diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-07-19 15:52:26 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-08-03 09:18:17 +0200 |
| commit | d47111032f5b20eed70093d988741da5d0e69952 (patch) | |
| tree | db725ee0bf90d5d500a45c681bb07445574a8b86 /tests/suite | |
| parent | 5b9c6c93c680fdfa63b2854741d446ff50002510 (diff) | |
| download | gnutls-d47111032f5b20eed70093d988741da5d0e69952.tar.gz | |
tls1.3: server returns early on handshake when no cert is provided by client
Under TLS1.3 the server knows the negotiated keys early, if no client
certificate is sent. In that case, the server is not only able to
transmit the session ticket immediately after its finished message,
but is also able to transmit data, similarly to false start.
Resolves #481
Resolves #457
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'tests/suite')
| -rw-r--r-- | tests/suite/tls-fuzzer/gnutls-nocert-tls13.json | 17 | ||||
| m--------- | tests/suite/tls-fuzzer/tlsfuzzer | 0 | ||||
| m--------- | tests/suite/tls-fuzzer/tlslite-ng | 0 |
3 files changed, 9 insertions, 8 deletions
diff --git a/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json b/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json index 89c8853c68..a31eec4858 100644 --- a/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json +++ b/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json @@ -43,18 +43,19 @@ {"name" : "test-tls13-version-negotiation.py", "arguments": ["-p", "@PORT@"]}, {"name" : "test-tls13-zero-length-data.py", - "comment" : "in these tests tlsfuzzer splits ClientHello into the first 2 bytes and the remainder, which gnutls doesn't support, last 3 related to #481", + "comment" : "in these tests tlsfuzzer splits ClientHello into the first 2 bytes and the remainder, which gnutls doesn't support", "arguments": ["-p", "@PORT@", + "-e", "zero-length app data interleaved in handshake", "-e", "zero-len app data with large padding during handshake", "-e", "zero-len app data with large padding interleaved in handshake", - "-e", "zero-len app data with padding interleaved in handshake", - "-e", "zero-length app data during handshake", - "-e", "zero-length app data interleaved in handshake", - "-e", "zero-length app data with padding during handshake"]}, + "-e", "zero-len app data with padding interleaved in handshake"]}, {"name" : "test-tls13-finished.py", - "arguments": ["-p", "@PORT@", "-n", "5"], - "exp_pass" : false, - "comment" : "we do not switch the keys early enough for this test see #481"} + "commoent" : "the disabled tests timeout very often due to slow tls-fuzzer implementation", + "arguments": ["-p", "@PORT@", "-n", "5", + "-e", "padding - cipher TLS_AES_128_GCM_SHA256, pad_byte 0, pad_left 0, pad_right 16777183", + "-e", "padding - cipher TLS_AES_256_GCM_SHA384, pad_byte 0, pad_left 0, pad_right 16777167"]}, + {"name" : "test-tls13-count-tickets.py", + "arguments": ["-p", "@PORT@", "-t", "1"]} ] } ] diff --git a/tests/suite/tls-fuzzer/tlsfuzzer b/tests/suite/tls-fuzzer/tlsfuzzer -Subproject 65af9ab3615a14c59f579085e13fe5a4557a356 +Subproject 23d66d990f1773af5701fb510a3a0ffa59beac5 diff --git a/tests/suite/tls-fuzzer/tlslite-ng b/tests/suite/tls-fuzzer/tlslite-ng -Subproject d976188fe7fd7466dc5cf0818a4ef87e3738189 +Subproject 3029e014231ffe34445d29300f0193a4be4b6cc |