diff -up ./gtests/ssl_gtest/ssl_auth_unittest.cc.reorder-cipher-suites-gtests ./gtests/ssl_gtest/ssl_auth_unittest.cc --- ./gtests/ssl_gtest/ssl_auth_unittest.cc.reorder-cipher-suites-gtests 2021-05-28 02:50:43.000000000 -0700 +++ ./gtests/ssl_gtest/ssl_auth_unittest.cc 2021-06-03 17:01:27.530383629 -0700 @@ -1036,7 +1036,9 @@ static SSLNamedGroup NamedGroupForEcdsa3 // NSS tries to match the group size to the symmetric cipher. In TLS 1.1 and // 1.0, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is the highest priority suite, so // we use P-384. With TLS 1.2 on we pick AES-128 GCM so use x25519. - if (version <= SSL_LIBRARY_VERSION_TLS_1_1) { + // FIXME: In RHEL, we assign TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 + // a higher priority than AES-128 GCM. + if (version <= SSL_LIBRARY_VERSION_TLS_1_2) { return ssl_grp_ec_secp384r1; } return ssl_grp_ec_curve25519; @@ -1831,27 +1833,31 @@ INSTANTIATE_TEST_SUITE_P( ::testing::Values(TlsAgent::kServerRsa), ::testing::Values(ssl_auth_rsa_sign), ::testing::Values(ssl_sig_rsa_pkcs1_sha1))); +// FIXME: In RHEL, we assign TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 +// a higher priority than AES-128 GCM, and that causes the following +// 4 TLS 1.2 tests to fail. INSTANTIATE_TEST_SUITE_P( SignatureSchemeEcdsaP256, TlsSignatureSchemeConfiguration, ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll, - TlsConnectTestBase::kTlsV12Plus, + TlsConnectTestBase::kTlsV13, ::testing::Values(TlsAgent::kServerEcdsa256), ::testing::Values(ssl_auth_ecdsa), ::testing::Values(ssl_sig_ecdsa_secp256r1_sha256))); INSTANTIATE_TEST_SUITE_P( SignatureSchemeEcdsaP384, TlsSignatureSchemeConfiguration, ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll, - TlsConnectTestBase::kTlsV12Plus, + TlsConnectTestBase::kTlsV13, ::testing::Values(TlsAgent::kServerEcdsa384), ::testing::Values(ssl_auth_ecdsa), ::testing::Values(ssl_sig_ecdsa_secp384r1_sha384))); INSTANTIATE_TEST_SUITE_P( SignatureSchemeEcdsaP521, TlsSignatureSchemeConfiguration, ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll, - TlsConnectTestBase::kTlsV12Plus, + TlsConnectTestBase::kTlsV13, ::testing::Values(TlsAgent::kServerEcdsa521), ::testing::Values(ssl_auth_ecdsa), ::testing::Values(ssl_sig_ecdsa_secp521r1_sha512))); +#if 0 INSTANTIATE_TEST_SUITE_P( SignatureSchemeEcdsaSha1, TlsSignatureSchemeConfiguration, ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll, @@ -1860,4 +1866,5 @@ INSTANTIATE_TEST_SUITE_P( TlsAgent::kServerEcdsa384), ::testing::Values(ssl_auth_ecdsa), ::testing::Values(ssl_sig_ecdsa_sha1))); +#endif } // namespace nss_test diff -up ./gtests/ssl_gtest/ssl_recordsize_unittest.cc.reorder-cipher-suites-gtests ./gtests/ssl_gtest/ssl_recordsize_unittest.cc --- ./gtests/ssl_gtest/ssl_recordsize_unittest.cc.reorder-cipher-suites-gtests 2021-05-28 02:50:43.000000000 -0700 +++ ./gtests/ssl_gtest/ssl_recordsize_unittest.cc 2021-06-03 16:47:23.130301387 -0700 @@ -72,11 +72,13 @@ void CheckRecordSizes(const std::shared_ break; case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: + case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: expansion = 16; iv = 8; break; case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: + case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: // Expansion is 20 for the MAC. Maximum block padding is 16. Maximum // padding is added when the input plus the MAC is an exact multiple of // the block size. diff -up ./gtests/ssl_gtest/ssl_staticrsa_unittest.cc.reorder-cipher-suites-gtests ./gtests/ssl_gtest/ssl_staticrsa_unittest.cc --- ./gtests/ssl_gtest/ssl_staticrsa_unittest.cc.reorder-cipher-suites-gtests 2021-05-28 02:50:43.000000000 -0700 +++ ./gtests/ssl_gtest/ssl_staticrsa_unittest.cc 2021-06-03 16:47:23.130301387 -0700 @@ -133,7 +133,19 @@ TEST_P(TlsConnectGenericPre13, TooLargeR TEST_P(TlsConnectGeneric, ServerAuthBiggestRsa) { Reset(TlsAgent::kRsa8192); Connect(); - CheckKeys(); + if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) { + CheckKeys(); + } else { + // in TLS 1.2 or TLS 1.1, AES-256 is selected by default, which + // needs a different kea setup + SSLSignatureScheme scheme; + if (version_ >= SSL_LIBRARY_VERSION_TLS_1_2) { + scheme = ssl_sig_rsa_pss_rsae_sha256; + } else { + scheme = ssl_sig_rsa_pkcs1_sha256; + } + CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp521r1, ssl_auth_rsa_sign, scheme); + } } } // namespace nss_test diff -up ./gtests/ssl_gtest/tls_agent.cc.reorder-cipher-suites-gtests ./gtests/ssl_gtest/tls_agent.cc --- ./gtests/ssl_gtest/tls_agent.cc.reorder-cipher-suites-gtests 2021-05-28 02:50:43.000000000 -0700 +++ ./gtests/ssl_gtest/tls_agent.cc 2021-06-03 16:47:23.130301387 -0700 @@ -603,6 +603,9 @@ void TlsAgent::CheckKEA(SSLKEAType kea, case ssl_grp_ec_secp384r1: kea_size = 384; break; + case ssl_grp_ec_secp521r1: + kea_size = 521; + break; case ssl_grp_ffdhe_2048: kea_size = 2048; break;