mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-01-26 19:22:20 +01:00
5e6cb2b0b6
It is possible that the client will provied `trusted_ca_keys` during a TLSv1.3 connection with 1.2 downgrade. wolfSSL would error with `EXT_NOT_ALLOWED`. The TLSv1.3 spec states that it can be provided and should be ignored. ZD 19936
129 lines
1.6 KiB
Plaintext
129 lines
1.6 KiB
Plaintext
# THIS TEST IS BROKEN
|
|
# server TLSv1.3 downgrade
|
|
#-v d
|
|
#-l TLS13-CHACHA20-POLY1305-SHA256
|
|
|
|
# client TLSv1.2
|
|
#-v 3
|
|
|
|
# server TLSv1.2
|
|
-v 3
|
|
|
|
# client TLSv1.3 downgrade
|
|
-v d
|
|
|
|
# server TLSv1.3 downgrade
|
|
-v d
|
|
|
|
# client TLSv1.3 downgrade
|
|
-v d
|
|
|
|
# server TLSv1.3 downgrade but don't and resume
|
|
-v d
|
|
-r
|
|
|
|
# client TLSv1.3 downgrade but don't and resume
|
|
-v d
|
|
-r
|
|
|
|
# server TLSv1.3 downgrade and resume
|
|
-v d
|
|
-r
|
|
|
|
# client TLSv1.2 and resume
|
|
-v 3
|
|
-r
|
|
|
|
# server TLSv1.2 and resume
|
|
-v d
|
|
-r
|
|
|
|
# cient TLSv1.3 downgrade and resume
|
|
-v 3
|
|
-r
|
|
|
|
# server TLSv1.3
|
|
-v 4
|
|
-l TLS13-AES128-GCM-SHA256
|
|
-H exitWithRet
|
|
|
|
# client TLSv1.2, should fail
|
|
-v 3
|
|
-H exitWithRet
|
|
|
|
# server TLSv1.2
|
|
-v 3
|
|
-l ECDHE-RSA-AES256-GCM-SHA384
|
|
-H exitWithRet
|
|
|
|
# client TLSv1.3, should fail
|
|
-v 4
|
|
-H exitWithRet
|
|
|
|
# server TLSv1.2
|
|
-v 3
|
|
-l ECDHE-RSA-AES256-GCM-SHA384
|
|
-H exitWithRet
|
|
|
|
# client
|
|
# enable downgrade
|
|
# minimum downgradable TLSv 1.3
|
|
# expect to be failure
|
|
-7 4
|
|
-v d
|
|
-H exitWithRet
|
|
|
|
# server
|
|
# enable downgrade
|
|
# minimum downgradable TLSv 1.3
|
|
-7 4
|
|
-v d
|
|
-l TLS13-AES128-GCM-SHA256
|
|
|
|
# client
|
|
# enable downgrade
|
|
# minimum downgradable TLSv 1.3
|
|
-7 4
|
|
-v d
|
|
|
|
# server
|
|
# enable downgrade
|
|
# minimum downgradable TLSv 1.2
|
|
-7 3
|
|
-v d
|
|
-l ECDHE-RSA-AES256-GCM-SHA384
|
|
|
|
# client TLSv 1.2
|
|
-v 3
|
|
|
|
# server
|
|
# enable downgrade
|
|
# minimum downgradable TLSv 1.3
|
|
# expect to be failure
|
|
-7 4
|
|
-v d
|
|
-l TLS13-AES128-GCM-SHA256
|
|
-H exitWithRet
|
|
|
|
# client TLSv 1.2
|
|
-v 3
|
|
-H exitWithRet
|
|
|
|
# server TLSv1.2 - PSK
|
|
-v 3
|
|
-s
|
|
-l ECDHE-PSK-AES128-GCM-SHA256
|
|
|
|
# client TLS PSK multiversion, allow downgrade
|
|
-v d
|
|
-7 3
|
|
-s
|
|
-l ECDHE-PSK-AES128-GCM-SHA256
|
|
|
|
# server TLSv1.3
|
|
-v 4
|
|
|
|
# client downgrade with trusted ca
|
|
-v d
|
|
-5
|