plan skip_all => "$test_name needs the sock feature enabled"
if disabled("sock");
+plan skip_all => "$test_name needs TLS enabled"
+ if alldisabled(available_protocols("tls"));
+
$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
my $proxy = TLSProxy::Proxy->new(
\&vers_tolerance_filter,
(!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
);
-plan tests => 2;
+#This file does tests without the supported_versions extension.
+#See 70-test_sslversions.t for tests with supported versions.
+#Test 1: Asking for TLS1.4 should pass and negotiate TLS1.2
+my $client_version = TLSProxy::Record::VERS_TLS_1_4;
+$proxy->clientflags("-no_tls1_3");
+$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
+plan tests => 3;
+my $record = pop @{$proxy->record_list};
+ok(TLSProxy::Message->success()
+ && $record->version() == TLSProxy::Record::VERS_TLS_1_2,
+ "Version tolerance test, TLS 1.4");
-#Test 1: Asking for TLS1.3 should pass
-my $client_version = TLSProxy::Record::VERS_TLS_1_3;
+#Test 2: Asking for TLS1.3 should succeed and negotiate TLS1.2
+$proxy->clear();
+$proxy->clientflags("-no_tls1_3");
$proxy->start();
-ok(TLSProxy::Message->success(), "Version tolerance test, TLS 1.3");
+$record = pop @{$proxy->record_list};
+ok(TLSProxy::Message->success()
+ && $record->version() == TLSProxy::Record::VERS_TLS_1_2,
+ "Version tolerance test, TLS 1.3");
-#Test 2: Testing something below SSLv3 should fail
+#Test 3: Testing something below SSLv3 should fail
$client_version = TLSProxy::Record::VERS_SSL_3_0 - 1;
$proxy->clear();
+$proxy->clientflags("-no_tls1_3");
$proxy->start();
ok(TLSProxy::Message->fail(), "Version tolerance test, SSL < 3.0");
projects / openssl.git / blobdiff