From: Daniel McCarney Date: Fri, 16 May 2025 18:40:27 +0000 (-0400) Subject: crypto/tls: enable BoGo DisabledCurve-HelloRetryRequest-TLS13 X-Git-Tag: go1.25rc1~121 X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=3e468dfd5e6624465716fe5d34358ba58f1e9e7b;p=gostls13.git crypto/tls: enable BoGo DisabledCurve-HelloRetryRequest-TLS13 The crypto/tls package produces the expected error for this test case, and so it can be enabled. Looking at the history of the relevant code it appears the TLS 1.3 implementation has always had the correct behaviour for HRR changing to an unsupported group after the initial hello. I think this test was skipped initially because at the time of initial BoGo config commit we hadn't implemented the -curves argument for the test shim yet, and this test relies on it. We later added support for that flag alongside X25519Kyber768Draft00 KX and I think we missed the chance to enable the test then. Updates #72006 Change-Id: I27a2cd231e4b8762b0d9e2dbd3d8ddd5b87fd5cf Reviewed-on: https://go-review.googlesource.com/c/go/+/673756 Reviewed-by: Roland Shoemaker Reviewed-by: Filippo Valsorda Reviewed-by: David Chase TryBot-Bypass: Daniel McCarney --- diff --git a/src/crypto/tls/bogo_config.json b/src/crypto/tls/bogo_config.json index 64781b3fba..d46b073029 100644 --- a/src/crypto/tls/bogo_config.json +++ b/src/crypto/tls/bogo_config.json @@ -61,7 +61,6 @@ "BadRSAClientKeyExchange-4": "crypto/tls doesn't check the version number in the premaster secret - see processClientKeyExchange comment", "BadRSAClientKeyExchange-5": "crypto/tls doesn't check the version number in the premaster secret - see processClientKeyExchange comment", "CheckLeafCurve": "TODO: first pass, this should be fixed", - "DisabledCurve-HelloRetryRequest-TLS13": "TODO: first pass, this should be fixed", "SupportTicketsWithSessionID": "TODO: first pass, this should be fixed", "KeyUpdate-RequestACK": "TODO: first pass, this should be fixed", "SupportedVersionSelection-TLS12": "TODO: first pass, this should be fixed",