Blame SOURCES/0006-Disable-tests-for-unsupported-features.patch

2509f6
From babb845ad3cf7b65e228826385ee060c53e68e8d Mon Sep 17 00:00:00 2001
d744d0
From: =?UTF-8?q?Jan=20Stan=C4=9Bk?= <jstanek@redhat.com>
2509f6
Date: Thu, 8 Jul 2021 14:11:32 +0200
d744d0
Subject: [PATCH] Disable tests for unsupported features
d744d0
MIME-Version: 1.0
d744d0
Content-Type: text/plain; charset=UTF-8
d744d0
Content-Transfer-Encoding: 8bit
d744d0
d744d0
- Remove tests relying on unsupported features
d744d0
d744d0
  These test either test some unsupported algorithm itself,
d744d0
  or use fixtures/data created by such algorithm.
d744d0
  Either way, the legacy OpenSSL cannot deal with them.
d744d0
d744d0
- Remove tests for TLSv1.3
d744d0
d744d0
Signed-off-by: Jan Staněk <jstanek@redhat.com>
d744d0
---
d744d0
 lib/tls.js                                    |   8 +-
d744d0
 .../test-crypto-certificate.js                |   0
d744d0
 .../test-crypto-des3-wrap.js                  |   0
d744d0
 .../test-crypto-hash-stream-pipe.js           |   0
d744d0
 .../test-https-agent-keylog.js                |   0
d744d0
 .../test-tls-client-getephemeralkeyinfo.js    |   0
d744d0
 .../test-tls-client-renegotiation-13.js       |   0
d744d0
 .../test-tls-ecdh-auto.js                     |   0
d744d0
 .../test-tls-ecdh-multiple.js                 |   0
d744d0
 .../test-tls-ecdh.js                          |   0
d744d0
 .../test-tls-enable-keylog-cli.js             |   0
d744d0
 .../test-tls-keylog-tlsv13.js                 |   0
d744d0
 test/parallel/test-crypto-aes-wrap.js         |   6 +-
d744d0
 test/parallel/test-crypto-authenticated.js    |  17 +-
d744d0
 test/parallel/test-crypto-dh-stateless.js     |  17 --
d744d0
 test/parallel/test-crypto-hash.js             |  63 --------
d744d0
 test/parallel/test-crypto-key-objects.js      | 151 ------------------
d744d0
 test/parallel/test-crypto-keygen.js           |  51 ------
d744d0
 test/parallel/test-crypto-sign-verify.js      | 108 -------------
d744d0
 test/parallel/test-tls-cli-min-version-1.0.js |   2 +-
d744d0
 test/parallel/test-tls-cli-min-version-1.1.js |   2 +-
d744d0
 test/parallel/test-tls-cli-min-version-1.2.js |   2 +-
d744d0
 test/parallel/test-tls-destroy-stream.js      |   2 +-
d744d0
 test/parallel/test-tls-getcipher.js           |  22 ---
d744d0
 test/parallel/test-tls-min-max-version.js     |  19 +--
d744d0
 test/parallel/test-tls-psk-circuit.js         |   4 +-
d744d0
 26 files changed, 33 insertions(+), 441 deletions(-)
d744d0
 rename test/{parallel => known_issues}/test-crypto-certificate.js (100%)
d744d0
 rename test/{parallel => known_issues}/test-crypto-des3-wrap.js (100%)
d744d0
 rename test/{parallel => known_issues}/test-crypto-hash-stream-pipe.js (100%)
d744d0
 rename test/{parallel => known_issues}/test-https-agent-keylog.js (100%)
d744d0
 rename test/{parallel => known_issues}/test-tls-client-getephemeralkeyinfo.js (100%)
d744d0
 rename test/{parallel => known_issues}/test-tls-client-renegotiation-13.js (100%)
d744d0
 rename test/{parallel => known_issues}/test-tls-ecdh-auto.js (100%)
d744d0
 rename test/{parallel => known_issues}/test-tls-ecdh-multiple.js (100%)
d744d0
 rename test/{parallel => known_issues}/test-tls-ecdh.js (100%)
d744d0
 rename test/{parallel => known_issues}/test-tls-enable-keylog-cli.js (100%)
d744d0
 rename test/{parallel => known_issues}/test-tls-keylog-tlsv13.js (100%)
d744d0
d744d0
diff --git a/lib/tls.js b/lib/tls.js
d744d0
index 2ccbe409c9..21e6f3a814 100644
d744d0
--- a/lib/tls.js
d744d0
+++ b/lib/tls.js
d744d0
@@ -66,17 +66,13 @@ else if (getOptionValue('--tls-min-v1.1'))
d744d0
   exports.DEFAULT_MIN_VERSION = 'TLSv1.1';
d744d0
 else if (getOptionValue('--tls-min-v1.2'))
d744d0
   exports.DEFAULT_MIN_VERSION = 'TLSv1.2';
d744d0
-else if (getOptionValue('--tls-min-v1.3'))
d744d0
-  exports.DEFAULT_MIN_VERSION = 'TLSv1.3';
d744d0
 else
d744d0
   exports.DEFAULT_MIN_VERSION = 'TLSv1.2';
d744d0
 
d744d0
-if (getOptionValue('--tls-max-v1.3'))
d744d0
-  exports.DEFAULT_MAX_VERSION = 'TLSv1.3';
d744d0
-else if (getOptionValue('--tls-max-v1.2'))
d744d0
+if (getOptionValue('--tls-max-v1.2'))
d744d0
   exports.DEFAULT_MAX_VERSION = 'TLSv1.2';
d744d0
 else
d744d0
-  exports.DEFAULT_MAX_VERSION = 'TLSv1.3'; // Will depend on node version.
d744d0
+  exports.DEFAULT_MAX_VERSION = 'TLSv1.2'; // Will depend on node version.
d744d0
 
d744d0
 
d744d0
 exports.getCiphers = internalUtil.cachedResult(
d744d0
diff --git a/test/parallel/test-crypto-certificate.js b/test/known_issues/test-crypto-certificate.js
d744d0
similarity index 100%
d744d0
rename from test/parallel/test-crypto-certificate.js
d744d0
rename to test/known_issues/test-crypto-certificate.js
d744d0
diff --git a/test/parallel/test-crypto-des3-wrap.js b/test/known_issues/test-crypto-des3-wrap.js
d744d0
similarity index 100%
d744d0
rename from test/parallel/test-crypto-des3-wrap.js
d744d0
rename to test/known_issues/test-crypto-des3-wrap.js
d744d0
diff --git a/test/parallel/test-crypto-hash-stream-pipe.js b/test/known_issues/test-crypto-hash-stream-pipe.js
d744d0
similarity index 100%
d744d0
rename from test/parallel/test-crypto-hash-stream-pipe.js
d744d0
rename to test/known_issues/test-crypto-hash-stream-pipe.js
d744d0
diff --git a/test/parallel/test-https-agent-keylog.js b/test/known_issues/test-https-agent-keylog.js
d744d0
similarity index 100%
d744d0
rename from test/parallel/test-https-agent-keylog.js
d744d0
rename to test/known_issues/test-https-agent-keylog.js
d744d0
diff --git a/test/parallel/test-tls-client-getephemeralkeyinfo.js b/test/known_issues/test-tls-client-getephemeralkeyinfo.js
d744d0
similarity index 100%
d744d0
rename from test/parallel/test-tls-client-getephemeralkeyinfo.js
d744d0
rename to test/known_issues/test-tls-client-getephemeralkeyinfo.js
d744d0
diff --git a/test/parallel/test-tls-client-renegotiation-13.js b/test/known_issues/test-tls-client-renegotiation-13.js
d744d0
similarity index 100%
d744d0
rename from test/parallel/test-tls-client-renegotiation-13.js
d744d0
rename to test/known_issues/test-tls-client-renegotiation-13.js
d744d0
diff --git a/test/parallel/test-tls-ecdh-auto.js b/test/known_issues/test-tls-ecdh-auto.js
d744d0
similarity index 100%
d744d0
rename from test/parallel/test-tls-ecdh-auto.js
d744d0
rename to test/known_issues/test-tls-ecdh-auto.js
d744d0
diff --git a/test/parallel/test-tls-ecdh-multiple.js b/test/known_issues/test-tls-ecdh-multiple.js
d744d0
similarity index 100%
d744d0
rename from test/parallel/test-tls-ecdh-multiple.js
d744d0
rename to test/known_issues/test-tls-ecdh-multiple.js
d744d0
diff --git a/test/parallel/test-tls-ecdh.js b/test/known_issues/test-tls-ecdh.js
d744d0
similarity index 100%
d744d0
rename from test/parallel/test-tls-ecdh.js
d744d0
rename to test/known_issues/test-tls-ecdh.js
d744d0
diff --git a/test/parallel/test-tls-enable-keylog-cli.js b/test/known_issues/test-tls-enable-keylog-cli.js
d744d0
similarity index 100%
d744d0
rename from test/parallel/test-tls-enable-keylog-cli.js
d744d0
rename to test/known_issues/test-tls-enable-keylog-cli.js
d744d0
diff --git a/test/parallel/test-tls-keylog-tlsv13.js b/test/known_issues/test-tls-keylog-tlsv13.js
d744d0
similarity index 100%
d744d0
rename from test/parallel/test-tls-keylog-tlsv13.js
d744d0
rename to test/known_issues/test-tls-keylog-tlsv13.js
d744d0
diff --git a/test/parallel/test-crypto-aes-wrap.js b/test/parallel/test-crypto-aes-wrap.js
d744d0
index 6fe35258f7..7639ec632d 100644
d744d0
--- a/test/parallel/test-crypto-aes-wrap.js
d744d0
+++ b/test/parallel/test-crypto-aes-wrap.js
d744d0
@@ -8,7 +8,7 @@ const crypto = require('crypto');
d744d0
 
d744d0
 const test = [
d744d0
   {
d744d0
-    algorithm: 'aes128-wrap',
d744d0
+    algorithm: 'id-aes128-wrap',
d744d0
     key: 'b26f309fbe57e9b3bb6ae5ef31d54450',
d744d0
     iv: '3fd838af4093d749',
d744d0
     text: '12345678123456781234567812345678'
d744d0
@@ -20,7 +20,7 @@ const test = [
d744d0
     text: '12345678123456781234567812345678123'
d744d0
   },
d744d0
   {
d744d0
-    algorithm: 'aes192-wrap',
d744d0
+    algorithm: 'id-aes192-wrap',
d744d0
     key: '40978085d68091f7dfca0d7dfc7a5ee76d2cc7f2f345a304',
d744d0
     iv: '3fd838af4093d749',
d744d0
     text: '12345678123456781234567812345678'
d744d0
@@ -32,7 +32,7 @@ const test = [
d744d0
     text: '12345678123456781234567812345678123'
d744d0
   },
d744d0
   {
d744d0
-    algorithm: 'aes256-wrap',
d744d0
+    algorithm: 'id-aes256-wrap',
d744d0
     key: '29c9eab5ed5ad44134a1437fe2e673b4d88a5b7c72e68454fea08721392b7323',
d744d0
     iv: '3fd838af4093d749',
d744d0
     text: '12345678123456781234567812345678'
d744d0
diff --git a/test/parallel/test-crypto-authenticated.js b/test/parallel/test-crypto-authenticated.js
d744d0
index 863907bafd..8c10b350c0 100644
d744d0
--- a/test/parallel/test-crypto-authenticated.js
d744d0
+++ b/test/parallel/test-crypto-authenticated.js
d744d0
@@ -405,6 +405,11 @@ for (const test of TEST_CASES) {
d744d0
 // authentication tag has been specified.
d744d0
 {
d744d0
   for (const mode of ['ccm', 'ocb']) {
d744d0
+    if (!ciphers.includes(`aes-256-${mode}`)) {
d744d0
+      common.printSkipMessage(`unsupported aes-256-${mode} test`);
d744d0
+      continue;
d744d0
+    }
d744d0
+
d744d0
     assert.throws(() => {
d744d0
       crypto.createCipheriv(`aes-256-${mode}`,
d744d0
                             'FxLKsqdmv0E9xrQhp0b1ZgI0K7JFZJM8',
d744d0
@@ -565,6 +570,11 @@ for (const test of TEST_CASES) {
d744d0
   const iv = Buffer.from('0123456789ab', 'utf8');
d744d0
 
d744d0
   for (const mode of ['gcm', 'ocb']) {
d744d0
+    if (!ciphers.includes(`aes-128-${mode}`)) {
d744d0
+      common.printSkipMessage(`unsupported aes-128-${mode} test`);
d744d0
+      continue;
d744d0
+    }
d744d0
+
d744d0
     for (const authTagLength of mode === 'gcm' ? [undefined, 8] : [8]) {
d744d0
       const cipher = crypto.createCipheriv(`aes-128-${mode}`, key, iv, {
d744d0
         authTagLength
d744d0
@@ -599,6 +609,11 @@ for (const test of TEST_CASES) {
d744d0
   const opts = { authTagLength: 8 };
d744d0
 
d744d0
   for (const mode of ['gcm', 'ccm', 'ocb']) {
d744d0
+    if (!ciphers.includes(`aes-128-${mode}`)) {
d744d0
+      common.printSkipMessage(`unsupported aes-128-${mode} test`);
d744d0
+      continue;
d744d0
+    }
d744d0
+
d744d0
     const cipher = crypto.createCipheriv(`aes-128-${mode}`, key, iv, opts);
d744d0
     const ciphertext = Buffer.concat([cipher.update(plain), cipher.final()]);
d744d0
     const tag = cipher.getAuthTag();
d744d0
@@ -659,7 +674,7 @@ for (const test of TEST_CASES) {
d744d0
       Buffer.from(valid.key, 'hex'),
d744d0
       Buffer.from(H(prefix) + valid.iv, 'hex'),
d744d0
       { authTagLength: valid.tag.length / 2 }
d744d0
-    ), errMessages.length, `iv length ${ivLength} was not rejected`);
d744d0
+    ), /.*/, `iv length ${ivLength} was not rejected`);
d744d0
 
d744d0
     function H(length) { return '00'.repeat(length); }
d744d0
   }
d744d0
diff --git a/test/parallel/test-crypto-dh-stateless.js b/test/parallel/test-crypto-dh-stateless.js
d744d0
index b01cea76b2..b91d15fcb5 100644
d744d0
--- a/test/parallel/test-crypto-dh-stateless.js
d744d0
+++ b/test/parallel/test-crypto-dh-stateless.js
d744d0
@@ -204,20 +204,3 @@ assert.throws(() => {
d744d0
   name: 'Error',
d744d0
   code: 'ERR_OSSL_EVP_DIFFERENT_PARAMETERS'
d744d0
 });
d744d0
-
d744d0
-// Test ECDH-ES.
d744d0
-
d744d0
-test(crypto.generateKeyPairSync('x448'),
d744d0
-     crypto.generateKeyPairSync('x448'));
d744d0
-
d744d0
-test(crypto.generateKeyPairSync('x25519'),
d744d0
-     crypto.generateKeyPairSync('x25519'));
d744d0
-
d744d0
-assert.throws(() => {
d744d0
-  test(crypto.generateKeyPairSync('x448'),
d744d0
-       crypto.generateKeyPairSync('x25519'));
d744d0
-}, {
d744d0
-  name: 'Error',
d744d0
-  code: 'ERR_CRYPTO_INCOMPATIBLE_KEY',
d744d0
-  message: 'Incompatible key types for Diffie-Hellman: x448 and x25519'
d744d0
-});
d744d0
diff --git a/test/parallel/test-crypto-hash.js b/test/parallel/test-crypto-hash.js
d744d0
index f3f4df928c..e4db1ba88a 100644
d744d0
--- a/test/parallel/test-crypto-hash.js
d744d0
+++ b/test/parallel/test-crypto-hash.js
d744d0
@@ -182,76 +182,13 @@ assert.throws(
d744d0
                                    ' when called without `new`');
d744d0
 }
d744d0
 
d744d0
-// Test XOF hash functions and the outputLength option.
d744d0
 {
d744d0
-  // Default outputLengths.
d744d0
-  assert.strictEqual(crypto.createHash('shake128').digest('hex'),
d744d0
-                     '7f9c2ba4e88f827d616045507605853e');
d744d0
-  assert.strictEqual(crypto.createHash('shake128', null).digest('hex'),
d744d0
-                     '7f9c2ba4e88f827d616045507605853e');
d744d0
-  assert.strictEqual(crypto.createHash('shake256').digest('hex'),
d744d0
-                     '46b9dd2b0ba88d13233b3feb743eeb24' +
d744d0
-                     '3fcd52ea62b81b82b50c27646ed5762f');
d744d0
-  assert.strictEqual(crypto.createHash('shake256', { outputLength: 0 })
d744d0
-                           .copy()  // Default outputLength.
d744d0
-                           .digest('hex'),
d744d0
-                     '46b9dd2b0ba88d13233b3feb743eeb24' +
d744d0
-                     '3fcd52ea62b81b82b50c27646ed5762f');
d744d0
-
d744d0
-  // Short outputLengths.
d744d0
-  assert.strictEqual(crypto.createHash('shake128', { outputLength: 0 })
d744d0
-                           .digest('hex'),
d744d0
-                     '');
d744d0
-  assert.strictEqual(crypto.createHash('shake128', { outputLength: 5 })
d744d0
-                           .copy({ outputLength: 0 })
d744d0
-                           .digest('hex'),
d744d0
-                     '');
d744d0
-  assert.strictEqual(crypto.createHash('shake128', { outputLength: 5 })
d744d0
-                           .digest('hex'),
d744d0
-                     '7f9c2ba4e8');
d744d0
-  assert.strictEqual(crypto.createHash('shake128', { outputLength: 0 })
d744d0
-                           .copy({ outputLength: 5 })
d744d0
-                           .digest('hex'),
d744d0
-                     '7f9c2ba4e8');
d744d0
-  assert.strictEqual(crypto.createHash('shake128', { outputLength: 15 })
d744d0
-                           .digest('hex'),
d744d0
-                     '7f9c2ba4e88f827d61604550760585');
d744d0
-  assert.strictEqual(crypto.createHash('shake256', { outputLength: 16 })
d744d0
-                           .digest('hex'),
d744d0
-                     '46b9dd2b0ba88d13233b3feb743eeb24');
d744d0
-
d744d0
-  // Large outputLengths.
d744d0
-  assert.strictEqual(crypto.createHash('shake128', { outputLength: 128 })
d744d0
-                           .digest('hex'),
d744d0
-                     '7f9c2ba4e88f827d616045507605853e' +
d744d0
-                     'd73b8093f6efbc88eb1a6eacfa66ef26' +
d744d0
-                     '3cb1eea988004b93103cfb0aeefd2a68' +
d744d0
-                     '6e01fa4a58e8a3639ca8a1e3f9ae57e2' +
d744d0
-                     '35b8cc873c23dc62b8d260169afa2f75' +
d744d0
-                     'ab916a58d974918835d25e6a435085b2' +
d744d0
-                     'badfd6dfaac359a5efbb7bcc4b59d538' +
d744d0
-                     'df9a04302e10c8bc1cbf1a0b3a5120ea');
d744d0
-  const superLongHash = crypto.createHash('shake256', {
d744d0
-    outputLength: 1024 * 1024
d744d0
-  }).update('The message is shorter than the hash!')
d744d0
-    .digest('hex');
d744d0
-  assert.strictEqual(superLongHash.length, 2 * 1024 * 1024);
d744d0
-  assert.ok(superLongHash.endsWith('193414035ddba77bf7bba97981e656ec'));
d744d0
-  assert.ok(superLongHash.startsWith('a2a28dbc49cfd6e5d6ceea3d03e77748'));
d744d0
-
d744d0
   // Non-XOF hash functions should accept valid outputLength options as well.
d744d0
   assert.strictEqual(crypto.createHash('sha224', { outputLength: 28 })
d744d0
                            .digest('hex'),
d744d0
                      'd14a028c2a3a2bc9476102bb288234c4' +
d744d0
                      '15a2b01f828ea62ac5b3e42f');
d744d0
 
d744d0
-  // Passing invalid sizes should throw during creation.
d744d0
-  assert.throws(() => {
d744d0
-    crypto.createHash('sha256', { outputLength: 28 });
d744d0
-  }, {
d744d0
-    code: 'ERR_OSSL_EVP_NOT_XOF_OR_INVALID_LENGTH'
d744d0
-  });
d744d0
-
d744d0
   for (const outputLength of [null, {}, 'foo', false]) {
d744d0
     assert.throws(() => crypto.createHash('sha256', { outputLength }),
d744d0
                   { code: 'ERR_INVALID_ARG_TYPE' });
d744d0
diff --git a/test/parallel/test-crypto-key-objects.js b/test/parallel/test-crypto-key-objects.js
d744d0
index d3011db79d..644a52a1c7 100644
d744d0
--- a/test/parallel/test-crypto-key-objects.js
d744d0
+++ b/test/parallel/test-crypto-key-objects.js
d744d0
@@ -242,18 +242,6 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
d744d0
 }
d744d0
 
d744d0
 [
d744d0
-  { private: fixtures.readKey('ed25519_private.pem', 'ascii'),
d744d0
-    public: fixtures.readKey('ed25519_public.pem', 'ascii'),
d744d0
-    keyType: 'ed25519' },
d744d0
-  { private: fixtures.readKey('ed448_private.pem', 'ascii'),
d744d0
-    public: fixtures.readKey('ed448_public.pem', 'ascii'),
d744d0
-    keyType: 'ed448' },
d744d0
-  { private: fixtures.readKey('x25519_private.pem', 'ascii'),
d744d0
-    public: fixtures.readKey('x25519_public.pem', 'ascii'),
d744d0
-    keyType: 'x25519' },
d744d0
-  { private: fixtures.readKey('x448_private.pem', 'ascii'),
d744d0
-    public: fixtures.readKey('x448_public.pem', 'ascii'),
d744d0
-    keyType: 'x448' },
d744d0
 ].forEach((info) => {
d744d0
   const keyType = info.keyType;
d744d0
 
d744d0
@@ -323,145 +311,6 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
d744d0
 
d744d0
 }
d744d0
 
d744d0
-{
d744d0
-  // Test RSA-PSS.
d744d0
-  {
d744d0
-    // This key pair does not restrict the message digest algorithm or salt
d744d0
-    // length.
d744d0
-    const publicPem = fixtures.readKey('rsa_pss_public_2048.pem');
d744d0
-    const privatePem = fixtures.readKey('rsa_pss_private_2048.pem');
d744d0
-
d744d0
-    const publicKey = createPublicKey(publicPem);
d744d0
-    const privateKey = createPrivateKey(privatePem);
d744d0
-
d744d0
-    assert.strictEqual(publicKey.type, 'public');
d744d0
-    assert.strictEqual(publicKey.asymmetricKeyType, 'rsa-pss');
d744d0
-
d744d0
-    assert.strictEqual(privateKey.type, 'private');
d744d0
-    assert.strictEqual(privateKey.asymmetricKeyType, 'rsa-pss');
d744d0
-
d744d0
-    for (const key of [privatePem, privateKey]) {
d744d0
-      // Any algorithm should work.
d744d0
-      for (const algo of ['sha1', 'sha256']) {
d744d0
-        // Any salt length should work.
d744d0
-        for (const saltLength of [undefined, 8, 10, 12, 16, 18, 20]) {
d744d0
-          const signature = createSign(algo)
d744d0
-                            .update('foo')
d744d0
-                            .sign({ key, saltLength });
d744d0
-
d744d0
-          for (const pkey of [key, publicKey, publicPem]) {
d744d0
-            const okay = createVerify(algo)
d744d0
-                         .update('foo')
d744d0
-                         .verify({ key: pkey, saltLength }, signature);
d744d0
-
d744d0
-            assert.ok(okay);
d744d0
-          }
d744d0
-        }
d744d0
-      }
d744d0
-    }
d744d0
-
d744d0
-    // Exporting the key using PKCS#1 should not work since this would discard
d744d0
-    // any algorithm restrictions.
d744d0
-    assert.throws(() => {
d744d0
-      publicKey.export({ format: 'pem', type: 'pkcs1' });
d744d0
-    }, {
d744d0
-      code: 'ERR_CRYPTO_INCOMPATIBLE_KEY_OPTIONS'
d744d0
-    });
d744d0
-  }
d744d0
-
d744d0
-  {
d744d0
-    // This key pair enforces sha256 as the message digest and the MGF1
d744d0
-    // message digest and a salt length of at least 16 bytes.
d744d0
-    const publicPem =
d744d0
-      fixtures.readKey('rsa_pss_public_2048_sha256_sha256_16.pem');
d744d0
-    const privatePem =
d744d0
-      fixtures.readKey('rsa_pss_private_2048_sha256_sha256_16.pem');
d744d0
-
d744d0
-    const publicKey = createPublicKey(publicPem);
d744d0
-    const privateKey = createPrivateKey(privatePem);
d744d0
-
d744d0
-    assert.strictEqual(publicKey.type, 'public');
d744d0
-    assert.strictEqual(publicKey.asymmetricKeyType, 'rsa-pss');
d744d0
-
d744d0
-    assert.strictEqual(privateKey.type, 'private');
d744d0
-    assert.strictEqual(privateKey.asymmetricKeyType, 'rsa-pss');
d744d0
-
d744d0
-    for (const key of [privatePem, privateKey]) {
d744d0
-      // Signing with anything other than sha256 should fail.
d744d0
-      assert.throws(() => {
d744d0
-        createSign('sha1').sign(key);
d744d0
-      }, /digest not allowed/);
d744d0
-
d744d0
-      // Signing with salt lengths less than 16 bytes should fail.
d744d0
-      for (const saltLength of [8, 10, 12]) {
d744d0
-        assert.throws(() => {
d744d0
-          createSign('sha1').sign({ key, saltLength });
d744d0
-        }, /pss saltlen too small/);
d744d0
-      }
d744d0
-
d744d0
-      // Signing with sha256 and appropriate salt lengths should work.
d744d0
-      for (const saltLength of [undefined, 16, 18, 20]) {
d744d0
-        const signature = createSign('sha256')
d744d0
-                          .update('foo')
d744d0
-                          .sign({ key, saltLength });
d744d0
-
d744d0
-        for (const pkey of [key, publicKey, publicPem]) {
d744d0
-          const okay = createVerify('sha256')
d744d0
-                       .update('foo')
d744d0
-                       .verify({ key: pkey, saltLength }, signature);
d744d0
-
d744d0
-          assert.ok(okay);
d744d0
-        }
d744d0
-      }
d744d0
-    }
d744d0
-  }
d744d0
-
d744d0
-  {
d744d0
-    // This key enforces sha512 as the message digest and sha256 as the MGF1
d744d0
-    // message digest.
d744d0
-    const publicPem =
d744d0
-      fixtures.readKey('rsa_pss_public_2048_sha512_sha256_20.pem');
d744d0
-    const privatePem =
d744d0
-      fixtures.readKey('rsa_pss_private_2048_sha512_sha256_20.pem');
d744d0
-
d744d0
-    const publicKey = createPublicKey(publicPem);
d744d0
-    const privateKey = createPrivateKey(privatePem);
d744d0
-
d744d0
-    assert.strictEqual(publicKey.type, 'public');
d744d0
-    assert.strictEqual(publicKey.asymmetricKeyType, 'rsa-pss');
d744d0
-
d744d0
-    assert.strictEqual(privateKey.type, 'private');
d744d0
-    assert.strictEqual(privateKey.asymmetricKeyType, 'rsa-pss');
d744d0
-
d744d0
-    // Node.js usually uses the same hash function for the message and for MGF1.
d744d0
-    // However, when a different MGF1 message digest algorithm has been
d744d0
-    // specified as part of the key, it should automatically switch to that.
d744d0
-    // This behavior is required by sections 3.1 and 3.3 of RFC4055.
d744d0
-    for (const key of [privatePem, privateKey]) {
d744d0
-      // sha256 matches the MGF1 hash function and should be used internally,
d744d0
-      // but it should not be permitted as the main message digest algorithm.
d744d0
-      for (const algo of ['sha1', 'sha256']) {
d744d0
-        assert.throws(() => {
d744d0
-          createSign(algo).sign(key);
d744d0
-        }, /digest not allowed/);
d744d0
-      }
d744d0
-
d744d0
-      // sha512 should produce a valid signature.
d744d0
-      const signature = createSign('sha512')
d744d0
-                        .update('foo')
d744d0
-                        .sign(key);
d744d0
-
d744d0
-      for (const pkey of [key, publicKey, publicPem]) {
d744d0
-        const okay = createVerify('sha512')
d744d0
-                     .update('foo')
d744d0
-                     .verify(pkey, signature);
d744d0
-
d744d0
-        assert.ok(okay);
d744d0
-      }
d744d0
-    }
d744d0
-  }
d744d0
-}
d744d0
-
d744d0
 {
d744d0
   // Exporting an encrypted private key requires a cipher
d744d0
   const privateKey = createPrivateKey(privatePem);
d744d0
diff --git a/test/parallel/test-crypto-keygen.js b/test/parallel/test-crypto-keygen.js
2509f6
index 384f4fa68a..38432254f0 100644
d744d0
--- a/test/parallel/test-crypto-keygen.js
d744d0
+++ b/test/parallel/test-crypto-keygen.js
d744d0
@@ -265,42 +265,7 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
d744d0
   }));
d744d0
 }
d744d0
 
d744d0
-{
d744d0
-  // Test RSA-PSS.
d744d0
-  generateKeyPair('rsa-pss', {
d744d0
-    modulusLength: 512,
d744d0
-    saltLength: 16,
d744d0
-    hash: 'sha256',
d744d0
-    mgf1Hash: 'sha256'
d744d0
-  }, common.mustCall((err, publicKey, privateKey) => {
d744d0
-    assert.ifError(err);
d744d0
-
d744d0
-    assert.strictEqual(publicKey.type, 'public');
d744d0
-    assert.strictEqual(publicKey.asymmetricKeyType, 'rsa-pss');
d744d0
-
d744d0
-    assert.strictEqual(privateKey.type, 'private');
d744d0
-    assert.strictEqual(privateKey.asymmetricKeyType, 'rsa-pss');
d744d0
 
d744d0
-    // Unlike RSA, RSA-PSS does not allow encryption.
d744d0
-    assert.throws(() => {
d744d0
-      testEncryptDecrypt(publicKey, privateKey);
d744d0
-    }, /operation not supported for this keytype/);
d744d0
-
d744d0
-    // RSA-PSS also does not permit signing with PKCS1 padding.
d744d0
-    assert.throws(() => {
d744d0
-      testSignVerify({
d744d0
-        key: publicKey,
d744d0
-        padding: constants.RSA_PKCS1_PADDING
d744d0
-      }, {
d744d0
-        key: privateKey,
d744d0
-        padding: constants.RSA_PKCS1_PADDING
d744d0
-      });
d744d0
-    }, /illegal or unsupported padding mode/);
d744d0
-
d744d0
-    // The padding should correctly default to RSA_PKCS1_PSS_PADDING now.
d744d0
-    testSignVerify(publicKey, privateKey);
d744d0
-  }));
d744d0
-}
d744d0
 
d744d0
 {
d744d0
   const privateKeyEncoding = {
2509f6
@@ -975,22 +940,6 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
d744d0
   }));
d744d0
 }
d744d0
 
d744d0
-// Test EdDSA key generation.
d744d0
-{
d744d0
-  if (!/^1\.1\.0/.test(process.versions.openssl)) {
d744d0
-    ['ed25519', 'ed448', 'x25519', 'x448'].forEach((keyType) => {
d744d0
-      generateKeyPair(keyType, common.mustCall((err, publicKey, privateKey) => {
d744d0
-        assert.ifError(err);
d744d0
-
d744d0
-        assert.strictEqual(publicKey.type, 'public');
d744d0
-        assert.strictEqual(publicKey.asymmetricKeyType, keyType);
d744d0
-
d744d0
-        assert.strictEqual(privateKey.type, 'private');
d744d0
-        assert.strictEqual(privateKey.asymmetricKeyType, keyType);
d744d0
-      }));
d744d0
-    });
d744d0
-  }
d744d0
-}
d744d0
 
d744d0
 // Test classic Diffie-Hellman key generation.
d744d0
 {
d744d0
diff --git a/test/parallel/test-crypto-sign-verify.js b/test/parallel/test-crypto-sign-verify.js
d744d0
index ff410dcf00..a7a293a740 100644
d744d0
--- a/test/parallel/test-crypto-sign-verify.js
d744d0
+++ b/test/parallel/test-crypto-sign-verify.js
d744d0
@@ -425,14 +425,6 @@ assert.throws(
d744d0
 }
d744d0
 
d744d0
 [
d744d0
-  { private: fixtures.readKey('ed25519_private.pem', 'ascii'),
d744d0
-    public: fixtures.readKey('ed25519_public.pem', 'ascii'),
d744d0
-    algo: null,
d744d0
-    sigLen: 64 },
d744d0
-  { private: fixtures.readKey('ed448_private.pem', 'ascii'),
d744d0
-    public: fixtures.readKey('ed448_public.pem', 'ascii'),
d744d0
-    algo: null,
d744d0
-    sigLen: 114 },
d744d0
   { private: fixtures.readKey('rsa_private_2048.pem', 'ascii'),
d744d0
     public: fixtures.readKey('rsa_public_2048.pem', 'ascii'),
d744d0
     algo: 'sha1',
d744d0
@@ -514,106 +506,6 @@ assert.throws(
d744d0
   assert.throws(() => crypto.verify(null, data, 'test', input), errObj);
d744d0
 });
d744d0
 
d744d0
-{
d744d0
-  const data = Buffer.from('Hello world');
d744d0
-  const keys = [['ec-key.pem', 64], ['dsa_private_1025.pem', 40]];
d744d0
-
d744d0
-  for (const [file, length] of keys) {
d744d0
-    const privKey = fixtures.readKey(file);
d744d0
-    [
d744d0
-      crypto.createSign('sha1').update(data).sign(privKey),
d744d0
-      crypto.sign('sha1', data, privKey),
d744d0
-      crypto.sign('sha1', data, { key: privKey, dsaEncoding: 'der' })
d744d0
-    ].forEach((sig) => {
d744d0
-      // Signature length variability due to DER encoding
d744d0
-      assert(sig.length >= length + 4 && sig.length <= length + 8);
d744d0
-
d744d0
-      assert.strictEqual(
d744d0
-        crypto.createVerify('sha1').update(data).verify(privKey, sig),
d744d0
-        true
d744d0
-      );
d744d0
-      assert.strictEqual(crypto.verify('sha1', data, privKey, sig), true);
d744d0
-    });
d744d0
-
d744d0
-    // Test (EC)DSA signature conversion.
d744d0
-    const opts = { key: privKey, dsaEncoding: 'ieee-p1363' };
d744d0
-    let sig = crypto.sign('sha1', data, opts);
d744d0
-    // Unlike DER signatures, IEEE P1363 signatures have a predictable length.
d744d0
-    assert.strictEqual(sig.length, length);
d744d0
-    assert.strictEqual(crypto.verify('sha1', data, opts, sig), true);
d744d0
-    assert.strictEqual(crypto.createVerify('sha1')
d744d0
-                             .update(data)
d744d0
-                             .verify(opts, sig), true);
d744d0
-
d744d0
-    // Test invalid signature lengths.
d744d0
-    for (const i of [-2, -1, 1, 2, 4, 8]) {
d744d0
-      sig = crypto.randomBytes(length + i);
d744d0
-      assert.throws(() => {
d744d0
-        crypto.verify('sha1', data, opts, sig);
d744d0
-      }, {
d744d0
-        message: 'Malformed signature'
d744d0
-      });
d744d0
-    }
d744d0
-  }
d744d0
-
d744d0
-  // Test verifying externally signed messages.
d744d0
-  const extSig = Buffer.from('494c18ab5c8a62a72aea5041966902bcfa229821af2bf65' +
d744d0
-                             '0b5b4870d1fe6aebeaed9460c62210693b5b0a300033823' +
d744d0
-                             '33d9529c8abd8c5948940af944828be16c', 'hex');
d744d0
-  for (const ok of [true, false]) {
d744d0
-    assert.strictEqual(
d744d0
-      crypto.verify('sha256', data, {
d744d0
-        key: fixtures.readKey('ec-key.pem'),
d744d0
-        dsaEncoding: 'ieee-p1363'
d744d0
-      }, extSig),
d744d0
-      ok
d744d0
-    );
d744d0
-
d744d0
-    assert.strictEqual(
d744d0
-      crypto.createVerify('sha256').update(data).verify({
d744d0
-        key: fixtures.readKey('ec-key.pem'),
d744d0
-        dsaEncoding: 'ieee-p1363'
d744d0
-      }, extSig),
d744d0
-      ok
d744d0
-    );
d744d0
-
d744d0
-    extSig[Math.floor(Math.random() * extSig.length)] ^= 1;
d744d0
-  }
d744d0
-
d744d0
-  // Non-(EC)DSA keys should ignore the option.
d744d0
-  const sig = crypto.sign('sha1', data, {
d744d0
-    key: keyPem,
d744d0
-    dsaEncoding: 'ieee-p1363'
d744d0
-  });
d744d0
-  assert.strictEqual(crypto.verify('sha1', data, certPem, sig), true);
d744d0
-  assert.strictEqual(
d744d0
-    crypto.verify('sha1', data, {
d744d0
-      key: certPem,
d744d0
-      dsaEncoding: 'ieee-p1363'
d744d0
-    }, sig),
d744d0
-    true
d744d0
-  );
d744d0
-  assert.strictEqual(
d744d0
-    crypto.verify('sha1', data, {
d744d0
-      key: certPem,
d744d0
-      dsaEncoding: 'der'
d744d0
-    }, sig),
d744d0
-    true
d744d0
-  );
d744d0
-
d744d0
-  for (const dsaEncoding of ['foo', null, {}, 5, true, NaN]) {
d744d0
-    assert.throws(() => {
d744d0
-      crypto.sign('sha1', data, {
d744d0
-        key: certPem,
d744d0
-        dsaEncoding
d744d0
-      });
d744d0
-    }, {
d744d0
-      code: 'ERR_INVALID_OPT_VALUE'
d744d0
-    });
d744d0
-  }
d744d0
-}
d744d0
-
d744d0
-
d744d0
 // RSA-PSS Sign test by verifying with 'openssl dgst -verify'
d744d0
 // Note: this particular test *must* be the last in this file as it will exit
d744d0
 // early if no openssl binary is found
d744d0
diff --git a/test/parallel/test-tls-cli-min-version-1.0.js b/test/parallel/test-tls-cli-min-version-1.0.js
d744d0
index 577562782e..0a227c0b94 100644
d744d0
--- a/test/parallel/test-tls-cli-min-version-1.0.js
d744d0
+++ b/test/parallel/test-tls-cli-min-version-1.0.js
d744d0
@@ -8,7 +8,7 @@ if (!common.hasCrypto) common.skip('missing crypto');
d744d0
 const assert = require('assert');
d744d0
 const tls = require('tls');
d744d0
 
d744d0
-assert.strictEqual(tls.DEFAULT_MAX_VERSION, 'TLSv1.3');
d744d0
+assert.strictEqual(tls.DEFAULT_MAX_VERSION, 'TLSv1.2');
d744d0
 assert.strictEqual(tls.DEFAULT_MIN_VERSION, 'TLSv1');
d744d0
 
d744d0
 // Check the min-max version protocol versions against these CLI settings.
d744d0
diff --git a/test/parallel/test-tls-cli-min-version-1.1.js b/test/parallel/test-tls-cli-min-version-1.1.js
d744d0
index 3af2b39546..1219c82030 100644
d744d0
--- a/test/parallel/test-tls-cli-min-version-1.1.js
d744d0
+++ b/test/parallel/test-tls-cli-min-version-1.1.js
d744d0
@@ -8,7 +8,7 @@ if (!common.hasCrypto) common.skip('missing crypto');
d744d0
 const assert = require('assert');
d744d0
 const tls = require('tls');
d744d0
 
d744d0
-assert.strictEqual(tls.DEFAULT_MAX_VERSION, 'TLSv1.3');
d744d0
+assert.strictEqual(tls.DEFAULT_MAX_VERSION, 'TLSv1.2');
d744d0
 assert.strictEqual(tls.DEFAULT_MIN_VERSION, 'TLSv1.1');
d744d0
 
d744d0
 // Check the min-max version protocol versions against these CLI settings.
d744d0
diff --git a/test/parallel/test-tls-cli-min-version-1.2.js b/test/parallel/test-tls-cli-min-version-1.2.js
d744d0
index 8385eabd0b..058dc180f6 100644
d744d0
--- a/test/parallel/test-tls-cli-min-version-1.2.js
d744d0
+++ b/test/parallel/test-tls-cli-min-version-1.2.js
d744d0
@@ -8,7 +8,7 @@ if (!common.hasCrypto) common.skip('missing crypto');
d744d0
 const assert = require('assert');
d744d0
 const tls = require('tls');
d744d0
 
d744d0
-assert.strictEqual(tls.DEFAULT_MAX_VERSION, 'TLSv1.3');
d744d0
+assert.strictEqual(tls.DEFAULT_MAX_VERSION, 'TLSv1.2');
d744d0
 assert.strictEqual(tls.DEFAULT_MIN_VERSION, 'TLSv1.2');
d744d0
 
d744d0
 // Check the min-max version protocol versions against these CLI settings.
d744d0
diff --git a/test/parallel/test-tls-destroy-stream.js b/test/parallel/test-tls-destroy-stream.js
d744d0
index a49e985a7e..1964f676c2 100644
d744d0
--- a/test/parallel/test-tls-destroy-stream.js
d744d0
+++ b/test/parallel/test-tls-destroy-stream.js
d744d0
@@ -9,7 +9,7 @@ const net = require('net');
d744d0
 const assert = require('assert');
d744d0
 const tls = require('tls');
d744d0
 
d744d0
-tls.DEFAULT_MAX_VERSION = 'TLSv1.3';
d744d0
+tls.DEFAULT_MAX_VERSION = 'TLSv1.2';
d744d0
 
d744d0
 // This test ensures that an instance of StreamWrap should emit "end" and
d744d0
 // "close" when the socket on the other side call `destroy()` instead of
d744d0
diff --git a/test/parallel/test-tls-getcipher.js b/test/parallel/test-tls-getcipher.js
d744d0
index 744276aa59..47d3bbdd98 100644
d744d0
--- a/test/parallel/test-tls-getcipher.js
d744d0
+++ b/test/parallel/test-tls-getcipher.js
d744d0
@@ -72,25 +72,3 @@ server.listen(0, '127.0.0.1', common.mustCall(function() {
d744d0
     this.end();
d744d0
   }));
d744d0
 }));
d744d0
-
d744d0
-tls.createServer({
d744d0
-  key: fixtures.readKey('agent2-key.pem'),
d744d0
-  cert: fixtures.readKey('agent2-cert.pem'),
d744d0
-  ciphers: 'TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_CCM_8_SHA256',
d744d0
-  maxVersion: 'TLSv1.3',
d744d0
-}, common.mustCall(function() {
d744d0
-  this.close();
d744d0
-})).listen(0, common.mustCall(function() {
d744d0
-  const client = tls.connect({
d744d0
-    port: this.address().port,
d744d0
-    ciphers: 'TLS_AES_128_CCM_8_SHA256',
d744d0
-    maxVersion: 'TLSv1.3',
d744d0
-    rejectUnauthorized: false
d744d0
-  }, common.mustCall(() => {
d744d0
-    const cipher = client.getCipher();
d744d0
-    assert.strictEqual(cipher.name, 'TLS_AES_128_CCM_8_SHA256');
d744d0
-    assert.strictEqual(cipher.standardName, cipher.name);
d744d0
-    assert.strictEqual(cipher.version, 'TLSv1.3');
d744d0
-    client.end();
d744d0
-  }));
d744d0
-}));
d744d0
diff --git a/test/parallel/test-tls-min-max-version.js b/test/parallel/test-tls-min-max-version.js
d744d0
index 4fcb9247d3..085e123264 100644
d744d0
--- a/test/parallel/test-tls-min-max-version.js
d744d0
+++ b/test/parallel/test-tls-min-max-version.js
d744d0
@@ -219,26 +219,19 @@ test(U, U, 'TLSv1_method', 'TLSv1', 'TLSv1.2', U, 'TLSv1');
d744d0
 test(U, U, 'TLSv1_1_method', 'TLSv1', 'TLSv1.2', U, 'TLSv1.1');
d744d0
 test(U, U, 'TLSv1_2_method', 'TLSv1', 'TLSv1.2', U, 'TLSv1.2');
d744d0
 
d744d0
-test('TLSv1', 'TLSv1.1', U, 'TLSv1', 'TLSv1.3', U, 'TLSv1.1');
d744d0
 test('TLSv1', 'TLSv1.1', U, 'TLSv1', 'TLSv1.2', U, 'TLSv1.1');
d744d0
 test('TLSv1', 'TLSv1.2', U, 'TLSv1', 'TLSv1.1', U, 'TLSv1.1');
d744d0
-test('TLSv1', 'TLSv1.3', U, 'TLSv1', 'TLSv1.1', U, 'TLSv1.1');
d744d0
 test('TLSv1', 'TLSv1', U, 'TLSv1', 'TLSv1.1', U, 'TLSv1');
d744d0
 test('TLSv1', 'TLSv1.2', U, 'TLSv1', 'TLSv1', U, 'TLSv1');
d744d0
-test('TLSv1', 'TLSv1.3', U, 'TLSv1', 'TLSv1', U, 'TLSv1');
d744d0
 test('TLSv1.1', 'TLSv1.1', U, 'TLSv1', 'TLSv1.2', U, 'TLSv1.1');
d744d0
 test('TLSv1', 'TLSv1.2', U, 'TLSv1.1', 'TLSv1.1', U, 'TLSv1.1');
d744d0
-test('TLSv1', 'TLSv1.2', U, 'TLSv1', 'TLSv1.3', U, 'TLSv1.2');
d744d0
 
d744d0
 // v-any client can connect to v-specific server
d744d0
-test('TLSv1', 'TLSv1.3', U, 'TLSv1.3', 'TLSv1.3', U, 'TLSv1.3');
d744d0
-test('TLSv1', 'TLSv1.3', U, 'TLSv1.2', 'TLSv1.3', U, 'TLSv1.3');
d744d0
-test('TLSv1', 'TLSv1.3', U, 'TLSv1.2', 'TLSv1.2', U, 'TLSv1.2');
d744d0
-test('TLSv1', 'TLSv1.3', U, 'TLSv1.1', 'TLSv1.1', U, 'TLSv1.1');
d744d0
-test('TLSv1', 'TLSv1.3', U, 'TLSv1', 'TLSv1', U, 'TLSv1');
d744d0
+test('TLSv1', 'TLSv1.2', U, 'TLSv1.2', 'TLSv1.2', U, 'TLSv1.2');
d744d0
+test('TLSv1', 'TLSv1.2', U, 'TLSv1.1', 'TLSv1.1', U, 'TLSv1.1');
d744d0
+test('TLSv1', 'TLSv1.2', U, 'TLSv1', 'TLSv1', U, 'TLSv1');
d744d0
 
d744d0
 // v-specific client can connect to v-any server
d744d0
-test('TLSv1.3', 'TLSv1.3', U, 'TLSv1', 'TLSv1.3', U, 'TLSv1.3');
d744d0
-test('TLSv1.2', 'TLSv1.2', U, 'TLSv1', 'TLSv1.3', U, 'TLSv1.2');
d744d0
-test('TLSv1.1', 'TLSv1.1', U, 'TLSv1', 'TLSv1.3', U, 'TLSv1.1');
d744d0
-test('TLSv1', 'TLSv1', U, 'TLSv1', 'TLSv1.3', U, 'TLSv1');
d744d0
+test('TLSv1.2', 'TLSv1.2', U, 'TLSv1', 'TLSv1.2', U, 'TLSv1.2');
d744d0
+test('TLSv1.1', 'TLSv1.1', U, 'TLSv1', 'TLSv1.2', U, 'TLSv1.1');
d744d0
+test('TLSv1', 'TLSv1', U, 'TLSv1', 'TLSv1.2', U, 'TLSv1');
d744d0
diff --git a/test/parallel/test-tls-psk-circuit.js b/test/parallel/test-tls-psk-circuit.js
d744d0
index 4bcdf36860..0642e18d5e 100644
d744d0
--- a/test/parallel/test-tls-psk-circuit.js
d744d0
+++ b/test/parallel/test-tls-psk-circuit.js
d744d0
@@ -62,9 +62,9 @@ const DISCONNECT_MESSAGE =
d744d0
 
d744d0
 test({ psk: USERS.UserA, identity: 'UserA' });
d744d0
 test({ psk: USERS.UserA, identity: 'UserA' }, { maxVersion: 'TLSv1.2' });
d744d0
-test({ psk: USERS.UserA, identity: 'UserA' }, { minVersion: 'TLSv1.3' });
d744d0
+test({ psk: USERS.UserA, identity: 'UserA' }, { minVersion: 'TLSv1.2' });
d744d0
 test({ psk: USERS.UserB, identity: 'UserB' });
d744d0
-test({ psk: USERS.UserB, identity: 'UserB' }, { minVersion: 'TLSv1.3' });
d744d0
+test({ psk: USERS.UserB, identity: 'UserB' }, { minVersion: 'TLSv1.2' });
d744d0
 // Unrecognized user should fail handshake
d744d0
 test({ psk: USERS.UserB, identity: 'UserC' }, {}, DISCONNECT_MESSAGE);
d744d0
 // Recognized user but incorrect secret should fail handshake
d744d0
-- 
2509f6
2.31.1
d744d0