diff options
| author | Péter Dimitrov <[email protected]> | 2019-07-24 11:11:07 +0200 |
|---|---|---|
| committer | Péter Dimitrov <[email protected]> | 2019-07-25 14:55:37 +0200 |
| commit | 73b526ce765dc7ac71fdae349da44941d8201d9c (patch) | |
| tree | 38804420f8fee583de943296a25de99433f6de3a /lib/ssl/test/ssl_api_SUITE.erl | |
| parent | b4fddea062fc13b0562bf8bf2f4cc3dc02cd193c (diff) | |
| download | otp-73b526ce765dc7ac71fdae349da44941d8201d9c.tar.gz otp-73b526ce765dc7ac71fdae349da44941d8201d9c.tar.bz2 otp-73b526ce765dc7ac71fdae349da44941d8201d9c.zip | |
ssl: Implement option honor_cipher_order in TLS 1.3
Diffstat (limited to 'lib/ssl/test/ssl_api_SUITE.erl')
| -rw-r--r-- | lib/ssl/test/ssl_api_SUITE.erl | 64 |
1 files changed, 57 insertions, 7 deletions
diff --git a/lib/ssl/test/ssl_api_SUITE.erl b/lib/ssl/test/ssl_api_SUITE.erl index a7b2a71690..4b44b4dc3e 100644 --- a/lib/ssl/test/ssl_api_SUITE.erl +++ b/lib/ssl/test/ssl_api_SUITE.erl @@ -127,7 +127,9 @@ beast_mitigation_test() -> tls13_group() -> [ - supported_groups + supported_groups, + honor_server_cipher_order_tls13, + honor_client_cipher_order_tls13 ]. @@ -1198,11 +1200,35 @@ honor_server_cipher_order(Config) when is_list(Config) -> cipher => aes_128_cbc, mac => sha, prf => default_prf}], - honor_cipher_order(Config, true, ServerCiphers, ClientCiphers, #{key_exchange => dhe_rsa, - cipher => aes_256_cbc, + honor_cipher_order(Config, true, ServerCiphers, ClientCiphers, #{key_exchange => dhe_rsa, + cipher => aes_256_cbc, mac => sha, prf => default_prf}). %%-------------------------------------------------------------------- +honor_server_cipher_order_tls13() -> + [{doc,"Test API honor server cipher order in TLS 1.3."}]. +honor_server_cipher_order_tls13(Config) when is_list(Config) -> + ClientCiphers = [#{key_exchange => any, + cipher => aes_256_gcm, + mac => aead, + prf => sha384}, + #{key_exchange => any, + cipher => aes_128_gcm, + mac => aead, + prf => sha256}], + ServerCiphers = [#{key_exchange => any, + cipher => aes_128_gcm, + mac => aead, + prf => sha256}, + #{key_exchange => any, + cipher => aes_256_gcm, + mac => aead, + prf => sha384}], + honor_cipher_order(Config, true, ServerCiphers, ClientCiphers, #{key_exchange => any, + cipher => aes_128_gcm, + mac => aead, + prf => sha256}). +%%-------------------------------------------------------------------- honor_client_cipher_order() -> [{doc,"Test API honor server cipher order."}]. honor_client_cipher_order(Config) when is_list(Config) -> @@ -1222,10 +1248,34 @@ honor_client_cipher_order(Config) when is_list(Config) -> cipher => aes_128_cbc, mac => sha, prf => default_prf}], -honor_cipher_order(Config, false, ServerCiphers, ClientCiphers, #{key_exchange => dhe_rsa, - cipher => aes_128_cbc, - mac => sha, - prf => default_prf}). + honor_cipher_order(Config, false, ServerCiphers, ClientCiphers, #{key_exchange => dhe_rsa, + cipher => aes_128_cbc, + mac => sha, + prf => default_prf}). +%%-------------------------------------------------------------------- +honor_client_cipher_order_tls13() -> + [{doc,"Test API honor server cipher order in TLS 1.3."}]. +honor_client_cipher_order_tls13(Config) when is_list(Config) -> + ClientCiphers = [#{key_exchange => any, + cipher => aes_256_gcm, + mac => aead, + prf => sha384}, + #{key_exchange => any, + cipher => aes_128_gcm, + mac => aead, + prf => sha256}], + ServerCiphers = [#{key_exchange => any, + cipher => aes_128_gcm, + mac => aead, + prf => sha256}, + #{key_exchange => any, + cipher => aes_256_gcm, + mac => aead, + prf => sha384}], + honor_cipher_order(Config, false, ServerCiphers, ClientCiphers, #{key_exchange => any, + cipher => aes_256_gcm, + mac => aead, + prf => sha384}). %%-------------------------------------------------------------------- ipv6() -> [{require, ipv6_hosts}, |