Add a test for TLSv1.3 only client sending a correct key_share

Make sure that a TLSv1.3 only client does not send a TLSv1.3 key_share. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/19317)
2024-11-27 05:21:51 +08:00 · 2022-09-30 16:59:05 +01:00 · 2022-09-30 16:59:05 +01:00 · 7b141d4934
commit 7b141d4934
parent 04719b2089
2 changed files with 1099 additions and 300 deletions
--- a/test/ssl-tests/14-curves.cnf
+++ b/test/ssl-tests/14-curves.cnf
--- a/test/ssl-tests/14-curves.cnf.in
+++ b/test/ssl-tests/14-curves.cnf.in
@ -78,6 +78,30 @@ sub generate_tests() {
            },
        };
    }
+    foreach (0..$#curves_tls_1_2) {
+        my $curve = $curves_tls_1_2[$_];
+        push @tests, {
+            name => "curve-${curve}-tls12-in-tls13",
+            server => {
+                "Curves" => "$curve:P-256",
+                "CipherString" => 'DEFAULT@SECLEVEL=1',
+                "MaxProtocol" => "TLSv1.3"
+            },
+            client => {
+                "CipherString" => 'ECDHE@SECLEVEL=1',
+                "MaxProtocol" => "TLSv1.3",
+                "MinProtocol" => "TLSv1.3",
+                "Curves" => "$curve:P-256"
+            },
+            test   => {
+                #This curve is not allowed in a TLSv1.3 key_share. We should
+                #succeed but fallback to P-256
+                "ExpectedTmpKeyType" => "P-256",
+                "ExpectedProtocol" => "TLSv1.3",
+                "ExpectedResult" => "Success"
+            },
+        };
+    }
    foreach (0..$#curves_tls_1_2) {
        my $curve = $curves_tls_1_2[$_];
        push @tests, {