Blame SOURCES/0003-Adjust-tests-for-missing-OpenSSL-features.patch

e23d3e
From b9a5922c36d77d1c6bb90fdc5225b5c838e5aa39 Mon Sep 17 00:00:00 2001
e23d3e
From: Zuzana Svetlikova <zsvetlik@redhat.com>
e23d3e
Date: Wed, 19 Feb 2020 10:31:43 +0000
e23d3e
Subject: [PATCH 3/4] fix failing tests
e23d3e
e23d3e
---
e23d3e
 doc/api/cli.md                                     |   5 +-
e23d3e
 test/doctool/test-make-doc.js                      |  63 ------
e23d3e
 test/known_issues/test-crypto-aes-wrap.js          |  62 ++++++
e23d3e
 test/known_issues/test-crypto-des3-wrap.js         |  25 +++
e23d3e
 test/known_issues/test-crypto-hash-stream-pipe.js  |  46 ++++
e23d3e
 test/known_issues/test-make-doc.js                 |  63 ++++++
e23d3e
 test/known_issues/test-tls-cli-max-version-1.3.js  |  15 ++
e23d3e
 test/known_issues/test-tls-cli-min-max-conflict.js |  14 ++
e23d3e
 test/known_issues/test-tls-cli-min-version-1.3.js  |  15 ++
e23d3e
 .../test-tls-client-renegotiation-13.js            |  41 ++++
e23d3e
 test/known_issues/test-tls-keylog-tlsv13.js        |  32 +++
e23d3e
 test/known_issues/test-tls-no-sslv3.js             |  49 +++++
e23d3e
 test/known_issues/test-tls-ticket-12.js            |  12 +
e23d3e
 test/known_issues/test-tls-ticket-cluster.js       | 135 ++++++++++++
e23d3e
 test/known_issues/test-tls-ticket.js               | 159 ++++++++++++++
e23d3e
 test/known_issues/test-v8-serdes.js                | 244 +++++++++++++++++++++
e23d3e
 test/parallel/test-crypto-aes-wrap.js              |  62 ------
e23d3e
 test/parallel/test-crypto-authenticated.js         |  54 +----
e23d3e
 test/parallel/test-crypto-des3-wrap.js             |  25 ---
e23d3e
 test/parallel/test-crypto-hash-stream-pipe.js      |  46 ----
e23d3e
 test/parallel/test-crypto-hash.js                  |  81 -------
e23d3e
 test/parallel/test-crypto-key-objects.js           | 175 ---------------
e23d3e
 test/parallel/test-crypto-keygen.js                |  54 -----
e23d3e
 test/parallel/test-crypto-pbkdf2.js                |  18 --
e23d3e
 test/parallel/test-crypto-sign-verify.js           |   8 -
e23d3e
 test/parallel/test-crypto.js                       |   6 +-
e23d3e
 test/parallel/test-https-agent-session-eviction.js |  42 +++-
e23d3e
 test/parallel/test-tls-alert-handling.js           |   2 +-
e23d3e
 test/parallel/test-tls-cli-max-version-1.3.js      |  15 --
e23d3e
 test/parallel/test-tls-cli-min-max-conflict.js     |  14 --
e23d3e
 test/parallel/test-tls-cli-min-version-1.0.js      |   2 +-
e23d3e
 test/parallel/test-tls-cli-min-version-1.1.js      |   2 +-
e23d3e
 test/parallel/test-tls-cli-min-version-1.2.js      |   2 +-
e23d3e
 test/parallel/test-tls-cli-min-version-1.3.js      |  15 --
e23d3e
 .../test-tls-client-getephemeralkeyinfo.js         |   2 -
e23d3e
 test/parallel/test-tls-client-renegotiation-13.js  |  41 ----
e23d3e
 test/parallel/test-tls-destroy-stream.js           |   2 +-
e23d3e
 test/parallel/test-tls-getcipher.js                |  25 +--
e23d3e
 test/parallel/test-tls-keylog-tlsv13.js            |  32 ---
e23d3e
 test/parallel/test-tls-min-max-version.js          |  29 +--
e23d3e
 test/parallel/test-tls-multi-key.js                |   4 +-
e23d3e
 test/parallel/test-tls-multi-pfx.js                |   4 +-
e23d3e
 test/parallel/test-tls-no-sslv3.js                 |  49 -----
e23d3e
 test/parallel/test-tls-passphrase.js               |   2 +-
e23d3e
 test/parallel/test-tls-set-ciphers.js              |  27 +--
e23d3e
 test/parallel/test-tls-ticket-12.js                |  12 -
e23d3e
 test/parallel/test-tls-ticket-cluster.js           | 135 ------------
e23d3e
 test/parallel/test-tls-ticket.js                   | 159 --------------
e23d3e
 test/parallel/test-v8-serdes.js                    | 244 ---------------------
e23d3e
 49 files changed, 973 insertions(+), 1397 deletions(-)
e23d3e
 delete mode 100644 test/doctool/test-make-doc.js
e23d3e
 create mode 100644 test/known_issues/test-crypto-aes-wrap.js
e23d3e
 create mode 100644 test/known_issues/test-crypto-des3-wrap.js
e23d3e
 create mode 100644 test/known_issues/test-crypto-hash-stream-pipe.js
e23d3e
 create mode 100644 test/known_issues/test-make-doc.js
e23d3e
 create mode 100644 test/known_issues/test-tls-cli-max-version-1.3.js
e23d3e
 create mode 100644 test/known_issues/test-tls-cli-min-max-conflict.js
e23d3e
 create mode 100644 test/known_issues/test-tls-cli-min-version-1.3.js
e23d3e
 create mode 100644 test/known_issues/test-tls-client-renegotiation-13.js
e23d3e
 create mode 100644 test/known_issues/test-tls-keylog-tlsv13.js
e23d3e
 create mode 100644 test/known_issues/test-tls-no-sslv3.js
e23d3e
 create mode 100644 test/known_issues/test-tls-ticket-12.js
e23d3e
 create mode 100644 test/known_issues/test-tls-ticket-cluster.js
e23d3e
 create mode 100644 test/known_issues/test-tls-ticket.js
e23d3e
 create mode 100644 test/known_issues/test-v8-serdes.js
e23d3e
 delete mode 100644 test/parallel/test-crypto-aes-wrap.js
e23d3e
 delete mode 100644 test/parallel/test-crypto-des3-wrap.js
e23d3e
 delete mode 100644 test/parallel/test-crypto-hash-stream-pipe.js
e23d3e
 delete mode 100644 test/parallel/test-tls-cli-max-version-1.3.js
e23d3e
 delete mode 100644 test/parallel/test-tls-cli-min-max-conflict.js
e23d3e
 delete mode 100644 test/parallel/test-tls-cli-min-version-1.3.js
e23d3e
 delete mode 100644 test/parallel/test-tls-client-renegotiation-13.js
e23d3e
 delete mode 100644 test/parallel/test-tls-keylog-tlsv13.js
e23d3e
 delete mode 100644 test/parallel/test-tls-no-sslv3.js
e23d3e
 delete mode 100644 test/parallel/test-tls-ticket-12.js
e23d3e
 delete mode 100644 test/parallel/test-tls-ticket-cluster.js
e23d3e
 delete mode 100644 test/parallel/test-tls-ticket.js
e23d3e
 delete mode 100644 test/parallel/test-v8-serdes.js
e23d3e
e23d3e
diff --git a/doc/api/cli.md b/doc/api/cli.md
e23d3e
index ecf7632..15124c5 100644
e23d3e
--- a/doc/api/cli.md
e23d3e
+++ b/doc/api/cli.md
e23d3e
@@ -711,8 +711,7 @@ with crypto support (default).
e23d3e
 added: v12.0.0
e23d3e
 -->
e23d3e
 
e23d3e
-Set [`tls.DEFAULT_MAX_VERSION`][] to 'TLSv1.2'. Use to disable support for
e23d3e
-TLSv1.3.
e23d3e
+Set [`tls.DEFAULT_MAX_VERSION`][] to 'TLSv1.2'.
e23d3e
 
e23d3e
 ### `--tls-min-v1.0`
e23d3e
 
e23d3e
@@ -1094,11 +1093,9 @@ Node.js options that are allowed are:
e23d3e
 * `--title`
e23d3e
 * `--tls-cipher-list`
e23d3e
 * `--tls-max-v1.2`
e23d3e
-* `--tls-max-v1.3`
e23d3e
 * `--tls-min-v1.0`
e23d3e
 * `--tls-min-v1.1`
e23d3e
 * `--tls-min-v1.2`
e23d3e
-* `--tls-min-v1.3`
e23d3e
 * `--trace-deprecation`
e23d3e
 * `--trace-event-categories`
e23d3e
 * `--trace-event-file-pattern`
e23d3e
diff --git a/test/doctool/test-make-doc.js b/test/doctool/test-make-doc.js
e23d3e
deleted file mode 100644
e23d3e
index 7f4f3ae..0000000
e23d3e
--- a/test/doctool/test-make-doc.js
e23d3e
+++ /dev/null
e23d3e
@@ -1,63 +0,0 @@
e23d3e
-'use strict';
e23d3e
-const common = require('../common');
e23d3e
-if (common.isWindows) {
e23d3e
-  common.skip('`make doc` does not run on Windows');
e23d3e
-}
e23d3e
-
e23d3e
-// This tests that `make doc` generates the documentation properly.
e23d3e
-// Note that for this test to pass, `make doc` must be run first.
e23d3e
-
e23d3e
-const assert = require('assert');
e23d3e
-const fs = require('fs');
e23d3e
-const path = require('path');
e23d3e
-
e23d3e
-const apiPath = path.resolve(__dirname, '..', '..', 'out', 'doc', 'api');
e23d3e
-const mdPath = path.resolve(__dirname, '..', '..', 'doc', 'api');
e23d3e
-const allMD = fs.readdirSync(mdPath);
e23d3e
-const allDocs = fs.readdirSync(apiPath);
e23d3e
-assert.ok(allDocs.includes('index.html'));
e23d3e
-
e23d3e
-const actualDocs = allDocs.filter(
e23d3e
-  (name) => {
e23d3e
-    const extension = path.extname(name);
e23d3e
-    return extension === '.html' || extension === '.json';
e23d3e
-  }
e23d3e
-);
e23d3e
-
e23d3e
-for (const name of actualDocs) {
e23d3e
-  if (name.startsWith('all.')) continue;
e23d3e
-
e23d3e
-  assert.ok(
e23d3e
-    allMD.includes(name.replace(/\.\w+$/, '.md')),
e23d3e
-    `Unexpected output: out/doc/api/${name}, remove and rerun.`
e23d3e
-  );
e23d3e
-}
e23d3e
-
e23d3e
-const toc = fs.readFileSync(path.resolve(apiPath, 'index.html'), 'utf8');
e23d3e
-const re = /href="([^/]+\.html)"/;
e23d3e
-const globalRe = new RegExp(re, 'g');
e23d3e
-const links = toc.match(globalRe);
e23d3e
-assert.notStrictEqual(links, null);
e23d3e
-
e23d3e
-// Filter out duplicate links, leave just filenames, add expected JSON files.
e23d3e
-const linkedHtmls = [...new Set(links)].map((link) => link.match(re)[1]);
e23d3e
-const expectedJsons = linkedHtmls
e23d3e
-                       .map((name) => name.replace('.html', '.json'));
e23d3e
-const expectedDocs = linkedHtmls.concat(expectedJsons);
e23d3e
-
e23d3e
-// Test that all the relative links in the TOC match to the actual documents.
e23d3e
-for (const expectedDoc of expectedDocs) {
e23d3e
-  assert.ok(actualDocs.includes(expectedDoc), `${expectedDoc} does not exist`);
e23d3e
-}
e23d3e
-
e23d3e
-// Test that all the actual documents match to the relative links in the TOC
e23d3e
-// and that they are not empty files.
e23d3e
-for (const actualDoc of actualDocs) {
e23d3e
-  assert.ok(
e23d3e
-    expectedDocs.includes(actualDoc), `${actualDoc} does not match TOC`);
e23d3e
-
e23d3e
-  assert.ok(
e23d3e
-    fs.statSync(path.join(apiPath, actualDoc)).size !== 0,
e23d3e
-    `${actualDoc} is empty`
e23d3e
-  );
e23d3e
-}
e23d3e
diff --git a/test/known_issues/test-crypto-aes-wrap.js b/test/known_issues/test-crypto-aes-wrap.js
e23d3e
new file mode 100644
e23d3e
index 0000000..6fe3525
e23d3e
--- /dev/null
e23d3e
+++ b/test/known_issues/test-crypto-aes-wrap.js
e23d3e
@@ -0,0 +1,62 @@
e23d3e
+'use strict';
e23d3e
+const common = require('../common');
e23d3e
+if (!common.hasCrypto)
e23d3e
+  common.skip('missing crypto');
e23d3e
+
e23d3e
+const assert = require('assert');
e23d3e
+const crypto = require('crypto');
e23d3e
+
e23d3e
+const test = [
e23d3e
+  {
e23d3e
+    algorithm: 'aes128-wrap',
e23d3e
+    key: 'b26f309fbe57e9b3bb6ae5ef31d54450',
e23d3e
+    iv: '3fd838af4093d749',
e23d3e
+    text: '12345678123456781234567812345678'
e23d3e
+  },
e23d3e
+  {
e23d3e
+    algorithm: 'id-aes128-wrap-pad',
e23d3e
+    key: 'b26f309fbe57e9b3bb6ae5ef31d54450',
e23d3e
+    iv: '3fd838af',
e23d3e
+    text: '12345678123456781234567812345678123'
e23d3e
+  },
e23d3e
+  {
e23d3e
+    algorithm: 'aes192-wrap',
e23d3e
+    key: '40978085d68091f7dfca0d7dfc7a5ee76d2cc7f2f345a304',
e23d3e
+    iv: '3fd838af4093d749',
e23d3e
+    text: '12345678123456781234567812345678'
e23d3e
+  },
e23d3e
+  {
e23d3e
+    algorithm: 'id-aes192-wrap-pad',
e23d3e
+    key: '40978085d68091f7dfca0d7dfc7a5ee76d2cc7f2f345a304',
e23d3e
+    iv: '3fd838af',
e23d3e
+    text: '12345678123456781234567812345678123'
e23d3e
+  },
e23d3e
+  {
e23d3e
+    algorithm: 'aes256-wrap',
e23d3e
+    key: '29c9eab5ed5ad44134a1437fe2e673b4d88a5b7c72e68454fea08721392b7323',
e23d3e
+    iv: '3fd838af4093d749',
e23d3e
+    text: '12345678123456781234567812345678'
e23d3e
+  },
e23d3e
+  {
e23d3e
+    algorithm: 'id-aes256-wrap-pad',
e23d3e
+    key: '29c9eab5ed5ad44134a1437fe2e673b4d88a5b7c72e68454fea08721392b7323',
e23d3e
+    iv: '3fd838af',
e23d3e
+    text: '12345678123456781234567812345678123'
e23d3e
+  },
e23d3e
+];
e23d3e
+
e23d3e
+test.forEach((data) => {
e23d3e
+  const cipher = crypto.createCipheriv(
e23d3e
+    data.algorithm,
e23d3e
+    Buffer.from(data.key, 'hex'),
e23d3e
+    Buffer.from(data.iv, 'hex'));
e23d3e
+  const ciphertext = cipher.update(data.text, 'utf8');
e23d3e
+
e23d3e
+  const decipher = crypto.createDecipheriv(
e23d3e
+    data.algorithm,
e23d3e
+    Buffer.from(data.key, 'hex'),
e23d3e
+    Buffer.from(data.iv, 'hex'));
e23d3e
+  const msg = decipher.update(ciphertext, 'buffer', 'utf8');
e23d3e
+
e23d3e
+  assert.strictEqual(msg, data.text, `${data.algorithm} test case failed`);
e23d3e
+});
e23d3e
diff --git a/test/known_issues/test-crypto-des3-wrap.js b/test/known_issues/test-crypto-des3-wrap.js
e23d3e
new file mode 100644
e23d3e
index 0000000..75c8cd5
e23d3e
--- /dev/null
e23d3e
+++ b/test/known_issues/test-crypto-des3-wrap.js
e23d3e
@@ -0,0 +1,25 @@
e23d3e
+'use strict';
e23d3e
+const common = require('../common');
e23d3e
+if (!common.hasCrypto)
e23d3e
+  common.skip('missing crypto');
e23d3e
+
e23d3e
+const assert = require('assert');
e23d3e
+const crypto = require('crypto');
e23d3e
+
e23d3e
+// Test case for des-ede3 wrap/unwrap. des3-wrap needs extra 2x blocksize
e23d3e
+// then plaintext to store ciphertext.
e23d3e
+const test = {
e23d3e
+  key: Buffer.from('3c08e25be22352910671cfe4ba3652b1220a8a7769b490ba', 'hex'),
e23d3e
+  iv: Buffer.alloc(0),
e23d3e
+  plaintext: '32|RmVZZkFUVmpRRkp0TmJaUm56ZU9qcnJkaXNNWVNpTTU*|iXmckfRWZBG' +
e23d3e
+    'WWELweCBsThSsfUHLeRe0KCsK8ooHgxie0zOINpXxfZi/oNG7uq9JWFVCk70gfzQH8ZU' +
e23d3e
+    'JjAfaFg**'
e23d3e
+};
e23d3e
+
e23d3e
+const cipher = crypto.createCipheriv('des3-wrap', test.key, test.iv);
e23d3e
+const ciphertext = cipher.update(test.plaintext, 'utf8');
e23d3e
+
e23d3e
+const decipher = crypto.createDecipheriv('des3-wrap', test.key, test.iv);
e23d3e
+const msg = decipher.update(ciphertext, 'buffer', 'utf8');
e23d3e
+
e23d3e
+assert.strictEqual(msg, test.plaintext);
e23d3e
diff --git a/test/known_issues/test-crypto-hash-stream-pipe.js b/test/known_issues/test-crypto-hash-stream-pipe.js
e23d3e
new file mode 100644
e23d3e
index 0000000..d22281a
e23d3e
--- /dev/null
e23d3e
+++ b/test/known_issues/test-crypto-hash-stream-pipe.js
e23d3e
@@ -0,0 +1,46 @@
e23d3e
+// Copyright Joyent, Inc. and other Node contributors.
e23d3e
+//
e23d3e
+// Permission is hereby granted, free of charge, to any person obtaining a
e23d3e
+// copy of this software and associated documentation files (the
e23d3e
+// "Software"), to deal in the Software without restriction, including
e23d3e
+// without limitation the rights to use, copy, modify, merge, publish,
e23d3e
+// distribute, sublicense, and/or sell copies of the Software, and to permit
e23d3e
+// persons to whom the Software is furnished to do so, subject to the
e23d3e
+// following conditions:
e23d3e
+//
e23d3e
+// The above copyright notice and this permission notice shall be included
e23d3e
+// in all copies or substantial portions of the Software.
e23d3e
+//
e23d3e
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
e23d3e
+// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
e23d3e
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
e23d3e
+// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
e23d3e
+// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
e23d3e
+// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
e23d3e
+// USE OR OTHER DEALINGS IN THE SOFTWARE.
e23d3e
+
e23d3e
+'use strict';
e23d3e
+const common = require('../common');
e23d3e
+
e23d3e
+if (!common.hasCrypto)
e23d3e
+  common.skip('missing crypto');
e23d3e
+
e23d3e
+const assert = require('assert');
e23d3e
+const crypto = require('crypto');
e23d3e
+
e23d3e
+const stream = require('stream');
e23d3e
+const s = new stream.PassThrough();
e23d3e
+const h = crypto.createHash('sha3-512');
e23d3e
+const expect = '36a38a2a35e698974d4e5791a3f05b05' +
e23d3e
+               '198235381e864f91a0e8cd6a26b677ec' +
e23d3e
+               'dcde8e2b069bd7355fabd68abd6fc801' +
e23d3e
+               '19659f25e92f8efc961ee3a7c815c758';
e23d3e
+
e23d3e
+s.pipe(h).on('data', common.mustCall(function(c) {
e23d3e
+  assert.strictEqual(c, expect);
e23d3e
+  // Calling digest() after piping into a stream with SHA3 should not cause
e23d3e
+  // a segmentation fault, see https://github.com/nodejs/node/issues/28245.
e23d3e
+  assert.strictEqual(h.digest('hex'), expect);
e23d3e
+})).setEncoding('hex');
e23d3e
+
e23d3e
+s.end('aoeu');
e23d3e
diff --git a/test/known_issues/test-make-doc.js b/test/known_issues/test-make-doc.js
e23d3e
new file mode 100644
e23d3e
index 0000000..7f4f3ae
e23d3e
--- /dev/null
e23d3e
+++ b/test/known_issues/test-make-doc.js
e23d3e
@@ -0,0 +1,63 @@
e23d3e
+'use strict';
e23d3e
+const common = require('../common');
e23d3e
+if (common.isWindows) {
e23d3e
+  common.skip('`make doc` does not run on Windows');
e23d3e
+}
e23d3e
+
e23d3e
+// This tests that `make doc` generates the documentation properly.
e23d3e
+// Note that for this test to pass, `make doc` must be run first.
e23d3e
+
e23d3e
+const assert = require('assert');
e23d3e
+const fs = require('fs');
e23d3e
+const path = require('path');
e23d3e
+
e23d3e
+const apiPath = path.resolve(__dirname, '..', '..', 'out', 'doc', 'api');
e23d3e
+const mdPath = path.resolve(__dirname, '..', '..', 'doc', 'api');
e23d3e
+const allMD = fs.readdirSync(mdPath);
e23d3e
+const allDocs = fs.readdirSync(apiPath);
e23d3e
+assert.ok(allDocs.includes('index.html'));
e23d3e
+
e23d3e
+const actualDocs = allDocs.filter(
e23d3e
+  (name) => {
e23d3e
+    const extension = path.extname(name);
e23d3e
+    return extension === '.html' || extension === '.json';
e23d3e
+  }
e23d3e
+);
e23d3e
+
e23d3e
+for (const name of actualDocs) {
e23d3e
+  if (name.startsWith('all.')) continue;
e23d3e
+
e23d3e
+  assert.ok(
e23d3e
+    allMD.includes(name.replace(/\.\w+$/, '.md')),
e23d3e
+    `Unexpected output: out/doc/api/${name}, remove and rerun.`
e23d3e
+  );
e23d3e
+}
e23d3e
+
e23d3e
+const toc = fs.readFileSync(path.resolve(apiPath, 'index.html'), 'utf8');
e23d3e
+const re = /href="([^/]+\.html)"/;
e23d3e
+const globalRe = new RegExp(re, 'g');
e23d3e
+const links = toc.match(globalRe);
e23d3e
+assert.notStrictEqual(links, null);
e23d3e
+
e23d3e
+// Filter out duplicate links, leave just filenames, add expected JSON files.
e23d3e
+const linkedHtmls = [...new Set(links)].map((link) => link.match(re)[1]);
e23d3e
+const expectedJsons = linkedHtmls
e23d3e
+                       .map((name) => name.replace('.html', '.json'));
e23d3e
+const expectedDocs = linkedHtmls.concat(expectedJsons);
e23d3e
+
e23d3e
+// Test that all the relative links in the TOC match to the actual documents.
e23d3e
+for (const expectedDoc of expectedDocs) {
e23d3e
+  assert.ok(actualDocs.includes(expectedDoc), `${expectedDoc} does not exist`);
e23d3e
+}
e23d3e
+
e23d3e
+// Test that all the actual documents match to the relative links in the TOC
e23d3e
+// and that they are not empty files.
e23d3e
+for (const actualDoc of actualDocs) {
e23d3e
+  assert.ok(
e23d3e
+    expectedDocs.includes(actualDoc), `${actualDoc} does not match TOC`);
e23d3e
+
e23d3e
+  assert.ok(
e23d3e
+    fs.statSync(path.join(apiPath, actualDoc)).size !== 0,
e23d3e
+    `${actualDoc} is empty`
e23d3e
+  );
e23d3e
+}
e23d3e
diff --git a/test/known_issues/test-tls-cli-max-version-1.3.js b/test/known_issues/test-tls-cli-max-version-1.3.js
e23d3e
new file mode 100644
e23d3e
index 0000000..c04354f
e23d3e
--- /dev/null
e23d3e
+++ b/test/known_issues/test-tls-cli-max-version-1.3.js
e23d3e
@@ -0,0 +1,15 @@
e23d3e
+// Flags: --tls-max-v1.3
e23d3e
+'use strict';
e23d3e
+const common = require('../common');
e23d3e
+if (!common.hasCrypto) common.skip('missing crypto');
e23d3e
+
e23d3e
+// Check that node `--tls-max-v1.3` is supported.
e23d3e
+
e23d3e
+const assert = require('assert');
e23d3e
+const tls = require('tls');
e23d3e
+
e23d3e
+assert.strictEqual(tls.DEFAULT_MAX_VERSION, 'TLSv1.3');
e23d3e
+assert.strictEqual(tls.DEFAULT_MIN_VERSION, 'TLSv1.2');
e23d3e
+
e23d3e
+// Check the min-max version protocol versions against these CLI settings.
e23d3e
+require('./test-tls-min-max-version.js');
e23d3e
diff --git a/test/known_issues/test-tls-cli-min-max-conflict.js b/test/known_issues/test-tls-cli-min-max-conflict.js
e23d3e
new file mode 100644
e23d3e
index 0000000..68aae4c
e23d3e
--- /dev/null
e23d3e
+++ b/test/known_issues/test-tls-cli-min-max-conflict.js
e23d3e
@@ -0,0 +1,14 @@
e23d3e
+'use strict';
e23d3e
+const common = require('../common');
e23d3e
+if (!common.hasCrypto) common.skip('missing crypto');
e23d3e
+
e23d3e
+// Check that conflicting TLS protocol versions are not allowed
e23d3e
+
e23d3e
+const assert = require('assert');
e23d3e
+const child_process = require('child_process');
e23d3e
+
e23d3e
+const args = ['--tls-min-v1.3', '--tls-max-v1.2', '-p', 'process.version'];
e23d3e
+child_process.execFile(process.argv[0], args, (err) => {
e23d3e
+  assert(err);
e23d3e
+  assert(/not both/.test(err.message));
e23d3e
+});
e23d3e
diff --git a/test/known_issues/test-tls-cli-min-version-1.3.js b/test/known_issues/test-tls-cli-min-version-1.3.js
e23d3e
new file mode 100644
e23d3e
index 0000000..1bccc2f
e23d3e
--- /dev/null
e23d3e
+++ b/test/known_issues/test-tls-cli-min-version-1.3.js
e23d3e
@@ -0,0 +1,15 @@
e23d3e
+// Flags: --tls-min-v1.3
e23d3e
+'use strict';
e23d3e
+const common = require('../common');
e23d3e
+if (!common.hasCrypto) common.skip('missing crypto');
e23d3e
+
e23d3e
+// Check that node `--tls-min-v1.3` is supported.
e23d3e
+
e23d3e
+const assert = require('assert');
e23d3e
+const tls = require('tls');
e23d3e
+
e23d3e
+assert.strictEqual(tls.DEFAULT_MAX_VERSION, 'TLSv1.3');
e23d3e
+assert.strictEqual(tls.DEFAULT_MIN_VERSION, 'TLSv1.3');
e23d3e
+
e23d3e
+// Check the min-max version protocol versions against these CLI settings.
e23d3e
+require('./test-tls-min-max-version.js');
e23d3e
diff --git a/test/known_issues/test-tls-client-renegotiation-13.js b/test/known_issues/test-tls-client-renegotiation-13.js
e23d3e
new file mode 100644
e23d3e
index 0000000..075eb70
e23d3e
--- /dev/null
e23d3e
+++ b/test/known_issues/test-tls-client-renegotiation-13.js
e23d3e
@@ -0,0 +1,41 @@
e23d3e
+'use strict';
e23d3e
+
e23d3e
+const common = require('../common');
e23d3e
+const fixtures = require('../common/fixtures');
e23d3e
+
e23d3e
+// Confirm that for TLSv1.3, renegotiate() is disallowed.
e23d3e
+
e23d3e
+const {
e23d3e
+  assert, connect, keys
e23d3e
+} = require(fixtures.path('tls-connect'));
e23d3e
+
e23d3e
+const server = keys.agent10;
e23d3e
+
e23d3e
+connect({
e23d3e
+  client: {
e23d3e
+    ca: server.ca,
e23d3e
+    checkServerIdentity: common.mustCall(),
e23d3e
+  },
e23d3e
+  server: {
e23d3e
+    key: server.key,
e23d3e
+    cert: server.cert,
e23d3e
+  },
e23d3e
+}, function(err, pair, cleanup) {
e23d3e
+  assert.ifError(err);
e23d3e
+
e23d3e
+  const client = pair.client.conn;
e23d3e
+
e23d3e
+  assert.strictEqual(client.getProtocol(), 'TLSv1.3');
e23d3e
+
e23d3e
+  const ok = client.renegotiate({}, common.mustCall((err) => {
e23d3e
+    assert.throws(() => { throw err; }, {
e23d3e
+      message: 'error:1420410A:SSL routines:SSL_renegotiate:wrong ssl version',
e23d3e
+      code: 'ERR_SSL_WRONG_SSL_VERSION',
e23d3e
+      library: 'SSL routines',
e23d3e
+      reason: 'wrong ssl version',
e23d3e
+    });
e23d3e
+    cleanup();
e23d3e
+  }));
e23d3e
+
e23d3e
+  assert.strictEqual(ok, false);
e23d3e
+});
e23d3e
diff --git a/test/known_issues/test-tls-keylog-tlsv13.js b/test/known_issues/test-tls-keylog-tlsv13.js
e23d3e
new file mode 100644
e23d3e
index 0000000..0f65564
e23d3e
--- /dev/null
e23d3e
+++ b/test/known_issues/test-tls-keylog-tlsv13.js
e23d3e
@@ -0,0 +1,32 @@
e23d3e
+'use strict';
e23d3e
+
e23d3e
+const common = require('../common');
e23d3e
+if (!common.hasCrypto)
e23d3e
+  common.skip('missing crypto');
e23d3e
+
e23d3e
+const assert = require('assert');
e23d3e
+const tls = require('tls');
e23d3e
+const fixtures = require('../common/fixtures');
e23d3e
+
e23d3e
+const server = tls.createServer({
e23d3e
+  key: fixtures.readKey('agent2-key.pem'),
e23d3e
+  cert: fixtures.readKey('agent2-cert.pem'),
e23d3e
+  // Amount of keylog events depends on negotiated protocol
e23d3e
+  // version, so force a specific one:
e23d3e
+  minVersion: 'TLSv1.3',
e23d3e
+  maxVersion: 'TLSv1.3',
e23d3e
+}).listen(() => {
e23d3e
+  const client = tls.connect({
e23d3e
+    port: server.address().port,
e23d3e
+    rejectUnauthorized: false,
e23d3e
+  });
e23d3e
+
e23d3e
+  const verifyBuffer = (line) => assert(Buffer.isBuffer(line));
e23d3e
+  server.on('keylog', common.mustCall(verifyBuffer, 5));
e23d3e
+  client.on('keylog', common.mustCall(verifyBuffer, 5));
e23d3e
+
e23d3e
+  client.once('secureConnect', () => {
e23d3e
+    server.close();
e23d3e
+    client.end();
e23d3e
+  });
e23d3e
+});
e23d3e
diff --git a/test/known_issues/test-tls-no-sslv3.js b/test/known_issues/test-tls-no-sslv3.js
e23d3e
new file mode 100644
e23d3e
index 0000000..1acb1f9
e23d3e
--- /dev/null
e23d3e
+++ b/test/known_issues/test-tls-no-sslv3.js
e23d3e
@@ -0,0 +1,49 @@
e23d3e
+'use strict';
e23d3e
+const common = require('../common');
e23d3e
+if (!common.hasCrypto)
e23d3e
+  common.skip('missing crypto');
e23d3e
+
e23d3e
+if (common.opensslCli === false)
e23d3e
+  common.skip('node compiled without OpenSSL CLI.');
e23d3e
+
e23d3e
+const assert = require('assert');
e23d3e
+const tls = require('tls');
e23d3e
+const spawn = require('child_process').spawn;
e23d3e
+const fixtures = require('../common/fixtures');
e23d3e
+
e23d3e
+const cert = fixtures.readKey('rsa_cert.crt');
e23d3e
+const key = fixtures.readKey('rsa_private.pem');
e23d3e
+const server = tls.createServer({ cert, key }, common.mustNotCall());
e23d3e
+const errors = [];
e23d3e
+let stderr = '';
e23d3e
+
e23d3e
+server.listen(0, '127.0.0.1', function() {
e23d3e
+  const address = `${this.address().address}:${this.address().port}`;
e23d3e
+  const args = ['s_client',
e23d3e
+                '-ssl3',
e23d3e
+                '-connect', address];
e23d3e
+
e23d3e
+  const client = spawn(common.opensslCli, args, { stdio: 'pipe' });
e23d3e
+  client.stdout.pipe(process.stdout);
e23d3e
+  client.stderr.pipe(process.stderr);
e23d3e
+  client.stderr.setEncoding('utf8');
e23d3e
+  client.stderr.on('data', (data) => stderr += data);
e23d3e
+
e23d3e
+  client.once('exit', common.mustCall(function(exitCode) {
e23d3e
+    assert.strictEqual(exitCode, 1);
e23d3e
+    server.close();
e23d3e
+  }));
e23d3e
+});
e23d3e
+
e23d3e
+server.on('tlsClientError', (err) => errors.push(err));
e23d3e
+
e23d3e
+process.on('exit', function() {
e23d3e
+  if (/unknown option -ssl3/.test(stderr)) {
e23d3e
+    common.printSkipMessage('`openssl s_client -ssl3` not supported.');
e23d3e
+  } else {
e23d3e
+    assert.strictEqual(errors.length, 1);
e23d3e
+    // OpenSSL 1.0.x and 1.1.x report invalid client versions differently.
e23d3e
+    assert(/:wrong version number/.test(errors[0].message) ||
e23d3e
+           /:version too low/.test(errors[0].message));
e23d3e
+  }
e23d3e
+});
e23d3e
diff --git a/test/known_issues/test-tls-ticket-12.js b/test/known_issues/test-tls-ticket-12.js
e23d3e
new file mode 100644
e23d3e
index 0000000..600c571
e23d3e
--- /dev/null
e23d3e
+++ b/test/known_issues/test-tls-ticket-12.js
e23d3e
@@ -0,0 +1,12 @@
e23d3e
+'use strict';
e23d3e
+const common = require('../common');
e23d3e
+if (!common.hasCrypto)
e23d3e
+  common.skip('missing crypto');
e23d3e
+
e23d3e
+// Run test-tls-ticket.js with TLS1.2
e23d3e
+
e23d3e
+const tls = require('tls');
e23d3e
+
e23d3e
+tls.DEFAULT_MAX_VERSION = 'TLSv1.2';
e23d3e
+
e23d3e
+require('./test-tls-ticket.js');
e23d3e
diff --git a/test/known_issues/test-tls-ticket-cluster.js b/test/known_issues/test-tls-ticket-cluster.js
e23d3e
new file mode 100644
e23d3e
index 0000000..cc4f46e
e23d3e
--- /dev/null
e23d3e
+++ b/test/known_issues/test-tls-ticket-cluster.js
e23d3e
@@ -0,0 +1,135 @@
e23d3e
+// Copyright Joyent, Inc. and other Node contributors.
e23d3e
+//
e23d3e
+// Permission is hereby granted, free of charge, to any person obtaining a
e23d3e
+// copy of this software and associated documentation files (the
e23d3e
+// "Software"), to deal in the Software without restriction, including
e23d3e
+// without limitation the rights to use, copy, modify, merge, publish,
e23d3e
+// distribute, sublicense, and/or sell copies of the Software, and to permit
e23d3e
+// persons to whom the Software is furnished to do so, subject to the
e23d3e
+// following conditions:
e23d3e
+//
e23d3e
+// The above copyright notice and this permission notice shall be included
e23d3e
+// in all copies or substantial portions of the Software.
e23d3e
+//
e23d3e
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
e23d3e
+// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
e23d3e
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
e23d3e
+// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
e23d3e
+// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
e23d3e
+// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
e23d3e
+// USE OR OTHER DEALINGS IN THE SOFTWARE.
e23d3e
+
e23d3e
+'use strict';
e23d3e
+const common = require('../common');
e23d3e
+if (!common.hasCrypto)
e23d3e
+  common.skip('missing crypto');
e23d3e
+
e23d3e
+const assert = require('assert');
e23d3e
+const tls = require('tls');
e23d3e
+const cluster = require('cluster');
e23d3e
+const fixtures = require('../common/fixtures');
e23d3e
+
e23d3e
+const workerCount = 4;
e23d3e
+const expectedReqCount = 16;
e23d3e
+
e23d3e
+if (cluster.isMaster) {
e23d3e
+  let reusedCount = 0;
e23d3e
+  let reqCount = 0;
e23d3e
+  let lastSession = null;
e23d3e
+  let shootOnce = false;
e23d3e
+  let workerPort = null;
e23d3e
+
e23d3e
+  function shoot() {
e23d3e
+    console.error('[master] connecting', workerPort, 'session?', !!lastSession);
e23d3e
+    const c = tls.connect(workerPort, {
e23d3e
+      session: lastSession,
e23d3e
+      rejectUnauthorized: false
e23d3e
+    }, () => {
e23d3e
+      c.end();
e23d3e
+    }).on('close', () => {
e23d3e
+      // Wait for close to shoot off another connection. We don't want to shoot
e23d3e
+      // until a new session is allocated, if one will be. The new session is
e23d3e
+      // not guaranteed on secureConnect (it depends on TLS1.2 vs TLS1.3), but
e23d3e
+      // it is guaranteed to happen before the connection is closed.
e23d3e
+      if (++reqCount === expectedReqCount) {
e23d3e
+        Object.keys(cluster.workers).forEach(function(id) {
e23d3e
+          cluster.workers[id].send('die');
e23d3e
+        });
e23d3e
+      } else {
e23d3e
+        shoot();
e23d3e
+      }
e23d3e
+    }).once('session', (session) => {
e23d3e
+      assert(!lastSession);
e23d3e
+      lastSession = session;
e23d3e
+    });
e23d3e
+
e23d3e
+    c.resume(); // See close_notify comment in server
e23d3e
+  }
e23d3e
+
e23d3e
+  function fork() {
e23d3e
+    const worker = cluster.fork();
e23d3e
+    worker.on('message', ({ msg, port }) => {
e23d3e
+      console.error('[master] got %j', msg);
e23d3e
+      if (msg === 'reused') {
e23d3e
+        ++reusedCount;
e23d3e
+      } else if (msg === 'listening' && !shootOnce) {
e23d3e
+        workerPort = port || workerPort;
e23d3e
+        shootOnce = true;
e23d3e
+        shoot();
e23d3e
+      }
e23d3e
+    });
e23d3e
+
e23d3e
+    worker.on('exit', () => {
e23d3e
+      console.error('[master] worker died');
e23d3e
+    });
e23d3e
+  }
e23d3e
+  for (let i = 0; i < workerCount; i++) {
e23d3e
+    fork();
e23d3e
+  }
e23d3e
+
e23d3e
+  process.on('exit', () => {
e23d3e
+    assert.strictEqual(reqCount, expectedReqCount);
e23d3e
+    assert.strictEqual(reusedCount + 1, reqCount);
e23d3e
+  });
e23d3e
+  return;
e23d3e
+}
e23d3e
+
e23d3e
+const key = fixtures.readKey('rsa_private.pem');
e23d3e
+const cert = fixtures.readKey('rsa_cert.crt');
e23d3e
+
e23d3e
+const options = { key, cert };
e23d3e
+
e23d3e
+const server = tls.createServer(options, (c) => {
e23d3e
+  console.error('[worker] connection reused?', c.isSessionReused());
e23d3e
+  if (c.isSessionReused()) {
e23d3e
+    process.send({ msg: 'reused' });
e23d3e
+  } else {
e23d3e
+    process.send({ msg: 'not-reused' });
e23d3e
+  }
e23d3e
+  // Used to just .end(), but that means client gets close_notify before
e23d3e
+  // NewSessionTicket. Send data until that problem is solved.
e23d3e
+  c.end('x');
e23d3e
+});
e23d3e
+
e23d3e
+server.listen(0, () => {
e23d3e
+  const { port } = server.address();
e23d3e
+  process.send({
e23d3e
+    msg: 'listening',
e23d3e
+    port,
e23d3e
+  });
e23d3e
+});
e23d3e
+
e23d3e
+process.on('message', function listener(msg) {
e23d3e
+  console.error('[worker] got %j', msg);
e23d3e
+  if (msg === 'die') {
e23d3e
+    server.close(() => {
e23d3e
+      console.error('[worker] server close');
e23d3e
+
e23d3e
+      process.exit();
e23d3e
+    });
e23d3e
+  }
e23d3e
+});
e23d3e
+
e23d3e
+process.on('exit', () => {
e23d3e
+  console.error('[worker] exit');
e23d3e
+});
e23d3e
diff --git a/test/known_issues/test-tls-ticket.js b/test/known_issues/test-tls-ticket.js
e23d3e
new file mode 100644
e23d3e
index 0000000..8d9cd8c
e23d3e
--- /dev/null
e23d3e
+++ b/test/known_issues/test-tls-ticket.js
e23d3e
@@ -0,0 +1,159 @@
e23d3e
+// Copyright Joyent, Inc. and other Node contributors.
e23d3e
+//
e23d3e
+// Permission is hereby granted, free of charge, to any person obtaining a
e23d3e
+// copy of this software and associated documentation files (the
e23d3e
+// "Software"), to deal in the Software without restriction, including
e23d3e
+// without limitation the rights to use, copy, modify, merge, publish,
e23d3e
+// distribute, sublicense, and/or sell copies of the Software, and to permit
e23d3e
+// persons to whom the Software is furnished to do so, subject to the
e23d3e
+// following conditions:
e23d3e
+//
e23d3e
+// The above copyright notice and this permission notice shall be included
e23d3e
+// in all copies or substantial portions of the Software.
e23d3e
+//
e23d3e
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
e23d3e
+// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
e23d3e
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
e23d3e
+// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
e23d3e
+// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
e23d3e
+// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
e23d3e
+// USE OR OTHER DEALINGS IN THE SOFTWARE.
e23d3e
+
e23d3e
+'use strict';
e23d3e
+const common = require('../common');
e23d3e
+if (!common.hasCrypto)
e23d3e
+  common.skip('missing crypto');
e23d3e
+
e23d3e
+const assert = require('assert');
e23d3e
+const tls = require('tls');
e23d3e
+const net = require('net');
e23d3e
+const crypto = require('crypto');
e23d3e
+const fixtures = require('../common/fixtures');
e23d3e
+
e23d3e
+const keys = crypto.randomBytes(48);
e23d3e
+const serverLog = [];
e23d3e
+const ticketLog = [];
e23d3e
+
e23d3e
+let s;
e23d3e
+
e23d3e
+let serverCount = 0;
e23d3e
+function createServer() {
e23d3e
+  const id = serverCount++;
e23d3e
+
e23d3e
+  let counter = 0;
e23d3e
+  let previousKey = null;
e23d3e
+
e23d3e
+  const server = tls.createServer({
e23d3e
+    key: fixtures.readKey('agent1-key.pem'),
e23d3e
+    cert: fixtures.readKey('agent1-cert.pem'),
e23d3e
+    ticketKeys: keys
e23d3e
+  }, function(c) {
e23d3e
+    serverLog.push(id);
e23d3e
+    // TODO(@sam-github) Triggers close_notify before NewSessionTicket bug.
e23d3e
+    // c.end();
e23d3e
+    c.end('x');
e23d3e
+
e23d3e
+    counter++;
e23d3e
+
e23d3e
+    // Rotate ticket keys
e23d3e
+    //
e23d3e
+    // Take especial care to account for TLS1.2 and TLS1.3 differences around
e23d3e
+    // when ticket keys are encrypted. In TLS1.2, they are encrypted before the
e23d3e
+    // handshake complete callback, but in TLS1.3, they are encrypted after.
e23d3e
+    // There is no callback or way for us to know when they were sent, so hook
e23d3e
+    // the client's reception of the keys, and use it as proof that the current
e23d3e
+    // keys were used, and its safe to rotate them.
e23d3e
+    //
e23d3e
+    // Rotation can occur right away if the session was reused, the keys were
e23d3e
+    // already decrypted or we wouldn't have a reused session.
e23d3e
+    function setTicketKeys(keys) {
e23d3e
+      if (c.isSessionReused())
e23d3e
+        server.setTicketKeys(keys);
e23d3e
+      else
e23d3e
+        s.once('session', () => {
e23d3e
+          server.setTicketKeys(keys);
e23d3e
+        });
e23d3e
+    }
e23d3e
+    if (counter === 1) {
e23d3e
+      previousKey = server.getTicketKeys();
e23d3e
+      assert.strictEqual(previousKey.compare(keys), 0);
e23d3e
+      setTicketKeys(crypto.randomBytes(48));
e23d3e
+    } else if (counter === 2) {
e23d3e
+      setTicketKeys(previousKey);
e23d3e
+    } else if (counter === 3) {
e23d3e
+      // Use keys from counter=2
e23d3e
+    } else {
e23d3e
+      throw new Error('UNREACHABLE');
e23d3e
+    }
e23d3e
+  });
e23d3e
+
e23d3e
+  return server;
e23d3e
+}
e23d3e
+
e23d3e
+const naturalServers = [ createServer(), createServer(), createServer() ];
e23d3e
+
e23d3e
+// 3x servers
e23d3e
+const servers = naturalServers.concat(naturalServers).concat(naturalServers);
e23d3e
+
e23d3e
+// Create one TCP server and balance sockets to multiple TLS server instances
e23d3e
+const shared = net.createServer(function(c) {
e23d3e
+  servers.shift().emit('connection', c);
e23d3e
+}).listen(0, function() {
e23d3e
+  start(function() {
e23d3e
+    shared.close();
e23d3e
+  });
e23d3e
+});
e23d3e
+
e23d3e
+// 'session' events only occur for new sessions. The first connection is new.
e23d3e
+// After, for each set of 3 connections, the middle connection is made when the
e23d3e
+// server has random keys set, so the client's ticket is silently ignored, and a
e23d3e
+// new ticket is sent.
e23d3e
+const onNewSession = common.mustCall((s, session) => {
e23d3e
+  assert(session);
e23d3e
+  assert.strictEqual(session.compare(s.getSession()), 0);
e23d3e
+}, 4);
e23d3e
+
e23d3e
+function start(callback) {
e23d3e
+  let sess = null;
e23d3e
+  let left = servers.length;
e23d3e
+
e23d3e
+  function connect() {
e23d3e
+    s = tls.connect(shared.address().port, {
e23d3e
+      session: sess,
e23d3e
+      rejectUnauthorized: false
e23d3e
+    }, function() {
e23d3e
+      if (s.isSessionReused())
e23d3e
+        ticketLog.push(s.getTLSTicket().toString('hex'));
e23d3e
+    });
e23d3e
+    s.on('data', () => {
e23d3e
+      s.end();
e23d3e
+    });
e23d3e
+    s.on('close', function() {
e23d3e
+      if (--left === 0)
e23d3e
+        callback();
e23d3e
+      else
e23d3e
+        connect();
e23d3e
+    });
e23d3e
+    s.on('session', (session) => {
e23d3e
+      sess = sess || session;
e23d3e
+    });
e23d3e
+    s.once('session', (session) => onNewSession(s, session));
e23d3e
+    s.once('session', () => ticketLog.push(s.getTLSTicket().toString('hex')));
e23d3e
+  }
e23d3e
+
e23d3e
+  connect();
e23d3e
+}
e23d3e
+
e23d3e
+process.on('exit', function() {
e23d3e
+  assert.strictEqual(ticketLog.length, serverLog.length);
e23d3e
+  for (let i = 0; i < naturalServers.length - 1; i++) {
e23d3e
+    assert.notStrictEqual(serverLog[i], serverLog[i + 1]);
e23d3e
+    assert.strictEqual(ticketLog[i], ticketLog[i + 1]);
e23d3e
+
e23d3e
+    // 2nd connection should have different ticket
e23d3e
+    assert.notStrictEqual(ticketLog[i], ticketLog[i + naturalServers.length]);
e23d3e
+
e23d3e
+    // 3rd connection should have the same ticket
e23d3e
+    assert.strictEqual(ticketLog[i], ticketLog[i + naturalServers.length * 2]);
e23d3e
+  }
e23d3e
+});
e23d3e
diff --git a/test/known_issues/test-v8-serdes.js b/test/known_issues/test-v8-serdes.js
e23d3e
new file mode 100644
e23d3e
index 0000000..a992ba4
e23d3e
--- /dev/null
e23d3e
+++ b/test/known_issues/test-v8-serdes.js
e23d3e
@@ -0,0 +1,244 @@
e23d3e
+// Flags: --expose-internals
e23d3e
+
e23d3e
+'use strict';
e23d3e
+
e23d3e
+const common = require('../common');
e23d3e
+const fixtures = require('../common/fixtures');
e23d3e
+const { internalBinding } = require('internal/test/binding');
e23d3e
+const assert = require('assert');
e23d3e
+const v8 = require('v8');
e23d3e
+const os = require('os');
e23d3e
+
e23d3e
+const circular = {};
e23d3e
+circular.circular = circular;
e23d3e
+
e23d3e
+const wasmModule = new WebAssembly.Module(fixtures.readSync('simple.wasm'));
e23d3e
+
e23d3e
+const objects = [
e23d3e
+  { foo: 'bar' },
e23d3e
+  { bar: 'baz' },
e23d3e
+  new Uint8Array([1, 2, 3, 4]),
e23d3e
+  new Uint32Array([1, 2, 3, 4]),
e23d3e
+  Buffer.from([1, 2, 3, 4]),
e23d3e
+  undefined,
e23d3e
+  null,
e23d3e
+  42,
e23d3e
+  circular,
e23d3e
+  wasmModule
e23d3e
+];
e23d3e
+
e23d3e
+const hostObject = new (internalBinding('js_stream').JSStream)();
e23d3e
+
e23d3e
+const serializerTypeError =
e23d3e
+  /^TypeError: Class constructor Serializer cannot be invoked without 'new'$/;
e23d3e
+const deserializerTypeError =
e23d3e
+  /^TypeError: Class constructor Deserializer cannot be invoked without 'new'$/;
e23d3e
+
e23d3e
+{
e23d3e
+  const ser = new v8.DefaultSerializer();
e23d3e
+  ser.writeHeader();
e23d3e
+  for (const obj of objects) {
e23d3e
+    ser.writeValue(obj);
e23d3e
+  }
e23d3e
+
e23d3e
+  const des = new v8.DefaultDeserializer(ser.releaseBuffer());
e23d3e
+  des.readHeader();
e23d3e
+
e23d3e
+  for (const obj of objects) {
e23d3e
+    assert.deepStrictEqual(des.readValue(), obj);
e23d3e
+  }
e23d3e
+}
e23d3e
+
e23d3e
+{
e23d3e
+  for (const obj of objects) {
e23d3e
+    assert.deepStrictEqual(v8.deserialize(v8.serialize(obj)), obj);
e23d3e
+  }
e23d3e
+}
e23d3e
+
e23d3e
+{
e23d3e
+  const ser = new v8.DefaultSerializer();
e23d3e
+  ser._getDataCloneError = common.mustCall((message) => {
e23d3e
+    assert.strictEqual(message, '[object Object] could not be cloned.');
e23d3e
+    return new Error('foobar');
e23d3e
+  });
e23d3e
+
e23d3e
+  ser.writeHeader();
e23d3e
+
e23d3e
+  assert.throws(() => {
e23d3e
+    ser.writeValue(new Proxy({}, {}));
e23d3e
+  }, /foobar/);
e23d3e
+}
e23d3e
+
e23d3e
+{
e23d3e
+  const ser = new v8.DefaultSerializer();
e23d3e
+  ser._writeHostObject = common.mustCall((object) => {
e23d3e
+    assert.strictEqual(object, hostObject);
e23d3e
+    const buf = Buffer.from('hostObjectTag');
e23d3e
+
e23d3e
+    ser.writeUint32(buf.length);
e23d3e
+    ser.writeRawBytes(buf);
e23d3e
+
e23d3e
+    ser.writeUint64(1, 2);
e23d3e
+    ser.writeDouble(-0.25);
e23d3e
+  });
e23d3e
+
e23d3e
+  ser.writeHeader();
e23d3e
+  ser.writeValue({ val: hostObject });
e23d3e
+
e23d3e
+  const des = new v8.DefaultDeserializer(ser.releaseBuffer());
e23d3e
+  des._readHostObject = common.mustCall(() => {
e23d3e
+    const length = des.readUint32();
e23d3e
+    const buf = des.readRawBytes(length);
e23d3e
+
e23d3e
+    assert.strictEqual(buf.toString(), 'hostObjectTag');
e23d3e
+
e23d3e
+    assert.deepStrictEqual(des.readUint64(), [1, 2]);
e23d3e
+    assert.strictEqual(des.readDouble(), -0.25);
e23d3e
+    return hostObject;
e23d3e
+  });
e23d3e
+
e23d3e
+  des.readHeader();
e23d3e
+
e23d3e
+  assert.strictEqual(des.readValue().val, hostObject);
e23d3e
+}
e23d3e
+
e23d3e
+// This test ensures that `v8.Serializer.writeRawBytes()` support
e23d3e
+// `TypedArray` and `DataView`.
e23d3e
+{
e23d3e
+  const text = 'hostObjectTag';
e23d3e
+  const data = Buffer.from(text);
e23d3e
+  const arrayBufferViews = common.getArrayBufferViews(data);
e23d3e
+
e23d3e
+  // `buf` is one of `TypedArray` or `DataView`.
e23d3e
+  function testWriteRawBytes(buf) {
e23d3e
+    let writeHostObjectCalled = false;
e23d3e
+    const ser = new v8.DefaultSerializer();
e23d3e
+
e23d3e
+    ser._writeHostObject = common.mustCall((object) => {
e23d3e
+      writeHostObjectCalled = true;
e23d3e
+      ser.writeUint32(buf.byteLength);
e23d3e
+      ser.writeRawBytes(buf);
e23d3e
+    });
e23d3e
+
e23d3e
+    ser.writeHeader();
e23d3e
+    ser.writeValue({ val: hostObject });
e23d3e
+
e23d3e
+    const des = new v8.DefaultDeserializer(ser.releaseBuffer());
e23d3e
+    des._readHostObject = common.mustCall(() => {
e23d3e
+      assert.strictEqual(writeHostObjectCalled, true);
e23d3e
+      const length = des.readUint32();
e23d3e
+      const buf = des.readRawBytes(length);
e23d3e
+      assert.strictEqual(buf.toString(), text);
e23d3e
+
e23d3e
+      return hostObject;
e23d3e
+    });
e23d3e
+
e23d3e
+    des.readHeader();
e23d3e
+
e23d3e
+    assert.strictEqual(des.readValue().val, hostObject);
e23d3e
+  }
e23d3e
+
e23d3e
+  arrayBufferViews.forEach((buf) => {
e23d3e
+    testWriteRawBytes(buf);
e23d3e
+  });
e23d3e
+}
e23d3e
+
e23d3e
+{
e23d3e
+  const ser = new v8.DefaultSerializer();
e23d3e
+  ser._writeHostObject = common.mustCall((object) => {
e23d3e
+    throw new Error('foobar');
e23d3e
+  });
e23d3e
+
e23d3e
+  ser.writeHeader();
e23d3e
+  assert.throws(() => {
e23d3e
+    ser.writeValue({ val: hostObject });
e23d3e
+  }, /foobar/);
e23d3e
+}
e23d3e
+
e23d3e
+{
e23d3e
+  assert.throws(() => v8.serialize(hostObject), {
e23d3e
+    constructor: Error,
e23d3e
+    message: 'Unserializable host object: JSStream {}'
e23d3e
+  });
e23d3e
+}
e23d3e
+
e23d3e
+{
e23d3e
+  const buf = Buffer.from('ff0d6f2203666f6f5e007b01', 'hex');
e23d3e
+
e23d3e
+  const des = new v8.DefaultDeserializer(buf);
e23d3e
+  des.readHeader();
e23d3e
+
e23d3e
+  const ser = new v8.DefaultSerializer();
e23d3e
+  ser.writeHeader();
e23d3e
+
e23d3e
+  ser.writeValue(des.readValue());
e23d3e
+
e23d3e
+  assert.deepStrictEqual(buf, ser.releaseBuffer());
e23d3e
+  assert.strictEqual(des.getWireFormatVersion(), 0x0d);
e23d3e
+}
e23d3e
+
e23d3e
+{
e23d3e
+  // Unaligned Uint16Array read, with padding in the underlying array buffer.
e23d3e
+  let buf = Buffer.alloc(32 + 9);
e23d3e
+  buf.write('ff0d5c0404addeefbe', 32, 'hex');
e23d3e
+  buf = buf.slice(32);
e23d3e
+
e23d3e
+  const expectedResult = os.endianness() === 'LE' ?
e23d3e
+    new Uint16Array([0xdead, 0xbeef]) : new Uint16Array([0xadde, 0xefbe]);
e23d3e
+
e23d3e
+  assert.deepStrictEqual(v8.deserialize(buf), expectedResult);
e23d3e
+}
e23d3e
+
e23d3e
+{
e23d3e
+  assert.throws(v8.Serializer, serializerTypeError);
e23d3e
+  assert.throws(v8.Deserializer, deserializerTypeError);
e23d3e
+}
e23d3e
+
e23d3e
+
e23d3e
+// `v8.deserialize()` and `new v8.Deserializer()` should support both
e23d3e
+// `TypedArray` and `DataView`.
e23d3e
+{
e23d3e
+  for (const obj of objects) {
e23d3e
+    const buf = v8.serialize(obj);
e23d3e
+
e23d3e
+    for (const arrayBufferView of common.getArrayBufferViews(buf)) {
e23d3e
+      assert.deepStrictEqual(v8.deserialize(arrayBufferView), obj);
e23d3e
+    }
e23d3e
+
e23d3e
+    for (const arrayBufferView of common.getArrayBufferViews(buf)) {
e23d3e
+      const deserializer = new v8.DefaultDeserializer(arrayBufferView);
e23d3e
+      deserializer.readHeader();
e23d3e
+      const value = deserializer.readValue();
e23d3e
+      assert.deepStrictEqual(value, obj);
e23d3e
+
e23d3e
+      const serializer = new v8.DefaultSerializer();
e23d3e
+      serializer.writeHeader();
e23d3e
+      serializer.writeValue(value);
e23d3e
+      assert.deepStrictEqual(buf, serializer.releaseBuffer());
e23d3e
+    }
e23d3e
+  }
e23d3e
+}
e23d3e
+
e23d3e
+{
e23d3e
+  const INVALID_SOURCE = 'INVALID_SOURCE_TYPE';
e23d3e
+  const serializer = new v8.Serializer();
e23d3e
+  serializer.writeHeader();
e23d3e
+  assert.throws(
e23d3e
+    () => serializer.writeRawBytes(INVALID_SOURCE),
e23d3e
+    /^TypeError: source must be a TypedArray or a DataView$/,
e23d3e
+  );
e23d3e
+  assert.throws(
e23d3e
+    () => v8.deserialize(INVALID_SOURCE),
e23d3e
+    /^TypeError: buffer must be a TypedArray or a DataView$/,
e23d3e
+  );
e23d3e
+  assert.throws(
e23d3e
+    () => new v8.Deserializer(INVALID_SOURCE),
e23d3e
+    /^TypeError: buffer must be a TypedArray or a DataView$/,
e23d3e
+  );
e23d3e
+}
e23d3e
+
e23d3e
+{
e23d3e
+  const deserializedWasmModule = v8.deserialize(v8.serialize(wasmModule));
e23d3e
+  const instance = new WebAssembly.Instance(deserializedWasmModule);
e23d3e
+  assert.strictEqual(instance.exports.add(10, 20), 30);
e23d3e
+}
e23d3e
diff --git a/test/parallel/test-crypto-aes-wrap.js b/test/parallel/test-crypto-aes-wrap.js
e23d3e
deleted file mode 100644
e23d3e
index 6fe3525..0000000
e23d3e
--- a/test/parallel/test-crypto-aes-wrap.js
e23d3e
+++ /dev/null
e23d3e
@@ -1,62 +0,0 @@
e23d3e
-'use strict';
e23d3e
-const common = require('../common');
e23d3e
-if (!common.hasCrypto)
e23d3e
-  common.skip('missing crypto');
e23d3e
-
e23d3e
-const assert = require('assert');
e23d3e
-const crypto = require('crypto');
e23d3e
-
e23d3e
-const test = [
e23d3e
-  {
e23d3e
-    algorithm: 'aes128-wrap',
e23d3e
-    key: 'b26f309fbe57e9b3bb6ae5ef31d54450',
e23d3e
-    iv: '3fd838af4093d749',
e23d3e
-    text: '12345678123456781234567812345678'
e23d3e
-  },
e23d3e
-  {
e23d3e
-    algorithm: 'id-aes128-wrap-pad',
e23d3e
-    key: 'b26f309fbe57e9b3bb6ae5ef31d54450',
e23d3e
-    iv: '3fd838af',
e23d3e
-    text: '12345678123456781234567812345678123'
e23d3e
-  },
e23d3e
-  {
e23d3e
-    algorithm: 'aes192-wrap',
e23d3e
-    key: '40978085d68091f7dfca0d7dfc7a5ee76d2cc7f2f345a304',
e23d3e
-    iv: '3fd838af4093d749',
e23d3e
-    text: '12345678123456781234567812345678'
e23d3e
-  },
e23d3e
-  {
e23d3e
-    algorithm: 'id-aes192-wrap-pad',
e23d3e
-    key: '40978085d68091f7dfca0d7dfc7a5ee76d2cc7f2f345a304',
e23d3e
-    iv: '3fd838af',
e23d3e
-    text: '12345678123456781234567812345678123'
e23d3e
-  },
e23d3e
-  {
e23d3e
-    algorithm: 'aes256-wrap',
e23d3e
-    key: '29c9eab5ed5ad44134a1437fe2e673b4d88a5b7c72e68454fea08721392b7323',
e23d3e
-    iv: '3fd838af4093d749',
e23d3e
-    text: '12345678123456781234567812345678'
e23d3e
-  },
e23d3e
-  {
e23d3e
-    algorithm: 'id-aes256-wrap-pad',
e23d3e
-    key: '29c9eab5ed5ad44134a1437fe2e673b4d88a5b7c72e68454fea08721392b7323',
e23d3e
-    iv: '3fd838af',
e23d3e
-    text: '12345678123456781234567812345678123'
e23d3e
-  },
e23d3e
-];
e23d3e
-
e23d3e
-test.forEach((data) => {
e23d3e
-  const cipher = crypto.createCipheriv(
e23d3e
-    data.algorithm,
e23d3e
-    Buffer.from(data.key, 'hex'),
e23d3e
-    Buffer.from(data.iv, 'hex'));
e23d3e
-  const ciphertext = cipher.update(data.text, 'utf8');
e23d3e
-
e23d3e
-  const decipher = crypto.createDecipheriv(
e23d3e
-    data.algorithm,
e23d3e
-    Buffer.from(data.key, 'hex'),
e23d3e
-    Buffer.from(data.iv, 'hex'));
e23d3e
-  const msg = decipher.update(ciphertext, 'buffer', 'utf8');
e23d3e
-
e23d3e
-  assert.strictEqual(msg, data.text, `${data.algorithm} test case failed`);
e23d3e
-});
e23d3e
diff --git a/test/parallel/test-crypto-authenticated.js b/test/parallel/test-crypto-authenticated.js
e23d3e
index 8be7296..c9bf961 100644
e23d3e
--- a/test/parallel/test-crypto-authenticated.js
e23d3e
+++ b/test/parallel/test-crypto-authenticated.js
e23d3e
@@ -404,7 +404,7 @@ for (const test of TEST_CASES) {
e23d3e
 // Test that create(De|C)ipher(iv)? throws if the mode is CCM or OCB and no
e23d3e
 // authentication tag has been specified.
e23d3e
 {
e23d3e
-  for (const mode of ['ccm', 'ocb']) {
e23d3e
+  for (const mode of ['ccm']) {
e23d3e
     assert.throws(() => {
e23d3e
       crypto.createCipheriv(`aes-256-${mode}`,
e23d3e
                             'FxLKsqdmv0E9xrQhp0b1ZgI0K7JFZJM8',
e23d3e
@@ -564,7 +564,7 @@ for (const test of TEST_CASES) {
e23d3e
   const key = Buffer.from('0123456789abcdef', 'utf8');
e23d3e
   const iv = Buffer.from('0123456789ab', 'utf8');
e23d3e
 
e23d3e
-  for (const mode of ['gcm', 'ocb']) {
e23d3e
+  for (const mode of ['gcm']) {
e23d3e
     for (const authTagLength of mode === 'gcm' ? [undefined, 8] : [8]) {
e23d3e
       const cipher = crypto.createCipheriv(`aes-128-${mode}`, key, iv, {
e23d3e
         authTagLength
e23d3e
@@ -598,7 +598,7 @@ for (const test of TEST_CASES) {
e23d3e
   const iv = Buffer.from('0123456789ab', 'utf8');
e23d3e
   const opts = { authTagLength: 8 };
e23d3e
 
e23d3e
-  for (const mode of ['gcm', 'ccm', 'ocb']) {
e23d3e
+  for (const mode of ['gcm', 'ccm']) {
e23d3e
     const cipher = crypto.createCipheriv(`aes-128-${mode}`, key, iv, opts);
e23d3e
     const ciphertext = Buffer.concat([cipher.update(plain), cipher.final()]);
e23d3e
     const tag = cipher.getAuthTag();
e23d3e
@@ -616,51 +616,3 @@ for (const test of TEST_CASES) {
e23d3e
     assert(plain.equals(plaintext));
e23d3e
   }
e23d3e
 }
e23d3e
-
e23d3e
-
e23d3e
-// Test chacha20-poly1305 rejects invalid IV lengths of 13, 14, 15, and 16 (a
e23d3e
-// length of 17 or greater was already rejected).
e23d3e
-// - https://www.openssl.org/news/secadv/20190306.txt
e23d3e
-{
e23d3e
-  // Valid extracted from TEST_CASES, check that it detects IV tampering.
e23d3e
-  const valid = {
e23d3e
-    algo: 'chacha20-poly1305',
e23d3e
-    key: '808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f',
e23d3e
-    iv: '070000004041424344454647',
e23d3e
-    plain: '4c616469657320616e642047656e746c656d656e206f662074686520636c6173' +
e23d3e
-           '73206f66202739393a204966204920636f756c64206f6666657220796f75206f' +
e23d3e
-           '6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73' +
e23d3e
-           '637265656e20776f756c642062652069742e',
e23d3e
-    plainIsHex: true,
e23d3e
-    aad: '50515253c0c1c2c3c4c5c6c7',
e23d3e
-    ct: 'd31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5' +
e23d3e
-        'a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e06' +
e23d3e
-        '0b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fa' +
e23d3e
-        'b324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d265' +
e23d3e
-        '86cec64b6116',
e23d3e
-    tag: '1ae10b594f09e26a7e902ecbd0600691',
e23d3e
-    tampered: false,
e23d3e
-  };
e23d3e
-
e23d3e
-  // Invalid IV lengths should be detected:
e23d3e
-  // - 12 and below are valid.
e23d3e
-  // - 13-16 are not detected as invalid by some OpenSSL versions.
e23d3e
-  check(13);
e23d3e
-  check(14);
e23d3e
-  check(15);
e23d3e
-  check(16);
e23d3e
-  // - 17 and above were always detected as invalid by OpenSSL.
e23d3e
-  check(17);
e23d3e
-
e23d3e
-  function check(ivLength) {
e23d3e
-    const prefix = ivLength - valid.iv.length / 2;
e23d3e
-    assert.throws(() => crypto.createCipheriv(
e23d3e
-      valid.algo,
e23d3e
-      Buffer.from(valid.key, 'hex'),
e23d3e
-      Buffer.from(H(prefix) + valid.iv, 'hex'),
e23d3e
-      { authTagLength: valid.tag.length / 2 }
e23d3e
-    ), errMessages.length, `iv length ${ivLength} was not rejected`);
e23d3e
-
e23d3e
-    function H(length) { return '00'.repeat(length); }
e23d3e
-  }
e23d3e
-}
e23d3e
diff --git a/test/parallel/test-crypto-des3-wrap.js b/test/parallel/test-crypto-des3-wrap.js
e23d3e
deleted file mode 100644
e23d3e
index 75c8cd5..0000000
e23d3e
--- a/test/parallel/test-crypto-des3-wrap.js
e23d3e
+++ /dev/null
e23d3e
@@ -1,25 +0,0 @@
e23d3e
-'use strict';
e23d3e
-const common = require('../common');
e23d3e
-if (!common.hasCrypto)
e23d3e
-  common.skip('missing crypto');
e23d3e
-
e23d3e
-const assert = require('assert');
e23d3e
-const crypto = require('crypto');
e23d3e
-
e23d3e
-// Test case for des-ede3 wrap/unwrap. des3-wrap needs extra 2x blocksize
e23d3e
-// then plaintext to store ciphertext.
e23d3e
-const test = {
e23d3e
-  key: Buffer.from('3c08e25be22352910671cfe4ba3652b1220a8a7769b490ba', 'hex'),
e23d3e
-  iv: Buffer.alloc(0),
e23d3e
-  plaintext: '32|RmVZZkFUVmpRRkp0TmJaUm56ZU9qcnJkaXNNWVNpTTU*|iXmckfRWZBG' +
e23d3e
-    'WWELweCBsThSsfUHLeRe0KCsK8ooHgxie0zOINpXxfZi/oNG7uq9JWFVCk70gfzQH8ZU' +
e23d3e
-    'JjAfaFg**'
e23d3e
-};
e23d3e
-
e23d3e
-const cipher = crypto.createCipheriv('des3-wrap', test.key, test.iv);
e23d3e
-const ciphertext = cipher.update(test.plaintext, 'utf8');
e23d3e
-
e23d3e
-const decipher = crypto.createDecipheriv('des3-wrap', test.key, test.iv);
e23d3e
-const msg = decipher.update(ciphertext, 'buffer', 'utf8');
e23d3e
-
e23d3e
-assert.strictEqual(msg, test.plaintext);
e23d3e
diff --git a/test/parallel/test-crypto-hash-stream-pipe.js b/test/parallel/test-crypto-hash-stream-pipe.js
e23d3e
deleted file mode 100644
e23d3e
index d22281a..0000000
e23d3e
--- a/test/parallel/test-crypto-hash-stream-pipe.js
e23d3e
+++ /dev/null
e23d3e
@@ -1,46 +0,0 @@
e23d3e
-// Copyright Joyent, Inc. and other Node contributors.
e23d3e
-//
e23d3e
-// Permission is hereby granted, free of charge, to any person obtaining a
e23d3e
-// copy of this software and associated documentation files (the
e23d3e
-// "Software"), to deal in the Software without restriction, including
e23d3e
-// without limitation the rights to use, copy, modify, merge, publish,
e23d3e
-// distribute, sublicense, and/or sell copies of the Software, and to permit
e23d3e
-// persons to whom the Software is furnished to do so, subject to the
e23d3e
-// following conditions:
e23d3e
-//
e23d3e
-// The above copyright notice and this permission notice shall be included
e23d3e
-// in all copies or substantial portions of the Software.
e23d3e
-//
e23d3e
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
e23d3e
-// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
e23d3e
-// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
e23d3e
-// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
e23d3e
-// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
e23d3e
-// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
e23d3e
-// USE OR OTHER DEALINGS IN THE SOFTWARE.
e23d3e
-
e23d3e
-'use strict';
e23d3e
-const common = require('../common');
e23d3e
-
e23d3e
-if (!common.hasCrypto)
e23d3e
-  common.skip('missing crypto');
e23d3e
-
e23d3e
-const assert = require('assert');
e23d3e
-const crypto = require('crypto');
e23d3e
-
e23d3e
-const stream = require('stream');
e23d3e
-const s = new stream.PassThrough();
e23d3e
-const h = crypto.createHash('sha3-512');
e23d3e
-const expect = '36a38a2a35e698974d4e5791a3f05b05' +
e23d3e
-               '198235381e864f91a0e8cd6a26b677ec' +
e23d3e
-               'dcde8e2b069bd7355fabd68abd6fc801' +
e23d3e
-               '19659f25e92f8efc961ee3a7c815c758';
e23d3e
-
e23d3e
-s.pipe(h).on('data', common.mustCall(function(c) {
e23d3e
-  assert.strictEqual(c, expect);
e23d3e
-  // Calling digest() after piping into a stream with SHA3 should not cause
e23d3e
-  // a segmentation fault, see https://github.com/nodejs/node/issues/28245.
e23d3e
-  assert.strictEqual(h.digest('hex'), expect);
e23d3e
-})).setEncoding('hex');
e23d3e
-
e23d3e
-s.end('aoeu');
e23d3e
diff --git a/test/parallel/test-crypto-hash.js b/test/parallel/test-crypto-hash.js
e23d3e
index 0ccc300..996b885 100644
e23d3e
--- a/test/parallel/test-crypto-hash.js
e23d3e
+++ b/test/parallel/test-crypto-hash.js
e23d3e
@@ -182,87 +182,6 @@ common.expectsError(
e23d3e
                                    ' when called without `new`');
e23d3e
 }
e23d3e
 
e23d3e
-// Test XOF hash functions and the outputLength option.
e23d3e
-{
e23d3e
-  // Default outputLengths.
e23d3e
-  assert.strictEqual(crypto.createHash('shake128').digest('hex'),
e23d3e
-                     '7f9c2ba4e88f827d616045507605853e');
e23d3e
-  assert.strictEqual(crypto.createHash('shake128', null).digest('hex'),
e23d3e
-                     '7f9c2ba4e88f827d616045507605853e');
e23d3e
-  assert.strictEqual(crypto.createHash('shake256').digest('hex'),
e23d3e
-                     '46b9dd2b0ba88d13233b3feb743eeb24' +
e23d3e
-                     '3fcd52ea62b81b82b50c27646ed5762f');
e23d3e
-  assert.strictEqual(crypto.createHash('shake256', { outputLength: 0 })
e23d3e
-                           .copy()  // Default outputLength.
e23d3e
-                           .digest('hex'),
e23d3e
-                     '46b9dd2b0ba88d13233b3feb743eeb24' +
e23d3e
-                     '3fcd52ea62b81b82b50c27646ed5762f');
e23d3e
-
e23d3e
-  // Short outputLengths.
e23d3e
-  assert.strictEqual(crypto.createHash('shake128', { outputLength: 0 })
e23d3e
-                           .digest('hex'),
e23d3e
-                     '');
e23d3e
-  assert.strictEqual(crypto.createHash('shake128', { outputLength: 5 })
e23d3e
-                           .copy({ outputLength: 0 })
e23d3e
-                           .digest('hex'),
e23d3e
-                     '');
e23d3e
-  assert.strictEqual(crypto.createHash('shake128', { outputLength: 5 })
e23d3e
-                           .digest('hex'),
e23d3e
-                     '7f9c2ba4e8');
e23d3e
-  assert.strictEqual(crypto.createHash('shake128', { outputLength: 0 })
e23d3e
-                           .copy({ outputLength: 5 })
e23d3e
-                           .digest('hex'),
e23d3e
-                     '7f9c2ba4e8');
e23d3e
-  assert.strictEqual(crypto.createHash('shake128', { outputLength: 15 })
e23d3e
-                           .digest('hex'),
e23d3e
-                     '7f9c2ba4e88f827d61604550760585');
e23d3e
-  assert.strictEqual(crypto.createHash('shake256', { outputLength: 16 })
e23d3e
-                           .digest('hex'),
e23d3e
-                     '46b9dd2b0ba88d13233b3feb743eeb24');
e23d3e
-
e23d3e
-  // Large outputLengths.
e23d3e
-  assert.strictEqual(crypto.createHash('shake128', { outputLength: 128 })
e23d3e
-                           .digest('hex'),
e23d3e
-                     '7f9c2ba4e88f827d616045507605853e' +
e23d3e
-                     'd73b8093f6efbc88eb1a6eacfa66ef26' +
e23d3e
-                     '3cb1eea988004b93103cfb0aeefd2a68' +
e23d3e
-                     '6e01fa4a58e8a3639ca8a1e3f9ae57e2' +
e23d3e
-                     '35b8cc873c23dc62b8d260169afa2f75' +
e23d3e
-                     'ab916a58d974918835d25e6a435085b2' +
e23d3e
-                     'badfd6dfaac359a5efbb7bcc4b59d538' +
e23d3e
-                     'df9a04302e10c8bc1cbf1a0b3a5120ea');
e23d3e
-  const superLongHash = crypto.createHash('shake256', {
e23d3e
-    outputLength: 1024 * 1024
e23d3e
-  }).update('The message is shorter than the hash!')
e23d3e
-    .digest('hex');
e23d3e
-  assert.strictEqual(superLongHash.length, 2 * 1024 * 1024);
e23d3e
-  assert.ok(superLongHash.endsWith('193414035ddba77bf7bba97981e656ec'));
e23d3e
-  assert.ok(superLongHash.startsWith('a2a28dbc49cfd6e5d6ceea3d03e77748'));
e23d3e
-
e23d3e
-  // Non-XOF hash functions should accept valid outputLength options as well.
e23d3e
-  assert.strictEqual(crypto.createHash('sha224', { outputLength: 28 })
e23d3e
-                           .digest('hex'),
e23d3e
-                     'd14a028c2a3a2bc9476102bb288234c4' +
e23d3e
-                     '15a2b01f828ea62ac5b3e42f');
e23d3e
-
e23d3e
-  // Passing invalid sizes should throw during creation.
e23d3e
-  common.expectsError(() => {
e23d3e
-    crypto.createHash('sha256', { outputLength: 28 });
e23d3e
-  }, {
e23d3e
-    code: 'ERR_OSSL_EVP_NOT_XOF_OR_INVALID_LENGTH'
e23d3e
-  });
e23d3e
-
e23d3e
-  for (const outputLength of [null, {}, 'foo', false]) {
e23d3e
-    common.expectsError(() => crypto.createHash('sha256', { outputLength }),
e23d3e
-                        { code: 'ERR_INVALID_ARG_TYPE' });
e23d3e
-  }
e23d3e
-
e23d3e
-  for (const outputLength of [-1, .5, Infinity, 2 ** 90]) {
e23d3e
-    common.expectsError(() => crypto.createHash('sha256', { outputLength }),
e23d3e
-                        { code: 'ERR_OUT_OF_RANGE' });
e23d3e
-  }
e23d3e
-}
e23d3e
-
e23d3e
 {
e23d3e
   const h = crypto.createHash('sha512');
e23d3e
   h.digest();
e23d3e
diff --git a/test/parallel/test-crypto-key-objects.js b/test/parallel/test-crypto-key-objects.js
e23d3e
index c830343..be32895 100644
e23d3e
--- a/test/parallel/test-crypto-key-objects.js
e23d3e
+++ b/test/parallel/test-crypto-key-objects.js
e23d3e
@@ -241,42 +241,6 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
e23d3e
   });
e23d3e
 }
e23d3e
 
e23d3e
-[
e23d3e
-  { private: fixtures.readKey('ed25519_private.pem', 'ascii'),
e23d3e
-    public: fixtures.readKey('ed25519_public.pem', 'ascii'),
e23d3e
-    keyType: 'ed25519' },
e23d3e
-  { private: fixtures.readKey('ed448_private.pem', 'ascii'),
e23d3e
-    public: fixtures.readKey('ed448_public.pem', 'ascii'),
e23d3e
-    keyType: 'ed448' },
e23d3e
-  { private: fixtures.readKey('x25519_private.pem', 'ascii'),
e23d3e
-    public: fixtures.readKey('x25519_public.pem', 'ascii'),
e23d3e
-    keyType: 'x25519' },
e23d3e
-  { private: fixtures.readKey('x448_private.pem', 'ascii'),
e23d3e
-    public: fixtures.readKey('x448_public.pem', 'ascii'),
e23d3e
-    keyType: 'x448' },
e23d3e
-].forEach((info) => {
e23d3e
-  const keyType = info.keyType;
e23d3e
-
e23d3e
-  {
e23d3e
-    const exportOptions = { type: 'pkcs8', format: 'pem' };
e23d3e
-    const key = createPrivateKey(info.private);
e23d3e
-    assert.strictEqual(key.type, 'private');
e23d3e
-    assert.strictEqual(key.asymmetricKeyType, keyType);
e23d3e
-    assert.strictEqual(key.symmetricKeySize, undefined);
e23d3e
-    assert.strictEqual(key.export(exportOptions), info.private);
e23d3e
-  }
e23d3e
-
e23d3e
-  {
e23d3e
-    const exportOptions = { type: 'spki', format: 'pem' };
e23d3e
-    [info.private, info.public].forEach((pem) => {
e23d3e
-      const key = createPublicKey(pem);
e23d3e
-      assert.strictEqual(key.type, 'public');
e23d3e
-      assert.strictEqual(key.asymmetricKeyType, keyType);
e23d3e
-      assert.strictEqual(key.symmetricKeySize, undefined);
e23d3e
-      assert.strictEqual(key.export(exportOptions), info.public);
e23d3e
-    });
e23d3e
-  }
e23d3e
-});
e23d3e
 
e23d3e
 {
e23d3e
   // Reading an encrypted key without a passphrase should fail.
e23d3e
@@ -324,145 +288,6 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
e23d3e
 }
e23d3e
 
e23d3e
 {
e23d3e
-  // Test RSA-PSS.
e23d3e
-  {
e23d3e
-    // This key pair does not restrict the message digest algorithm or salt
e23d3e
-    // length.
e23d3e
-    const publicPem = fixtures.readKey('rsa_pss_public_2048.pem');
e23d3e
-    const privatePem = fixtures.readKey('rsa_pss_private_2048.pem');
e23d3e
-
e23d3e
-    const publicKey = createPublicKey(publicPem);
e23d3e
-    const privateKey = createPrivateKey(privatePem);
e23d3e
-
e23d3e
-    assert.strictEqual(publicKey.type, 'public');
e23d3e
-    assert.strictEqual(publicKey.asymmetricKeyType, 'rsa-pss');
e23d3e
-
e23d3e
-    assert.strictEqual(privateKey.type, 'private');
e23d3e
-    assert.strictEqual(privateKey.asymmetricKeyType, 'rsa-pss');
e23d3e
-
e23d3e
-    for (const key of [privatePem, privateKey]) {
e23d3e
-      // Any algorithm should work.
e23d3e
-      for (const algo of ['sha1', 'sha256']) {
e23d3e
-        // Any salt length should work.
e23d3e
-        for (const saltLength of [undefined, 8, 10, 12, 16, 18, 20]) {
e23d3e
-          const signature = createSign(algo)
e23d3e
-                            .update('foo')
e23d3e
-                            .sign({ key, saltLength });
e23d3e
-
e23d3e
-          for (const pkey of [key, publicKey, publicPem]) {
e23d3e
-            const okay = createVerify(algo)
e23d3e
-                         .update('foo')
e23d3e
-                         .verify({ key: pkey, saltLength }, signature);
e23d3e
-
e23d3e
-            assert.ok(okay);
e23d3e
-          }
e23d3e
-        }
e23d3e
-      }
e23d3e
-    }
e23d3e
-
e23d3e
-    // Exporting the key using PKCS#1 should not work since this would discard
e23d3e
-    // any algorithm restrictions.
e23d3e
-    common.expectsError(() => {
e23d3e
-      publicKey.export({ format: 'pem', type: 'pkcs1' });
e23d3e
-    }, {
e23d3e
-      code: 'ERR_CRYPTO_INCOMPATIBLE_KEY_OPTIONS'
e23d3e
-    });
e23d3e
-  }
e23d3e
-
e23d3e
-  {
e23d3e
-    // This key pair enforces sha256 as the message digest and the MGF1
e23d3e
-    // message digest and a salt length of at least 16 bytes.
e23d3e
-    const publicPem =
e23d3e
-      fixtures.readKey('rsa_pss_public_2048_sha256_sha256_16.pem');
e23d3e
-    const privatePem =
e23d3e
-      fixtures.readKey('rsa_pss_private_2048_sha256_sha256_16.pem');
e23d3e
-
e23d3e
-    const publicKey = createPublicKey(publicPem);
e23d3e
-    const privateKey = createPrivateKey(privatePem);
e23d3e
-
e23d3e
-    assert.strictEqual(publicKey.type, 'public');
e23d3e
-    assert.strictEqual(publicKey.asymmetricKeyType, 'rsa-pss');
e23d3e
-
e23d3e
-    assert.strictEqual(privateKey.type, 'private');
e23d3e
-    assert.strictEqual(privateKey.asymmetricKeyType, 'rsa-pss');
e23d3e
-
e23d3e
-    for (const key of [privatePem, privateKey]) {
e23d3e
-      // Signing with anything other than sha256 should fail.
e23d3e
-      assert.throws(() => {
e23d3e
-        createSign('sha1').sign(key);
e23d3e
-      }, /digest not allowed/);
e23d3e
-
e23d3e
-      // Signing with salt lengths less than 16 bytes should fail.
e23d3e
-      for (const saltLength of [8, 10, 12]) {
e23d3e
-        assert.throws(() => {
e23d3e
-          createSign('sha1').sign({ key, saltLength });
e23d3e
-        }, /pss saltlen too small/);
e23d3e
-      }
e23d3e
-
e23d3e
-      // Signing with sha256 and appropriate salt lengths should work.
e23d3e
-      for (const saltLength of [undefined, 16, 18, 20]) {
e23d3e
-        const signature = createSign('sha256')
e23d3e
-                          .update('foo')
e23d3e
-                          .sign({ key, saltLength });
e23d3e
-
e23d3e
-        for (const pkey of [key, publicKey, publicPem]) {
e23d3e
-          const okay = createVerify('sha256')
e23d3e
-                       .update('foo')
e23d3e
-                       .verify({ key: pkey, saltLength }, signature);
e23d3e
-
e23d3e
-          assert.ok(okay);
e23d3e
-        }
e23d3e
-      }
e23d3e
-    }
e23d3e
-  }
e23d3e
-
e23d3e
-  {
e23d3e
-    // This key enforces sha512 as the message digest and sha256 as the MGF1
e23d3e
-    // message digest.
e23d3e
-    const publicPem =
e23d3e
-      fixtures.readKey('rsa_pss_public_2048_sha512_sha256_20.pem');
e23d3e
-    const privatePem =
e23d3e
-      fixtures.readKey('rsa_pss_private_2048_sha512_sha256_20.pem');
e23d3e
-
e23d3e
-    const publicKey = createPublicKey(publicPem);
e23d3e
-    const privateKey = createPrivateKey(privatePem);
e23d3e
-
e23d3e
-    assert.strictEqual(publicKey.type, 'public');
e23d3e
-    assert.strictEqual(publicKey.asymmetricKeyType, 'rsa-pss');
e23d3e
-
e23d3e
-    assert.strictEqual(privateKey.type, 'private');
e23d3e
-    assert.strictEqual(privateKey.asymmetricKeyType, 'rsa-pss');
e23d3e
-
e23d3e
-    // Node.js usually uses the same hash function for the message and for MGF1.
e23d3e
-    // However, when a different MGF1 message digest algorithm has been
e23d3e
-    // specified as part of the key, it should automatically switch to that.
e23d3e
-    // This behavior is required by sections 3.1 and 3.3 of RFC4055.
e23d3e
-    for (const key of [privatePem, privateKey]) {
e23d3e
-      // sha256 matches the MGF1 hash function and should be used internally,
e23d3e
-      // but it should not be permitted as the main message digest algorithm.
e23d3e
-      for (const algo of ['sha1', 'sha256']) {
e23d3e
-        assert.throws(() => {
e23d3e
-          createSign(algo).sign(key);
e23d3e
-        }, /digest not allowed/);
e23d3e
-      }
e23d3e
-
e23d3e
-      // sha512 should produce a valid signature.
e23d3e
-      const signature = createSign('sha512')
e23d3e
-                        .update('foo')
e23d3e
-                        .sign(key);
e23d3e
-
e23d3e
-      for (const pkey of [key, publicKey, publicPem]) {
e23d3e
-        const okay = createVerify('sha512')
e23d3e
-                     .update('foo')
e23d3e
-                     .verify(pkey, signature);
e23d3e
-
e23d3e
-        assert.ok(okay);
e23d3e
-      }
e23d3e
-    }
e23d3e
-  }
e23d3e
-}
e23d3e
-
e23d3e
-{
e23d3e
   // Exporting an encrypted private key requires a cipher
e23d3e
   const privateKey = createPrivateKey(privatePem);
e23d3e
   common.expectsError(() => {
e23d3e
diff --git a/test/parallel/test-crypto-keygen.js b/test/parallel/test-crypto-keygen.js
e23d3e
index 605a374..05a2d80 100644
e23d3e
--- a/test/parallel/test-crypto-keygen.js
e23d3e
+++ b/test/parallel/test-crypto-keygen.js
e23d3e
@@ -266,43 +266,6 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
e23d3e
 }
e23d3e
 
e23d3e
 {
e23d3e
-  // Test RSA-PSS.
e23d3e
-  generateKeyPair('rsa-pss', {
e23d3e
-    modulusLength: 512,
e23d3e
-    saltLength: 16,
e23d3e
-    hash: 'sha256',
e23d3e
-    mgf1Hash: 'sha256'
e23d3e
-  }, common.mustCall((err, publicKey, privateKey) => {
e23d3e
-    assert.ifError(err);
e23d3e
-
e23d3e
-    assert.strictEqual(publicKey.type, 'public');
e23d3e
-    assert.strictEqual(publicKey.asymmetricKeyType, 'rsa-pss');
e23d3e
-
e23d3e
-    assert.strictEqual(privateKey.type, 'private');
e23d3e
-    assert.strictEqual(privateKey.asymmetricKeyType, 'rsa-pss');
e23d3e
-
e23d3e
-    // Unlike RSA, RSA-PSS does not allow encryption.
e23d3e
-    assert.throws(() => {
e23d3e
-      testEncryptDecrypt(publicKey, privateKey);
e23d3e
-    }, /operation not supported for this keytype/);
e23d3e
-
e23d3e
-    // RSA-PSS also does not permit signing with PKCS1 padding.
e23d3e
-    assert.throws(() => {
e23d3e
-      testSignVerify({
e23d3e
-        key: publicKey,
e23d3e
-        padding: constants.RSA_PKCS1_PADDING
e23d3e
-      }, {
e23d3e
-        key: privateKey,
e23d3e
-        padding: constants.RSA_PKCS1_PADDING
e23d3e
-      });
e23d3e
-    }, /illegal or unsupported padding mode/);
e23d3e
-
e23d3e
-    // The padding should correctly default to RSA_PKCS1_PSS_PADDING now.
e23d3e
-    testSignVerify(publicKey, privateKey);
e23d3e
-  }));
e23d3e
-}
e23d3e
-
e23d3e
-{
e23d3e
   const privateKeyEncoding = {
e23d3e
     type: 'pkcs8',
e23d3e
     format: 'der'
e23d3e
@@ -964,23 +927,6 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
e23d3e
   }));
e23d3e
 }
e23d3e
 
e23d3e
-// Test EdDSA key generation.
e23d3e
-{
e23d3e
-  if (!/^1\.1\.0/.test(process.versions.openssl)) {
e23d3e
-    ['ed25519', 'ed448', 'x25519', 'x448'].forEach((keyType) => {
e23d3e
-      generateKeyPair(keyType, common.mustCall((err, publicKey, privateKey) => {
e23d3e
-        assert.ifError(err);
e23d3e
-
e23d3e
-        assert.strictEqual(publicKey.type, 'public');
e23d3e
-        assert.strictEqual(publicKey.asymmetricKeyType, keyType);
e23d3e
-
e23d3e
-        assert.strictEqual(privateKey.type, 'private');
e23d3e
-        assert.strictEqual(privateKey.asymmetricKeyType, keyType);
e23d3e
-      }));
e23d3e
-    });
e23d3e
-  }
e23d3e
-}
e23d3e
-
e23d3e
 // Test invalid key encoding types.
e23d3e
 {
e23d3e
   // Invalid public key type.
e23d3e
diff --git a/test/parallel/test-crypto-pbkdf2.js b/test/parallel/test-crypto-pbkdf2.js
e23d3e
index 5ab37ac..5ef4f1f 100644
e23d3e
--- a/test/parallel/test-crypto-pbkdf2.js
e23d3e
+++ b/test/parallel/test-crypto-pbkdf2.js
e23d3e
@@ -221,21 +221,3 @@ crypto.pbkdf2Sync(new Float32Array(10), 'salt', 8, 8, 'sha256');
e23d3e
 crypto.pbkdf2Sync('pass', new Float32Array(10), 8, 8, 'sha256');
e23d3e
 crypto.pbkdf2Sync(new Float64Array(10), 'salt', 8, 8, 'sha256');
e23d3e
 crypto.pbkdf2Sync('pass', new Float64Array(10), 8, 8, 'sha256');
e23d3e
-
e23d3e
-assert.throws(
e23d3e
-  () => crypto.pbkdf2('pass', 'salt', 8, 8, 'md55', common.mustNotCall()),
e23d3e
-  {
e23d3e
-    code: 'ERR_CRYPTO_INVALID_DIGEST',
e23d3e
-    name: 'TypeError',
e23d3e
-    message: 'Invalid digest: md55'
e23d3e
-  }
e23d3e
-);
e23d3e
-
e23d3e
-assert.throws(
e23d3e
-  () => crypto.pbkdf2Sync('pass', 'salt', 8, 8, 'md55'),
e23d3e
-  {
e23d3e
-    code: 'ERR_CRYPTO_INVALID_DIGEST',
e23d3e
-    name: 'TypeError',
e23d3e
-    message: 'Invalid digest: md55'
e23d3e
-  }
e23d3e
-);
e23d3e
diff --git a/test/parallel/test-crypto-sign-verify.js b/test/parallel/test-crypto-sign-verify.js
e23d3e
index b3861dd..1bd5f71 100644
e23d3e
--- a/test/parallel/test-crypto-sign-verify.js
e23d3e
+++ b/test/parallel/test-crypto-sign-verify.js
e23d3e
@@ -419,14 +419,6 @@ common.expectsError(
e23d3e
 }
e23d3e
 
e23d3e
 [
e23d3e
-  { private: fixtures.readKey('ed25519_private.pem', 'ascii'),
e23d3e
-    public: fixtures.readKey('ed25519_public.pem', 'ascii'),
e23d3e
-    algo: null,
e23d3e
-    sigLen: 64 },
e23d3e
-  { private: fixtures.readKey('ed448_private.pem', 'ascii'),
e23d3e
-    public: fixtures.readKey('ed448_public.pem', 'ascii'),
e23d3e
-    algo: null,
e23d3e
-    sigLen: 114 },
e23d3e
   { private: fixtures.readKey('rsa_private_2048.pem', 'ascii'),
e23d3e
     public: fixtures.readKey('rsa_public_2048.pem', 'ascii'),
e23d3e
     algo: 'sha1',
e23d3e
diff --git a/test/parallel/test-crypto.js b/test/parallel/test-crypto.js
e23d3e
index 9337621..ac1fcce 100644
e23d3e
--- a/test/parallel/test-crypto.js
e23d3e
+++ b/test/parallel/test-crypto.js
e23d3e
@@ -129,7 +129,7 @@ validateList(cryptoCiphers);
e23d3e
 // Assume that we have at least AES256-SHA.
e23d3e
 const tlsCiphers = tls.getCiphers();
e23d3e
 assert(tls.getCiphers().includes('aes256-sha'));
e23d3e
-assert(tls.getCiphers().includes('tls_aes_128_ccm_8_sha256'));
e23d3e
+//assert(tls.getCiphers().includes('tls_aes_128_ccm_8_sha256'));  // TLSv1.3
e23d3e
 // There should be no capital letters in any element.
e23d3e
 const noCapitals = /^[^A-Z]+$/;
e23d3e
 assert(tlsCiphers.every((value) => noCapitals.test(value)));
e23d3e
@@ -235,9 +235,9 @@ assert.throws(function() {
e23d3e
 }, (err) => {
e23d3e
   // Do the standard checks, but then do some custom checks afterwards.
e23d3e
   assert.throws(() => { throw err; }, {
e23d3e
-    message: 'error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag',
e23d3e
+    message: 'error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag',
e23d3e
     library: 'asn1 encoding routines',
e23d3e
-    function: 'asn1_check_tlen',
e23d3e
+    function: 'ASN1_CHECK_TLEN',
e23d3e
     reason: 'wrong tag',
e23d3e
     code: 'ERR_OSSL_ASN1_WRONG_TAG',
e23d3e
   });
e23d3e
diff --git a/test/parallel/test-https-agent-session-eviction.js b/test/parallel/test-https-agent-session-eviction.js
e23d3e
index 3f5cd36..8e13b15 100644
e23d3e
--- a/test/parallel/test-https-agent-session-eviction.js
e23d3e
+++ b/test/parallel/test-https-agent-session-eviction.js
e23d3e
@@ -7,8 +7,10 @@ const { readKey } = require('../common/fixtures');
e23d3e
 if (!common.hasCrypto)
e23d3e
   common.skip('missing crypto');
e23d3e
 
e23d3e
+const assert = require('assert');
e23d3e
 const https = require('https');
e23d3e
-const { SSL_OP_NO_TICKET } = require('crypto').constants;
e23d3e
+const { OPENSSL_VERSION_NUMBER, SSL_OP_NO_TICKET } =
e23d3e
+    require('crypto').constants;
e23d3e
 
e23d3e
 const options = {
e23d3e
   key: readKey('agent1-key.pem'),
e23d3e
@@ -58,12 +60,38 @@ function second(server, session) {
e23d3e
     res.resume();
e23d3e
   });
e23d3e
 
e23d3e
-  // Although we have a TLS 1.2 session to offer to the TLS 1.0 server,
e23d3e
-  // connection to the TLS 1.0 server should work.
e23d3e
-  req.on('response', common.mustCall(function(res) {
e23d3e
-    // The test is now complete for OpenSSL 1.1.0.
e23d3e
-    server.close();
e23d3e
-  }));
e23d3e
+  if (OPENSSL_VERSION_NUMBER >= 0x10100000) {
e23d3e
+    // Although we have a TLS 1.2 session to offer to the TLS 1.0 server,
e23d3e
+    // connection to the TLS 1.0 server should work.
e23d3e
+    req.on('response', common.mustCall(function(res) {
e23d3e
+      // The test is now complete for OpenSSL 1.1.0.
e23d3e
+      server.close();
e23d3e
+    }));
e23d3e
+  } else {
e23d3e
+    // OpenSSL 1.0.x mistakenly locked versions based on the session it was
e23d3e
+    // offering. This causes this sequent request to fail. Let it fail, but
e23d3e
+    // test that this is mitigated on the next try by invalidating the session.
e23d3e
+    req.on('error', common.mustCall(function(err) {
e23d3e
+      assert(/wrong version number/.test(err.message));
e23d3e
+
e23d3e
+      req.on('close', function() {
e23d3e
+        third(server);
e23d3e
+      });
e23d3e
+    }));
e23d3e
+  }
e23d3e
+  req.end();
e23d3e
+}
e23d3e
 
e23d3e
+// Try one more time - session should be evicted!
e23d3e
+function third(server) {
e23d3e
+  const req = https.request({
e23d3e
+    port: server.address().port,
e23d3e
+    rejectUnauthorized: false
e23d3e
+  }, function(res) {
e23d3e
+    res.resume();
e23d3e
+    assert(!req.socket.isSessionReused());
e23d3e
+    server.close();
e23d3e
+  });
e23d3e
+  req.on('error', common.mustNotCall());
e23d3e
   req.end();
e23d3e
 }
e23d3e
diff --git a/test/parallel/test-tls-alert-handling.js b/test/parallel/test-tls-alert-handling.js
e23d3e
index f9f42e2..9dc4637 100644
e23d3e
--- a/test/parallel/test-tls-alert-handling.js
e23d3e
+++ b/test/parallel/test-tls-alert-handling.js
e23d3e
@@ -33,7 +33,7 @@ let iter = 0;
e23d3e
 const errorHandler = common.mustCall((err) => {
e23d3e
   assert.strictEqual(err.code, 'ERR_SSL_WRONG_VERSION_NUMBER');
e23d3e
   assert.strictEqual(err.library, 'SSL routines');
e23d3e
-  assert.strictEqual(err.function, 'ssl3_get_record');
e23d3e
+  assert.strictEqual(err.function, 'SSL3_GET_RECORD');
e23d3e
   assert.strictEqual(err.reason, 'wrong version number');
e23d3e
   errorReceived = true;
e23d3e
   if (canCloseServer())
e23d3e
diff --git a/test/parallel/test-tls-cli-max-version-1.3.js b/test/parallel/test-tls-cli-max-version-1.3.js
e23d3e
deleted file mode 100644
e23d3e
index c04354f..0000000
e23d3e
--- a/test/parallel/test-tls-cli-max-version-1.3.js
e23d3e
+++ /dev/null
e23d3e
@@ -1,15 +0,0 @@
e23d3e
-// Flags: --tls-max-v1.3
e23d3e
-'use strict';
e23d3e
-const common = require('../common');
e23d3e
-if (!common.hasCrypto) common.skip('missing crypto');
e23d3e
-
e23d3e
-// Check that node `--tls-max-v1.3` is supported.
e23d3e
-
e23d3e
-const assert = require('assert');
e23d3e
-const tls = require('tls');
e23d3e
-
e23d3e
-assert.strictEqual(tls.DEFAULT_MAX_VERSION, 'TLSv1.3');
e23d3e
-assert.strictEqual(tls.DEFAULT_MIN_VERSION, 'TLSv1.2');
e23d3e
-
e23d3e
-// Check the min-max version protocol versions against these CLI settings.
e23d3e
-require('./test-tls-min-max-version.js');
e23d3e
diff --git a/test/parallel/test-tls-cli-min-max-conflict.js b/test/parallel/test-tls-cli-min-max-conflict.js
e23d3e
deleted file mode 100644
e23d3e
index 68aae4c..0000000
e23d3e
--- a/test/parallel/test-tls-cli-min-max-conflict.js
e23d3e
+++ /dev/null
e23d3e
@@ -1,14 +0,0 @@
e23d3e
-'use strict';
e23d3e
-const common = require('../common');
e23d3e
-if (!common.hasCrypto) common.skip('missing crypto');
e23d3e
-
e23d3e
-// Check that conflicting TLS protocol versions are not allowed
e23d3e
-
e23d3e
-const assert = require('assert');
e23d3e
-const child_process = require('child_process');
e23d3e
-
e23d3e
-const args = ['--tls-min-v1.3', '--tls-max-v1.2', '-p', 'process.version'];
e23d3e
-child_process.execFile(process.argv[0], args, (err) => {
e23d3e
-  assert(err);
e23d3e
-  assert(/not both/.test(err.message));
e23d3e
-});
e23d3e
diff --git a/test/parallel/test-tls-cli-min-version-1.0.js b/test/parallel/test-tls-cli-min-version-1.0.js
e23d3e
index 5775627..0a227c0 100644
e23d3e
--- a/test/parallel/test-tls-cli-min-version-1.0.js
e23d3e
+++ b/test/parallel/test-tls-cli-min-version-1.0.js
e23d3e
@@ -8,7 +8,7 @@ if (!common.hasCrypto) common.skip('missing crypto');
e23d3e
 const assert = require('assert');
e23d3e
 const tls = require('tls');
e23d3e
 
e23d3e
-assert.strictEqual(tls.DEFAULT_MAX_VERSION, 'TLSv1.3');
e23d3e
+assert.strictEqual(tls.DEFAULT_MAX_VERSION, 'TLSv1.2');
e23d3e
 assert.strictEqual(tls.DEFAULT_MIN_VERSION, 'TLSv1');
e23d3e
 
e23d3e
 // Check the min-max version protocol versions against these CLI settings.
e23d3e
diff --git a/test/parallel/test-tls-cli-min-version-1.1.js b/test/parallel/test-tls-cli-min-version-1.1.js
e23d3e
index 3af2b39..1219c82 100644
e23d3e
--- a/test/parallel/test-tls-cli-min-version-1.1.js
e23d3e
+++ b/test/parallel/test-tls-cli-min-version-1.1.js
e23d3e
@@ -8,7 +8,7 @@ if (!common.hasCrypto) common.skip('missing crypto');
e23d3e
 const assert = require('assert');
e23d3e
 const tls = require('tls');
e23d3e
 
e23d3e
-assert.strictEqual(tls.DEFAULT_MAX_VERSION, 'TLSv1.3');
e23d3e
+assert.strictEqual(tls.DEFAULT_MAX_VERSION, 'TLSv1.2');
e23d3e
 assert.strictEqual(tls.DEFAULT_MIN_VERSION, 'TLSv1.1');
e23d3e
 
e23d3e
 // Check the min-max version protocol versions against these CLI settings.
e23d3e
diff --git a/test/parallel/test-tls-cli-min-version-1.2.js b/test/parallel/test-tls-cli-min-version-1.2.js
e23d3e
index 8385eab..058dc18 100644
e23d3e
--- a/test/parallel/test-tls-cli-min-version-1.2.js
e23d3e
+++ b/test/parallel/test-tls-cli-min-version-1.2.js
e23d3e
@@ -8,7 +8,7 @@ if (!common.hasCrypto) common.skip('missing crypto');
e23d3e
 const assert = require('assert');
e23d3e
 const tls = require('tls');
e23d3e
 
e23d3e
-assert.strictEqual(tls.DEFAULT_MAX_VERSION, 'TLSv1.3');
e23d3e
+assert.strictEqual(tls.DEFAULT_MAX_VERSION, 'TLSv1.2');
e23d3e
 assert.strictEqual(tls.DEFAULT_MIN_VERSION, 'TLSv1.2');
e23d3e
 
e23d3e
 // Check the min-max version protocol versions against these CLI settings.
e23d3e
diff --git a/test/parallel/test-tls-cli-min-version-1.3.js b/test/parallel/test-tls-cli-min-version-1.3.js
e23d3e
deleted file mode 100644
e23d3e
index 1bccc2f..0000000
e23d3e
--- a/test/parallel/test-tls-cli-min-version-1.3.js
e23d3e
+++ /dev/null
e23d3e
@@ -1,15 +0,0 @@
e23d3e
-// Flags: --tls-min-v1.3
e23d3e
-'use strict';
e23d3e
-const common = require('../common');
e23d3e
-if (!common.hasCrypto) common.skip('missing crypto');
e23d3e
-
e23d3e
-// Check that node `--tls-min-v1.3` is supported.
e23d3e
-
e23d3e
-const assert = require('assert');
e23d3e
-const tls = require('tls');
e23d3e
-
e23d3e
-assert.strictEqual(tls.DEFAULT_MAX_VERSION, 'TLSv1.3');
e23d3e
-assert.strictEqual(tls.DEFAULT_MIN_VERSION, 'TLSv1.3');
e23d3e
-
e23d3e
-// Check the min-max version protocol versions against these CLI settings.
e23d3e
-require('./test-tls-min-max-version.js');
e23d3e
diff --git a/test/parallel/test-tls-client-getephemeralkeyinfo.js b/test/parallel/test-tls-client-getephemeralkeyinfo.js
e23d3e
index 5993069..cdfe5de 100644
e23d3e
--- a/test/parallel/test-tls-client-getephemeralkeyinfo.js
e23d3e
+++ b/test/parallel/test-tls-client-getephemeralkeyinfo.js
e23d3e
@@ -59,5 +59,3 @@ test(1024, 'DH', undefined, 'DHE-RSA-AES128-GCM-SHA256');
e23d3e
 test(2048, 'DH', undefined, 'DHE-RSA-AES128-GCM-SHA256');
e23d3e
 test(256, 'ECDH', 'prime256v1', 'ECDHE-RSA-AES128-GCM-SHA256');
e23d3e
 test(521, 'ECDH', 'secp521r1', 'ECDHE-RSA-AES128-GCM-SHA256');
e23d3e
-test(253, 'ECDH', 'X25519', 'ECDHE-RSA-AES128-GCM-SHA256');
e23d3e
-test(448, 'ECDH', 'X448', 'ECDHE-RSA-AES128-GCM-SHA256');
e23d3e
diff --git a/test/parallel/test-tls-client-renegotiation-13.js b/test/parallel/test-tls-client-renegotiation-13.js
e23d3e
deleted file mode 100644
e23d3e
index 075eb70..0000000
e23d3e
--- a/test/parallel/test-tls-client-renegotiation-13.js
e23d3e
+++ /dev/null
e23d3e
@@ -1,41 +0,0 @@
e23d3e
-'use strict';
e23d3e
-
e23d3e
-const common = require('../common');
e23d3e
-const fixtures = require('../common/fixtures');
e23d3e
-
e23d3e
-// Confirm that for TLSv1.3, renegotiate() is disallowed.
e23d3e
-
e23d3e
-const {
e23d3e
-  assert, connect, keys
e23d3e
-} = require(fixtures.path('tls-connect'));
e23d3e
-
e23d3e
-const server = keys.agent10;
e23d3e
-
e23d3e
-connect({
e23d3e
-  client: {
e23d3e
-    ca: server.ca,
e23d3e
-    checkServerIdentity: common.mustCall(),
e23d3e
-  },
e23d3e
-  server: {
e23d3e
-    key: server.key,
e23d3e
-    cert: server.cert,
e23d3e
-  },
e23d3e
-}, function(err, pair, cleanup) {
e23d3e
-  assert.ifError(err);
e23d3e
-
e23d3e
-  const client = pair.client.conn;
e23d3e
-
e23d3e
-  assert.strictEqual(client.getProtocol(), 'TLSv1.3');
e23d3e
-
e23d3e
-  const ok = client.renegotiate({}, common.mustCall((err) => {
e23d3e
-    assert.throws(() => { throw err; }, {
e23d3e
-      message: 'error:1420410A:SSL routines:SSL_renegotiate:wrong ssl version',
e23d3e
-      code: 'ERR_SSL_WRONG_SSL_VERSION',
e23d3e
-      library: 'SSL routines',
e23d3e
-      reason: 'wrong ssl version',
e23d3e
-    });
e23d3e
-    cleanup();
e23d3e
-  }));
e23d3e
-
e23d3e
-  assert.strictEqual(ok, false);
e23d3e
-});
e23d3e
diff --git a/test/parallel/test-tls-destroy-stream.js b/test/parallel/test-tls-destroy-stream.js
e23d3e
index a49e985..1964f67 100644
e23d3e
--- a/test/parallel/test-tls-destroy-stream.js
e23d3e
+++ b/test/parallel/test-tls-destroy-stream.js
e23d3e
@@ -9,7 +9,7 @@ const net = require('net');
e23d3e
 const assert = require('assert');
e23d3e
 const tls = require('tls');
e23d3e
 
e23d3e
-tls.DEFAULT_MAX_VERSION = 'TLSv1.3';
e23d3e
+tls.DEFAULT_MAX_VERSION = 'TLSv1.2';
e23d3e
 
e23d3e
 // This test ensures that an instance of StreamWrap should emit "end" and
e23d3e
 // "close" when the socket on the other side call `destroy()` instead of
e23d3e
diff --git a/test/parallel/test-tls-getcipher.js b/test/parallel/test-tls-getcipher.js
e23d3e
index 624f8ef..93ad1f6 100644
e23d3e
--- a/test/parallel/test-tls-getcipher.js
e23d3e
+++ b/test/parallel/test-tls-getcipher.js
e23d3e
@@ -52,7 +52,7 @@ server.listen(0, '127.0.0.1', common.mustCall(function() {
e23d3e
   }, common.mustCall(function() {
e23d3e
     const cipher = this.getCipher();
e23d3e
     assert.strictEqual(cipher.name, 'AES128-SHA256');
e23d3e
-    assert.strictEqual(cipher.version, 'TLSv1.2');
e23d3e
+    assert.strictEqual(cipher.version, 'TLSv1/SSLv3');
e23d3e
     this.end();
e23d3e
   }));
e23d3e
 
e23d3e
@@ -65,28 +65,7 @@ server.listen(0, '127.0.0.1', common.mustCall(function() {
e23d3e
   }, common.mustCall(function() {
e23d3e
     const cipher = this.getCipher();
e23d3e
     assert.strictEqual(cipher.name, 'ECDHE-RSA-AES128-GCM-SHA256');
e23d3e
-    assert.strictEqual(cipher.version, 'TLSv1.2');
e23d3e
+    assert.strictEqual(cipher.version, 'TLSv1/SSLv3');
e23d3e
     this.end();
e23d3e
   }));
e23d3e
 }));
e23d3e
-
e23d3e
-tls.createServer({
e23d3e
-  key: fixtures.readKey('agent2-key.pem'),
e23d3e
-  cert: fixtures.readKey('agent2-cert.pem'),
e23d3e
-  ciphers: 'TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_CCM_8_SHA256',
e23d3e
-  maxVersion: 'TLSv1.3',
e23d3e
-}, common.mustCall(function() {
e23d3e
-  this.close();
e23d3e
-})).listen(0, common.mustCall(function() {
e23d3e
-  const client = tls.connect({
e23d3e
-    port: this.address().port,
e23d3e
-    ciphers: 'TLS_AES_128_CCM_8_SHA256',
e23d3e
-    maxVersion: 'TLSv1.3',
e23d3e
-    rejectUnauthorized: false
e23d3e
-  }, common.mustCall(() => {
e23d3e
-    const cipher = client.getCipher();
e23d3e
-    assert.strictEqual(cipher.name, 'TLS_AES_128_CCM_8_SHA256');
e23d3e
-    assert.strictEqual(cipher.version, 'TLSv1.3');
e23d3e
-    client.end();
e23d3e
-  }));
e23d3e
-}));
e23d3e
diff --git a/test/parallel/test-tls-keylog-tlsv13.js b/test/parallel/test-tls-keylog-tlsv13.js
e23d3e
deleted file mode 100644
e23d3e
index 0f65564..0000000
e23d3e
--- a/test/parallel/test-tls-keylog-tlsv13.js
e23d3e
+++ /dev/null
e23d3e
@@ -1,32 +0,0 @@
e23d3e
-'use strict';
e23d3e
-
e23d3e
-const common = require('../common');
e23d3e
-if (!common.hasCrypto)
e23d3e
-  common.skip('missing crypto');
e23d3e
-
e23d3e
-const assert = require('assert');
e23d3e
-const tls = require('tls');
e23d3e
-const fixtures = require('../common/fixtures');
e23d3e
-
e23d3e
-const server = tls.createServer({
e23d3e
-  key: fixtures.readKey('agent2-key.pem'),
e23d3e
-  cert: fixtures.readKey('agent2-cert.pem'),
e23d3e
-  // Amount of keylog events depends on negotiated protocol
e23d3e
-  // version, so force a specific one:
e23d3e
-  minVersion: 'TLSv1.3',
e23d3e
-  maxVersion: 'TLSv1.3',
e23d3e
-}).listen(() => {
e23d3e
-  const client = tls.connect({
e23d3e
-    port: server.address().port,
e23d3e
-    rejectUnauthorized: false,
e23d3e
-  });
e23d3e
-
e23d3e
-  const verifyBuffer = (line) => assert(Buffer.isBuffer(line));
e23d3e
-  server.on('keylog', common.mustCall(verifyBuffer, 5));
e23d3e
-  client.on('keylog', common.mustCall(verifyBuffer, 5));
e23d3e
-
e23d3e
-  client.once('secureConnect', () => {
e23d3e
-    server.close();
e23d3e
-    client.end();
e23d3e
-  });
e23d3e
-});
e23d3e
diff --git a/test/parallel/test-tls-min-max-version.js b/test/parallel/test-tls-min-max-version.js
e23d3e
index 179ae1f..8b5435b 100644
e23d3e
--- a/test/parallel/test-tls-min-max-version.js
e23d3e
+++ b/test/parallel/test-tls-min-max-version.js
e23d3e
@@ -126,9 +126,9 @@ if (DEFAULT_MIN_VERSION === 'TLSv1.3') {
e23d3e
 
e23d3e
 if (DEFAULT_MIN_VERSION === 'TLSv1.2') {
e23d3e
   test(U, U, 'TLSv1_1_method', U, U, 'SSLv23_method',
e23d3e
-       U, 'ECONNRESET', 'ERR_SSL_UNSUPPORTED_PROTOCOL');
e23d3e
+       U, 'ECONNRESET', 'ERR_SSL_UNKNOWN_PROTOCOL');
e23d3e
   test(U, U, 'TLSv1_method', U, U, 'SSLv23_method',
e23d3e
-       U, 'ECONNRESET', 'ERR_SSL_UNSUPPORTED_PROTOCOL');
e23d3e
+       U, 'ECONNRESET', 'ERR_SSL_UNKNOWN_PROTOCOL');
e23d3e
   test(U, U, 'SSLv23_method', U, U, 'TLSv1_1_method',
e23d3e
        U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER');
e23d3e
   test(U, U, 'SSLv23_method', U, U, 'TLSv1_method',
e23d3e
@@ -138,7 +138,7 @@ if (DEFAULT_MIN_VERSION === 'TLSv1.2') {
e23d3e
 if (DEFAULT_MIN_VERSION === 'TLSv1.1') {
e23d3e
   test(U, U, 'TLSv1_1_method', U, U, 'SSLv23_method', 'TLSv1.1');
e23d3e
   test(U, U, 'TLSv1_method', U, U, 'SSLv23_method',
e23d3e
-       U, 'ECONNRESET', 'ERR_SSL_UNSUPPORTED_PROTOCOL');
e23d3e
+       U, 'ECONNRESET', 'ERR_SSL_UNKNOWN_PROTOCOL');
e23d3e
   test(U, U, 'SSLv23_method', U, U, 'TLSv1_1_method', 'TLSv1.1');
e23d3e
   test(U, U, 'SSLv23_method', U, U, 'TLSv1_method',
e23d3e
        U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER');
e23d3e
@@ -160,9 +160,9 @@ test(U, U, 'TLSv1_method', U, U, 'TLSv1_method', 'TLSv1');
e23d3e
 // The default default.
e23d3e
 if (DEFAULT_MIN_VERSION === 'TLSv1.2') {
e23d3e
   test(U, U, 'TLSv1_1_method', U, U, U,
e23d3e
-       U, 'ECONNRESET', 'ERR_SSL_UNSUPPORTED_PROTOCOL');
e23d3e
+       U, 'ECONNRESET', 'ERR_SSL_UNKNOWN_PROTOCOL');
e23d3e
   test(U, U, 'TLSv1_method', U, U, U,
e23d3e
-       U, 'ECONNRESET', 'ERR_SSL_UNSUPPORTED_PROTOCOL');
e23d3e
+       U, 'ECONNRESET', 'ERR_SSL_UNKNOWN_PROTOCOL');
e23d3e
 
e23d3e
   if (DEFAULT_MAX_VERSION === 'TLSv1.2') {
e23d3e
     test(U, U, U, U, U, 'TLSv1_1_method',
e23d3e
@@ -182,7 +182,7 @@ if (DEFAULT_MIN_VERSION === 'TLSv1.2') {
e23d3e
 if (DEFAULT_MIN_VERSION === 'TLSv1.1') {
e23d3e
   test(U, U, 'TLSv1_1_method', U, U, U, 'TLSv1.1');
e23d3e
   test(U, U, 'TLSv1_method', U, U, U,
e23d3e
-       U, 'ECONNRESET', 'ERR_SSL_UNSUPPORTED_PROTOCOL');
e23d3e
+       U, 'ECONNRESET', 'ERR_SSL_UNKNOWN_PROTOCOL');
e23d3e
   test(U, U, U, U, U, 'TLSv1_1_method', 'TLSv1.1');
e23d3e
 
e23d3e
   if (DEFAULT_MAX_VERSION === 'TLSv1.2') {
e23d3e
@@ -213,26 +213,9 @@ test(U, U, 'TLSv1_method', 'TLSv1', 'TLSv1.2', U, 'TLSv1');
e23d3e
 test(U, U, 'TLSv1_1_method', 'TLSv1', 'TLSv1.2', U, 'TLSv1.1');
e23d3e
 test(U, U, 'TLSv1_2_method', 'TLSv1', 'TLSv1.2', U, 'TLSv1.2');
e23d3e
 
e23d3e
-test('TLSv1', 'TLSv1.1', U, 'TLSv1', 'TLSv1.3', U, 'TLSv1.1');
e23d3e
 test('TLSv1', 'TLSv1.1', U, 'TLSv1', 'TLSv1.2', U, 'TLSv1.1');
e23d3e
 test('TLSv1', 'TLSv1.2', U, 'TLSv1', 'TLSv1.1', U, 'TLSv1.1');
e23d3e
-test('TLSv1', 'TLSv1.3', U, 'TLSv1', 'TLSv1.1', U, 'TLSv1.1');
e23d3e
 test('TLSv1', 'TLSv1', U, 'TLSv1', 'TLSv1.1', U, 'TLSv1');
e23d3e
 test('TLSv1', 'TLSv1.2', U, 'TLSv1', 'TLSv1', U, 'TLSv1');
e23d3e
-test('TLSv1', 'TLSv1.3', U, 'TLSv1', 'TLSv1', U, 'TLSv1');
e23d3e
 test('TLSv1.1', 'TLSv1.1', U, 'TLSv1', 'TLSv1.2', U, 'TLSv1.1');
e23d3e
 test('TLSv1', 'TLSv1.2', U, 'TLSv1.1', 'TLSv1.1', U, 'TLSv1.1');
e23d3e
-test('TLSv1', 'TLSv1.2', U, 'TLSv1', 'TLSv1.3', U, 'TLSv1.2');
e23d3e
-
e23d3e
-// v-any client can connect to v-specific server
e23d3e
-test('TLSv1', 'TLSv1.3', U, 'TLSv1.3', 'TLSv1.3', U, 'TLSv1.3');
e23d3e
-test('TLSv1', 'TLSv1.3', U, 'TLSv1.2', 'TLSv1.3', U, 'TLSv1.3');
e23d3e
-test('TLSv1', 'TLSv1.3', U, 'TLSv1.2', 'TLSv1.2', U, 'TLSv1.2');
e23d3e
-test('TLSv1', 'TLSv1.3', U, 'TLSv1.1', 'TLSv1.1', U, 'TLSv1.1');
e23d3e
-test('TLSv1', 'TLSv1.3', U, 'TLSv1', 'TLSv1', U, 'TLSv1');
e23d3e
-
e23d3e
-// v-specific client can connect to v-any server
e23d3e
-test('TLSv1.3', 'TLSv1.3', U, 'TLSv1', 'TLSv1.3', U, 'TLSv1.3');
e23d3e
-test('TLSv1.2', 'TLSv1.2', U, 'TLSv1', 'TLSv1.3', U, 'TLSv1.2');
e23d3e
-test('TLSv1.1', 'TLSv1.1', U, 'TLSv1', 'TLSv1.3', U, 'TLSv1.1');
e23d3e
-test('TLSv1', 'TLSv1', U, 'TLSv1', 'TLSv1.3', U, 'TLSv1');
e23d3e
diff --git a/test/parallel/test-tls-multi-key.js b/test/parallel/test-tls-multi-key.js
e23d3e
index c5e66f3..de213f5 100644
e23d3e
--- a/test/parallel/test-tls-multi-key.js
e23d3e
+++ b/test/parallel/test-tls-multi-key.js
e23d3e
@@ -157,7 +157,7 @@ function test(options) {
e23d3e
     }, common.mustCall(function() {
e23d3e
       assert.deepStrictEqual(ecdsa.getCipher(), {
e23d3e
         name: 'ECDHE-ECDSA-AES256-GCM-SHA384',
e23d3e
-        version: 'TLSv1.2'
e23d3e
+        version: 'TLSv1/SSLv3'
e23d3e
       });
e23d3e
       assert.strictEqual(ecdsa.getPeerCertificate().subject.CN, eccCN);
e23d3e
       assert.strictEqual(ecdsa.getPeerCertificate().asn1Curve, 'prime256v1');
e23d3e
@@ -175,7 +175,7 @@ function test(options) {
e23d3e
     }, common.mustCall(function() {
e23d3e
       assert.deepStrictEqual(rsa.getCipher(), {
e23d3e
         name: 'ECDHE-RSA-AES256-GCM-SHA384',
e23d3e
-        version: 'TLSv1.2'
e23d3e
+        version: 'TLSv1/SSLv3'
e23d3e
       });
e23d3e
       assert.strictEqual(rsa.getPeerCertificate().subject.CN, rsaCN);
e23d3e
       assert(rsa.getPeerCertificate().exponent, 'cert for an RSA key');
e23d3e
diff --git a/test/parallel/test-tls-multi-pfx.js b/test/parallel/test-tls-multi-pfx.js
e23d3e
index 3b0c059..28cd945 100644
e23d3e
--- a/test/parallel/test-tls-multi-pfx.js
e23d3e
+++ b/test/parallel/test-tls-multi-pfx.js
e23d3e
@@ -42,9 +42,9 @@ const server = tls.createServer(options, function(conn) {
e23d3e
 process.on('exit', function() {
e23d3e
   assert.deepStrictEqual(ciphers, [{
e23d3e
     name: 'ECDHE-ECDSA-AES256-GCM-SHA384',
e23d3e
-    version: 'TLSv1.2'
e23d3e
+    version: 'TLSv1/SSLv3'
e23d3e
   }, {
e23d3e
     name: 'ECDHE-RSA-AES256-GCM-SHA384',
e23d3e
-    version: 'TLSv1.2'
e23d3e
+    version: 'TLSv1/SSLv3'
e23d3e
   }]);
e23d3e
 });
e23d3e
diff --git a/test/parallel/test-tls-no-sslv3.js b/test/parallel/test-tls-no-sslv3.js
e23d3e
deleted file mode 100644
e23d3e
index 1acb1f9..0000000
e23d3e
--- a/test/parallel/test-tls-no-sslv3.js
e23d3e
+++ /dev/null
e23d3e
@@ -1,49 +0,0 @@
e23d3e
-'use strict';
e23d3e
-const common = require('../common');
e23d3e
-if (!common.hasCrypto)
e23d3e
-  common.skip('missing crypto');
e23d3e
-
e23d3e
-if (common.opensslCli === false)
e23d3e
-  common.skip('node compiled without OpenSSL CLI.');
e23d3e
-
e23d3e
-const assert = require('assert');
e23d3e
-const tls = require('tls');
e23d3e
-const spawn = require('child_process').spawn;
e23d3e
-const fixtures = require('../common/fixtures');
e23d3e
-
e23d3e
-const cert = fixtures.readKey('rsa_cert.crt');
e23d3e
-const key = fixtures.readKey('rsa_private.pem');
e23d3e
-const server = tls.createServer({ cert, key }, common.mustNotCall());
e23d3e
-const errors = [];
e23d3e
-let stderr = '';
e23d3e
-
e23d3e
-server.listen(0, '127.0.0.1', function() {
e23d3e
-  const address = `${this.address().address}:${this.address().port}`;
e23d3e
-  const args = ['s_client',
e23d3e
-                '-ssl3',
e23d3e
-                '-connect', address];
e23d3e
-
e23d3e
-  const client = spawn(common.opensslCli, args, { stdio: 'pipe' });
e23d3e
-  client.stdout.pipe(process.stdout);
e23d3e
-  client.stderr.pipe(process.stderr);
e23d3e
-  client.stderr.setEncoding('utf8');
e23d3e
-  client.stderr.on('data', (data) => stderr += data);
e23d3e
-
e23d3e
-  client.once('exit', common.mustCall(function(exitCode) {
e23d3e
-    assert.strictEqual(exitCode, 1);
e23d3e
-    server.close();
e23d3e
-  }));
e23d3e
-});
e23d3e
-
e23d3e
-server.on('tlsClientError', (err) => errors.push(err));
e23d3e
-
e23d3e
-process.on('exit', function() {
e23d3e
-  if (/unknown option -ssl3/.test(stderr)) {
e23d3e
-    common.printSkipMessage('`openssl s_client -ssl3` not supported.');
e23d3e
-  } else {
e23d3e
-    assert.strictEqual(errors.length, 1);
e23d3e
-    // OpenSSL 1.0.x and 1.1.x report invalid client versions differently.
e23d3e
-    assert(/:wrong version number/.test(errors[0].message) ||
e23d3e
-           /:version too low/.test(errors[0].message));
e23d3e
-  }
e23d3e
-});
e23d3e
diff --git a/test/parallel/test-tls-passphrase.js b/test/parallel/test-tls-passphrase.js
e23d3e
index c3a99c3..4bbabb4 100644
e23d3e
--- a/test/parallel/test-tls-passphrase.js
e23d3e
+++ b/test/parallel/test-tls-passphrase.js
e23d3e
@@ -223,7 +223,7 @@ server.listen(0, common.mustCall(function() {
e23d3e
   }, onSecureConnect());
e23d3e
 })).unref();
e23d3e
 
e23d3e
-const errMessagePassword = /bad decrypt/;
e23d3e
+const errMessagePassword = /bad decrypt|bad password read/;
e23d3e
 
e23d3e
 // Missing passphrase
e23d3e
 assert.throws(function() {
e23d3e
diff --git a/test/parallel/test-tls-set-ciphers.js b/test/parallel/test-tls-set-ciphers.js
e23d3e
index fbca83b..79fb178 100644
e23d3e
--- a/test/parallel/test-tls-set-ciphers.js
e23d3e
+++ b/test/parallel/test-tls-set-ciphers.js
e23d3e
@@ -68,36 +68,11 @@ const U = undefined;
e23d3e
 test(U, 'AES256-SHA', 'AES256-SHA');
e23d3e
 test('AES256-SHA', U, 'AES256-SHA');
e23d3e
 
e23d3e
-test(U, 'TLS_AES_256_GCM_SHA384', 'TLS_AES_256_GCM_SHA384');
e23d3e
-test('TLS_AES_256_GCM_SHA384', U, 'TLS_AES_256_GCM_SHA384');
e23d3e
-
e23d3e
 // Do not have shared ciphers.
e23d3e
-test('TLS_AES_256_GCM_SHA384', 'TLS_CHACHA20_POLY1305_SHA256',
e23d3e
-     U, 'ECONNRESET', 'ERR_SSL_NO_SHARED_CIPHER');
e23d3e
-
e23d3e
-test('AES128-SHA', 'AES256-SHA', U, 'ECONNRESET', 'ERR_SSL_NO_SHARED_CIPHER');
e23d3e
-test('AES128-SHA:TLS_AES_256_GCM_SHA384',
e23d3e
-     'TLS_CHACHA20_POLY1305_SHA256:AES256-SHA',
e23d3e
-     U, 'ECONNRESET', 'ERR_SSL_NO_SHARED_CIPHER');
e23d3e
-
e23d3e
-// Cipher order ignored, TLS1.3 chosen before TLS1.2.
e23d3e
-test('AES256-SHA:TLS_AES_256_GCM_SHA384', U, 'TLS_AES_256_GCM_SHA384');
e23d3e
-test(U, 'AES256-SHA:TLS_AES_256_GCM_SHA384', 'TLS_AES_256_GCM_SHA384');
e23d3e
-
e23d3e
-// TLS_AES_128_CCM_8_SHA256 & TLS_AES_128_CCM_SHA256 are not enabled by
e23d3e
-// default, but work.
e23d3e
-test('TLS_AES_128_CCM_8_SHA256', U,
e23d3e
-     U, 'ECONNRESET', 'ERR_SSL_NO_SHARED_CIPHER');
e23d3e
-
e23d3e
-test('TLS_AES_128_CCM_8_SHA256', 'TLS_AES_128_CCM_8_SHA256',
e23d3e
-     'TLS_AES_128_CCM_8_SHA256');
e23d3e
+test('AES128-SHA', 'AES256-SHA', U, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', 'ERR_SSL_NO_SHARED_CIPHER');
e23d3e
 
e23d3e
 // Invalid cipher values
e23d3e
 test(9, 'AES256-SHA', U, 'ERR_INVALID_ARG_TYPE', U);
e23d3e
 test('AES256-SHA', 9, U, U, 'ERR_INVALID_ARG_TYPE');
e23d3e
 test(':', 'AES256-SHA', U, 'ERR_INVALID_OPT_VALUE', U);
e23d3e
 test('AES256-SHA', ':', U, U, 'ERR_INVALID_OPT_VALUE');
e23d3e
-
e23d3e
-// Using '' is synonymous for "use default ciphers"
e23d3e
-test('TLS_AES_256_GCM_SHA384', '', 'TLS_AES_256_GCM_SHA384');
e23d3e
-test('', 'TLS_AES_256_GCM_SHA384', 'TLS_AES_256_GCM_SHA384');
e23d3e
diff --git a/test/parallel/test-tls-ticket-12.js b/test/parallel/test-tls-ticket-12.js
e23d3e
deleted file mode 100644
e23d3e
index 600c571..0000000
e23d3e
--- a/test/parallel/test-tls-ticket-12.js
e23d3e
+++ /dev/null
e23d3e
@@ -1,12 +0,0 @@
e23d3e
-'use strict';
e23d3e
-const common = require('../common');
e23d3e
-if (!common.hasCrypto)
e23d3e
-  common.skip('missing crypto');
e23d3e
-
e23d3e
-// Run test-tls-ticket.js with TLS1.2
e23d3e
-
e23d3e
-const tls = require('tls');
e23d3e
-
e23d3e
-tls.DEFAULT_MAX_VERSION = 'TLSv1.2';
e23d3e
-
e23d3e
-require('./test-tls-ticket.js');
e23d3e
diff --git a/test/parallel/test-tls-ticket-cluster.js b/test/parallel/test-tls-ticket-cluster.js
e23d3e
deleted file mode 100644
e23d3e
index cc4f46e..0000000
e23d3e
--- a/test/parallel/test-tls-ticket-cluster.js
e23d3e
+++ /dev/null
e23d3e
@@ -1,135 +0,0 @@
e23d3e
-// Copyright Joyent, Inc. and other Node contributors.
e23d3e
-//
e23d3e
-// Permission is hereby granted, free of charge, to any person obtaining a
e23d3e
-// copy of this software and associated documentation files (the
e23d3e
-// "Software"), to deal in the Software without restriction, including
e23d3e
-// without limitation the rights to use, copy, modify, merge, publish,
e23d3e
-// distribute, sublicense, and/or sell copies of the Software, and to permit
e23d3e
-// persons to whom the Software is furnished to do so, subject to the
e23d3e
-// following conditions:
e23d3e
-//
e23d3e
-// The above copyright notice and this permission notice shall be included
e23d3e
-// in all copies or substantial portions of the Software.
e23d3e
-//
e23d3e
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
e23d3e
-// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
e23d3e
-// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
e23d3e
-// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
e23d3e
-// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
e23d3e
-// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
e23d3e
-// USE OR OTHER DEALINGS IN THE SOFTWARE.
e23d3e
-
e23d3e
-'use strict';
e23d3e
-const common = require('../common');
e23d3e
-if (!common.hasCrypto)
e23d3e
-  common.skip('missing crypto');
e23d3e
-
e23d3e
-const assert = require('assert');
e23d3e
-const tls = require('tls');
e23d3e
-const cluster = require('cluster');
e23d3e
-const fixtures = require('../common/fixtures');
e23d3e
-
e23d3e
-const workerCount = 4;
e23d3e
-const expectedReqCount = 16;
e23d3e
-
e23d3e
-if (cluster.isMaster) {
e23d3e
-  let reusedCount = 0;
e23d3e
-  let reqCount = 0;
e23d3e
-  let lastSession = null;
e23d3e
-  let shootOnce = false;
e23d3e
-  let workerPort = null;
e23d3e
-
e23d3e
-  function shoot() {
e23d3e
-    console.error('[master] connecting', workerPort, 'session?', !!lastSession);
e23d3e
-    const c = tls.connect(workerPort, {
e23d3e
-      session: lastSession,
e23d3e
-      rejectUnauthorized: false
e23d3e
-    }, () => {
e23d3e
-      c.end();
e23d3e
-    }).on('close', () => {
e23d3e
-      // Wait for close to shoot off another connection. We don't want to shoot
e23d3e
-      // until a new session is allocated, if one will be. The new session is
e23d3e
-      // not guaranteed on secureConnect (it depends on TLS1.2 vs TLS1.3), but
e23d3e
-      // it is guaranteed to happen before the connection is closed.
e23d3e
-      if (++reqCount === expectedReqCount) {
e23d3e
-        Object.keys(cluster.workers).forEach(function(id) {
e23d3e
-          cluster.workers[id].send('die');
e23d3e
-        });
e23d3e
-      } else {
e23d3e
-        shoot();
e23d3e
-      }
e23d3e
-    }).once('session', (session) => {
e23d3e
-      assert(!lastSession);
e23d3e
-      lastSession = session;
e23d3e
-    });
e23d3e
-
e23d3e
-    c.resume(); // See close_notify comment in server
e23d3e
-  }
e23d3e
-
e23d3e
-  function fork() {
e23d3e
-    const worker = cluster.fork();
e23d3e
-    worker.on('message', ({ msg, port }) => {
e23d3e
-      console.error('[master] got %j', msg);
e23d3e
-      if (msg === 'reused') {
e23d3e
-        ++reusedCount;
e23d3e
-      } else if (msg === 'listening' && !shootOnce) {
e23d3e
-        workerPort = port || workerPort;
e23d3e
-        shootOnce = true;
e23d3e
-        shoot();
e23d3e
-      }
e23d3e
-    });
e23d3e
-
e23d3e
-    worker.on('exit', () => {
e23d3e
-      console.error('[master] worker died');
e23d3e
-    });
e23d3e
-  }
e23d3e
-  for (let i = 0; i < workerCount; i++) {
e23d3e
-    fork();
e23d3e
-  }
e23d3e
-
e23d3e
-  process.on('exit', () => {
e23d3e
-    assert.strictEqual(reqCount, expectedReqCount);
e23d3e
-    assert.strictEqual(reusedCount + 1, reqCount);
e23d3e
-  });
e23d3e
-  return;
e23d3e
-}
e23d3e
-
e23d3e
-const key = fixtures.readKey('rsa_private.pem');
e23d3e
-const cert = fixtures.readKey('rsa_cert.crt');
e23d3e
-
e23d3e
-const options = { key, cert };
e23d3e
-
e23d3e
-const server = tls.createServer(options, (c) => {
e23d3e
-  console.error('[worker] connection reused?', c.isSessionReused());
e23d3e
-  if (c.isSessionReused()) {
e23d3e
-    process.send({ msg: 'reused' });
e23d3e
-  } else {
e23d3e
-    process.send({ msg: 'not-reused' });
e23d3e
-  }
e23d3e
-  // Used to just .end(), but that means client gets close_notify before
e23d3e
-  // NewSessionTicket. Send data until that problem is solved.
e23d3e
-  c.end('x');
e23d3e
-});
e23d3e
-
e23d3e
-server.listen(0, () => {
e23d3e
-  const { port } = server.address();
e23d3e
-  process.send({
e23d3e
-    msg: 'listening',
e23d3e
-    port,
e23d3e
-  });
e23d3e
-});
e23d3e
-
e23d3e
-process.on('message', function listener(msg) {
e23d3e
-  console.error('[worker] got %j', msg);
e23d3e
-  if (msg === 'die') {
e23d3e
-    server.close(() => {
e23d3e
-      console.error('[worker] server close');
e23d3e
-
e23d3e
-      process.exit();
e23d3e
-    });
e23d3e
-  }
e23d3e
-});
e23d3e
-
e23d3e
-process.on('exit', () => {
e23d3e
-  console.error('[worker] exit');
e23d3e
-});
e23d3e
diff --git a/test/parallel/test-tls-ticket.js b/test/parallel/test-tls-ticket.js
e23d3e
deleted file mode 100644
e23d3e
index 8d9cd8c..0000000
e23d3e
--- a/test/parallel/test-tls-ticket.js
e23d3e
+++ /dev/null
e23d3e
@@ -1,159 +0,0 @@
e23d3e
-// Copyright Joyent, Inc. and other Node contributors.
e23d3e
-//
e23d3e
-// Permission is hereby granted, free of charge, to any person obtaining a
e23d3e
-// copy of this software and associated documentation files (the
e23d3e
-// "Software"), to deal in the Software without restriction, including
e23d3e
-// without limitation the rights to use, copy, modify, merge, publish,
e23d3e
-// distribute, sublicense, and/or sell copies of the Software, and to permit
e23d3e
-// persons to whom the Software is furnished to do so, subject to the
e23d3e
-// following conditions:
e23d3e
-//
e23d3e
-// The above copyright notice and this permission notice shall be included
e23d3e
-// in all copies or substantial portions of the Software.
e23d3e
-//
e23d3e
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
e23d3e
-// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
e23d3e
-// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
e23d3e
-// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
e23d3e
-// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
e23d3e
-// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
e23d3e
-// USE OR OTHER DEALINGS IN THE SOFTWARE.
e23d3e
-
e23d3e
-'use strict';
e23d3e
-const common = require('../common');
e23d3e
-if (!common.hasCrypto)
e23d3e
-  common.skip('missing crypto');
e23d3e
-
e23d3e
-const assert = require('assert');
e23d3e
-const tls = require('tls');
e23d3e
-const net = require('net');
e23d3e
-const crypto = require('crypto');
e23d3e
-const fixtures = require('../common/fixtures');
e23d3e
-
e23d3e
-const keys = crypto.randomBytes(48);
e23d3e
-const serverLog = [];
e23d3e
-const ticketLog = [];
e23d3e
-
e23d3e
-let s;
e23d3e
-
e23d3e
-let serverCount = 0;
e23d3e
-function createServer() {
e23d3e
-  const id = serverCount++;
e23d3e
-
e23d3e
-  let counter = 0;
e23d3e
-  let previousKey = null;
e23d3e
-
e23d3e
-  const server = tls.createServer({
e23d3e
-    key: fixtures.readKey('agent1-key.pem'),
e23d3e
-    cert: fixtures.readKey('agent1-cert.pem'),
e23d3e
-    ticketKeys: keys
e23d3e
-  }, function(c) {
e23d3e
-    serverLog.push(id);
e23d3e
-    // TODO(@sam-github) Triggers close_notify before NewSessionTicket bug.
e23d3e
-    // c.end();
e23d3e
-    c.end('x');
e23d3e
-
e23d3e
-    counter++;
e23d3e
-
e23d3e
-    // Rotate ticket keys
e23d3e
-    //
e23d3e
-    // Take especial care to account for TLS1.2 and TLS1.3 differences around
e23d3e
-    // when ticket keys are encrypted. In TLS1.2, they are encrypted before the
e23d3e
-    // handshake complete callback, but in TLS1.3, they are encrypted after.
e23d3e
-    // There is no callback or way for us to know when they were sent, so hook
e23d3e
-    // the client's reception of the keys, and use it as proof that the current
e23d3e
-    // keys were used, and its safe to rotate them.
e23d3e
-    //
e23d3e
-    // Rotation can occur right away if the session was reused, the keys were
e23d3e
-    // already decrypted or we wouldn't have a reused session.
e23d3e
-    function setTicketKeys(keys) {
e23d3e
-      if (c.isSessionReused())
e23d3e
-        server.setTicketKeys(keys);
e23d3e
-      else
e23d3e
-        s.once('session', () => {
e23d3e
-          server.setTicketKeys(keys);
e23d3e
-        });
e23d3e
-    }
e23d3e
-    if (counter === 1) {
e23d3e
-      previousKey = server.getTicketKeys();
e23d3e
-      assert.strictEqual(previousKey.compare(keys), 0);
e23d3e
-      setTicketKeys(crypto.randomBytes(48));
e23d3e
-    } else if (counter === 2) {
e23d3e
-      setTicketKeys(previousKey);
e23d3e
-    } else if (counter === 3) {
e23d3e
-      // Use keys from counter=2
e23d3e
-    } else {
e23d3e
-      throw new Error('UNREACHABLE');
e23d3e
-    }
e23d3e
-  });
e23d3e
-
e23d3e
-  return server;
e23d3e
-}
e23d3e
-
e23d3e
-const naturalServers = [ createServer(), createServer(), createServer() ];
e23d3e
-
e23d3e
-// 3x servers
e23d3e
-const servers = naturalServers.concat(naturalServers).concat(naturalServers);
e23d3e
-
e23d3e
-// Create one TCP server and balance sockets to multiple TLS server instances
e23d3e
-const shared = net.createServer(function(c) {
e23d3e
-  servers.shift().emit('connection', c);
e23d3e
-}).listen(0, function() {
e23d3e
-  start(function() {
e23d3e
-    shared.close();
e23d3e
-  });
e23d3e
-});
e23d3e
-
e23d3e
-// 'session' events only occur for new sessions. The first connection is new.
e23d3e
-// After, for each set of 3 connections, the middle connection is made when the
e23d3e
-// server has random keys set, so the client's ticket is silently ignored, and a
e23d3e
-// new ticket is sent.
e23d3e
-const onNewSession = common.mustCall((s, session) => {
e23d3e
-  assert(session);
e23d3e
-  assert.strictEqual(session.compare(s.getSession()), 0);
e23d3e
-}, 4);
e23d3e
-
e23d3e
-function start(callback) {
e23d3e
-  let sess = null;
e23d3e
-  let left = servers.length;
e23d3e
-
e23d3e
-  function connect() {
e23d3e
-    s = tls.connect(shared.address().port, {
e23d3e
-      session: sess,
e23d3e
-      rejectUnauthorized: false
e23d3e
-    }, function() {
e23d3e
-      if (s.isSessionReused())
e23d3e
-        ticketLog.push(s.getTLSTicket().toString('hex'));
e23d3e
-    });
e23d3e
-    s.on('data', () => {
e23d3e
-      s.end();
e23d3e
-    });
e23d3e
-    s.on('close', function() {
e23d3e
-      if (--left === 0)
e23d3e
-        callback();
e23d3e
-      else
e23d3e
-        connect();
e23d3e
-    });
e23d3e
-    s.on('session', (session) => {
e23d3e
-      sess = sess || session;
e23d3e
-    });
e23d3e
-    s.once('session', (session) => onNewSession(s, session));
e23d3e
-    s.once('session', () => ticketLog.push(s.getTLSTicket().toString('hex')));
e23d3e
-  }
e23d3e
-
e23d3e
-  connect();
e23d3e
-}
e23d3e
-
e23d3e
-process.on('exit', function() {
e23d3e
-  assert.strictEqual(ticketLog.length, serverLog.length);
e23d3e
-  for (let i = 0; i < naturalServers.length - 1; i++) {
e23d3e
-    assert.notStrictEqual(serverLog[i], serverLog[i + 1]);
e23d3e
-    assert.strictEqual(ticketLog[i], ticketLog[i + 1]);
e23d3e
-
e23d3e
-    // 2nd connection should have different ticket
e23d3e
-    assert.notStrictEqual(ticketLog[i], ticketLog[i + naturalServers.length]);
e23d3e
-
e23d3e
-    // 3rd connection should have the same ticket
e23d3e
-    assert.strictEqual(ticketLog[i], ticketLog[i + naturalServers.length * 2]);
e23d3e
-  }
e23d3e
-});
e23d3e
diff --git a/test/parallel/test-v8-serdes.js b/test/parallel/test-v8-serdes.js
e23d3e
deleted file mode 100644
e23d3e
index a992ba4..0000000
e23d3e
--- a/test/parallel/test-v8-serdes.js
e23d3e
+++ /dev/null
e23d3e
@@ -1,244 +0,0 @@
e23d3e
-// Flags: --expose-internals
e23d3e
-
e23d3e
-'use strict';
e23d3e
-
e23d3e
-const common = require('../common');
e23d3e
-const fixtures = require('../common/fixtures');
e23d3e
-const { internalBinding } = require('internal/test/binding');
e23d3e
-const assert = require('assert');
e23d3e
-const v8 = require('v8');
e23d3e
-const os = require('os');
e23d3e
-
e23d3e
-const circular = {};
e23d3e
-circular.circular = circular;
e23d3e
-
e23d3e
-const wasmModule = new WebAssembly.Module(fixtures.readSync('simple.wasm'));
e23d3e
-
e23d3e
-const objects = [
e23d3e
-  { foo: 'bar' },
e23d3e
-  { bar: 'baz' },
e23d3e
-  new Uint8Array([1, 2, 3, 4]),
e23d3e
-  new Uint32Array([1, 2, 3, 4]),
e23d3e
-  Buffer.from([1, 2, 3, 4]),
e23d3e
-  undefined,
e23d3e
-  null,
e23d3e
-  42,
e23d3e
-  circular,
e23d3e
-  wasmModule
e23d3e
-];
e23d3e
-
e23d3e
-const hostObject = new (internalBinding('js_stream').JSStream)();
e23d3e
-
e23d3e
-const serializerTypeError =
e23d3e
-  /^TypeError: Class constructor Serializer cannot be invoked without 'new'$/;
e23d3e
-const deserializerTypeError =
e23d3e
-  /^TypeError: Class constructor Deserializer cannot be invoked without 'new'$/;
e23d3e
-
e23d3e
-{
e23d3e
-  const ser = new v8.DefaultSerializer();
e23d3e
-  ser.writeHeader();
e23d3e
-  for (const obj of objects) {
e23d3e
-    ser.writeValue(obj);
e23d3e
-  }
e23d3e
-
e23d3e
-  const des = new v8.DefaultDeserializer(ser.releaseBuffer());
e23d3e
-  des.readHeader();
e23d3e
-
e23d3e
-  for (const obj of objects) {
e23d3e
-    assert.deepStrictEqual(des.readValue(), obj);
e23d3e
-  }
e23d3e
-}
e23d3e
-
e23d3e
-{
e23d3e
-  for (const obj of objects) {
e23d3e
-    assert.deepStrictEqual(v8.deserialize(v8.serialize(obj)), obj);
e23d3e
-  }
e23d3e
-}
e23d3e
-
e23d3e
-{
e23d3e
-  const ser = new v8.DefaultSerializer();
e23d3e
-  ser._getDataCloneError = common.mustCall((message) => {
e23d3e
-    assert.strictEqual(message, '[object Object] could not be cloned.');
e23d3e
-    return new Error('foobar');
e23d3e
-  });
e23d3e
-
e23d3e
-  ser.writeHeader();
e23d3e
-
e23d3e
-  assert.throws(() => {
e23d3e
-    ser.writeValue(new Proxy({}, {}));
e23d3e
-  }, /foobar/);
e23d3e
-}
e23d3e
-
e23d3e
-{
e23d3e
-  const ser = new v8.DefaultSerializer();
e23d3e
-  ser._writeHostObject = common.mustCall((object) => {
e23d3e
-    assert.strictEqual(object, hostObject);
e23d3e
-    const buf = Buffer.from('hostObjectTag');
e23d3e
-
e23d3e
-    ser.writeUint32(buf.length);
e23d3e
-    ser.writeRawBytes(buf);
e23d3e
-
e23d3e
-    ser.writeUint64(1, 2);
e23d3e
-    ser.writeDouble(-0.25);
e23d3e
-  });
e23d3e
-
e23d3e
-  ser.writeHeader();
e23d3e
-  ser.writeValue({ val: hostObject });
e23d3e
-
e23d3e
-  const des = new v8.DefaultDeserializer(ser.releaseBuffer());
e23d3e
-  des._readHostObject = common.mustCall(() => {
e23d3e
-    const length = des.readUint32();
e23d3e
-    const buf = des.readRawBytes(length);
e23d3e
-
e23d3e
-    assert.strictEqual(buf.toString(), 'hostObjectTag');
e23d3e
-
e23d3e
-    assert.deepStrictEqual(des.readUint64(), [1, 2]);
e23d3e
-    assert.strictEqual(des.readDouble(), -0.25);
e23d3e
-    return hostObject;
e23d3e
-  });
e23d3e
-
e23d3e
-  des.readHeader();
e23d3e
-
e23d3e
-  assert.strictEqual(des.readValue().val, hostObject);
e23d3e
-}
e23d3e
-
e23d3e
-// This test ensures that `v8.Serializer.writeRawBytes()` support
e23d3e
-// `TypedArray` and `DataView`.
e23d3e
-{
e23d3e
-  const text = 'hostObjectTag';
e23d3e
-  const data = Buffer.from(text);
e23d3e
-  const arrayBufferViews = common.getArrayBufferViews(data);
e23d3e
-
e23d3e
-  // `buf` is one of `TypedArray` or `DataView`.
e23d3e
-  function testWriteRawBytes(buf) {
e23d3e
-    let writeHostObjectCalled = false;
e23d3e
-    const ser = new v8.DefaultSerializer();
e23d3e
-
e23d3e
-    ser._writeHostObject = common.mustCall((object) => {
e23d3e
-      writeHostObjectCalled = true;
e23d3e
-      ser.writeUint32(buf.byteLength);
e23d3e
-      ser.writeRawBytes(buf);
e23d3e
-    });
e23d3e
-
e23d3e
-    ser.writeHeader();
e23d3e
-    ser.writeValue({ val: hostObject });
e23d3e
-
e23d3e
-    const des = new v8.DefaultDeserializer(ser.releaseBuffer());
e23d3e
-    des._readHostObject = common.mustCall(() => {
e23d3e
-      assert.strictEqual(writeHostObjectCalled, true);
e23d3e
-      const length = des.readUint32();
e23d3e
-      const buf = des.readRawBytes(length);
e23d3e
-      assert.strictEqual(buf.toString(), text);
e23d3e
-
e23d3e
-      return hostObject;
e23d3e
-    });
e23d3e
-
e23d3e
-    des.readHeader();
e23d3e
-
e23d3e
-    assert.strictEqual(des.readValue().val, hostObject);
e23d3e
-  }
e23d3e
-
e23d3e
-  arrayBufferViews.forEach((buf) => {
e23d3e
-    testWriteRawBytes(buf);
e23d3e
-  });
e23d3e
-}
e23d3e
-
e23d3e
-{
e23d3e
-  const ser = new v8.DefaultSerializer();
e23d3e
-  ser._writeHostObject = common.mustCall((object) => {
e23d3e
-    throw new Error('foobar');
e23d3e
-  });
e23d3e
-
e23d3e
-  ser.writeHeader();
e23d3e
-  assert.throws(() => {
e23d3e
-    ser.writeValue({ val: hostObject });
e23d3e
-  }, /foobar/);
e23d3e
-}
e23d3e
-
e23d3e
-{
e23d3e
-  assert.throws(() => v8.serialize(hostObject), {
e23d3e
-    constructor: Error,
e23d3e
-    message: 'Unserializable host object: JSStream {}'
e23d3e
-  });
e23d3e
-}
e23d3e
-
e23d3e
-{
e23d3e
-  const buf = Buffer.from('ff0d6f2203666f6f5e007b01', 'hex');
e23d3e
-
e23d3e
-  const des = new v8.DefaultDeserializer(buf);
e23d3e
-  des.readHeader();
e23d3e
-
e23d3e
-  const ser = new v8.DefaultSerializer();
e23d3e
-  ser.writeHeader();
e23d3e
-
e23d3e
-  ser.writeValue(des.readValue());
e23d3e
-
e23d3e
-  assert.deepStrictEqual(buf, ser.releaseBuffer());
e23d3e
-  assert.strictEqual(des.getWireFormatVersion(), 0x0d);
e23d3e
-}
e23d3e
-
e23d3e
-{
e23d3e
-  // Unaligned Uint16Array read, with padding in the underlying array buffer.
e23d3e
-  let buf = Buffer.alloc(32 + 9);
e23d3e
-  buf.write('ff0d5c0404addeefbe', 32, 'hex');
e23d3e
-  buf = buf.slice(32);
e23d3e
-
e23d3e
-  const expectedResult = os.endianness() === 'LE' ?
e23d3e
-    new Uint16Array([0xdead, 0xbeef]) : new Uint16Array([0xadde, 0xefbe]);
e23d3e
-
e23d3e
-  assert.deepStrictEqual(v8.deserialize(buf), expectedResult);
e23d3e
-}
e23d3e
-
e23d3e
-{
e23d3e
-  assert.throws(v8.Serializer, serializerTypeError);
e23d3e
-  assert.throws(v8.Deserializer, deserializerTypeError);
e23d3e
-}
e23d3e
-
e23d3e
-
e23d3e
-// `v8.deserialize()` and `new v8.Deserializer()` should support both
e23d3e
-// `TypedArray` and `DataView`.
e23d3e
-{
e23d3e
-  for (const obj of objects) {
e23d3e
-    const buf = v8.serialize(obj);
e23d3e
-
e23d3e
-    for (const arrayBufferView of common.getArrayBufferViews(buf)) {
e23d3e
-      assert.deepStrictEqual(v8.deserialize(arrayBufferView), obj);
e23d3e
-    }
e23d3e
-
e23d3e
-    for (const arrayBufferView of common.getArrayBufferViews(buf)) {
e23d3e
-      const deserializer = new v8.DefaultDeserializer(arrayBufferView);
e23d3e
-      deserializer.readHeader();
e23d3e
-      const value = deserializer.readValue();
e23d3e
-      assert.deepStrictEqual(value, obj);
e23d3e
-
e23d3e
-      const serializer = new v8.DefaultSerializer();
e23d3e
-      serializer.writeHeader();
e23d3e
-      serializer.writeValue(value);
e23d3e
-      assert.deepStrictEqual(buf, serializer.releaseBuffer());
e23d3e
-    }
e23d3e
-  }
e23d3e
-}
e23d3e
-
e23d3e
-{
e23d3e
-  const INVALID_SOURCE = 'INVALID_SOURCE_TYPE';
e23d3e
-  const serializer = new v8.Serializer();
e23d3e
-  serializer.writeHeader();
e23d3e
-  assert.throws(
e23d3e
-    () => serializer.writeRawBytes(INVALID_SOURCE),
e23d3e
-    /^TypeError: source must be a TypedArray or a DataView$/,
e23d3e
-  );
e23d3e
-  assert.throws(
e23d3e
-    () => v8.deserialize(INVALID_SOURCE),
e23d3e
-    /^TypeError: buffer must be a TypedArray or a DataView$/,
e23d3e
-  );
e23d3e
-  assert.throws(
e23d3e
-    () => new v8.Deserializer(INVALID_SOURCE),
e23d3e
-    /^TypeError: buffer must be a TypedArray or a DataView$/,
e23d3e
-  );
e23d3e
-}
e23d3e
-
e23d3e
-{
e23d3e
-  const deserializedWasmModule = v8.deserialize(v8.serialize(wasmModule));
e23d3e
-  const instance = new WebAssembly.Instance(deserializedWasmModule);
e23d3e
-  assert.strictEqual(instance.exports.add(10, 20), 30);
e23d3e
-}
e23d3e
-- 
e23d3e
1.8.3.1
e23d3e