Mercurial > hg > nginx-tests
changeset 1830:8dec885fa3da
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
LibreSSL does not support session reuse with TLSv1.3 at all. BoringSSL
with TLSv1.3 only supports session tickets, but not server-side session
cache.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 23 Mar 2023 19:49:49 +0300 |
parents | a78c32419f02 |
children | f6d1f82f314b |
files | ssl.t ssl_session_reuse.t |
diffstat | 2 files changed, 19 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/ssl.t Thu Mar 23 19:49:47 2023 +0300 +++ b/ssl.t Thu Mar 23 19:49:49 2023 +0300 @@ -185,6 +185,8 @@ if $Net::SSLeay::VERSION < 1.88 && test_tls13(); local $TODO = 'no TLSv1.3 sessions, old IO::Socket::SSL' if $IO::Socket::SSL::VERSION < 2.061 && test_tls13(); +local $TODO = 'no TLSv1.3 sessions in LibreSSL' + if $t->has_module('LibreSSL') && test_tls13(); like(get('/', 8085, $ctx), qr/^body r$/m, 'session reused'); @@ -211,8 +213,17 @@ $ctx = get_ssl_context(); like(get('/id', 8085, $ctx), qr/^body (\w{64})?$/m, 'session id'); + +TODO: { +local $TODO = 'no TLSv1.3 sessions in LibreSSL' + if $t->has_module('LibreSSL') && test_tls13(); +local $TODO = 'no TLSv1.3 sessions ids in BoringSSL' + if $t->has_module('BoringSSL') && test_tls13(); + like(get('/id', 8085, $ctx), qr/^body \w{64}$/m, 'session id reused'); +} + unlike(http_get('/id'), qr/body \w/, 'session id no ssl'); like(get('/cipher', 8085), qr/^body [\w-]+$/m, 'cipher');
--- a/ssl_session_reuse.t Thu Mar 23 19:49:47 2023 +0300 +++ b/ssl_session_reuse.t Thu Mar 23 19:49:49 2023 +0300 @@ -170,14 +170,22 @@ if $Net::SSLeay::VERSION < 1.88 && test_tls13(); local $TODO = 'no TLSv1.3 sessions, old IO::Socket::SSL' if $IO::Socket::SSL::VERSION < 2.061 && test_tls13(); +local $TODO = 'no TLSv1.3 sessions in LibreSSL' + if $t->has_module('LibreSSL') && test_tls13(); is(test_reuse(8443), 1, 'tickets reused'); is(test_reuse(8444), 1, 'tickets and cache reused'); + +TODO: { +local $TODO = 'no TLSv1.3 session cache in BoringSSL' + if $t->has_module('BoringSSL') && test_tls13(); + is(test_reuse(8445), 1, 'cache shared reused'); is(test_reuse(8446), 1, 'cache builtin reused'); is(test_reuse(8447), 1, 'cache builtin size reused'); } +} is(test_reuse(8448), 0, 'cache none not reused'); is(test_reuse(8449), 0, 'cache off not reused');