diff options
| author | David Benjamin <davidben@chromium.org> | 2016-01-15 11:04:54 +0300 |
|---|---|---|
| committer | David Benjamin <davidben@google.com> | 2016-01-27 00:51:55 +0300 |
| commit | 241ae837f0b07e6e78ccf94bb343c6897aa81902 (patch) | |
| tree | 69aa6d5cdad06e847130e2c7da815b6b8b48429f /ssl | |
| parent | f6494f49289a521edb0ccbc7027a2e7e8a54a850 (diff) | |
Add some tests to ensure we ignore bogus curves and ciphers.
We haven't had problems with this, but make sure it stays that way.
Bogus signature algorithms are already covered.
Change-Id: I085350d89d79741dba3f30fc7c9f92de16bf242a
Reviewed-on: https://boringssl-review.googlesource.com/6910
Reviewed-by: David Benjamin <davidben@google.com>
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/test/runner/runner.go | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index b9d3f510..baafc068 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -2289,6 +2289,16 @@ func addCipherSuiteTests() { flags: []string{"-use-sparse-dh-prime"}, }) + // The server must be tolerant to bogus ciphers. + const bogusCipher = 0x1234 + testCases = append(testCases, testCase{ + testType: serverTest, + name: "UnknownCipher", + config: Config{ + CipherSuites: []uint16{bogusCipher, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, + }, + }) + // versionSpecificCiphersTest specifies a test for the TLS 1.0 and TLS // 1.1 specific cipher suite settings. A server is setup with the given // cipher lists and then a connection is made for each member of @@ -4684,6 +4694,17 @@ func addCurveTests() { flags: []string{"-enable-all-curves"}, }) } + + // The server must be tolerant to bogus curves. + const bogusCurve = 0x1234 + testCases = append(testCases, testCase{ + testType: serverTest, + name: "UnknownCurve", + config: Config{ + CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, + CurvePreferences: []CurveID{bogusCurve, CurveP256}, + }, + }) } func addKeyExchangeInfoTests() { |