
},
- tls13Variant: ver.tls13Variant,
- flags: flags,
+ flags: flags,
})
}
}
@@ -4468,37 +4373,6 @@
})
tests = append(tests, testCase{
- name: "TLS13Draft23-HelloRetryRequest-Client",
- config: Config{
- MaxVersion: VersionTLS13,
- MinVersion: VersionTLS13,
- // P-384 requires a HelloRetryRequest against BoringSSL's default
- // configuration. Assert this with ExpectMissingKeyShare.
- CurvePreferences: []CurveID{CurveP384},
- Bugs: ProtocolBugs{
- ExpectMissingKeyShare: true,
- },
- },
- tls13Variant: TLS13Draft23,
- // Cover HelloRetryRequest during an ECDHE-PSK resumption.
- resumeSession: true,
- })
-
- tests = append(tests, testCase{
- testType: serverTest,
- name: "TLS13Draft23-HelloRetryRequest-Server",
- config: Config{
- MaxVersion: VersionTLS13,
- MinVersion: VersionTLS13,
- // Require a HelloRetryRequest for every curve.
- DefaultCurves: []CurveID{},
- },
- tls13Variant: TLS13Draft23,
- // Cover HelloRetryRequest during an ECDHE-PSK resumption.
- resumeSession: true,
- })
-
- tests = append(tests, testCase{
testType: clientTest,
name: "TLS13-EarlyData-TooMuchData-Client",
config: Config{
@@ -4855,7 +4729,6 @@
config: Config{
MaxVersion: vers.version,
},
- tls13Variant: vers.tls13Variant,
flags: []string{
"-enable-ocsp-stapling",
"-expect-ocsp-response",
@@ -4870,7 +4743,6 @@
config: Config{
MaxVersion: vers.version,
},
- tls13Variant: vers.tls13Variant,
expectedOCSPResponse: testOCSPResponse,
flags: []string{
"-ocsp-response",
@@ -4888,7 +4760,6 @@
MaxVersion: vers.version,
Certificates: []Certificate{rsaCertificate},
},
- tls13Variant: vers.tls13Variant,
flags: []string{
"-enable-ocsp-stapling",
"-use-ocsp-callback",
@@ -4907,7 +4778,6 @@
MaxVersion: vers.version,
Certificates: []Certificate{rsaCertificate},
},
- tls13Variant: vers.tls13Variant,
flags: []string{
"-enable-ocsp-stapling",
"-use-ocsp-callback",
@@ -4928,7 +4798,6 @@
MaxVersion: vers.version,
Certificates: []Certificate{certNoStaple},
},
- tls13Variant: vers.tls13Variant,
flags: []string{
"-enable-ocsp-stapling",
"-use-ocsp-callback",
@@ -4947,7 +4816,6 @@
config: Config{
MaxVersion: vers.version,
},
- tls13Variant: vers.tls13Variant,
expectedOCSPResponse: testOCSPResponse,
flags: []string{
"-use-ocsp-callback",
@@ -4967,7 +4835,6 @@
config: Config{
MaxVersion: vers.version,
},
- tls13Variant: vers.tls13Variant,
expectedOCSPResponse: []byte{},
flags: []string{
"-use-ocsp-callback",
@@ -4985,7 +4852,6 @@
config: Config{
MaxVersion: vers.version,
},
- tls13Variant: vers.tls13Variant,
flags: []string{
"-use-ocsp-callback",
"-fail-ocsp-callback",
@@ -5028,7 +4894,6 @@
MaxVersion: vers.version,
Certificates: []Certificate{rsaCertificate},
},
- tls13Variant: vers.tls13Variant,
flags: append([]string{"-expect-verify-result"}, flags...),
resumeSession: true,
})
@@ -5039,7 +4904,6 @@
MaxVersion: vers.version,
Certificates: []Certificate{rsaCertificate},
},
- tls13Variant: vers.tls13Variant,
flags: append([]string{"-verify-fail"}, flags...),
shouldFail: true,
expectedError: ":CERTIFICATE_VERIFY_FAILED:",
@@ -5052,7 +4916,6 @@
MaxVersion: vers.version,
Certificates: []Certificate{rsaCertificate},
},
- tls13Variant: vers.tls13Variant,
flags: append([]string{"-on-resume-verify-fail"}, flags...),
resumeSession: true,
})
@@ -5064,7 +4927,6 @@
MaxVersion: vers.version,
Certificates: []Certificate{rsaCertificate},
},
- tls13Variant: vers.tls13Variant,
flags: append([]string{
"-on-resume-verify-fail",
"-reverify-on-resume",
@@ -5080,7 +4942,6 @@
MaxVersion: vers.version,
Certificates: []Certificate{rsaCertificate},
},
- tls13Variant: vers.tls13Variant,
flags: append([]string{
"-reverify-on-resume",
}, flags...),
@@ -5099,7 +4960,6 @@
MaxEarlyDataSize: 16384,
SessionTicketsDisabled: true,
},
- tls13Variant: vers.tls13Variant,
resumeSession: true,
expectResumeRejected: true,
flags: append([]string{
@@ -5126,7 +4986,6 @@
AlwaysRejectEarlyData: true,
},
},
- tls13Variant: vers.tls13Variant,
resumeSession: true,
expectResumeRejected: false,
flags: append([]string{
@@ -5149,7 +5008,6 @@
MaxEarlyDataSize: 16384,
SessionTicketsDisabled: true,
},
- tls13Variant: vers.tls13Variant,
resumeSession: true,
expectResumeRejected: true,
shouldFail: true,
@@ -5179,7 +5037,6 @@
AlwaysRejectEarlyData: true,
},
},
- tls13Variant: vers.tls13Variant,
resumeSession: true,
expectResumeRejected: false,
shouldFail: true,
@@ -5208,7 +5065,6 @@
ExpectEarlyData: [][]byte{[]byte("hello")},
},
},
- tls13Variant: vers.tls13Variant,
resumeSession: true,
expectResumeRejected: false,
flags: append([]string{
@@ -5232,7 +5088,6 @@
ExpectEarlyData: [][]byte{[]byte("hello")},
},
},
- tls13Variant: vers.tls13Variant,
resumeSession: true,
shouldFail: true,
expectedError: ":CERTIFICATE_VERIFY_FAILED:",
@@ -5258,7 +5113,6 @@
MaxVersion: vers.version,
Certificates: []Certificate{rsaCertificate},
},
- tls13Variant: vers.tls13Variant,
flags: []string{
"-verify-fail",
"-expect-verify-result",
@@ -5430,7 +5284,6 @@
MaxVersion: ver.version,
RequestChannelID: true,
},
- tls13Variant: ver.tls13Variant,
flags: []string{"-send-channel-id", path.Join(*resourceDir, channelIDKeyFile)},
resumeSession: true,
expectChannelID: true,
@@ -5444,7 +5297,6 @@
MaxVersion: ver.version,
ChannelID: channelIDKey,
},
- tls13Variant: ver.tls13Variant,
flags: []string{
"-expect-channel-id",
base64.StdEncoding.EncodeToString(channelIDBytes),
@@ -5463,7 +5315,6 @@
InvalidChannelIDSignature: true,
},
},
- tls13Variant: ver.tls13Variant,
flags: []string{"-enable-channel-id"},
shouldFail: true,
expectedError: ":CHANNEL_ID_SIGNATURE_INVALID:",
@@ -5785,7 +5636,7 @@
func addVersionNegotiationTests() {
for _, protocol := range []protocol{tls, dtls} {
- for _, shimVers := range allShimVersions(protocol) {
+ for _, shimVers := range allVersions(protocol) {
// Assemble flags to disable all newer versions on the shim.
var flags []string
for _, vers := range allVersions(protocol) {
@@ -5796,11 +5647,6 @@
flags2 := []string{"-max-version", shimVers.shimFlag(protocol)}
- if shimVers.tls13Variant != 0 {
- flags = append(flags, "-tls13-variant", strconv.Itoa(shimVers.tls13Variant))
- flags2 = append(flags2, "-tls13-variant", strconv.Itoa(shimVers.tls13Variant))
- }
-
// Test configuring the runner's maximum version.
for _, runnerVers := range allVersions(protocol) {
expectedVersion := shimVers.version
@@ -5808,12 +5654,6 @@
expectedVersion = runnerVers.version
}
- if expectedVersion == VersionTLS13 && runnerVers.tls13Variant != shimVers.tls13Variant {
- if shimVers.tls13Variant != TLS13All {
- expectedVersion = VersionTLS12
- }
- }
-
suffix := shimVers.name + "-" + runnerVers.name
if protocol == dtls {
suffix += "-DTLS"
@@ -5836,8 +5676,7 @@
testType: clientTest,
name: "VersionNegotiation-Client-" + suffix,
config: Config{
- MaxVersion: runnerVers.version,
- TLS13Variant: runnerVers.tls13Variant,
+ MaxVersion: runnerVers.version,
Bugs: ProtocolBugs{
ExpectInitialRecordVersion: clientVers,
},
@@ -5850,8 +5689,7 @@
testType: clientTest,
name: "VersionNegotiation-Client2-" + suffix,
config: Config{
- MaxVersion: runnerVers.version,
- TLS13Variant: runnerVers.tls13Variant,
+ MaxVersion: runnerVers.version,
Bugs: ProtocolBugs{
ExpectInitialRecordVersion: clientVers,
},
@@ -5865,8 +5703,7 @@
testType: serverTest,
name: "VersionNegotiation-Server-" + suffix,
config: Config{
- MaxVersion: runnerVers.version,
- TLS13Variant: runnerVers.tls13Variant,
+ MaxVersion: runnerVers.version,
Bugs: ProtocolBugs{
ExpectInitialRecordVersion: serverVers,
},
@@ -5879,8 +5716,7 @@
testType: serverTest,
name: "VersionNegotiation-Server2-" + suffix,
config: Config{
- MaxVersion: runnerVers.version,
- TLS13Variant: runnerVers.tls13Variant,
+ MaxVersion: runnerVers.version,
Bugs: ProtocolBugs{
ExpectInitialRecordVersion: serverVers,
},
@@ -5909,14 +5745,12 @@
testType: serverTest,
name: "VersionNegotiationExtension-" + suffix,
config: Config{
- TLS13Variant: vers.tls13Variant,
Bugs: ProtocolBugs{
SendSupportedVersions: []uint16{0x1111, vers.wire(protocol), 0x2222},
IgnoreTLS13DowngradeRandom: true,
},
},
expectedVersion: vers.version,
- flags: []string{"-tls13-variant", strconv.Itoa(vers.tls13Variant)},
})
}
}
@@ -6140,7 +5974,6 @@
NegotiateVersion: test.version,
},
},
- tls13Variant: TLS13RFC,
expectedVersion: test.version,
shouldFail: true,
expectedError: ":TLS13_DOWNGRADE:",
@@ -6156,7 +5989,6 @@
NegotiateVersion: test.version,
},
},
- tls13Variant: TLS13RFC,
expectedVersion: test.version,
flags: []string{
"-ignore-tls13-downgrade",
@@ -6173,37 +6005,12 @@
SendSupportedVersions: []uint16{test.version},
},
},
- tls13Variant: TLS13RFC,
expectedVersion: test.version,
shouldFail: true,
expectedLocalError: test.clientShimError,
})
}
- // Test that the draft TLS 1.3 variants don't trigger the downgrade logic.
- testCases = append(testCases, testCase{
- name: "Downgrade-Draft-Client",
- config: Config{
- Bugs: ProtocolBugs{
- NegotiateVersion: VersionTLS12,
- SendTLS13DowngradeRandom: true,
- },
- },
- tls13Variant: TLS13Draft28,
- expectedVersion: VersionTLS12,
- })
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "Downgrade-Draft-Server",
- config: Config{
- Bugs: ProtocolBugs{
- CheckTLS13DowngradeRandom: true,
- },
- },
- tls13Variant: TLS13Draft28,
- expectedVersion: VersionTLS13,
- })
-
// Test that False Start is disabled when the downgrade logic triggers.
testCases = append(testCases, testCase{
name: "Downgrade-FalseStart",
@@ -6215,7 +6022,6 @@
AlertBeforeFalseStartTest: alertAccessDenied,
},
},
- tls13Variant: TLS13RFC,
expectedVersion: VersionTLS12,
flags: []string{
"-false-start",
@@ -6228,29 +6034,6 @@
expectedLocalError: "tls: peer did not false start: EOF",
})
- // Test that draft TLS 1.3 versions do not trigger disabling False Start.
- testCases = append(testCases, testCase{
- name: "Downgrade-FalseStart-Draft",
- config: Config{
- MaxVersion: VersionTLS13,
- TLS13Variant: TLS13RFC,
- NextProtos: []string{"foo"},
- Bugs: ProtocolBugs{
- ExpectFalseStart: true,
- },
- },
- expectedVersion: VersionTLS12,
- flags: []string{
- "-false-start",
- "-advertise-alpn", "\x03foo",
- "-expect-alpn", "foo",
- "-ignore-tls13-downgrade",
- "-tls13-variant", strconv.Itoa(TLS13Draft28),
- "-max-version", strconv.Itoa(VersionTLS13),
- },
- shimWritesFirst: true,
- })
-
// SSL 3.0 support has been removed. Test that the shim does not
// support it.
testCases = append(testCases, testCase{
@@ -6305,22 +6088,7 @@
flags2 := []string{"-min-version", shimVers.shimFlag(protocol)}
- if shimVers.tls13Variant != 0 {
- flags = append(flags, "-tls13-variant", strconv.Itoa(shimVers.tls13Variant))
- flags2 = append(flags2, "-tls13-variant", strconv.Itoa(shimVers.tls13Variant))
- }
-
for _, runnerVers := range allVersions(protocol) {
- // Different TLS 1.3 variants are incompatible with each other and don't
- // produce consistent minimum versions.
- //
- // TODO(davidben): Fold these tests (the main value is in the
- // NegotiateVersion bug) into addVersionNegotiationTests and test based
- // on intended shim behavior, not the shim + runner combination.
- if shimVers.tls13Variant != runnerVers.tls13Variant {
- continue
- }
-
suffix := shimVers.name + "-" + runnerVers.name
if protocol == dtls {
suffix += "-DTLS"
@@ -6342,8 +6110,7 @@
testType: clientTest,
name: "MinimumVersion-Client-" + suffix,
config: Config{
- MaxVersion: runnerVers.version,
- TLS13Variant: runnerVers.tls13Variant,
+ MaxVersion: runnerVers.version,
Bugs: ProtocolBugs{
// Ensure the server does not decline to
// select a version (versions extension) or
@@ -6363,8 +6130,7 @@
testType: clientTest,
name: "MinimumVersion-Client2-" + suffix,
config: Config{
- MaxVersion: runnerVers.version,
- TLS13Variant: runnerVers.tls13Variant,
+ MaxVersion: runnerVers.version,
Bugs: ProtocolBugs{
// Ensure the server does not decline to
// select a version (versions extension) or
@@ -6385,8 +6151,7 @@
testType: serverTest,
name: "MinimumVersion-Server-" + suffix,
config: Config{
- MaxVersion: runnerVers.version,
- TLS13Variant: runnerVers.tls13Variant,
+ MaxVersion: runnerVers.version,
},
flags: flags,
expectedVersion: expectedVersion,
@@ -6399,8 +6164,7 @@
testType: serverTest,
name: "MinimumVersion-Server2-" + suffix,
config: Config{
- MaxVersion: runnerVers.version,
- TLS13Variant: runnerVers.tls13Variant,
+ MaxVersion: runnerVers.version,
},
flags: flags2,
expectedVersion: expectedVersion,
@@ -6430,7 +6194,6 @@
DuplicateExtension: true,
},
},
- tls13Variant: ver.tls13Variant,
shouldFail: true,
expectedLocalError: "remote error: error decoding message",
})
@@ -6443,7 +6206,6 @@
DuplicateExtension: true,
},
},
- tls13Variant: ver.tls13Variant,
shouldFail: true,
expectedLocalError: "remote error: error decoding message",
})
@@ -6458,8 +6220,7 @@
ExpectServerName: "example.com",
},
},
- tls13Variant: ver.tls13Variant,
- flags: []string{"-host-name", "example.com"},
+ flags: []string{"-host-name", "example.com"},
})
testCases = append(testCases, testCase{
testType: clientTest,
@@ -6471,7 +6232,6 @@
},
},
flags: []string{"-host-name", "example.com"},
- tls13Variant: ver.tls13Variant,
shouldFail: true,
expectedLocalError: "tls: unexpected server name",
})
@@ -6484,7 +6244,6 @@
ExpectServerName: "missing.com",
},
},
- tls13Variant: ver.tls13Variant,
shouldFail: true,
expectedLocalError: "tls: unexpected server name",
})
@@ -6497,7 +6256,6 @@
SendServerNameAck: true,
},
},
- tls13Variant: ver.tls13Variant,
flags: []string{"-host-name", "example.com"},
resumeSession: true,
})
@@ -6510,7 +6268,6 @@
SendServerNameAck: true,
},
},
- tls13Variant: ver.tls13Variant,
shouldFail: true,
expectedError: ":UNEXPECTED_EXTENSION:",
expectedLocalError: "remote error: unsupported extension",
@@ -6522,7 +6279,6 @@
MaxVersion: ver.version,
ServerName: "example.com",
},
- tls13Variant: ver.tls13Variant,
flags: []string{"-expect-server-name", "example.com"},
resumeSession: true,
})
@@ -6539,7 +6295,6 @@
"-advertise-alpn", "\x03foo\x03bar\x03baz",
"-expect-alpn", "foo",
},
- tls13Variant: ver.tls13Variant,
expectedNextProto: "foo",
expectedNextProtoType: alpn,
resumeSession: true,
@@ -6556,7 +6311,6 @@
flags: []string{
"-advertise-alpn", "\x03foo\x03bar",
},
- tls13Variant: ver.tls13Variant,
shouldFail: true,
expectedError: ":INVALID_ALPN_PROTOCOL:",
expectedLocalError: "remote error: illegal parameter",
@@ -6575,7 +6329,6 @@
"-allow-unknown-alpn-protos",
"-expect-alpn", "baz",
},
- tls13Variant: ver.tls13Variant,
})
testCases = append(testCases, testCase{
testType: serverTest,
@@ -6588,7 +6341,6 @@
"-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
"-select-alpn", "foo",
},
- tls13Variant: ver.tls13Variant,
expectedNextProto: "foo",
expectedNextProtoType: alpn,
resumeSession: true,
@@ -6601,7 +6353,6 @@
NextProtos: []string{"foo", "bar", "baz"},
},
flags: []string{"-decline-alpn"},
- tls13Variant: ver.tls13Variant,
expectNoNextProto: true,
resumeSession: true,
})
@@ -6618,7 +6369,6 @@
"-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
"-select-empty-alpn",
},
- tls13Variant: ver.tls13Variant,
shouldFail: true,
expectedLocalError: "remote error: internal error",
expectedError: ":INVALID_ALPN_PROTOCOL:",
@@ -6640,7 +6390,6 @@
"-select-alpn", "foo",
"-async",
},
- tls13Variant: ver.tls13Variant,
expectedNextProto: "foo",
expectedNextProtoType: alpn,
resumeSession: true,
@@ -6662,7 +6411,6 @@
flags: []string{
"-advertise-alpn", "\x03foo",
},
- tls13Variant: ver.tls13Variant,
shouldFail: true,
expectedError: ":PARSE_TLSEXT:",
})
@@ -6678,7 +6426,6 @@
flags: []string{
"-select-alpn", "foo",
},
- tls13Variant: ver.tls13Variant,
shouldFail: true,
expectedError: ":PARSE_TLSEXT:",
})
@@ -6698,7 +6445,6 @@
"-select-alpn", "foo",
"-advertise-npn", "\x03foo\x03bar\x03baz",
},
- tls13Variant: ver.tls13Variant,
expectedNextProto: "foo",
expectedNextProtoType: alpn,
resumeSession: true,
@@ -6718,7 +6464,6 @@
"-select-alpn", "foo",
"-advertise-npn", "\x03foo\x03bar\x03baz",
},
- tls13Variant: ver.tls13Variant,
expectedNextProto: "foo",
expectedNextProtoType: alpn,
resumeSession: true,
@@ -6738,7 +6483,6 @@
"-advertise-alpn", "\x03foo",
"-select-next-proto", "foo",
},
- tls13Variant: ver.tls13Variant,
shouldFail: true,
expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:",
})
@@ -6756,7 +6500,6 @@
"-advertise-alpn", "\x03foo",
"-select-next-proto", "foo",
},
- tls13Variant: ver.tls13Variant,
shouldFail: true,
expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:",
})
@@ -6778,7 +6521,6 @@
},
expectTokenBinding: true,
expectedTokenBindingParam: 2,
- tls13Variant: ver.tls13Variant,
flags: []string{
"-token-binding-params",
base64.StdEncoding.EncodeToString([]byte{2, 1, 0}),
@@ -6796,7 +6538,6 @@
TokenBindingParams: []byte{3},
TokenBindingVersion: maxTokenBindingVersion,
},
- tls13Variant: ver.tls13Variant,
flags: []string{
"-token-binding-params",
base64.StdEncoding.EncodeToString([]byte{2, 1, 0}),
@@ -6812,7 +6553,6 @@
TokenBindingParams: []byte{0, 1, 2},
TokenBindingVersion: minTokenBindingVersion - 1,
},
- tls13Variant: ver.tls13Variant,
flags: []string{
"-token-binding-params",
base64.StdEncoding.EncodeToString([]byte{2, 1, 0}),
@@ -6830,7 +6570,6 @@
},
expectTokenBinding: true,
expectedTokenBindingParam: 2,
- tls13Variant: ver.tls13Variant,
flags: []string{
"-token-binding-params",
base64.StdEncoding.EncodeToString([]byte{2, 1, 0}),
@@ -6848,7 +6587,6 @@
TokenBindingParams: []byte{},
TokenBindingVersion: maxTokenBindingVersion,
},
- tls13Variant: ver.tls13Variant,
flags: []string{
"-token-binding-params",
base64.StdEncoding.EncodeToString([]byte{2, 1, 0}),
@@ -6868,7 +6606,6 @@
},
expectTokenBinding: true,
expectedTokenBindingParam: 2,
- tls13Variant: ver.tls13Variant,
flags: []string{
"-token-binding-params",
base64.StdEncoding.EncodeToString([]byte{2, 1, 0}),
@@ -6887,7 +6624,6 @@
TokenBindingVersion: maxTokenBindingVersion,
ExpectTokenBindingParams: []byte{0, 1, 2},
},
- tls13Variant: ver.tls13Variant,
flags: []string{
"-token-binding-params",
base64.StdEncoding.EncodeToString([]byte{0, 1, 2}),
@@ -6905,7 +6641,6 @@
TokenBindingParams: []byte{2},
TokenBindingVersion: maxTokenBindingVersion,
},
- tls13Variant: ver.tls13Variant,
shouldFail: true,
expectedError: ":UNEXPECTED_EXTENSION:",
})
@@ -6926,7 +6661,6 @@
"-expected-token-binding-param",
"2",
},
- tls13Variant: ver.tls13Variant,
shouldFail: true,
expectedError: ":ERROR_PARSING_EXTENSION:",
})
@@ -6947,7 +6681,6 @@
"-expected-token-binding-param",
"2",
},
- tls13Variant: ver.tls13Variant,
shouldFail: true,
expectedError: ":ERROR_PARSING_EXTENSION:",
})
@@ -6968,7 +6701,6 @@
"-expected-token-binding-param",
"2",
},
- tls13Variant: ver.tls13Variant,
shouldFail: true,
expectedError: ":ERROR_PARSING_EXTENSION:",
})
@@ -6987,7 +6719,6 @@
"-token-binding-params",
base64.StdEncoding.EncodeToString([]byte{0, 1, 2}),
},
- tls13Variant: ver.tls13Variant,
})
testCases = append(testCases, testCase{
testType: clientTest,
@@ -7006,7 +6737,6 @@
"-expected-token-binding-param",
"2",
},
- tls13Variant: ver.tls13Variant,
})
testCases = append(testCases, testCase{
testType: clientTest,
@@ -7023,7 +6753,6 @@
"-token-binding-params",
base64.StdEncoding.EncodeToString([]byte{0, 1, 2}),
},
- tls13Variant: ver.tls13Variant,
shouldFail: true,
expectedError: "ERROR_PARSING_EXTENSION",
})
@@ -7042,7 +6771,6 @@
NoExtendedMasterSecret: true,
},
},
- tls13Variant: ver.tls13Variant,
flags: []string{
"-token-binding-params",
base64.StdEncoding.EncodeToString([]byte{2, 1, 0}),
@@ -7063,7 +6791,6 @@
NoExtendedMasterSecret: true,
},
},
- tls13Variant: ver.tls13Variant,
flags: []string{
"-token-binding-params",
base64.StdEncoding.EncodeToString([]byte{2, 1, 0}),
@@ -7085,7 +6812,6 @@
NoRenegotiationInfo: true,
},
},
- tls13Variant: ver.tls13Variant,
flags: []string{
"-token-binding-params",
base64.StdEncoding.EncodeToString([]byte{2, 1, 0}),
@@ -7106,7 +6832,6 @@
NoRenegotiationInfo: true,
},
},
- tls13Variant: ver.tls13Variant,
flags: []string{
"-token-binding-params",
base64.StdEncoding.EncodeToString([]byte{2, 1, 0}),
@@ -7127,7 +6852,6 @@
MaxEarlyDataSize: 16384,
},
resumeSession: true,
- tls13Variant: ver.tls13Variant,
flags: []string{
"-enable-early-data",
"-expect-ticket-supports-early-data",
@@ -7150,7 +6874,6 @@
resumeSession: true,
expectTokenBinding: true,
expectedTokenBindingParam: 2,
- tls13Variant: ver.tls13Variant,
flags: []string{
"-enable-early-data",
"-expect-ticket-supports-early-data",
@@ -7171,7 +6894,6 @@
MaxVersion: ver.version,
QUICTransportParams: []byte{1, 2},
},
- tls13Variant: ver.tls13Variant,
flags: []string{
"-quic-transport-params",
base64.StdEncoding.EncodeToString([]byte{3, 4}),
@@ -7189,7 +6911,6 @@
MaxVersion: ver.version,
QUICTransportParams: []byte{1, 2},
},
- tls13Variant: ver.tls13Variant,
flags: []string{
"-quic-transport-params",
base64.StdEncoding.EncodeToString([]byte{3, 4}),
@@ -7206,7 +6927,6 @@
MinVersion: ver.version,
MaxVersion: ver.version,
},
- tls13Variant: ver.tls13Variant,
flags: []string{
"-max-version",
strconv.Itoa(int(ver.version)),
@@ -7222,7 +6942,6 @@
MaxVersion: ver.version,
QUICTransportParams: []byte{1, 2},
},
- tls13Variant: ver.tls13Variant,
flags: []string{
"-quic-transport-params",
base64.StdEncoding.EncodeToString([]byte{3, 4}),
@@ -7238,7 +6957,6 @@
MaxVersion: ver.version,
QUICTransportParams: []byte{1, 2},
},
- tls13Variant: ver.tls13Variant,
flags: []string{
"-expected-quic-transport-params",
base64.StdEncoding.EncodeToString([]byte{1, 2}),
@@ -7275,7 +6993,6 @@
},
},
},
- tls13Variant: ver.tls13Variant,
resumeSession: true,
expectResumeRejected: true,
})
@@ -7286,7 +7003,6 @@
config: Config{
MaxVersion: ver.version,
},
- tls13Variant: ver.tls13Variant,
resumeSession: true,
flags: []string{"-use-ticket-callback"},
})
@@ -7299,7 +7015,6 @@
ExpectNewTicket: true,
},
},
- tls13Variant: ver.tls13Variant,
flags: []string{"-use-ticket-callback", "-renew-ticket"},
resumeSession: true,
})
@@ -7319,7 +7034,6 @@
},
},
},
- tls13Variant: ver.tls13Variant,
resumeSession: true,
expectResumeRejected: true,
flags: []string{
@@ -7475,7 +7189,6 @@
"-expect-signed-cert-timestamps",
base64.StdEncoding.EncodeToString(testSCTList),
},
- tls13Variant: ver.tls13Variant,
resumeSession: true,
})
@@ -7498,7 +7211,6 @@
"-expect-signed-cert-timestamps",
base64.StdEncoding.EncodeToString(testSCTList),
},
- tls13Variant: ver.tls13Variant,
resumeSession: true,
})
@@ -7512,7 +7224,6 @@
"-signed-cert-timestamps",
base64.StdEncoding.EncodeToString(testSCTList),
},
- tls13Variant: ver.tls13Variant,
expectedSCTList: testSCTList,
resumeSession: true,
})
@@ -7531,7 +7242,6 @@
flags: []string{
"-enable-signed-cert-timestamps",
},
- tls13Variant: ver.tls13Variant,
shouldFail: true,
expectedError: ":ERROR_PARSING_EXTENSION:",
})
@@ -7550,7 +7260,6 @@
flags: []string{
"-enable-signed-cert-timestamps",
},
- tls13Variant: ver.tls13Variant,
shouldFail: true,
expectedError: ":ERROR_PARSING_EXTENSION:",
})
@@ -7566,7 +7275,6 @@
NoSignedCertificateTimestamps: true,
},
},
- tls13Variant: ver.tls13Variant,
flags: []string{
"-ocsp-response",
base64.StdEncoding.EncodeToString(testOCSPResponse),
@@ -7835,29 +7543,19 @@
suffix += "-DTLS"
}
- // We can't resume across TLS 1.3 variants and error out earlier in the
- // session resumption.
- if sessionVers.tls13Variant != resumeVers.tls13Variant {
- continue
- }
-
if sessionVers.version == resumeVers.version {
testCases = append(testCases, testCase{
protocol: protocol,
name: "Resume-Client" + suffix,
resumeSession: true,
config: Config{
- MaxVersion: sessionVers.version,
- TLS13Variant: sessionVers.tls13Variant,
+ MaxVersion: sessionVers.version,
Bugs: ProtocolBugs{
ExpectNoTLS13PSK: sessionVers.version < VersionTLS13,
},
},
expectedVersion: sessionVers.version,
expectedResumeVersion: resumeVers.version,
- flags: []string{
- "-tls13-variant", strconv.Itoa(sessionVers.tls13Variant),
- },
})
} else {
testCases = append(testCases, testCase{
@@ -7865,13 +7563,11 @@
name: "Resume-Client-Mismatch" + suffix,
resumeSession: true,
config: Config{
- MaxVersion: sessionVers.version,
- TLS13Variant: sessionVers.tls13Variant,
+ MaxVersion: sessionVers.version,
},
expectedVersion: sessionVers.version,
resumeConfig: &Config{
- MaxVersion: resumeVers.version,
- TLS13Variant: resumeVers.tls13Variant,
+ MaxVersion: resumeVers.version,
Bugs: ProtocolBugs{
AcceptAnySession: true,
},
@@ -7879,10 +7575,6 @@
expectedResumeVersion: resumeVers.version,
shouldFail: true,
expectedError: ":OLD_SESSION_VERSION_NOT_RETURNED:",
- flags: []string{
- "-on-initial-tls13-variant", strconv.Itoa(sessionVers.tls13Variant),
- "-on-resume-tls13-variant", strconv.Itoa(resumeVers.tls13Variant),
- },
})
}
@@ -7891,21 +7583,15 @@
name: "Resume-Client-NoResume" + suffix,
resumeSession: true,
config: Config{
- MaxVersion: sessionVers.version,
- TLS13Variant: sessionVers.tls13Variant,
+ MaxVersion: sessionVers.version,
},
expectedVersion: sessionVers.version,
resumeConfig: &Config{
- MaxVersion: resumeVers.version,
- TLS13Variant: resumeVers.tls13Variant,
+ MaxVersion: resumeVers.version,
},
newSessionsOnResume: true,
expectResumeRejected: true,
expectedResumeVersion: resumeVers.version,
- flags: []string{
- "-on-initial-tls13-variant", strconv.Itoa(sessionVers.tls13Variant),
- "-on-resume-tls13-variant", strconv.Itoa(resumeVers.tls13Variant),
- },
})
testCases = append(testCases, testCase{
@@ -7914,23 +7600,17 @@
name: "Resume-Server" + suffix,
resumeSession: true,
config: Config{
- MaxVersion: sessionVers.version,
- TLS13Variant: sessionVers.tls13Variant,
+ MaxVersion: sessionVers.version,
},
expectedVersion: sessionVers.version,
expectResumeRejected: sessionVers != resumeVers,
resumeConfig: &Config{
- MaxVersion: resumeVers.version,
- TLS13Variant: resumeVers.tls13Variant,
+ MaxVersion: resumeVers.version,
Bugs: ProtocolBugs{
SendBothTickets: true,
},
},
expectedResumeVersion: resumeVers.version,
- flags: []string{
- "-on-initial-tls13-variant", strconv.Itoa(sessionVers.tls13Variant),
- "-on-resume-tls13-variant", strconv.Itoa(resumeVers.tls13Variant),
- },
})
// Repeat the test using session IDs, rather than tickets.
@@ -8378,15 +8058,14 @@
},
})
testCases = append(testCases, testCase{
- name: "Renegotiate-Client-TLS13Draft23",
+ name: "Renegotiate-Client-TLS12",
config: Config{
MaxVersion: VersionTLS12,
Bugs: ProtocolBugs{
FailIfResumeOnRenego: true,
},
},
- tls13Variant: TLS13Draft23,
- renegotiate: 1,
+ renegotiate: 1,
// Test renegotiation after both an initial and resumption
// handshake.
resumeSession: true,
@@ -8996,7 +8675,6 @@
"-enable-all-curves",
"-enable-ed25519",
},
- tls13Variant: ver.tls13Variant,
shouldFail: shouldSignFail,
expectedError: signError,
expectedLocalError: signLocalError,
@@ -9019,7 +8697,6 @@
IgnorePeerSignatureAlgorithmPreferences: shouldVerifyFail,
},
},
- tls13Variant: ver.tls13Variant,
flags: []string{
"-require-any-client-certificate",
"-expect-peer-signature-algorithm", strconv.Itoa(int(alg.id)),
@@ -9046,7 +8723,6 @@
fakeSigAlg2,
},
},
- tls13Variant: ver.tls13Variant,
flags: []string{
"-cert-file", path.Join(*resourceDir, getShimCertificate(alg.cert)),
"-key-file", path.Join(*resourceDir, getShimKey(alg.cert)),
@@ -9075,7 +8751,6 @@
IgnorePeerSignatureAlgorithmPreferences: shouldVerifyFail,
},
},
- tls13Variant: ver.tls13Variant,
flags: []string{
"-expect-peer-signature-algorithm", strconv.Itoa(int(alg.id)),
"-enable-all-curves",
@@ -9103,7 +8778,6 @@
InvalidSignature: true,
},
},
- tls13Variant: ver.tls13Variant,
flags: []string{
"-require-any-client-certificate",
"-enable-all-curves",
@@ -9126,7 +8800,6 @@
InvalidSignature: true,
},
},
- tls13Variant: ver.tls13Variant,
flags: []string{
"-enable-all-curves",
"-enable-ed25519",
@@ -9144,7 +8817,6 @@
ClientAuth: RequireAnyClientCert,
VerifySignatureAlgorithms: allAlgorithms,
},
- tls13Variant: ver.tls13Variant,
flags: []string{
"-cert-file", path.Join(*resourceDir, getShimCertificate(alg.cert)),
"-key-file", path.Join(*resourceDir, getShimKey(alg.cert)),
@@ -9163,7 +8835,6 @@
CipherSuites: signingCiphers,
VerifySignatureAlgorithms: allAlgorithms,
},
- tls13Variant: ver.tls13Variant,
flags: []string{
"-cert-file", path.Join(*resourceDir, getShimCertificate(alg.cert)),
"-key-file", path.Join(*resourceDir, getShimKey(alg.cert)),
@@ -9193,7 +8864,6 @@
signatureECDSAWithP256AndSHA256,
},
},
- tls13Variant: ver.tls13Variant,
flags: []string{
"-cert-file", path.Join(*resourceDir, rsaCertificateFile),
"-key-file", path.Join(*resourceDir, rsaKeyFile),
@@ -9214,7 +8884,6 @@
signatureECDSAWithP256AndSHA256,
},
},
- tls13Variant: ver.tls13Variant,
flags: []string{
"-cert-file", path.Join(*resourceDir, rsaCertificateFile),
"-key-file", path.Join(*resourceDir, rsaKeyFile),
@@ -10032,7 +9701,6 @@
ExpectRSAPSSSupport: expect,
},
},
- tls13Variant: ver.tls13Variant,
flags: flags,
shouldFail: shouldFail,
expectedLocalError: localError,
@@ -10051,7 +9719,6 @@
ExpectRSAPSSSupport: expect,
},
},
- tls13Variant: ver.tls13Variant,
flags: serverFlags,
shouldFail: shouldFail,
expectedLocalError: localError,
@@ -10279,7 +9946,6 @@
// Test the exporter in both initial and resumption
// handshakes.
resumeSession: true,
- tls13Variant: vers.tls13Variant,
exportKeyingMaterial: 1024,
exportLabel: "label",
exportContext: "context",
@@ -10290,7 +9956,6 @@
config: Config{
MaxVersion: vers.version,
},
- tls13Variant: vers.tls13Variant,
exportKeyingMaterial: 1024,
})
testCases = append(testCases, testCase{
@@ -10298,7 +9963,6 @@
config: Config{
MaxVersion: vers.version,
},
- tls13Variant: vers.tls13Variant,
exportKeyingMaterial: 1024,
useExportContext: true,
})
@@ -10307,7 +9971,6 @@
config: Config{
MaxVersion: vers.version,
},
- tls13Variant: vers.tls13Variant,
exportKeyingMaterial: 1,
exportLabel: "label",
exportContext: "context",
@@ -10324,7 +9987,6 @@
MaxEarlyDataSize: 16384,
},
resumeSession: true,
- tls13Variant: vers.tls13Variant,
flags: []string{
"-enable-early-data",
"-expect-ticket-supports-early-data",
@@ -10356,7 +10018,6 @@
},
},
resumeSession: true,
- tls13Variant: vers.tls13Variant,
flags: []string{
"-enable-early-data",
"-expect-ticket-supports-early-data",
@@ -10381,7 +10042,6 @@
MaxEarlyDataSize: 16384,
},
resumeSession: true,
- tls13Variant: vers.tls13Variant,
exportEarlyKeyingMaterial: 1024,
exportLabel: "label",
exportContext: "context",
@@ -10402,7 +10062,6 @@
config: Config{
MaxVersion: vers.version,
},
- tls13Variant: vers.tls13Variant,
flags: []string{"-export-early-keying-material", "1024"},
shouldFail: true,
expectedError: ":EARLY_DATA_NOT_IN_USE:",
@@ -10413,7 +10072,6 @@
MaxVersion: vers.version,
},
resumeSession: true,
- tls13Variant: vers.tls13Variant,
flags: []string{"-on-resume-export-early-keying-material", "1024"},
shouldFail: true,
expectedError: ":EARLY_DATA_NOT_IN_USE:",
@@ -10431,7 +10089,6 @@
},
},
resumeSession: true,
- tls13Variant: vers.tls13Variant,
flags: []string{
"-enable-early-data",
"-expect-ticket-supports-early-data",
@@ -10453,7 +10110,6 @@
ExpectEarlyDataAccepted: true,
},
},
- tls13Variant: vers.tls13Variant,
resumeSession: true,
exportKeyingMaterial: 1024,
exportLabel: "label",
@@ -10473,7 +10129,6 @@
ExpectEarlyDataAccepted: true,
},
},
- tls13Variant: vers.tls13Variant,
resumeSession: true,
exportEarlyKeyingMaterial: 1024,
exportLabel: "label",
@@ -10489,7 +10144,6 @@
config: Config{
MaxVersion: vers.version,
},
- tls13Variant: vers.tls13Variant,
flags: []string{"-export-early-keying-material", "1024"},
shouldFail: true,
expectedError: ":EARLY_DATA_NOT_IN_USE:",
@@ -10501,7 +10155,6 @@
MaxVersion: vers.version,
},
resumeSession: true,
- tls13Variant: vers.tls13Variant,
flags: []string{"-on-resume-export-early-keying-material", "1024"},
shouldFail: true,
expectedError: ":EARLY_DATA_NOT_IN_USE:",
@@ -10514,7 +10167,6 @@
MaxVersion: vers.version,
},
resumeSession: true,
- tls13Variant: vers.tls13Variant,
exportEarlyKeyingMaterial: 1024,
exportLabel: "label",
exportContext: "context",
@@ -10528,7 +10180,6 @@
MaxVersion: vers.version,
},
resumeSession: true,
- tls13Variant: vers.tls13Variant,
exportEarlyKeyingMaterial: 1024,
exportLabel: "label",
exportContext: "context",
@@ -10814,7 +10465,6 @@
},
CurvePreferences: []CurveID{curve.id},
},
- tls13Variant: ver.tls13Variant,
flags: []string{
"-enable-all-curves",
"-expect-curve-id", strconv.Itoa(int(curve.id)),
@@ -10833,7 +10483,6 @@
},
CurvePreferences: []CurveID{curve.id},
},
- tls13Variant: ver.tls13Variant,
flags: []string{
"-enable-all-curves",
"-expect-curve-id", strconv.Itoa(int(curve.id)),
@@ -10856,7 +10505,6 @@
SendCompressedCoordinates: true,
},
},
- tls13Variant: ver.tls13Variant,
flags: []string{"-enable-all-curves"},
shouldFail: true,
expectedError: ":BAD_ECPOINT:",
@@ -10876,7 +10524,6 @@
SendCompressedCoordinates: true,
},
},
- tls13Variant: ver.tls13Variant,
flags: []string{"-enable-all-curves"},
shouldFail: true,
expectedError: ":BAD_ECPOINT:",
@@ -11639,7 +11286,6 @@
},
},
resumeSession: useStatefulResumption,
- tls13Variant: ver.tls13Variant,
flags: []string{"-no-ticket"},
})
@@ -11651,7 +11297,6 @@
MinVersion: ver.version,
MaxVersion: ver.version,
},
- tls13Variant: ver.tls13Variant,
resumeSession: true,
expectResumeRejected: true,
// Set SSL_OP_NO_TICKET on the second connection, after the first
@@ -12281,7 +11926,7 @@
messageType: typeEndOfEarlyData,
test: testCase{
testType: serverTest,
- name: "TLS13Draft23-EndOfEarlyData",
+ name: "TLS13-EndOfEarlyData",
config: Config{
MaxVersion: VersionTLS13,
},
@@ -12292,7 +11937,6 @@
ExpectEarlyDataAccepted: true,
},
},
- tls13Variant: TLS13Draft23,
resumeSession: true,
flags: []string{"-enable-early-data"},
},
@@ -12371,1637 +12015,1537 @@
}
func addTLS13HandshakeTests() {
- for _, version := range allVersions(tls) {
- if version.version != VersionTLS13 {
- continue
- }
- name := version.name
- variant := version.tls13Variant
-
- testCases = append(testCases, testCase{
- testType: clientTest,
- name: "NegotiatePSKResumption-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- NegotiatePSKResumption: true,
- },
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "NegotiatePSKResumption-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ NegotiatePSKResumption: true,
},
- tls13Variant: variant,
- resumeSession: true,
- shouldFail: true,
- expectedError: ":MISSING_KEY_SHARE:",
- })
+ },
+ resumeSession: true,
+ shouldFail: true,
+ expectedError: ":MISSING_KEY_SHARE:",
+ })
- testCases = append(testCases, testCase{
- testType: clientTest,
- name: "MissingKeyShare-Client-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- MissingKeyShare: true,
- },
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "MissingKeyShare-Client-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ MissingKeyShare: true,
},
- tls13Variant: variant,
- shouldFail: true,
- expectedError: ":MISSING_KEY_SHARE:",
- })
+ },
+ shouldFail: true,
+ expectedError: ":MISSING_KEY_SHARE:",
+ })
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "MissingKeyShare-Server-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- MissingKeyShare: true,
- },
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "MissingKeyShare-Server-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ MissingKeyShare: true,
},
- tls13Variant: variant,
- shouldFail: true,
- expectedError: ":MISSING_KEY_SHARE:",
- })
+ },
+ shouldFail: true,
+ expectedError: ":MISSING_KEY_SHARE:",
+ })
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "DuplicateKeyShares-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- DuplicateKeyShares: true,
- },
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "DuplicateKeyShares-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ DuplicateKeyShares: true,
},
- tls13Variant: variant,
- shouldFail: true,
- expectedError: ":DUPLICATE_KEY_SHARE:",
- })
+ },
+ shouldFail: true,
+ expectedError: ":DUPLICATE_KEY_SHARE:",
+ })
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "SkipEarlyData-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- SendFakeEarlyDataLength: 4,
- },
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "SkipEarlyData-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ SendFakeEarlyDataLength: 4,
},
- tls13Variant: variant,
- })
+ },
+ })
- // Test that enabling a TLS 1.3 variant does not interfere with
- // TLS 1.2 session ID resumption.
- testCases = append(testCases, testCase{
- testType: clientTest,
- name: "ResumeTLS12SessionID-" + name,
- config: Config{
- MaxVersion: VersionTLS12,
- SessionTicketsDisabled: true,
- },
- tls13Variant: variant,
- resumeSession: true,
- })
+ // Test that enabling TLS 1.3 does not interfere with TLS 1.2 session ID
+ // resumption.
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "ResumeTLS12SessionID-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS12,
+ SessionTicketsDisabled: true,
+ },
+ resumeSession: true,
+ })
- // Test that the client correctly handles a TLS 1.3 ServerHello which echoes
- // a TLS 1.2 session ID.
- testCases = append(testCases, testCase{
- testType: clientTest,
- name: "TLS12SessionID-" + name,
- config: Config{
- MaxVersion: VersionTLS12,
- SessionTicketsDisabled: true,
- },
- resumeConfig: &Config{
- MaxVersion: VersionTLS13,
+ // Test that the client correctly handles a TLS 1.3 ServerHello which echoes
+ // a TLS 1.2 session ID.
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "TLS12SessionID-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS12,
+ SessionTicketsDisabled: true,
+ },
+ resumeConfig: &Config{
+ MaxVersion: VersionTLS13,
+ },
+ resumeSession: true,
+ expectResumeRejected: true,
+ })
+
+ // Test that the server correctly echoes back session IDs of
+ // various lengths. The first test additionally asserts that
+ // BoringSSL always sends the ChangeCipherSpec messages for
+ // compatibility mode, rather than negotiating it based on the
+ // ClientHello.
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "EmptySessionID-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ SendClientHelloSessionID: []byte{},
},
- tls13Variant: variant,
- resumeSession: true,
- expectResumeRejected: true,
- })
+ },
+ })
- // Test that the server correctly echoes back session IDs of
- // various lengths. The first test additionally asserts that
- // BoringSSL always sends the ChangeCipherSpec messages for
- // compatibility mode, rather than negotiating it based on the
- // ClientHello.
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "EmptySessionID-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- SendClientHelloSessionID: []byte{},
- },
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "ShortSessionID-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ SendClientHelloSessionID: make([]byte, 16),
},
- tls13Variant: variant,
- })
+ },
+ })
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "ShortSessionID-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- SendClientHelloSessionID: make([]byte, 16),
- },
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "FullSessionID-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ SendClientHelloSessionID: make([]byte, 32),
},
- tls13Variant: variant,
- })
+ },
+ })
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "FullSessionID-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- SendClientHelloSessionID: make([]byte, 32),
- },
+ // Test that the client sends a fake session ID in TLS 1.3.
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "TLS13SessionID-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ ExpectClientHelloSessionID: true,
},
- tls13Variant: variant,
- })
+ },
+ })
- // Test that the client sends a fake session ID in TLS 1.3.
- testCases = append(testCases, testCase{
- testType: clientTest,
- name: "TLS13SessionID-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- ExpectClientHelloSessionID: true,
- },
+ // Test that the client omits the fake session ID when the max version is TLS 1.2 and below.
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "TLS12NoSessionID-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ ExpectNoTLS12Session: true,
},
- tls13Variant: variant,
- })
+ },
+ flags: []string{"-max-version", strconv.Itoa(VersionTLS12)},
+ })
- // Test that the client omits the fake session ID when the max version is TLS 1.2 and below.
- testCases = append(testCases, testCase{
- testType: clientTest,
- name: "TLS12NoSessionID-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- ExpectNoTLS12Session: true,
- },
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "EarlyData-Client-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ MinVersion: VersionTLS13,
+ MaxEarlyDataSize: 16384,
+ },
+ resumeConfig: &Config{
+ MaxVersion: VersionTLS13,
+ MinVersion: VersionTLS13,
+ MaxEarlyDataSize: 16384,
+ Bugs: ProtocolBugs{
+ ExpectEarlyData: [][]byte{{'h', 'e', 'l', 'l', 'o'}},
},
- tls13Variant: variant,
- flags: []string{"-max-version", strconv.Itoa(VersionTLS12)},
- })
+ },
+ resumeSession: true,
+ flags: []string{
+ "-enable-early-data",
+ "-expect-ticket-supports-early-data",
+ "-expect-accept-early-data",
+ "-on-resume-shim-writes-first",
+ },
+ })
- testCases = append(testCases, testCase{
- testType: clientTest,
- name: "EarlyData-Client-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- MinVersion: VersionTLS13,
- MaxEarlyDataSize: 16384,
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "EarlyData-Reject-Client-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ MaxEarlyDataSize: 16384,
+ },
+ resumeConfig: &Config{
+ MaxVersion: VersionTLS13,
+ MaxEarlyDataSize: 16384,
+ Bugs: ProtocolBugs{
+ AlwaysRejectEarlyData: true,
},
- resumeConfig: &Config{
- MaxVersion: VersionTLS13,
- MinVersion: VersionTLS13,
- MaxEarlyDataSize: 16384,
- Bugs: ProtocolBugs{
- ExpectEarlyData: [][]byte{{'h', 'e', 'l', 'l', 'o'}},
- },
- },
- tls13Variant: variant,
- resumeSession: true,
- flags: []string{
- "-enable-early-data",
- "-expect-ticket-supports-early-data",
- "-expect-accept-early-data",
- "-on-resume-shim-writes-first",
- },
- })
+ },
+ resumeSession: true,
+ flags: []string{
+ "-enable-early-data",
+ "-expect-ticket-supports-early-data",
+ "-expect-reject-early-data",
+ "-on-resume-shim-writes-first",
+ },
+ })
- testCases = append(testCases, testCase{
- testType: clientTest,
- name: "EarlyData-Reject-Client-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- MaxEarlyDataSize: 16384,
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "EarlyData-Server-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ MinVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ SendEarlyData: [][]byte{{1, 2, 3, 4}},
+ ExpectEarlyDataAccepted: true,
+ ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}},
},
- resumeConfig: &Config{
- MaxVersion: VersionTLS13,
- MaxEarlyDataSize: 16384,
- Bugs: ProtocolBugs{
- AlwaysRejectEarlyData: true,
- },
- },
- tls13Variant: variant,
- resumeSession: true,
- flags: []string{
- "-enable-early-data",
- "-expect-ticket-supports-early-data",
- "-expect-reject-early-data",
- "-on-resume-shim-writes-first",
- },
- })
+ },
+ messageCount: 2,
+ resumeSession: true,
+ flags: []string{
+ "-enable-early-data",
+ "-expect-accept-early-data",
+ },
+ })
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "EarlyData-Server-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- MinVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- SendEarlyData: [][]byte{{1, 2, 3, 4}},
- ExpectEarlyDataAccepted: true,
- ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}},
- },
- },
- tls13Variant: variant,
- messageCount: 2,
- resumeSession: true,
- flags: []string{
- "-enable-early-data",
- "-expect-accept-early-data",
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "EarlyData-FirstTicket-Server-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ MinVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ UseFirstSessionTicket: true,
+ SendEarlyData: [][]byte{{1, 2, 3, 4}},
+ ExpectEarlyDataAccepted: true,
+ ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}},
},
- })
+ },
+ messageCount: 2,
+ resumeSession: true,
+ flags: []string{
+ "-enable-early-data",
+ "-expect-accept-early-data",
+ },
+ })
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "EarlyData-FirstTicket-Server-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- MinVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- UseFirstSessionTicket: true,
- SendEarlyData: [][]byte{{1, 2, 3, 4}},
- ExpectEarlyDataAccepted: true,
- ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}},
- },
- },
- tls13Variant: variant,
- messageCount: 2,
- resumeSession: true,
- flags: []string{
- "-enable-early-data",
- "-expect-accept-early-data",
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "SkipEarlyData-OmitEarlyDataExtension-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ SendFakeEarlyDataLength: 4,
+ OmitEarlyDataExtension: true,
},
- })
+ },
+ shouldFail: true,
+ expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
+ })
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "SkipEarlyData-OmitEarlyDataExtension-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- SendFakeEarlyDataLength: 4,
- OmitEarlyDataExtension: true,
- },
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "SkipEarlyData-TooMuchData-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ SendFakeEarlyDataLength: 16384 + 1,
},
- tls13Variant: variant,
- shouldFail: true,
- expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
- })
+ },
+ shouldFail: true,
+ expectedError: ":TOO_MUCH_SKIPPED_EARLY_DATA:",
+ })
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "SkipEarlyData-TooMuchData-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- SendFakeEarlyDataLength: 16384 + 1,
- },
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "SkipEarlyData-Interleaved-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ SendFakeEarlyDataLength: 4,
+ InterleaveEarlyData: true,
},
- tls13Variant: variant,
- shouldFail: true,
- expectedError: ":TOO_MUCH_SKIPPED_EARLY_DATA:",
- })
+ },
+ shouldFail: true,
+ expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
+ })
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "SkipEarlyData-Interleaved-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- SendFakeEarlyDataLength: 4,
- InterleaveEarlyData: true,
- },
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "SkipEarlyData-EarlyDataInTLS12-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ SendFakeEarlyDataLength: 4,
},
- tls13Variant: variant,
- shouldFail: true,
- expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
- })
+ },
+ shouldFail: true,
+ expectedError: ":UNEXPECTED_RECORD:",
+ flags: []string{"-max-version", strconv.Itoa(VersionTLS12)},
+ })
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "SkipEarlyData-EarlyDataInTLS12-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- SendFakeEarlyDataLength: 4,
- },
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "SkipEarlyData-HRR-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ SendFakeEarlyDataLength: 4,
},
- tls13Variant: variant,
- shouldFail: true,
- expectedError: ":UNEXPECTED_RECORD:",
- flags: []string{"-max-version", strconv.Itoa(VersionTLS12)},
- })
+ DefaultCurves: []CurveID{},
+ },
+ })
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "SkipEarlyData-HRR-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- SendFakeEarlyDataLength: 4,
- },
- DefaultCurves: []CurveID{},
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "SkipEarlyData-HRR-Interleaved-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ SendFakeEarlyDataLength: 4,
+ InterleaveEarlyData: true,
},
- tls13Variant: variant,
- })
+ DefaultCurves: []CurveID{},
+ },
+ shouldFail: true,
+ expectedError: ":UNEXPECTED_RECORD:",
+ })
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "SkipEarlyData-HRR-Interleaved-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- SendFakeEarlyDataLength: 4,
- InterleaveEarlyData: true,
- },
- DefaultCurves: []CurveID{},
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "SkipEarlyData-HRR-TooMuchData-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ SendFakeEarlyDataLength: 16384 + 1,
},
- tls13Variant: variant,
- shouldFail: true,
- expectedError: ":UNEXPECTED_RECORD:",
- })
+ DefaultCurves: []CurveID{},
+ },
+ shouldFail: true,
+ expectedError: ":TOO_MUCH_SKIPPED_EARLY_DATA:",
+ })
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "SkipEarlyData-HRR-TooMuchData-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- SendFakeEarlyDataLength: 16384 + 1,
- },
- DefaultCurves: []CurveID{},
+ // Test that skipping early data looking for cleartext correctly
+ // processes an alert record.
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "SkipEarlyData-HRR-FatalAlert-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ SendEarlyAlert: true,
+ SendFakeEarlyDataLength: 4,
},
- tls13Variant: variant,
- shouldFail: true,
- expectedError: ":TOO_MUCH_SKIPPED_EARLY_DATA:",
- })
+ DefaultCurves: []CurveID{},
+ },
+ shouldFail: true,
+ expectedError: ":SSLV3_ALERT_HANDSHAKE_FAILURE:",
+ })
- // Test that skipping early data looking for cleartext correctly
- // processes an alert record.
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "SkipEarlyData-HRR-FatalAlert-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- SendEarlyAlert: true,
- SendFakeEarlyDataLength: 4,
- },
- DefaultCurves: []CurveID{},
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "SkipEarlyData-SecondClientHelloEarlyData-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ SendEarlyDataOnSecondClientHello: true,
},
- tls13Variant: variant,
- shouldFail: true,
- expectedError: ":SSLV3_ALERT_HANDSHAKE_FAILURE:",
- })
+ DefaultCurves: []CurveID{},
+ },
+ shouldFail: true,
+ expectedLocalError: "remote error: bad record MAC",
+ })
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "SkipEarlyData-SecondClientHelloEarlyData-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- SendEarlyDataOnSecondClientHello: true,
- },
- DefaultCurves: []CurveID{},
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "EmptyEncryptedExtensions-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ EmptyEncryptedExtensions: true,
},
- tls13Variant: variant,
- shouldFail: true,
- expectedLocalError: "remote error: bad record MAC",
- })
+ },
+ shouldFail: true,
+ expectedLocalError: "remote error: error decoding message",
+ })
- testCases = append(testCases, testCase{
- testType: clientTest,
- name: "EmptyEncryptedExtensions-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- EmptyEncryptedExtensions: true,
- },
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "EncryptedExtensionsWithKeyShare-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ EncryptedExtensionsWithKeyShare: true,
},
- tls13Variant: variant,
- shouldFail: true,
- expectedLocalError: "remote error: error decoding message",
- })
+ },
+ shouldFail: true,
+ expectedLocalError: "remote error: unsupported extension",
+ })
- testCases = append(testCases, testCase{
- testType: clientTest,
- name: "EncryptedExtensionsWithKeyShare-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- EncryptedExtensionsWithKeyShare: true,
- },
- },
- tls13Variant: variant,
- shouldFail: true,
- expectedLocalError: "remote error: unsupported extension",
- })
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "SendHelloRetryRequest-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ // Require a HelloRetryRequest for every curve.
+ DefaultCurves: []CurveID{},
+ },
+ expectedCurveID: CurveX25519,
+ })
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "SendHelloRetryRequest-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- // Require a HelloRetryRequest for every curve.
- DefaultCurves: []CurveID{},
- },
- tls13Variant: variant,
- expectedCurveID: CurveX25519,
- })
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "SendHelloRetryRequest-2-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ DefaultCurves: []CurveID{CurveP384},
+ },
+ // Although the ClientHello did not predict our preferred curve,
+ // we always select it whether it is predicted or not.
+ expectedCurveID: CurveX25519,
+ })
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "SendHelloRetryRequest-2-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- DefaultCurves: []CurveID{CurveP384},
+ testCases = append(testCases, testCase{
+ name: "UnknownCurve-HelloRetryRequest-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ // P-384 requires HelloRetryRequest in BoringSSL.
+ CurvePreferences: []CurveID{CurveP384},
+ Bugs: ProtocolBugs{
+ SendHelloRetryRequestCurve: bogusCurve,
},
- tls13Variant: variant,
- // Although the ClientHello did not predict our preferred curve,
- // we always select it whether it is predicted or not.
- expectedCurveID: CurveX25519,
- })
+ },
+ shouldFail: true,
+ expectedError: ":WRONG_CURVE:",
+ })
- testCases = append(testCases, testCase{
- name: "UnknownCurve-HelloRetryRequest-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- // P-384 requires HelloRetryRequest in BoringSSL.
- CurvePreferences: []CurveID{CurveP384},
- Bugs: ProtocolBugs{
- SendHelloRetryRequestCurve: bogusCurve,
- },
+ testCases = append(testCases, testCase{
+ name: "HelloRetryRequest-CipherChange-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ // P-384 requires HelloRetryRequest in BoringSSL.
+ CurvePreferences: []CurveID{CurveP384},
+ Bugs: ProtocolBugs{
+ SendCipherSuite: TLS_AES_128_GCM_SHA256,
+ SendHelloRetryRequestCipherSuite: TLS_CHACHA20_POLY1305_SHA256,
},
- tls13Variant: variant,
- shouldFail: true,
- expectedError: ":WRONG_CURVE:",
- })
+ },
+ shouldFail: true,
+ expectedError: ":WRONG_CIPHER_RETURNED:",
+ })
- testCases = append(testCases, testCase{
- name: "HelloRetryRequest-CipherChange-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- // P-384 requires HelloRetryRequest in BoringSSL.
- CurvePreferences: []CurveID{CurveP384},
- Bugs: ProtocolBugs{
- SendCipherSuite: TLS_AES_128_GCM_SHA256,
- SendHelloRetryRequestCipherSuite: TLS_CHACHA20_POLY1305_SHA256,
- },
+ // Test that the client does not offer a PSK in the second ClientHello if the
+ // HelloRetryRequest is incompatible with it.
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "HelloRetryRequest-NonResumableCipher-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ CipherSuites: []uint16{
+ TLS_AES_128_GCM_SHA256,
},
- tls13Variant: variant,
- shouldFail: true,
- expectedError: ":WRONG_CIPHER_RETURNED:",
- })
-
- // Test that the client does not offer a PSK in the second ClientHello if the
- // HelloRetryRequest is incompatible with it.
- testCases = append(testCases, testCase{
- testType: clientTest,
- name: "HelloRetryRequest-NonResumableCipher-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- CipherSuites: []uint16{
- TLS_AES_128_GCM_SHA256,
- },
+ },
+ resumeConfig: &Config{
+ MaxVersion: VersionTLS13,
+ // P-384 requires HelloRetryRequest in BoringSSL.
+ CurvePreferences: []CurveID{CurveP384},
+ Bugs: ProtocolBugs{
+ ExpectNoTLS13PSKAfterHRR: true,
},
- resumeConfig: &Config{
- MaxVersion: VersionTLS13,
- // P-384 requires HelloRetryRequest in BoringSSL.
- CurvePreferences: []CurveID{CurveP384},
- Bugs: ProtocolBugs{
- ExpectNoTLS13PSKAfterHRR: true,
- },
- CipherSuites: []uint16{
- TLS_AES_256_GCM_SHA384,
- },
+ CipherSuites: []uint16{
+ TLS_AES_256_GCM_SHA384,
},
- tls13Variant: variant,
- resumeSession: true,
- expectResumeRejected: true,
- })
+ },
+ resumeSession: true,
+ expectResumeRejected: true,
+ })
- testCases = append(testCases, testCase{
- name: "DisabledCurve-HelloRetryRequest-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- CurvePreferences: []CurveID{CurveP256},
- Bugs: ProtocolBugs{
- IgnorePeerCurvePreferences: true,
- },
+ testCases = append(testCases, testCase{
+ name: "DisabledCurve-HelloRetryRequest-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ CurvePreferences: []CurveID{CurveP256},
+ Bugs: ProtocolBugs{
+ IgnorePeerCurvePreferences: true,
},
- tls13Variant: variant,
- flags: []string{"-curves", strconv.Itoa(int(CurveP384))},
- shouldFail: true,
- expectedError: ":WRONG_CURVE:",
- })
+ },
+ flags: []string{"-curves", strconv.Itoa(int(CurveP384))},
+ shouldFail: true,
+ expectedError: ":WRONG_CURVE:",
+ })
- testCases = append(testCases, testCase{
- name: "UnnecessaryHelloRetryRequest-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- CurvePreferences: []CurveID{CurveX25519},
- Bugs: ProtocolBugs{
- SendHelloRetryRequestCurve: CurveX25519,
- },
+ testCases = append(testCases, testCase{
+ name: "UnnecessaryHelloRetryRequest-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ CurvePreferences: []CurveID{CurveX25519},
+ Bugs: ProtocolBugs{
+ SendHelloRetryRequestCurve: CurveX25519,
},
- tls13Variant: variant,
- shouldFail: true,
- expectedError: ":WRONG_CURVE:",
- })
+ },
+ shouldFail: true,
+ expectedError: ":WRONG_CURVE:",
+ })
- testCases = append(testCases, testCase{
- name: "SecondHelloRetryRequest-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- // P-384 requires HelloRetryRequest in BoringSSL.
- CurvePreferences: []CurveID{CurveP384},
- Bugs: ProtocolBugs{
- SecondHelloRetryRequest: true,
- },
+ testCases = append(testCases, testCase{
+ name: "SecondHelloRetryRequest-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ // P-384 requires HelloRetryRequest in BoringSSL.
+ CurvePreferences: []CurveID{CurveP384},
+ Bugs: ProtocolBugs{
+ SecondHelloRetryRequest: true,
},
- tls13Variant: variant,
- shouldFail: true,
- expectedError: ":UNEXPECTED_MESSAGE:",
- })
+ },
+ shouldFail: true,
+ expectedError: ":UNEXPECTED_MESSAGE:",
+ })
- testCases = append(testCases, testCase{
- name: "HelloRetryRequest-Empty-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- AlwaysSendHelloRetryRequest: true,
- },
+ testCases = append(testCases, testCase{
+ name: "HelloRetryRequest-Empty-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ AlwaysSendHelloRetryRequest: true,
},
- tls13Variant: variant,
- shouldFail: true,
- expectedError: ":EMPTY_HELLO_RETRY_REQUEST:",
- expectedLocalError: "remote error: illegal parameter",
- })
+ },
+ shouldFail: true,
+ expectedError: ":EMPTY_HELLO_RETRY_REQUEST:",
+ expectedLocalError: "remote error: illegal parameter",
+ })
- testCases = append(testCases, testCase{
- name: "HelloRetryRequest-DuplicateCurve-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- // P-384 requires a HelloRetryRequest against BoringSSL's default
- // configuration. Assert this ExpectMissingKeyShare.
- CurvePreferences: []CurveID{CurveP384},
- Bugs: ProtocolBugs{
- ExpectMissingKeyShare: true,
- DuplicateHelloRetryRequestExtensions: true,
- },
+ testCases = append(testCases, testCase{
+ name: "HelloRetryRequest-DuplicateCurve-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ // P-384 requires a HelloRetryRequest against BoringSSL's default
+ // configuration. Assert this ExpectMissingKeyShare.
+ CurvePreferences: []CurveID{CurveP384},
+ Bugs: ProtocolBugs{
+ ExpectMissingKeyShare: true,
+ DuplicateHelloRetryRequestExtensions: true,
},
- tls13Variant: variant,
- shouldFail: true,
- expectedError: ":DUPLICATE_EXTENSION:",
- expectedLocalError: "remote error: illegal parameter",
- })
+ },
+ shouldFail: true,
+ expectedError: ":DUPLICATE_EXTENSION:",
+ expectedLocalError: "remote error: illegal parameter",
+ })
- testCases = append(testCases, testCase{
- name: "HelloRetryRequest-Cookie-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- SendHelloRetryRequestCookie: []byte("cookie"),
- },
+ testCases = append(testCases, testCase{
+ name: "HelloRetryRequest-Cookie-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ SendHelloRetryRequestCookie: []byte("cookie"),
},
- tls13Variant: variant,
- })
+ },
+ })
- testCases = append(testCases, testCase{
- name: "HelloRetryRequest-DuplicateCookie-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- SendHelloRetryRequestCookie: []byte("cookie"),
- DuplicateHelloRetryRequestExtensions: true,
- },
+ testCases = append(testCases, testCase{
+ name: "HelloRetryRequest-DuplicateCookie-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ SendHelloRetryRequestCookie: []byte("cookie"),
+ DuplicateHelloRetryRequestExtensions: true,
},
- tls13Variant: variant,
- shouldFail: true,
- expectedError: ":DUPLICATE_EXTENSION:",
- expectedLocalError: "remote error: illegal parameter",
- })
+ },
+ shouldFail: true,
+ expectedError: ":DUPLICATE_EXTENSION:",
+ expectedLocalError: "remote error: illegal parameter",
+ })
- testCases = append(testCases, testCase{
- name: "HelloRetryRequest-EmptyCookie-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- SendHelloRetryRequestCookie: []byte{},
- },
+ testCases = append(testCases, testCase{
+ name: "HelloRetryRequest-EmptyCookie-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ SendHelloRetryRequestCookie: []byte{},
},
- tls13Variant: variant,
- shouldFail: true,
- expectedError: ":DECODE_ERROR:",
- })
+ },
+ shouldFail: true,
+ expectedError: ":DECODE_ERROR:",
+ })
- testCases = append(testCases, testCase{
- name: "HelloRetryRequest-Cookie-Curve-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- // P-384 requires HelloRetryRequest in BoringSSL.
- CurvePreferences: []CurveID{CurveP384},
- Bugs: ProtocolBugs{
- SendHelloRetryRequestCookie: []byte("cookie"),
- ExpectMissingKeyShare: true,
- },
+ testCases = append(testCases, testCase{
+ name: "HelloRetryRequest-Cookie-Curve-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ // P-384 requires HelloRetryRequest in BoringSSL.
+ CurvePreferences: []CurveID{CurveP384},
+ Bugs: ProtocolBugs{
+ SendHelloRetryRequestCookie: []byte("cookie"),
+ ExpectMissingKeyShare: true,
},
- tls13Variant: variant,
- })
+ },
+ })
- testCases = append(testCases, testCase{
- name: "HelloRetryRequest-Unknown-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- CustomHelloRetryRequestExtension: "extension",
- },
+ testCases = append(testCases, testCase{
+ name: "HelloRetryRequest-Unknown-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ CustomHelloRetryRequestExtension: "extension",
},
- tls13Variant: variant,
- shouldFail: true,
- expectedError: ":UNEXPECTED_EXTENSION:",
- expectedLocalError: "remote error: unsupported extension",
- })
+ },
+ shouldFail: true,
+ expectedError: ":UNEXPECTED_EXTENSION:",
+ expectedLocalError: "remote error: unsupported extension",
+ })
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "SecondClientHelloMissingKeyShare-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- DefaultCurves: []CurveID{},
- Bugs: ProtocolBugs{
- SecondClientHelloMissingKeyShare: true,
- },
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "SecondClientHelloMissingKeyShare-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ DefaultCurves: []CurveID{},
+ Bugs: ProtocolBugs{
+ SecondClientHelloMissingKeyShare: true,
},
- tls13Variant: variant,
- shouldFail: true,
- expectedError: ":MISSING_KEY_SHARE:",
- })
+ },
+ shouldFail: true,
+ expectedError: ":MISSING_KEY_SHARE:",
+ })
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "SecondClientHelloWrongCurve-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- DefaultCurves: []CurveID{},
- Bugs: ProtocolBugs{
- MisinterpretHelloRetryRequestCurve: CurveP521,
- },
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "SecondClientHelloWrongCurve-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ DefaultCurves: []CurveID{},
+ Bugs: ProtocolBugs{
+ MisinterpretHelloRetryRequestCurve: CurveP521,
},
- tls13Variant: variant,
- shouldFail: true,
- expectedError: ":WRONG_CURVE:",
- })
+ },
+ shouldFail: true,
+ expectedError: ":WRONG_CURVE:",
+ })
- testCases = append(testCases, testCase{
- name: "HelloRetryRequestVersionMismatch-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- // P-384 requires HelloRetryRequest in BoringSSL.
- CurvePreferences: []CurveID{CurveP384},
- Bugs: ProtocolBugs{
- SendServerHelloVersion: 0x0305,
- },
+ testCases = append(testCases, testCase{
+ name: "HelloRetryRequestVersionMismatch-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ // P-384 requires HelloRetryRequest in BoringSSL.
+ CurvePreferences: []CurveID{CurveP384},
+ Bugs: ProtocolBugs{
+ SendServerHelloVersion: 0x0305,
},
- tls13Variant: variant,
- shouldFail: true,
- expectedError: ":WRONG_VERSION_NUMBER:",
- })
+ },
+ shouldFail: true,
+ expectedError: ":WRONG_VERSION_NUMBER:",
+ })
- testCases = append(testCases, testCase{
- name: "HelloRetryRequestCurveMismatch-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- // P-384 requires HelloRetryRequest in BoringSSL.
- CurvePreferences: []CurveID{CurveP384},
- Bugs: ProtocolBugs{
- // Send P-384 (correct) in the HelloRetryRequest.
- SendHelloRetryRequestCurve: CurveP384,
- // But send P-256 in the ServerHello.
- SendCurve: CurveP256,
- },
+ testCases = append(testCases, testCase{
+ name: "HelloRetryRequestCurveMismatch-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ // P-384 requires HelloRetryRequest in BoringSSL.
+ CurvePreferences: []CurveID{CurveP384},
+ Bugs: ProtocolBugs{
+ // Send P-384 (correct) in the HelloRetryRequest.
+ SendHelloRetryRequestCurve: CurveP384,
+ // But send P-256 in the ServerHello.
+ SendCurve: CurveP256,
},
- tls13Variant: variant,
- shouldFail: true,
- expectedError: ":WRONG_CURVE:",
- })
+ },
+ shouldFail: true,
+ expectedError: ":WRONG_CURVE:",
+ })
- // Test the server selecting a curve that requires a HelloRetryRequest
- // without sending it.
- testCases = append(testCases, testCase{
- name: "SkipHelloRetryRequest-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- // P-384 requires HelloRetryRequest in BoringSSL.
- CurvePreferences: []CurveID{CurveP384},
- Bugs: ProtocolBugs{
- SkipHelloRetryRequest: true,
- },
+ // Test the server selecting a curve that requires a HelloRetryRequest
+ // without sending it.
+ testCases = append(testCases, testCase{
+ name: "SkipHelloRetryRequest-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ // P-384 requires HelloRetryRequest in BoringSSL.
+ CurvePreferences: []CurveID{CurveP384},
+ Bugs: ProtocolBugs{
+ SkipHelloRetryRequest: true,
},
- tls13Variant: variant,
- shouldFail: true,
- expectedError: ":WRONG_CURVE:",
- })
+ },
+ shouldFail: true,
+ expectedError: ":WRONG_CURVE:",
+ })
- // Test that the supported_versions extension is enforced in the
- // second ServerHello. Note we only enforce this starting draft 28.
- if isDraft28(version.versionWire) {
- testCases = append(testCases, testCase{
- name: "SecondServerHelloNoVersion-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- // P-384 requires HelloRetryRequest in BoringSSL.
- CurvePreferences: []CurveID{CurveP384},
- Bugs: ProtocolBugs{
- OmitServerSupportedVersionExtension: true,
- },
- },
- tls13Variant: variant,
- shouldFail: true,
- expectedError: ":SECOND_SERVERHELLO_VERSION_MISMATCH:",
- })
- testCases = append(testCases, testCase{
- name: "SecondServerHelloWrongVersion-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- // P-384 requires HelloRetryRequest in BoringSSL.
- CurvePreferences: []CurveID{CurveP384},
- Bugs: ProtocolBugs{
- SendServerSupportedVersionExtension: 0x1234,
- },
- },
- tls13Variant: variant,
- shouldFail: true,
- expectedError: ":SECOND_SERVERHELLO_VERSION_MISMATCH:",
- })
- }
-
- testCases = append(testCases, testCase{
- name: "RequestContextInHandshake-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- MinVersion: VersionTLS13,
- ClientAuth: RequireAnyClientCert,
- Bugs: ProtocolBugs{
- SendRequestContext: []byte("request context"),
- },
+ testCases = append(testCases, testCase{
+ name: "SecondServerHelloNoVersion-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ // P-384 requires HelloRetryRequest in BoringSSL.
+ CurvePreferences: []CurveID{CurveP384},
+ Bugs: ProtocolBugs{
+ OmitServerSupportedVersionExtension: true,
},
- tls13Variant: variant,
- flags: []string{
- "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
- "-key-file", path.Join(*resourceDir, rsaKeyFile),
+ },
+ shouldFail: true,
+ expectedError: ":SECOND_SERVERHELLO_VERSION_MISMATCH:",
+ })
+ testCases = append(testCases, testCase{
+ name: "SecondServerHelloWrongVersion-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ // P-384 requires HelloRetryRequest in BoringSSL.
+ CurvePreferences: []CurveID{CurveP384},
+ Bugs: ProtocolBugs{
+ SendServerSupportedVersionExtension: 0x1234,
},
- shouldFail: true,
- expectedError: ":DECODE_ERROR:",
- })
+ },
+ shouldFail: true,
+ expectedError: ":SECOND_SERVERHELLO_VERSION_MISMATCH:",
+ })
- testCases = append(testCases, testCase{
- name: "UnknownExtensionInCertificateRequest-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- MinVersion: VersionTLS13,
- ClientAuth: RequireAnyClientCert,
- Bugs: ProtocolBugs{
- SendCustomCertificateRequest: 0x1212,
- },
+ testCases = append(testCases, testCase{
+ name: "RequestContextInHandshake-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ MinVersion: VersionTLS13,
+ ClientAuth: RequireAnyClientCert,
+ Bugs: ProtocolBugs{
+ SendRequestContext: []byte("request context"),
},
- tls13Variant: variant,
- flags: []string{
- "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
- "-key-file", path.Join(*resourceDir, rsaKeyFile),
+ },
+ flags: []string{
+ "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
+ "-key-file", path.Join(*resourceDir, rsaKeyFile),
+ },
+ shouldFail: true,
+ expectedError: ":DECODE_ERROR:",
+ })
+
+ testCases = append(testCases, testCase{
+ name: "UnknownExtensionInCertificateRequest-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ MinVersion: VersionTLS13,
+ ClientAuth: RequireAnyClientCert,
+ Bugs: ProtocolBugs{
+ SendCustomCertificateRequest: 0x1212,
},
- })
+ },
+ flags: []string{
+ "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
+ "-key-file", path.Join(*resourceDir, rsaKeyFile),
+ },
+ })
- testCases = append(testCases, testCase{
- name: "MissingSignatureAlgorithmsInCertificateRequest-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- MinVersion: VersionTLS13,
- ClientAuth: RequireAnyClientCert,
- Bugs: ProtocolBugs{
- OmitCertificateRequestAlgorithms: true,
- },
+ testCases = append(testCases, testCase{
+ name: "MissingSignatureAlgorithmsInCertificateRequest-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ MinVersion: VersionTLS13,
+ ClientAuth: RequireAnyClientCert,
+ Bugs: ProtocolBugs{
+ OmitCertificateRequestAlgorithms: true,
},
- tls13Variant: variant,
- flags: []string{
- "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
- "-key-file", path.Join(*resourceDir, rsaKeyFile),
- },
- shouldFail: true,
- expectedError: ":DECODE_ERROR:",
- })
+ },
+ flags: []string{
+ "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
+ "-key-file", path.Join(*resourceDir, rsaKeyFile),
+ },
+ shouldFail: true,
+ expectedError: ":DECODE_ERROR:",
+ })
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "TrailingKeyShareData-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- TrailingKeyShareData: true,
- },
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "TrailingKeyShareData-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ TrailingKeyShareData: true,
},
- tls13Variant: variant,
- shouldFail: true,
- expectedError: ":DECODE_ERROR:",
- })
+ },
+ shouldFail: true,
+ expectedError: ":DECODE_ERROR:",
+ })
- testCases = append(testCases, testCase{
- name: "AlwaysSelectPSKIdentity-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- AlwaysSelectPSKIdentity: true,
- },
+ testCases = append(testCases, testCase{
+ name: "AlwaysSelectPSKIdentity-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ AlwaysSelectPSKIdentity: true,
},
- tls13Variant: variant,
- shouldFail: true,
- expectedError: ":UNEXPECTED_EXTENSION:",
- })
+ },
+ shouldFail: true,
+ expectedError: ":UNEXPECTED_EXTENSION:",
+ })
- testCases = append(testCases, testCase{
- name: "InvalidPSKIdentity-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- SelectPSKIdentityOnResume: 1,
- },
+ testCases = append(testCases, testCase{
+ name: "InvalidPSKIdentity-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ SelectPSKIdentityOnResume: 1,
},
- tls13Variant: variant,
- resumeSession: true,
- shouldFail: true,
- expectedError: ":PSK_IDENTITY_NOT_FOUND:",
- })
+ },
+ resumeSession: true,
+ shouldFail: true,
+ expectedError: ":PSK_IDENTITY_NOT_FOUND:",
+ })
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "ExtraPSKIdentity-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- ExtraPSKIdentity: true,
- SendExtraPSKBinder: true,
- },
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "ExtraPSKIdentity-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ ExtraPSKIdentity: true,
+ SendExtraPSKBinder: true,
},
- tls13Variant: variant,
- resumeSession: true,
- })
+ },
+ resumeSession: true,
+ })
- // Test that unknown NewSessionTicket extensions are tolerated.
- testCases = append(testCases, testCase{
- name: "CustomTicketExtension-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- CustomTicketExtension: "1234",
- },
+ // Test that unknown NewSessionTicket extensions are tolerated.
+ testCases = append(testCases, testCase{
+ name: "CustomTicketExtension-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ CustomTicketExtension: "1234",
},
- tls13Variant: variant,
- })
- testCases = append(testCases, testCase{
- testType: clientTest,
- name: "EarlyData-RejectTicket-Client-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- MaxEarlyDataSize: 16384,
- Certificates: []Certificate{rsaCertificate},
- },
- resumeConfig: &Config{
- MaxVersion: VersionTLS13,
- MaxEarlyDataSize: 16384,
- Certificates: []Certificate{ecdsaP256Certificate},
- SessionTicketsDisabled: true,
- },
- tls13Variant: variant,
- resumeSession: true,
- expectResumeRejected: true,
- flags: []string{
- "-enable-early-data",
- "-expect-ticket-supports-early-data",
- "-expect-reject-early-data",
- "-on-resume-shim-writes-first",
- "-on-initial-expect-peer-cert-file", path.Join(*resourceDir, rsaCertificateFile),
- "-on-resume-expect-peer-cert-file", path.Join(*resourceDir, rsaCertificateFile),
- "-on-retry-expect-peer-cert-file", path.Join(*resourceDir, ecdsaP256CertificateFile),
- // Session tickets are disabled, so the runner will not send a ticket.
- "-on-retry-expect-no-session",
- },
- })
+ },
+ })
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "EarlyData-RejectTicket-Client-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ MaxEarlyDataSize: 16384,
+ Certificates: []Certificate{rsaCertificate},
+ },
+ resumeConfig: &Config{
+ MaxVersion: VersionTLS13,
+ MaxEarlyDataSize: 16384,
+ Certificates: []Certificate{ecdsaP256Certificate},
+ SessionTicketsDisabled: true,
+ },
+ resumeSession: true,
+ expectResumeRejected: true,
+ flags: []string{
+ "-enable-early-data",
+ "-expect-ticket-supports-early-data",
+ "-expect-reject-early-data",
+ "-on-resume-shim-writes-first",
+ "-on-initial-expect-peer-cert-file", path.Join(*resourceDir, rsaCertificateFile),
+ "-on-resume-expect-peer-cert-file", path.Join(*resourceDir, rsaCertificateFile),
+ "-on-retry-expect-peer-cert-file", path.Join(*resourceDir, ecdsaP256CertificateFile),
+ // Session tickets are disabled, so the runner will not send a ticket.
+ "-on-retry-expect-no-session",
+ },
+ })
- testCases = append(testCases, testCase{
- testType: clientTest,
- name: "EarlyData-HRR-Client-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- MaxEarlyDataSize: 16384,
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "EarlyData-HRR-Client-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ MaxEarlyDataSize: 16384,
+ },
+ resumeConfig: &Config{
+ MaxVersion: VersionTLS13,
+ MaxEarlyDataSize: 16384,
+ Bugs: ProtocolBugs{
+ SendHelloRetryRequestCookie: []byte{1, 2, 3, 4},
},
- resumeConfig: &Config{
- MaxVersion: VersionTLS13,
- MaxEarlyDataSize: 16384,
- Bugs: ProtocolBugs{
- SendHelloRetryRequestCookie: []byte{1, 2, 3, 4},
- },
- },
- tls13Variant: variant,
- resumeSession: true,
- flags: []string{
- "-enable-early-data",
- "-expect-ticket-supports-early-data",
- "-expect-reject-early-data",
- },
- })
+ },
+ resumeSession: true,
+ flags: []string{
+ "-enable-early-data",
+ "-expect-ticket-supports-early-data",
+ "-expect-reject-early-data",
+ },
+ })
- // The client must check the server does not send the early_data
- // extension while rejecting the session.
- testCases = append(testCases, testCase{
- testType: clientTest,
- name: "EarlyDataWithoutResume-Client-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- MaxEarlyDataSize: 16384,
+ // The client must check the server does not send the early_data
+ // extension while rejecting the session.
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "EarlyDataWithoutResume-Client-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ MaxEarlyDataSize: 16384,
+ },
+ resumeConfig: &Config{
+ MaxVersion: VersionTLS13,
+ SessionTicketsDisabled: true,
+ Bugs: ProtocolBugs{
+ SendEarlyDataExtension: true,
},
- resumeConfig: &Config{
- MaxVersion: VersionTLS13,
- SessionTicketsDisabled: true,
- Bugs: ProtocolBugs{
- SendEarlyDataExtension: true,
- },
- },
- tls13Variant: variant,
- resumeSession: true,
- flags: []string{
- "-enable-early-data",
- "-expect-ticket-supports-early-data",
- },
- shouldFail: true,
- expectedError: ":UNEXPECTED_EXTENSION:",
- })
+ },
+ resumeSession: true,
+ flags: []string{
+ "-enable-early-data",
+ "-expect-ticket-supports-early-data",
+ },
+ shouldFail: true,
+ expectedError: ":UNEXPECTED_EXTENSION:",
+ })
- // The client must fail with a dedicated error code if the server
- // responds with TLS 1.2 when offering 0-RTT.
- testCases = append(testCases, testCase{
- testType: clientTest,
- name: "EarlyDataVersionDowngrade-Client-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- MaxEarlyDataSize: 16384,
- },
- resumeConfig: &Config{
- MaxVersion: VersionTLS12,
- },
- tls13Variant: variant,
- resumeSession: true,
- flags: []string{
- "-enable-early-data",
- "-expect-ticket-supports-early-data",
- },
- shouldFail: true,
- expectedError: ":WRONG_VERSION_ON_EARLY_DATA:",
- })
+ // The client must fail with a dedicated error code if the server
+ // responds with TLS 1.2 when offering 0-RTT.
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "EarlyDataVersionDowngrade-Client-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ MaxEarlyDataSize: 16384,
+ },
+ resumeConfig: &Config{
+ MaxVersion: VersionTLS12,
+ },
+ resumeSession: true,
+ flags: []string{
+ "-enable-early-data",
+ "-expect-ticket-supports-early-data",
+ },
+ shouldFail: true,
+ expectedError: ":WRONG_VERSION_ON_EARLY_DATA:",
+ })
- // Test that the client rejects an (unsolicited) early_data extension if
- // the server sent an HRR.
- testCases = append(testCases, testCase{
- testType: clientTest,
- name: "ServerAcceptsEarlyDataOnHRR-Client-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- MaxEarlyDataSize: 16384,
+ // Test that the client rejects an (unsolicited) early_data extension if
+ // the server sent an HRR.
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "ServerAcceptsEarlyDataOnHRR-Client-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ MaxEarlyDataSize: 16384,
+ },
+ resumeConfig: &Config{
+ MaxVersion: VersionTLS13,
+ MaxEarlyDataSize: 16384,
+ Bugs: ProtocolBugs{
+ SendHelloRetryRequestCookie: []byte{1, 2, 3, 4},
+ SendEarlyDataExtension: true,
},
- resumeConfig: &Config{
- MaxVersion: VersionTLS13,
- MaxEarlyDataSize: 16384,
- Bugs: ProtocolBugs{
- SendHelloRetryRequestCookie: []byte{1, 2, 3, 4},
- SendEarlyDataExtension: true,
- },
- },
- tls13Variant: variant,
- resumeSession: true,
- flags: []string{
- "-enable-early-data",
- "-expect-ticket-supports-early-data",
- "-expect-reject-early-data",
- },
- shouldFail: true,
- expectedError: ":UNEXPECTED_EXTENSION:",
- })
+ },
+ resumeSession: true,
+ flags: []string{
+ "-enable-early-data",
+ "-expect-ticket-supports-early-data",
+ "-expect-reject-early-data",
+ },
+ shouldFail: true,
+ expectedError: ":UNEXPECTED_EXTENSION:",
+ })
- testCases = append(testCases, testCase{
- testType: clientTest,
- name: "SkipChangeCipherSpec-Client-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- SkipChangeCipherSpec: true,
- },
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "SkipChangeCipherSpec-Client-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ SkipChangeCipherSpec: true,
},
- tls13Variant: variant,
- })
+ },
+ })
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "SkipChangeCipherSpec-Server-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- SkipChangeCipherSpec: true,
- },
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "SkipChangeCipherSpec-Server-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ SkipChangeCipherSpec: true,
},
- tls13Variant: variant,
- })
+ },
+ })
- testCases = append(testCases, testCase{
- testType: clientTest,
- name: "TooManyChangeCipherSpec-Client-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- SendExtraChangeCipherSpec: 33,
- },
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "TooManyChangeCipherSpec-Client-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ SendExtraChangeCipherSpec: 33,
},
- tls13Variant: variant,
- shouldFail: true,
- expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
- })
+ },
+ shouldFail: true,
+ expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
+ })
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "TooManyChangeCipherSpec-Server-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- SendExtraChangeCipherSpec: 33,
- },
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "TooManyChangeCipherSpec-Server-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ SendExtraChangeCipherSpec: 33,
},
- tls13Variant: variant,
- shouldFail: true,
- expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
- })
+ },
+ shouldFail: true,
+ expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
+ })
- testCases = append(testCases, testCase{
- name: "SendPostHandshakeChangeCipherSpec-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- SendPostHandshakeChangeCipherSpec: true,
- },
+ testCases = append(testCases, testCase{
+ name: "SendPostHandshakeChangeCipherSpec-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ SendPostHandshakeChangeCipherSpec: true,
},
- tls13Variant: variant,
- shouldFail: true,
- expectedError: ":UNEXPECTED_RECORD:",
- expectedLocalError: "remote error: unexpected message",
- })
+ },
+ shouldFail: true,
+ expectedError: ":UNEXPECTED_RECORD:",
+ expectedLocalError: "remote error: unexpected message",
+ })
- fooString := "foo"
- barString := "bar"
+ fooString := "foo"
+ barString := "bar"
- // Test that the client reports the correct ALPN after a 0-RTT reject
- // that changed it.
- testCases = append(testCases, testCase{
- testType: clientTest,
- name: "EarlyData-ALPNMismatch-Client-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- MaxEarlyDataSize: 16384,
- Bugs: ProtocolBugs{
- ALPNProtocol: &fooString,
- },
+ // Test that the client reports the correct ALPN after a 0-RTT reject
+ // that changed it.
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "EarlyData-ALPNMismatch-Client-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ MaxEarlyDataSize: 16384,
+ Bugs: ProtocolBugs{
+ ALPNProtocol: &fooString,
},
- resumeConfig: &Config{
- MaxVersion: VersionTLS13,
- MaxEarlyDataSize: 16384,
- Bugs: ProtocolBugs{
- ALPNProtocol: &barString,
- },
- },
- tls13Variant: variant,
- resumeSession: true,
- flags: []string{
- "-advertise-alpn", "\x03foo\x03bar",
- "-enable-early-data",
- "-expect-ticket-supports-early-data",
- "-expect-reject-early-data",
- "-on-initial-expect-alpn", "foo",
- "-on-resume-expect-alpn", "foo",
- "-on-retry-expect-alpn", "bar",
+ },
+ resumeConfig: &Config{
+ MaxVersion: VersionTLS13,
+ MaxEarlyDataSize: 16384,
+ Bugs: ProtocolBugs{
+ ALPNProtocol: &barString,
},
- })
+ },
+ resumeSession: true,
+ flags: []string{
+ "-advertise-alpn", "\x03foo\x03bar",
+ "-enable-early-data",
+ "-expect-ticket-supports-early-data",
+ "-expect-reject-early-data",
+ "-on-initial-expect-alpn", "foo",
+ "-on-resume-expect-alpn", "foo",
+ "-on-retry-expect-alpn", "bar",
+ },
+ })
- // Test that the client reports the correct ALPN after a 0-RTT reject if
- // ALPN was omitted from the first connection.
- testCases = append(testCases, testCase{
- testType: clientTest,
- name: "EarlyData-ALPNOmitted1-Client-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- MaxEarlyDataSize: 16384,
- },
- resumeConfig: &Config{
- MaxVersion: VersionTLS13,
- MaxEarlyDataSize: 16384,
- NextProtos: []string{"foo"},
- },
- tls13Variant: variant,
- resumeSession: true,
- flags: []string{
- "-advertise-alpn", "\x03foo\x03bar",
- "-enable-early-data",
- "-expect-ticket-supports-early-data",
- "-expect-reject-early-data",
- "-on-initial-expect-alpn", "",
- "-on-resume-expect-alpn", "",
- "-on-retry-expect-alpn", "foo",
- "-on-resume-shim-writes-first",
- },
- })
+ // Test that the client reports the correct ALPN after a 0-RTT reject if
+ // ALPN was omitted from the first connection.
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "EarlyData-ALPNOmitted1-Client-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ MaxEarlyDataSize: 16384,
+ },
+ resumeConfig: &Config{
+ MaxVersion: VersionTLS13,
+ MaxEarlyDataSize: 16384,
+ NextProtos: []string{"foo"},
+ },
+ resumeSession: true,
+ flags: []string{
+ "-advertise-alpn", "\x03foo\x03bar",
+ "-enable-early-data",
+ "-expect-ticket-supports-early-data",
+ "-expect-reject-early-data",
+ "-on-initial-expect-alpn", "",
+ "-on-resume-expect-alpn", "",
+ "-on-retry-expect-alpn", "foo",
+ "-on-resume-shim-writes-first",
+ },
+ })
+
+ // Test that the client reports the correct ALPN after a 0-RTT reject if
+ // ALPN was omitted from the second connection.
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "EarlyData-ALPNOmitted2-Client-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ MaxEarlyDataSize: 16384,
+ NextProtos: []string{"foo"},
+ },
+ resumeConfig: &Config{
+ MaxVersion: VersionTLS13,
+ MaxEarlyDataSize: 16384,
+ },
+ resumeSession: true,
+ flags: []string{
+ "-advertise-alpn", "\x03foo\x03bar",
+ "-enable-early-data",
+ "-expect-ticket-supports-early-data",
+ "-expect-reject-early-data",
+ "-on-initial-expect-alpn", "foo",
+ "-on-resume-expect-alpn", "foo",
+ "-on-retry-expect-alpn", "",
+ "-on-resume-shim-writes-first",
+ },
+ })
- // Test that the client reports the correct ALPN after a 0-RTT reject if
- // ALPN was omitted from the second connection.
- testCases = append(testCases, testCase{
- testType: clientTest,
- name: "EarlyData-ALPNOmitted2-Client-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- MaxEarlyDataSize: 16384,
- NextProtos: []string{"foo"},
+ // Test that the client enforces ALPN match on 0-RTT accept.
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "EarlyData-BadALPNMismatch-Client-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ MaxEarlyDataSize: 16384,
+ Bugs: ProtocolBugs{
+ ALPNProtocol: &fooString,
},
- resumeConfig: &Config{
- MaxVersion: VersionTLS13,
- MaxEarlyDataSize: 16384,
- },
- tls13Variant: variant,
- resumeSession: true,
- flags: []string{
- "-advertise-alpn", "\x03foo\x03bar",
- "-enable-early-data",
- "-expect-ticket-supports-early-data",
- "-expect-reject-early-data",
- "-on-initial-expect-alpn", "foo",
- "-on-resume-expect-alpn", "foo",
- "-on-retry-expect-alpn", "",
- "-on-resume-shim-writes-first",
+ },
+ resumeConfig: &Config{
+ MaxVersion: VersionTLS13,
+ MaxEarlyDataSize: 16384,
+ Bugs: ProtocolBugs{
+ AlwaysAcceptEarlyData: true,
+ ALPNProtocol: &barString,
},
- })
+ },
+ resumeSession: true,
+ flags: []string{
+ "-advertise-alpn", "\x03foo\x03bar",
+ "-enable-early-data",
+ "-expect-ticket-supports-early-data",
+ "-on-initial-expect-alpn", "foo",
+ "-on-resume-expect-alpn", "foo",
+ "-on-retry-expect-alpn", "bar",
+ },
+ shouldFail: true,
+ expectedError: ":ALPN_MISMATCH_ON_EARLY_DATA:",
+ })
- // Test that the client enforces ALPN match on 0-RTT accept.
- testCases = append(testCases, testCase{
- testType: clientTest,
- name: "EarlyData-BadALPNMismatch-Client-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- MaxEarlyDataSize: 16384,
- Bugs: ProtocolBugs{
- ALPNProtocol: &fooString,
- },
- },
- resumeConfig: &Config{
- MaxVersion: VersionTLS13,
- MaxEarlyDataSize: 16384,
- Bugs: ProtocolBugs{
- AlwaysAcceptEarlyData: true,
- ALPNProtocol: &barString,
- },
- },
- tls13Variant: variant,
- resumeSession: true,
- flags: []string{
- "-advertise-alpn", "\x03foo\x03bar",
- "-enable-early-data",
- "-expect-ticket-supports-early-data",
- "-on-initial-expect-alpn", "foo",
- "-on-resume-expect-alpn", "foo",
- "-on-retry-expect-alpn", "bar",
- },
- shouldFail: true,
- expectedError: ":ALPN_MISMATCH_ON_EARLY_DATA:",
- })
+ // Test that the client does not offer early data if it is incompatible
+ // with ALPN preferences.
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "EarlyData-ALPNPreferenceChanged-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ MaxEarlyDataSize: 16384,
+ NextProtos: []string{"foo", "bar"},
+ },
+ resumeSession: true,
+ flags: []string{
+ "-enable-early-data",
+ "-expect-ticket-supports-early-data",
+ "-expect-no-offer-early-data",
+ "-on-initial-advertise-alpn", "\x03foo",
+ "-on-resume-advertise-alpn", "\x03bar",
+ "-on-initial-expect-alpn", "foo",
+ "-on-resume-expect-alpn", "bar",
+ },
+ })
- // Test that the client does not offer early data if it is incompatible
- // with ALPN preferences.
- testCases = append(testCases, testCase{
- testType: clientTest,
- name: "EarlyData-ALPNPreferenceChanged-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- MaxEarlyDataSize: 16384,
- NextProtos: []string{"foo", "bar"},
+ // Test that the server correctly rejects 0-RTT when the previous
+ // session did not allow early data on resumption.
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "EarlyData-NonZeroRTTSession-Server-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ },
+ resumeConfig: &Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ SendEarlyData: [][]byte{{1, 2, 3, 4}},
+ ExpectEarlyDataAccepted: false,
},
- tls13Variant: variant,
- resumeSession: true,
- flags: []string{
- "-enable-early-data",
- "-expect-ticket-supports-early-data",
- "-expect-no-offer-early-data",
- "-on-initial-advertise-alpn", "\x03foo",
- "-on-resume-advertise-alpn", "\x03bar",
- "-on-initial-expect-alpn", "foo",
- "-on-resume-expect-alpn", "bar",
- },
- })
+ },
+ resumeSession: true,
+ flags: []string{
+ "-on-resume-enable-early-data",
+ "-expect-reject-early-data",
+ },
+ })
- // Test that the server correctly rejects 0-RTT when the previous
- // session did not allow early data on resumption.
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "EarlyData-NonZeroRTTSession-Server-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
+ // Test that we reject early data where ALPN is omitted from the first
+ // connection.
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "EarlyData-ALPNOmitted1-Server-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ NextProtos: []string{},
+ },
+ resumeConfig: &Config{
+ MaxVersion: VersionTLS13,
+ NextProtos: []string{"foo"},
+ Bugs: ProtocolBugs{
+ SendEarlyData: [][]byte{{1, 2, 3, 4}},
+ ExpectEarlyDataAccepted: false,
},
- resumeConfig: &Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- SendEarlyData: [][]byte{{1, 2, 3, 4}},
- ExpectEarlyDataAccepted: false,
- },
- },
- tls13Variant: variant,
- resumeSession: true,
- flags: []string{
- "-on-resume-enable-early-data",
- "-expect-reject-early-data",
- },
- })
+ },
+ resumeSession: true,
+ flags: []string{
+ "-enable-early-data",
+ "-on-initial-select-alpn", "",
+ "-on-resume-select-alpn", "foo",
+ },
+ })
- // Test that we reject early data where ALPN is omitted from the first
- // connection.
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "EarlyData-ALPNOmitted1-Server-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- NextProtos: []string{},
+ // Test that we reject early data where ALPN is omitted from the second
+ // connection.
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "EarlyData-ALPNOmitted2-Server-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ NextProtos: []string{"foo"},
+ },
+ resumeConfig: &Config{
+ MaxVersion: VersionTLS13,
+ NextProtos: []string{},
+ Bugs: ProtocolBugs{
+ SendEarlyData: [][]byte{{1, 2, 3, 4}},
+ ExpectEarlyDataAccepted: false,
},
- resumeConfig: &Config{
- MaxVersion: VersionTLS13,
- NextProtos: []string{"foo"},
- Bugs: ProtocolBugs{
- SendEarlyData: [][]byte{{1, 2, 3, 4}},
- ExpectEarlyDataAccepted: false,
- },
- },
- tls13Variant: variant,
- resumeSession: true,
- flags: []string{
- "-enable-early-data",
- "-on-initial-select-alpn", "",
- "-on-resume-select-alpn", "foo",
- },
- })
+ },
+ resumeSession: true,
+ flags: []string{
+ "-enable-early-data",
+ "-on-initial-select-alpn", "foo",
+ "-on-resume-select-alpn", "",
+ },
+ })
- // Test that we reject early data where ALPN is omitted from the second
- // connection.
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "EarlyData-ALPNOmitted2-Server-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- NextProtos: []string{"foo"},
+ // Test that we reject early data with mismatched ALPN.
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "EarlyData-ALPNMismatch-Server-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ NextProtos: []string{"foo"},
+ },
+ resumeConfig: &Config{
+ MaxVersion: VersionTLS13,
+ NextProtos: []string{"bar"},
+ Bugs: ProtocolBugs{
+ SendEarlyData: [][]byte{{1, 2, 3, 4}},
+ ExpectEarlyDataAccepted: false,
},
- resumeConfig: &Config{
- MaxVersion: VersionTLS13,
- NextProtos: []string{},
- Bugs: ProtocolBugs{
- SendEarlyData: [][]byte{{1, 2, 3, 4}},
- ExpectEarlyDataAccepted: false,
- },
- },
- tls13Variant: variant,
- resumeSession: true,
- flags: []string{
- "-enable-early-data",
- "-on-initial-select-alpn", "foo",
- "-on-resume-select-alpn", "",
- },
- })
+ },
+ resumeSession: true,
+ flags: []string{
+ "-enable-early-data",
+ "-on-initial-select-alpn", "foo",
+ "-on-resume-select-alpn", "bar",
+ },
+ })
- // Test that we reject early data with mismatched ALPN.
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "EarlyData-ALPNMismatch-Server-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- NextProtos: []string{"foo"},
- },
- resumeConfig: &Config{
- MaxVersion: VersionTLS13,
- NextProtos: []string{"bar"},
- Bugs: ProtocolBugs{
- SendEarlyData: [][]byte{{1, 2, 3, 4}},
- ExpectEarlyDataAccepted: false,
- },
- },
- tls13Variant: variant,
- resumeSession: true,
- flags: []string{
- "-enable-early-data",
- "-on-initial-select-alpn", "foo",
- "-on-resume-select-alpn", "bar",
- },
- })
+ // Test that the client offering 0-RTT and Channel ID forbids the server
+ // from accepting both.
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "EarlyDataChannelID-AcceptBoth-Client-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ MaxEarlyDataSize: 16384,
+ RequestChannelID: true,
+ },
+ resumeSession: true,
+ expectChannelID: true,
+ shouldFail: true,
+ expectedError: ":UNEXPECTED_EXTENSION_ON_EARLY_DATA:",
+ flags: []string{
+ "-enable-early-data",
+ "-expect-ticket-supports-early-data",
+ "-send-channel-id", path.Join(*resourceDir, channelIDKeyFile),
+ },
+ })
- // Test that the client offering 0-RTT and Channel ID forbids the server
- // from accepting both.
- testCases = append(testCases, testCase{
- testType: clientTest,
- name: "EarlyDataChannelID-AcceptBoth-Client-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- MaxEarlyDataSize: 16384,
- RequestChannelID: true,
+ // Test that the client offering Channel ID and 0-RTT allows the server
+ // to decline 0-RTT.
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "EarlyDataChannelID-AcceptChannelID-Client-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ MaxEarlyDataSize: 16384,
+ RequestChannelID: true,
+ Bugs: ProtocolBugs{
+ AlwaysRejectEarlyData: true,
},
- tls13Variant: variant,
- resumeSession: true,
- expectChannelID: true,
- shouldFail: true,
- expectedError: ":UNEXPECTED_EXTENSION_ON_EARLY_DATA:",
- flags: []string{
- "-enable-early-data",
- "-expect-ticket-supports-early-data",
- "-send-channel-id", path.Join(*resourceDir, channelIDKeyFile),
- },
- })
+ },
+ resumeSession: true,
+ expectChannelID: true,
+ flags: []string{
+ "-enable-early-data",
+ "-expect-ticket-supports-early-data",
+ "-send-channel-id", path.Join(*resourceDir, channelIDKeyFile),
+ "-expect-reject-early-data",
+ },
+ })
- // Test that the client offering Channel ID and 0-RTT allows the server
- // to decline 0-RTT.
- testCases = append(testCases, testCase{
- testType: clientTest,
- name: "EarlyDataChannelID-AcceptChannelID-Client-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- MaxEarlyDataSize: 16384,
- RequestChannelID: true,
- Bugs: ProtocolBugs{
- AlwaysRejectEarlyData: true,
- },
- },
- tls13Variant: variant,
- resumeSession: true,
- expectChannelID: true,
- flags: []string{
- "-enable-early-data",
- "-expect-ticket-supports-early-data",
- "-send-channel-id", path.Join(*resourceDir, channelIDKeyFile),
- "-expect-reject-early-data",
- },
- })
+ // Test that the client offering Channel ID and 0-RTT allows the server
+ // to decline Channel ID.
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "EarlyDataChannelID-AcceptEarlyData-Client-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ MaxEarlyDataSize: 16384,
+ },
+ resumeSession: true,
+ flags: []string{
+ "-enable-early-data",
+ "-expect-ticket-supports-early-data",
+ "-send-channel-id", path.Join(*resourceDir, channelIDKeyFile),
+ "-expect-accept-early-data",
+ },
+ })
- // Test that the client offering Channel ID and 0-RTT allows the server
- // to decline Channel ID.
- testCases = append(testCases, testCase{
- testType: clientTest,
- name: "EarlyDataChannelID-AcceptEarlyData-Client-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- MaxEarlyDataSize: 16384,
- },
- tls13Variant: variant,
- resumeSession: true,
- flags: []string{
- "-enable-early-data",
- "-expect-ticket-supports-early-data",
- "-send-channel-id", path.Join(*resourceDir, channelIDKeyFile),
- "-expect-accept-early-data",
+ // Test that the server supporting Channel ID and 0-RTT declines 0-RTT
+ // if it would negotiate Channel ID.
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "EarlyDataChannelID-OfferBoth-Server-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ ChannelID: channelIDKey,
+ Bugs: ProtocolBugs{
+ SendEarlyData: [][]byte{{1, 2, 3, 4}},
+ ExpectEarlyDataAccepted: false,
},
- })
+ },
+ resumeSession: true,
+ expectChannelID: true,
+ flags: []string{
+ "-enable-early-data",
+ "-expect-reject-early-data",
+ "-expect-channel-id",
+ base64.StdEncoding.EncodeToString(channelIDBytes),
+ },
+ })
- // Test that the server supporting Channel ID and 0-RTT declines 0-RTT
- // if it would negotiate Channel ID.
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "EarlyDataChannelID-OfferBoth-Server-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- ChannelID: channelIDKey,
- Bugs: ProtocolBugs{
- SendEarlyData: [][]byte{{1, 2, 3, 4}},
- ExpectEarlyDataAccepted: false,
- },
- },
- tls13Variant: variant,
- resumeSession: true,
- expectChannelID: true,
- flags: []string{
- "-enable-early-data",
- "-expect-reject-early-data",
- "-expect-channel-id",
- base64.StdEncoding.EncodeToString(channelIDBytes),
+ // Test that the server supporting Channel ID and 0-RTT accepts 0-RTT
+ // if not offered Channel ID.
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "EarlyDataChannelID-OfferEarlyData-Server-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ SendEarlyData: [][]byte{{1, 2, 3, 4}},
+ ExpectEarlyDataAccepted: true,
+ ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}},
},
- })
+ },
+ resumeSession: true,
+ expectChannelID: false,
+ flags: []string{
+ "-enable-early-data",
+ "-expect-accept-early-data",
+ "-enable-channel-id",
+ },
+ })
- // Test that the server supporting Channel ID and 0-RTT accepts 0-RTT
- // if not offered Channel ID.
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "EarlyDataChannelID-OfferEarlyData-Server-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- SendEarlyData: [][]byte{{1, 2, 3, 4}},
- ExpectEarlyDataAccepted: true,
- ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}},
- },
- },
- tls13Variant: variant,
- resumeSession: true,
- expectChannelID: false,
- flags: []string{
- "-enable-early-data",
- "-expect-accept-early-data",
- "-enable-channel-id",
+ // Test that the server rejects 0-RTT streams without end_of_early_data.
+ // The subsequent records should fail to decrypt.
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "EarlyData-SkipEndOfEarlyData-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ SendEarlyData: [][]byte{{1, 2, 3, 4}},
+ ExpectEarlyDataAccepted: true,
+ SkipEndOfEarlyData: true,
},
- })
+ },
+ resumeSession: true,
+ flags: []string{"-enable-early-data"},
+ shouldFail: true,
+ expectedLocalError: "remote error: bad record MAC",
+ expectedError: ":BAD_DECRYPT:",
+ })
- // Test that the server rejects 0-RTT streams without end_of_early_data.
- // The subsequent records should fail to decrypt.
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "EarlyData-SkipEndOfEarlyData-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- SendEarlyData: [][]byte{{1, 2, 3, 4}},
- ExpectEarlyDataAccepted: true,
- SkipEndOfEarlyData: true,
- },
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "EarlyData-UnexpectedHandshake-Server-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ },
+ resumeConfig: &Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ SendEarlyData: [][]byte{{1, 2, 3, 4}},
+ SendStrayEarlyHandshake: true,
+ ExpectEarlyDataAccepted: true,
},
- tls13Variant: variant,
- resumeSession: true,
- flags: []string{"-enable-early-data"},
- shouldFail: true,
- expectedLocalError: "remote error: bad record MAC",
- expectedError: ":BAD_DECRYPT:",
- })
+ },
+ resumeSession: true,
+ shouldFail: true,
+ expectedError: ":UNEXPECTED_MESSAGE:",
+ expectedLocalError: "remote error: unexpected message",
+ flags: []string{
+ "-enable-early-data",
+ },
+ })
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "EarlyData-UnexpectedHandshake-Server-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- },
- resumeConfig: &Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- SendEarlyData: [][]byte{{1, 2, 3, 4}},
- SendStrayEarlyHandshake: true,
- ExpectEarlyDataAccepted: true,
- },
- },
- tls13Variant: variant,
- resumeSession: true,
- shouldFail: true,
- expectedError: ":UNEXPECTED_MESSAGE:",
- expectedLocalError: "remote error: unexpected message",
- flags: []string{
- "-enable-early-data",
- },
- })
+ // Test that the client reports TLS 1.3 as the version while sending
+ // early data.
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "EarlyData-Client-VersionAPI-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ MaxEarlyDataSize: 16384,
+ },
+ resumeSession: true,
+ flags: []string{
+ "-enable-early-data",
+ "-expect-ticket-supports-early-data",
+ "-expect-accept-early-data",
+ "-expect-version", strconv.Itoa(VersionTLS13),
+ },
+ })
- // Test that the client reports TLS 1.3 as the version while sending
- // early data.
- testCases = append(testCases, testCase{
- testType: clientTest,
- name: "EarlyData-Client-VersionAPI-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- MaxEarlyDataSize: 16384,
+ // Test that client and server both notice handshake errors after data
+ // has started flowing.
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "EarlyData-Client-BadFinished-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ MaxEarlyDataSize: 16384,
+ },
+ resumeConfig: &Config{
+ MaxVersion: VersionTLS13,
+ MaxEarlyDataSize: 16384,
+ Bugs: ProtocolBugs{
+ BadFinished: true,
},
- tls13Variant: variant,
- resumeSession: true,
- flags: []string{
- "-enable-early-data",
- "-expect-ticket-supports-early-data",
- "-expect-accept-early-data",
- "-expect-version", strconv.Itoa(VersionTLS13),
+ },
+ resumeSession: true,
+ flags: []string{
+ "-enable-early-data",
+ "-expect-ticket-supports-early-data",
+ "-expect-accept-early-data",
+ },
+ shouldFail: true,
+ expectedError: ":DIGEST_CHECK_FAILED:",
+ expectedLocalError: "remote error: error decrypting message",
+ })
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "EarlyData-Server-BadFinished-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ },
+ resumeConfig: &Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ SendEarlyData: [][]byte{{1, 2, 3, 4}},
+ ExpectEarlyDataAccepted: true,
+ ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}},
+ BadFinished: true,
},
- })
+ },
+ resumeSession: true,
+ flags: []string{
+ "-enable-early-data",
+ "-expect-accept-early-data",
+ },
+ shouldFail: true,
+ expectedError: ":DIGEST_CHECK_FAILED:",
+ expectedLocalError: "remote error: error decrypting message",
+ })
- // Test that client and server both notice handshake errors after data
- // has started flowing.
- testCases = append(testCases, testCase{
- testType: clientTest,
- name: "EarlyData-Client-BadFinished-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- MaxEarlyDataSize: 16384,
- },
- resumeConfig: &Config{
- MaxVersion: VersionTLS13,
- MaxEarlyDataSize: 16384,
- Bugs: ProtocolBugs{
- BadFinished: true,
- },
- },
- tls13Variant: variant,
- resumeSession: true,
- flags: []string{
- "-enable-early-data",
- "-expect-ticket-supports-early-data",
- "-expect-accept-early-data",
- },
- shouldFail: true,
- expectedError: ":DIGEST_CHECK_FAILED:",
- expectedLocalError: "remote error: error decrypting message",
- })
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "EarlyData-Server-BadFinished-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
- },
- resumeConfig: &Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- SendEarlyData: [][]byte{{1, 2, 3, 4}},
- ExpectEarlyDataAccepted: true,
- ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}},
- BadFinished: true,
- },
- },
- tls13Variant: variant,
- resumeSession: true,
- flags: []string{
- "-enable-early-data",
- "-expect-accept-early-data",
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "Server-NonEmptyEndOfEarlyData-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ },
+ resumeConfig: &Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ SendEarlyData: [][]byte{{1, 2, 3, 4}},
+ ExpectEarlyDataAccepted: true,
+ NonEmptyEndOfEarlyData: true,
},
- shouldFail: true,
- expectedError: ":DIGEST_CHECK_FAILED:",
- expectedLocalError: "remote error: error decrypting message",
- })
+ },
+ resumeSession: true,
+ flags: []string{
+ "-enable-early-data",
+ "-expect-ticket-supports-early-data",
+ "-expect-accept-early-data",
+ },
+ shouldFail: true,
+ expectedError: ":DECODE_ERROR:",
+ })
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "Server-NonEmptyEndOfEarlyData-" + name,
- config: Config{
- MaxVersion: VersionTLS13,
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "ServerSkipCertificateVerify-TLS13",
+ config: Config{
+ MinVersion: VersionTLS13,
+ MaxVersion: VersionTLS13,
+ Certificates: []Certificate{rsaChainCertificate},
+ Bugs: ProtocolBugs{
+ SkipCertificateVerify: true,
},
- resumeConfig: &Config{
- MaxVersion: VersionTLS13,
- Bugs: ProtocolBugs{
- SendEarlyData: [][]byte{{1, 2, 3, 4}},
- ExpectEarlyDataAccepted: true,
- NonEmptyEndOfEarlyData: true,
- },
+ },
+ expectPeerCertificate: &rsaChainCertificate,
+ flags: []string{
+ "-cert-file", path.Join(*resourceDir, rsaChainCertificateFile),
+ "-key-file", path.Join(*resourceDir, rsaChainKeyFile),
+ "-require-any-client-certificate",
+ },
+ shouldFail: true,
+ expectedError: ":UNEXPECTED_MESSAGE:",
+ expectedLocalError: "remote error: unexpected message",
+ })
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "ClientSkipCertificateVerify-TLS13",
+ config: Config{
+ MinVersion: VersionTLS13,
+ MaxVersion: VersionTLS13,
+ Certificates: []Certificate{rsaChainCertificate},
+ Bugs: ProtocolBugs{
+ SkipCertificateVerify: true,
},
- resumeSession: true,
- flags: []string{
- "-enable-early-data",
- "-expect-ticket-supports-early-data",
- "-expect-accept-early-data",
- },
- tls13Variant: variant,
- shouldFail: true,
- expectedError: ":DECODE_ERROR:",
- })
+ },
+ expectPeerCertificate: &rsaChainCertificate,
+ flags: []string{
+ "-cert-file", path.Join(*resourceDir, rsaChainCertificateFile),
+ "-key-file", path.Join(*resourceDir, rsaChainKeyFile),
+ },
+ shouldFail: true,
+ expectedError: ":UNEXPECTED_MESSAGE:",
+ expectedLocalError: "remote error: unexpected message",
+ })
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "ServerSkipCertificateVerify-" + name,
- config: Config{
- MinVersion: VersionTLS13,
- MaxVersion: VersionTLS13,
- Certificates: []Certificate{rsaChainCertificate},
- Bugs: ProtocolBugs{
- SkipCertificateVerify: true,
- },
- },
- tls13Variant: variant,
- expectPeerCertificate: &rsaChainCertificate,
- flags: []string{
- "-cert-file", path.Join(*resourceDir, rsaChainCertificateFile),
- "-key-file", path.Join(*resourceDir, rsaChainKeyFile),
- "-require-any-client-certificate",
- },
- shouldFail: true,
- expectedError: ":UNEXPECTED_MESSAGE:",
- expectedLocalError: "remote error: unexpected message",
- })
- testCases = append(testCases, testCase{
- testType: clientTest,
- name: "ClientSkipCertificateVerify-" + name,
- config: Config{
- MinVersion: VersionTLS13,
- MaxVersion: VersionTLS13,
- Certificates: []Certificate{rsaChainCertificate},
- Bugs: ProtocolBugs{
- SkipCertificateVerify: true,
- },
- },
- tls13Variant: variant,
- expectPeerCertificate: &rsaChainCertificate,
- flags: []string{
- "-cert-file", path.Join(*resourceDir, rsaChainCertificateFile),
- "-key-file", path.Join(*resourceDir, rsaChainKeyFile),
- },
- shouldFail: true,
- expectedError: ":UNEXPECTED_MESSAGE:",
- expectedLocalError: "remote error: unexpected message",
- })
- }
}
func addTLS13CipherPreferenceTests() {
@@ -14192,7 +13736,6 @@
SendRecordVersion: 0x03ff,
},
},
- tls13Variant: ver.tls13Variant,
shouldFail: true,
expectedError: ":WRONG_VERSION_NUMBER:",
})
@@ -14209,7 +13752,6 @@
SendInitialRecordVersion: 0x03ff,
},
},
- tls13Variant: ver.tls13Variant,
})
// Test that garbage ClientHello record versions are rejected.
@@ -14223,7 +13765,6 @@
SendInitialRecordVersion: 0xffff,
},
},
- tls13Variant: ver.tls13Variant,
shouldFail: true,
expectedError: ":WRONG_VERSION_NUMBER:",
})
@@ -14243,7 +13784,6 @@
Certificates: []Certificate{rsaChainCertificate},
ClientAuth: RequireAnyClientCert,
},
- tls13Variant: ver.tls13Variant,
expectPeerCertificate: &rsaChainCertificate,
flags: []string{
"-cert-file", path.Join(*resourceDir, rsaChainCertificateFile),
@@ -14260,7 +13800,6 @@
MaxVersion: ver.version,
Certificates: []Certificate{rsaChainCertificate},
},
- tls13Variant: ver.tls13Variant,
expectPeerCertificate: &rsaChainCertificate,
flags: []string{
"-cert-file", path.Join(*resourceDir, rsaChainCertificateFile),
@@ -14279,7 +13818,6 @@
MaxVersion: ver.version,
Certificates: []Certificate{garbageCertificate},
},
- tls13Variant: ver.tls13Variant,
shouldFail: true,
expectedError: ":CANNOT_PARSE_LEAF_CERT:",
expectedLocalError: "remote error: error decoding message",
@@ -14293,7 +13831,6 @@
MaxVersion: ver.version,
Certificates: []Certificate{garbageCertificate},
},
- tls13Variant: ver.tls13Variant,
flags: []string{"-require-any-client-certificate"},
shouldFail: true,
expectedError: ":CANNOT_PARSE_LEAF_CERT:",
@@ -14314,7 +13851,6 @@
MinVersion: ver.version,
MaxVersion: ver.version,
},
- tls13Variant: ver.tls13Variant,
flags: []string{
"-on-initial-retain-only-sha256-client-cert",
"-on-resume-retain-only-sha256-client-cert",
@@ -14332,7 +13868,6 @@
MaxVersion: ver.version,
Certificates: []Certificate{rsaCertificate},
},
- tls13Variant: ver.tls13Variant,
flags: []string{
"-verify-peer",
"-on-initial-retain-only-sha256-client-cert",
@@ -14354,7 +13889,6 @@
MaxVersion: ver.version,
Certificates: []Certificate{rsaCertificate},
},
- tls13Variant: ver.tls13Variant,
flags: []string{
"-verify-peer",
"-on-initial-retain-only-sha256-client-cert",
@@ -14375,7 +13909,6 @@
MaxVersion: ver.version,
Certificates: []Certificate{rsaCertificate},
},
- tls13Variant: ver.tls13Variant,
flags: []string{
"-verify-peer",
"-on-resume-retain-only-sha256-client-cert",
@@ -14438,7 +13971,6 @@
MaxVersion: ver.version,
Certificates: []Certificate{cert},
},
- tls13Variant: ver.tls13Variant,
shouldFail: true,
expectedError: ":ECC_CERT_NOT_FOR_SIGNING:",
})
@@ -14692,9 +14224,8 @@
// Duplicate compression algorithms is an error, even if nothing is
// configured.
testCases = append(testCases, testCase{
- testType: serverTest,
- name: "DuplicateCertCompressionExt-" + ver.name,
- tls13Variant: ver.tls13Variant,
+ testType: serverTest,
+ name: "DuplicateCertCompressionExt-" + ver.name,
config: Config{
MinVersion: ver.version,
MaxVersion: ver.version,
@@ -14709,10 +14240,9 @@
// With compression algorithms configured, an duplicate values should still
// be an error.
testCases = append(testCases, testCase{
- testType: serverTest,
- name: "DuplicateCertCompressionExt2-" + ver.name,
- tls13Variant: ver.tls13Variant,
- flags: []string{"-install-cert-compression-algs"},
+ testType: serverTest,
+ name: "DuplicateCertCompressionExt2-" + ver.name,
+ flags: []string{"-install-cert-compression-algs"},
config: Config{
MinVersion: ver.version,
MaxVersion: ver.version,
@@ -14740,10 +14270,9 @@
}
testCases = append(testCases, testCase{
- testType: serverTest,
- name: "CertCompressionExpands-" + ver.name,
- tls13Variant: ver.tls13Variant,
- flags: []string{"-install-cert-compression-algs"},
+ testType: serverTest,
+ name: "CertCompressionExpands-" + ver.name,
+ flags: []string{"-install-cert-compression-algs"},
config: Config{
MinVersion: ver.version,
MaxVersion: ver.version,
@@ -14755,10 +14284,9 @@
})
testCases = append(testCases, testCase{
- testType: serverTest,
- name: "CertCompressionShrinks-" + ver.name,
- tls13Variant: ver.tls13Variant,
- flags: []string{"-install-cert-compression-algs"},
+ testType: serverTest,
+ name: "CertCompressionShrinks-" + ver.name,
+ flags: []string{"-install-cert-compression-algs"},
config: Config{
MinVersion: ver.version,
MaxVersion: ver.version,
@@ -14772,10 +14300,9 @@
// With both algorithms configured, the server should pick its most
// preferable. (Which is expandingAlgId.)
testCases = append(testCases, testCase{
- testType: serverTest,
- name: "CertCompressionPriority-" + ver.name,
- tls13Variant: ver.tls13Variant,
- flags: []string{"-install-cert-compression-algs"},
+ testType: serverTest,
+ name: "CertCompressionPriority-" + ver.name,
+ flags: []string{"-install-cert-compression-algs"},
config: Config{
MinVersion: ver.version,
MaxVersion: ver.version,
@@ -14790,10 +14317,9 @@
})
testCases = append(testCases, testCase{
- testType: clientTest,
- name: "CertCompressionExpandsClient-" + ver.name,
- tls13Variant: ver.tls13Variant,
- flags: []string{"-install-cert-compression-algs"},
+ testType: clientTest,
+ name: "CertCompressionExpandsClient-" + ver.name,
+ flags: []string{"-install-cert-compression-algs"},
config: Config{
MinVersion: ver.version,
MaxVersion: ver.version,
@@ -14807,10 +14333,9 @@
})
testCases = append(testCases, testCase{
- testType: clientTest,
- name: "CertCompressionShrinksClient-" + ver.name,
- tls13Variant: ver.tls13Variant,
- flags: []string{"-install-cert-compression-algs"},
+ testType: clientTest,
+ name: "CertCompressionShrinksClient-" + ver.name,
+ flags: []string{"-install-cert-compression-algs"},
config: Config{
MinVersion: ver.version,
MaxVersion: ver.version,
@@ -14824,10 +14349,9 @@
})
testCases = append(testCases, testCase{
- testType: clientTest,
- name: "CertCompressionBadAlgIdClient-" + ver.name,
- tls13Variant: ver.tls13Variant,
- flags: []string{"-install-cert-compression-algs"},
+ testType: clientTest,
+ name: "CertCompressionBadAlgIdClient-" + ver.name,
+ flags: []string{"-install-cert-compression-algs"},
config: Config{
MinVersion: ver.version,
MaxVersion: ver.version,
@@ -14844,10 +14368,9 @@
})
testCases = append(testCases, testCase{
- testType: clientTest,
- name: "CertCompressionTooSmallClient-" + ver.name,
- tls13Variant: ver.tls13Variant,
- flags: []string{"-install-cert-compression-algs"},
+ testType: clientTest,
+ name: "CertCompressionTooSmallClient-" + ver.name,
+ flags: []string{"-install-cert-compression-algs"},
config: Config{
MinVersion: ver.version,
MaxVersion: ver.version,
@@ -14864,10 +14387,9 @@
})
testCases = append(testCases, testCase{
- testType: clientTest,
- name: "CertCompressionTooLargeClient-" + ver.name,
- tls13Variant: ver.tls13Variant,
- flags: []string{"-install-cert-compression-algs"},
+ testType: clientTest,
+ name: "CertCompressionTooLargeClient-" + ver.name,
+ flags: []string{"-install-cert-compression-algs"},
config: Config{
MinVersion: ver.version,
MaxVersion: ver.version,
diff --git a/ssl/test/settings_writer.cc b/ssl/test/settings_writer.cc
index 66025f6..fe8d42e 100644
--- a/ssl/test/settings_writer.cc
+++ b/ssl/test/settings_writer.cc
@@ -59,12 +59,6 @@
return false;
}
- if (config->tls13_variant != 0 &&
- (!CBB_add_u16(cbb_.get(), kTLS13Variant) ||
- !CBB_add_u8(cbb_.get(), static_cast<uint8_t>(config->tls13_variant)))) {
- return false;
- }
-
return true;
}
diff --git a/ssl/test/test_config.cc b/ssl/test/test_config.cc
index b88d0ae..edbede6 100644
--- a/ssl/test/test_config.cc
+++ b/ssl/test/test_config.cc
@@ -218,7 +218,6 @@
{ "-max-send-fragment", &TestConfig::max_send_fragment },
{ "-read-size", &TestConfig::read_size },
{ "-expect-ticket-age-skew", &TestConfig::expect_ticket_age_skew },
- { "-tls13-variant", &TestConfig::tls13_variant },
};
const Flag<std::vector<int>> kIntVectorFlags[] = {
@@ -1247,9 +1246,6 @@
SSL_CTX_set_early_data_enabled(ssl_ctx.get(), 1);
}
- SSL_CTX_set_tls13_variant(ssl_ctx.get(),
- static_cast<enum tls13_variant_t>(tls13_variant));
-
if (allow_unknown_alpn_protos) {
SSL_CTX_set_allow_unknown_alpn_protos(ssl_ctx.get(), 1);
}
diff --git a/ssl/test/test_config.h b/ssl/test/test_config.h
index 5d5eb5a..41709ab 100644
--- a/ssl/test/test_config.h
+++ b/ssl/test/test_config.h
@@ -104,7 +104,6 @@
bool use_ticket_callback = false;
bool renew_ticket = false;
bool enable_early_data = false;
- int tls13_variant = 0;
bool enable_client_custom_extension = false;
bool enable_server_custom_extension = false;
bool custom_extension_skip = false;
diff --git a/ssl/tls13_client.cc b/ssl/tls13_client.cc
index e7d6dae..ac97165 100644
--- a/ssl/tls13_client.cc
+++ b/ssl/tls13_client.cc
@@ -294,16 +294,14 @@
return ssl_hs_error;
}
- if (ssl_is_draft28(ssl->version)) {
- // Recheck supported_versions, in case this is the second ServerHello.
- uint16_t version;
- if (!have_supported_versions ||
- !CBS_get_u16(&supported_versions, &version) ||
- version != ssl->version) {
- OPENSSL_PUT_ERROR(SSL, SSL_R_SECOND_SERVERHELLO_VERSION_MISMATCH);
- ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
- return ssl_hs_error;
- }
+ // Recheck supported_versions, in case this is the second ServerHello.
+ uint16_t version;
+ if (!have_supported_versions ||
+ !CBS_get_u16(&supported_versions, &version) ||
+ version != ssl->version) {
+ OPENSSL_PUT_ERROR(SSL, SSL_R_SECOND_SERVERHELLO_VERSION_MISMATCH);
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
+ return ssl_hs_error;
}
alert = SSL_AD_DECODE_ERROR;
diff --git a/tool/client.cc b/tool/client.cc
index 80acf34..f4d1441 100644
--- a/tool/client.cc
+++ b/tool/client.cc
@@ -126,10 +126,6 @@
"file to read from for early data.",
},
{
- "-tls13-variant", kOptionalArgument,
- "Enable the specified experimental TLS 1.3 variant",
- },
- {
"-ed25519", kBooleanArgument, "Advertise Ed25519 support",
},
{
@@ -328,26 +324,6 @@
return cb(ssl.get(), sock);
}
-static bool GetTLS13Variant(tls13_variant_t *out, const std::string &in) {
- if (in == "draft23") {
- *out = tls13_draft23;
- return true;
- }
- if (in == "draft28") {
- *out = tls13_draft28;
- return true;
- }
- if (in == "rfc") {
- *out = tls13_rfc;
- return true;
- }
- if (in == "all") {
- *out = tls13_all;
- return true;
- }
- return false;
-}
-
static void InfoCallback(const SSL *ssl, int type, int value) {
switch (type) {
case SSL_CB_HANDSHAKE_START:
@@ -528,16 +504,6 @@
SSL_CTX_set_early_data_enabled(ctx.get(), 1);
}
- if (args_map.count("-tls13-variant") != 0) {
- tls13_variant_t variant;
- if (!GetTLS13Variant(&variant, args_map["-tls13-variant"])) {
- fprintf(stderr, "Unknown TLS 1.3 variant: %s\n",
- args_map["-tls13-variant"].c_str());
- return false;
- }
- SSL_CTX_set_tls13_variant(ctx.get(), variant);
- }
-
if (args_map.count("-ed25519") != 0) {
SSL_CTX_set_ed25519_enabled(ctx.get(), 1);
}
diff --git a/tool/server.cc b/tool/server.cc
index a655db5..989d335 100644
--- a/tool/server.cc
+++ b/tool/server.cc
@@ -68,10 +68,6 @@
"-early-data", kBooleanArgument, "Allow early data",
},
{
- "-tls13-variant", kOptionalArgument,
- "Enable the specified experimental TLS 1.3 variant",
- },
- {
"-www", kBooleanArgument,
"The server will print connection information in response to a "
"HTTP GET request.",
@@ -152,26 +148,6 @@
return x509;
}
-static bool GetTLS13Variant(tls13_variant_t *out, const std::string &in) {
- if (in == "draft23") {
- *out = tls13_draft23;
- return true;
- }
- if (in == "draft28") {
- *out = tls13_draft28;
- return true;
- }
- if (in == "rfc") {
- *out = tls13_rfc;
- return true;
- }
- if (in == "all") {
- *out = tls13_all;
- return true;
- }
- return false;
-}
-
static void InfoCallback(const SSL *ssl, int type, int value) {
switch (type) {
case SSL_CB_HANDSHAKE_START:
@@ -331,16 +307,6 @@
SSL_CTX_set_early_data_enabled(ctx.get(), 1);
}
- if (args_map.count("-tls13-variant") != 0) {
- tls13_variant_t variant;
- if (!GetTLS13Variant(&variant, args_map["-tls13-variant"])) {
- fprintf(stderr, "Unknown TLS 1.3 variant: %s\n",
- args_map["-tls13-variant"].c_str());
- return false;
- }
- SSL_CTX_set_tls13_variant(ctx.get(), variant);
- }
-
if (args_map.count("-debug") != 0) {
SSL_CTX_set_info_callback(ctx.get(), InfoCallback);
}