Bug 1552767, tests: skip TLS 1.3 tests under FIPS mode, r=rrelyea

author: Daiki Ueno <dueno@redhat.com> 2019-05-20 10:43:46 +0200
committer: Daiki Ueno <dueno@redhat.com> 2019-05-20 10:43:46 +0200
commit: d6524a1b352f7f2b84e77026ca8a912c1e8458a4 (patch)
tree: faadf172eb0a6577d24187c6de88029536b1851d
parent: e06a2eb99954afb552d64abd35456ca13926efaa (diff)
download: nss-hg-d6524a1b352f7f2b84e77026ca8a912c1e8458a4.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh
index 3c3d4206b..36cd0b55f 100755
--- a/tests/ssl/ssl.sh
+++ b/tests/ssl/ssl.sh
@@ -393,6 +393,15 @@ ssl_auth()
       echo "${testname}" | grep "TLS 1.3" > /dev/null
       TLS13=$?
 
+      # Currently TLS 1.3 tests are known to fail under FIPS mode,
+      # because HKDF is implemented using the PKCS #11 functions
+      # prohibited under FIPS mode.
+      if [ "${TLS13}" -eq 0 ] && \
+	 [ "$SERVER_MODE" = "fips" -o "$CLIENT_MODE" = "fips" ] ; then
+          echo "$SCRIPTNAME: skipping  $testname (non-FIPS only)"
+          continue
+      fi
+
       if [ "${CLIENT_MODE}" = "fips" -a "${CAUTH}" -eq 0 ] ; then
           echo "$SCRIPTNAME: skipping  $testname (non-FIPS only)"
       elif [ "$ectype" = "SNI" -a "$NORM_EXT" = "Extended Test" ] ; then
author	Daiki Ueno <dueno@redhat.com>	2019-05-20 10:43:46 +0200
committer	Daiki Ueno <dueno@redhat.com>	2019-05-20 10:43:46 +0200
commit	d6524a1b352f7f2b84e77026ca8a912c1e8458a4 (patch)
tree	faadf172eb0a6577d24187c6de88029536b1851d
parent	e06a2eb99954afb552d64abd35456ca13926efaa (diff)
download	nss-hg-d6524a1b352f7f2b84e77026ca8a912c1e8458a4.tar.gz