my $max_enabled;
foreach my $i (0..$#protocols) {
- if (!$is_disabled[$i]) {
+ if (!$is_disabled[$i]
+ && ($protocols[$i] ne "TLSv1.3"
+ || !disabled("ec")
+ || !disabled("dh"))) {
$max_enabled = $i;
}
}
}
}
}
- return @tests if disabled("tls1_3") || disabled("tls1_2") || $dtls;
+ return @tests
+ if disabled("tls1_3")
+ || disabled("tls1_2")
+ || (disabled("ec") && disabled("dh"))
+ || $dtls;
#Add some version/ciphersuite sanity check tests
push @tests, {
}
}
- if (!disabled("tls1_3") && !$dtls) {
+ if (!disabled("tls1_3") && (!disabled("ec") || !disabled("dh")) && !$dtls) {
push @client_tests, {
"name" => "resumption-with-hrr",
"client" => {
sub expected_result {
my ($c_min, $c_max, $s_min, $s_max, $min_enabled, $max_enabled,
$protocols) = @_;
+ my @prots = @$protocols;
+ my $orig_c_max = $c_max;
# Adjust for "undef" (no limit).
$c_min = $c_min == 0 ? 0 : $c_min - 1;
$c_max = $c_max == scalar @$protocols ? $c_max - 1 : $c_max;
$c_max = min $c_max, $max_enabled;
$s_max = min $s_max, $max_enabled;
- if ($c_min > $c_max) {
+ if ($c_min > $c_max
+ || ($orig_c_max != scalar @$protocols
+ && $prots[$orig_c_max] eq "TLSv1.3"
+ && $c_max != $orig_c_max
+ && !disabled("tls1_3"))) {
# Client should fail to even send a hello.
return ("ClientFail", undef);
} elsif ($s_min > $s_max) {
# Server doesn't support the client range.
return ("ServerFail", undef);
} elsif ($c_min > $s_max) {
- my @prots = @$protocols;
if ($prots[$c_max] eq "TLSv1.3") {
# Client will have sent supported_versions, so server will know
# that there are no overlapping versions.