Network Security Services
CentOS Sources
2018-05-14 74449011e876d8839a7a1053f27fcea5cd1ccf4e
commit | author | age
7f4443 1 diff -up nss/gtests/ssl_gtest/ssl_auth_unittest.cc.reorder-cipher-suites-gtests nss/gtests/ssl_gtest/ssl_auth_unittest.cc
744490 2 --- nss/gtests/ssl_gtest/ssl_auth_unittest.cc.reorder-cipher-suites-gtests    2018-03-05 16:58:32.000000000 +0100
CS 3 +++ nss/gtests/ssl_gtest/ssl_auth_unittest.cc    2018-03-09 17:29:32.985313219 +0100
4 @@ -231,7 +231,9 @@ static SSLNamedGroup NamedGroupForEcdsa3
7f4443 5    // NSS tries to match the group size to the symmetric cipher. In TLS 1.1 and
CS 6    // 1.0, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is the highest priority suite, so
7    // we use P-384. With TLS 1.2 on we pick AES-128 GCM so use x25519.
8 -  if (version <= SSL_LIBRARY_VERSION_TLS_1_1) {
9 +  // FIXME: In RHEL, we assign TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
10 +  // a higher priority than AES-128 GCM.
11 +  if (version <= SSL_LIBRARY_VERSION_TLS_1_2) {
12      return ssl_grp_ec_secp384r1;
13    }
14    return ssl_grp_ec_curve25519;
744490 15 @@ -870,20 +872,24 @@ INSTANTIATE_TEST_CASE_P(
7f4443 16                         ::testing::Values(TlsAgent::kServerEcdsa256),
CS 17                         ::testing::Values(ssl_auth_ecdsa),
18                         ::testing::Values(ssl_sig_ecdsa_secp256r1_sha256)));
19 +  // FIXME: In RHEL, we assign TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
20 +  // a higher priority than AES-128 GCM, and that causes the following
21 +  // 3 TLS 1.2 tests to fail.
22  INSTANTIATE_TEST_CASE_P(
23      SignatureSchemeEcdsaP384, TlsSignatureSchemeConfiguration,
24      ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
25 -                       TlsConnectTestBase::kTlsV12Plus,
26 +                       TlsConnectTestBase::kTlsV13,
27                         ::testing::Values(TlsAgent::kServerEcdsa384),
28                         ::testing::Values(ssl_auth_ecdsa),
29                         ::testing::Values(ssl_sig_ecdsa_secp384r1_sha384)));
30  INSTANTIATE_TEST_CASE_P(
31      SignatureSchemeEcdsaP521, TlsSignatureSchemeConfiguration,
32      ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
33 -                       TlsConnectTestBase::kTlsV12Plus,
34 +                       TlsConnectTestBase::kTlsV13,
35                         ::testing::Values(TlsAgent::kServerEcdsa521),
36                         ::testing::Values(ssl_auth_ecdsa),
37                         ::testing::Values(ssl_sig_ecdsa_secp521r1_sha512)));
38 +#if 0
39  INSTANTIATE_TEST_CASE_P(
40      SignatureSchemeEcdsaSha1, TlsSignatureSchemeConfiguration,
41      ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
744490 42 @@ -892,4 +898,5 @@ INSTANTIATE_TEST_CASE_P(
7f4443 43                                           TlsAgent::kServerEcdsa384),
CS 44                         ::testing::Values(ssl_auth_ecdsa),
45                         ::testing::Values(ssl_sig_ecdsa_sha1)));
46 +#endif
744490 47  }  // namespace nss_test