Bug 1714579 - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max r=nss-reviewers,bbeurdouche

Depends on D123535 Differential Revision: https://phabricator.services.mozilla.com/D123536
author: John M. Schanck <jschanck@mozilla.com> 2021-08-24 21:39:45 +0000
committer: John M. Schanck <jschanck@mozilla.com> 2021-08-24 21:39:45 +0000
commit: 11b79748a7c99ab4e20f848b2d7717b374346ae1 (patch)
tree: 4477f41f5db4ec406c91ab47e585f3bc7ae1a4ef
parent: 52908d875905ca8888bc03a7043b8d7b74a950ee (diff)
download: nss-hg-11b79748a7c99ab4e20f848b2d7717b374346ae1.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/gtests/ssl_gtest/tls_ech_unittest.cc b/gtests/ssl_gtest/tls_ech_unittest.cc
index 68916c625..9dc7ab30d 100644
--- a/gtests/ssl_gtest/tls_ech_unittest.cc
+++ b/gtests/ssl_gtest/tls_ech_unittest.cc
@@ -1754,6 +1754,10 @@ TEST_F(TlsConnectStreamTls13, EchOuterWith12Max) {
   static const uint8_t supported_vers_12[] = {0x02, 0x03, 0x03};
   DataBuffer buf(supported_vers_12, sizeof(supported_vers_12));
 
+  // The server will set the downgrade sentinel. The client needs
+  // to ignore it for this test.
+  client_->SetOption(SSL_ENABLE_HELLO_DOWNGRADE_CHECK, PR_FALSE);
+
   StartConnect();
   MakeTlsFilter<TlsExtensionReplacer>(client_, ssl_tls13_supported_versions_xtn,
                                       buf);
author	John M. Schanck <jschanck@mozilla.com>	2021-08-24 21:39:45 +0000
committer	John M. Schanck <jschanck@mozilla.com>	2021-08-24 21:39:45 +0000
commit	11b79748a7c99ab4e20f848b2d7717b374346ae1 (patch)
tree	4477f41f5db4ec406c91ab47e585f3bc7ae1a4ef
parent	52908d875905ca8888bc03a7043b8d7b74a950ee (diff)
download	nss-hg-11b79748a7c99ab4e20f848b2d7717b374346ae1.tar.gz