From 97eab214d14054d9f174ab8b02ec3f7adb9cb2f9 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 29 Apr 2025 17:41:53 -0400 Subject: [PATCH] crypto/tls: enable more large record bogo tests Previously a handful of large record tests were in the bogo config ignore list. The ignored tests were failing because they used insecure ciphersuites that aren't enabled by default. This commit adds the non-default insecure ciphersuites to the bogo TLS configuration and re-enables the tests. Doing this uncovered a handful of unrelated tests that needed to be fixed, each handled before this commit. Updates #72006 Change-Id: I27a2cd231e4b8762b0d9e2dbd3d8ddd5b87fd5c7 Reviewed-on: https://go-review.googlesource.com/c/go/+/669158 Reviewed-by: Cherry Mui Reviewed-by: Roland Shoemaker LUCI-TryBot-Result: Go LUCI --- src/crypto/tls/bogo_config.json | 9 --------- src/crypto/tls/bogo_shim_test.go | 8 ++++++++ 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/src/crypto/tls/bogo_config.json b/src/crypto/tls/bogo_config.json index 6e82ba8023..5c1fd5a463 100644 --- a/src/crypto/tls/bogo_config.json +++ b/src/crypto/tls/bogo_config.json @@ -67,15 +67,6 @@ "SupportTicketsWithSessionID": "TODO: first pass, this should be fixed", "NoNullCompression-TLS12": "TODO: first pass, this should be fixed", "KeyUpdate-RequestACK": "TODO: first pass, this should be fixed", - "TLS-TLS12-RSA_WITH_AES_128_GCM_SHA256-LargeRecord": "TODO: first pass, this should be fixed", - "TLS-TLS1-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed", - "TLS-TLS11-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed", - "TLS-TLS12-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed", - "TLS-TLS12-RSA_WITH_AES_256_GCM_SHA384-LargeRecord": "TODO: first pass, this should be fixed", - "TLS-TLS1-RSA_WITH_AES_256_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed", - "TLS-TLS11-RSA_WITH_AES_256_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed", - "TLS-TLS12-RSA_WITH_AES_256_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed", - "TLS-TLS12-ECDHE_RSA_WITH_AES_128_CBC_SHA256-LargeRecord": "TODO: first pass, this should be fixed", "RequireAnyClientCertificate-TLS1": "TODO: first pass, this should be fixed", "RequireAnyClientCertificate-TLS11": "TODO: first pass, this should be fixed", "RequireAnyClientCertificate-TLS12": "TODO: first pass, this should be fixed", diff --git a/src/crypto/tls/bogo_shim_test.go b/src/crypto/tls/bogo_shim_test.go index 25367eef61..fff276979e 100644 --- a/src/crypto/tls/bogo_shim_test.go +++ b/src/crypto/tls/bogo_shim_test.go @@ -125,6 +125,12 @@ func bogoShim() { return } + // Test with both the default and insecure cipher suites. + var ciphersuites []uint16 + for _, s := range append(CipherSuites(), InsecureCipherSuites()...) { + ciphersuites = append(ciphersuites, s.ID) + } + cfg := &Config{ ServerName: "test", @@ -133,6 +139,8 @@ func bogoShim() { ClientSessionCache: NewLRUClientSessionCache(0), + CipherSuites: ciphersuites, + GetConfigForClient: func(chi *ClientHelloInfo) (*Config, error) { if *expectAdvertisedALPN != "" { -- 2.51.0