Add tests for version/ciphersuite sanity checks

The previous commits added sanity checks for where the max enabled protocol version does not have any configured ciphersuites. We should check that we fail in those circumstances. Reviewed-by: N Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3316)

Add tests for version/ciphersuite sanity checks
The previous commits added sanity checks for where the max enabled protocol version does not have any configured ciphersuites. We should check that we fail in those circumstances. Reviewed-by: N Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3316)
975922fd · Matt Caswell · 38a73150 · 975922fd
隐藏空白更改
内联并排

Showing with 31 addition and 0 deletion

test/ssl-tests/protocol_version.pm test/ssl-tests/protocol_version.pm +31 -0

未找到文件。
--- a/test/ssl-tests/protocol_version.pm
+++ b/test/ssl-tests/protocol_version.pm
@@ -129,6 +129,37 @@ sub generate_version_tests {
            }
        }
    }
+    return @tests if disabled("tls1_3") || disabled("tls1_2") || $dtls;
+
+    #Add some version/ciphersuite sanity check tests
+    push @tests, {
+        "name" => "ciphersuite-sanity-check-client",
+        "client" => {
+            #Offering only <=TLSv1.2 ciphersuites with TLSv1.3 should fail
+            "CipherString" => "AES128-SHA",
+        },
+        "server" => {
+            "MaxProtocol" => "TLSv1.2"
+        },
+        "test" => {
+            "ExpectedResult" => "ClientFail",
+        }
+    };
+    push @tests, {
+        "name" => "ciphersuite-sanity-check-server",
+        "client" => {
+            "CipherString" => "AES128-SHA",
+            "MaxProtocol" => "TLSv1.2"
+        },
+        "server" => {
+            #Allowing only <=TLSv1.2 ciphersuites with TLSv1.3 should fail
+            "CipherString" => "AES128-SHA",
+        },
+        "test" => {
+            "ExpectedResult" => "ServerFail",
+        }
+    };
+
    return @tests;
 }