|
 |
7f4443 |
diff -up nss/gtests/ssl_gtest/ssl_auth_unittest.cc.reorder-cipher-suites-gtests nss/gtests/ssl_gtest/ssl_auth_unittest.cc
|
|
|
744490 |
--- nss/gtests/ssl_gtest/ssl_auth_unittest.cc.reorder-cipher-suites-gtests 2018-03-05 16:58:32.000000000 +0100
|
|
|
744490 |
+++ nss/gtests/ssl_gtest/ssl_auth_unittest.cc 2018-03-09 17:29:32.985313219 +0100
|
|
|
744490 |
@@ -231,7 +231,9 @@ static SSLNamedGroup NamedGroupForEcdsa3
|
|
|
7f4443 |
// NSS tries to match the group size to the symmetric cipher. In TLS 1.1 and
|
|
|
7f4443 |
// 1.0, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is the highest priority suite, so
|
|
|
7f4443 |
// we use P-384. With TLS 1.2 on we pick AES-128 GCM so use x25519.
|
|
|
7f4443 |
- if (version <= SSL_LIBRARY_VERSION_TLS_1_1) {
|
|
|
7f4443 |
+ // FIXME: In RHEL, we assign TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
|
|
|
7f4443 |
+ // a higher priority than AES-128 GCM.
|
|
|
7f4443 |
+ if (version <= SSL_LIBRARY_VERSION_TLS_1_2) {
|
|
|
7f4443 |
return ssl_grp_ec_secp384r1;
|
|
|
7f4443 |
}
|
|
|
7f4443 |
return ssl_grp_ec_curve25519;
|
|
|
744490 |
@@ -870,20 +872,24 @@ INSTANTIATE_TEST_CASE_P(
|
|
|
7f4443 |
::testing::Values(TlsAgent::kServerEcdsa256),
|
|
|
7f4443 |
::testing::Values(ssl_auth_ecdsa),
|
|
|
7f4443 |
::testing::Values(ssl_sig_ecdsa_secp256r1_sha256)));
|
|
|
7f4443 |
+ // FIXME: In RHEL, we assign TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
|
|
|
7f4443 |
+ // a higher priority than AES-128 GCM, and that causes the following
|
|
|
7f4443 |
+ // 3 TLS 1.2 tests to fail.
|
|
|
7f4443 |
INSTANTIATE_TEST_CASE_P(
|
|
|
7f4443 |
SignatureSchemeEcdsaP384, TlsSignatureSchemeConfiguration,
|
|
|
7f4443 |
::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
|
|
|
7f4443 |
- TlsConnectTestBase::kTlsV12Plus,
|
|
|
7f4443 |
+ TlsConnectTestBase::kTlsV13,
|
|
|
7f4443 |
::testing::Values(TlsAgent::kServerEcdsa384),
|
|
|
7f4443 |
::testing::Values(ssl_auth_ecdsa),
|
|
|
7f4443 |
::testing::Values(ssl_sig_ecdsa_secp384r1_sha384)));
|
|
|
7f4443 |
INSTANTIATE_TEST_CASE_P(
|
|
|
7f4443 |
SignatureSchemeEcdsaP521, TlsSignatureSchemeConfiguration,
|
|
|
7f4443 |
::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
|
|
|
7f4443 |
- TlsConnectTestBase::kTlsV12Plus,
|
|
|
7f4443 |
+ TlsConnectTestBase::kTlsV13,
|
|
|
7f4443 |
::testing::Values(TlsAgent::kServerEcdsa521),
|
|
|
7f4443 |
::testing::Values(ssl_auth_ecdsa),
|
|
|
7f4443 |
::testing::Values(ssl_sig_ecdsa_secp521r1_sha512)));
|
|
|
7f4443 |
+#if 0
|
|
|
7f4443 |
INSTANTIATE_TEST_CASE_P(
|
|
|
7f4443 |
SignatureSchemeEcdsaSha1, TlsSignatureSchemeConfiguration,
|
|
|
7f4443 |
::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
|
|
|
744490 |
@@ -892,4 +898,5 @@ INSTANTIATE_TEST_CASE_P(
|
|
|
7f4443 |
TlsAgent::kServerEcdsa384),
|
|
|
7f4443 |
::testing::Values(ssl_auth_ecdsa),
|
|
|
7f4443 |
::testing::Values(ssl_sig_ecdsa_sha1)));
|
|
|
7f4443 |
+#endif
|
|
|
744490 |
} // namespace nss_test
|