summaryrefslogtreecommitdiff
path: root/test/recipes/70-test_sslrecords.t
Commit message (Collapse)AuthorAgeFilesLines
* Update copyright yearMatt Caswell2021-02-181-1/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14235)
* Stop disabling TLSv1.3 if ec and dh are disabledMatt Caswell2021-02-051-1/+12
| | | | | | | | | | Even if EC and DH are disabled then we may still be able to use TLSv1.3 if we have groups that have been plugged in by an external provider. Fixes #13767 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
* Update copyright yearRichard Levitte2020-07-161-1/+1
| | | | | Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12463)
* Reduce the security bits for MD5 and SHA1 based signatures in TLSKurt Roeckx2020-06-271-1/+12
| | | | | | | | | | This has as effect that SHA1 and MD5+SHA1 are no longer supported at security level 1, and that TLS < 1.2 is no longer supported at the default security level of 1, and that you need to set the security level to 0 to use TLS < 1.2. Reviewed-by: Tim Hudson <tjh@openssl.org> GH: #10787
* Add a test for interleaving app data with handshake data in TLSv1.3Matt Caswell2019-02-191-6/+96
| | | | | Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/8191)
* Following the license change, modify the boilerplates in test/Richard Levitte2018-12-061-1/+1
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7767)
* recipes/70-test_ssl{cbcpadding,extension,records}: make it work w/fragmentation.Andy Polyakov2018-04-181-40/+86
| | | | | | | | | | This fixes only those tests that were failing when network data was fragmented. Remaining ones might succeed for "wrong reasons". Bunch of tests have to fail to be considered successful and when data is fragmented they might fail for reasons other than originally intended. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5975)
* Use the TLSv1.3 record header as AADMatt Caswell2018-03-141-3/+3
| | | | | | | As of TLSv1.3 draft-25 the record header data must be used as AAD Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/5604)
* Update copyright yearMatt Caswell2018-02-131-1/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Enable TLSProxy tests on WindowsRichard Levitte2018-01-201-1/+1
| | | | | Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5094)
* Merge HRR into ServerHelloMatt Caswell2017-12-141-1/+2
| | | | | Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
* Many spelling fixes/typo's corrected.Josh Soref2017-11-111-3/+3
| | | | | | | | | Around 138 distinct errors found and fixed; thanks! Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3459)
* Don't allow fragmented alertsMatt Caswell2017-05-171-4/+4
| | | | | | | | | | | | | | | | | | | An alert message is 2 bytes long. In theory it is permissible in SSLv3 - TLSv1.2 to fragment such alerts across multiple records (some of which could be empty). In practice it make no sense to send an empty alert record, or to fragment one. TLSv1.3 prohibts this altogether and other libraries (BoringSSL, NSS) do not support this at all. Supporting it adds significant complexity to the record layer, and its removal is unlikely to cause inter-operability issues. The DTLS code for this never worked anyway and it is not supported at a protocol level for DTLS. Similarly fragmented DTLS handshake records only work at a protocol level where at least the handshake message header exists within the record. DTLS code existed for trying to handle fragmented handshake records smaller than this size. This code didn't work either so has also been removed. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3476)
* More typo fixesFdaSilvaYY2017-03-291-1/+1
| | | | | | | | Fix some comments too [skip ci] Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3069)
* Fix the number of tests to skip if TLSv1.3 is disabledMatt Caswell2017-03-071-1/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2875)
* Add a test for records not on the record boundaryMatt Caswell2017-03-071-11/+112
| | | | | | Test that we check that key change messages appear on a record boundary. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2875)
* Adopt test to changed behaviorBenjamin Kaduk2017-02-231-1/+1
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2279)
* Add more TLS1.3 record testsMatt Caswell2016-12-051-6/+46
| | | | | | Add some tests for the new record construction Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix the tests following the state machine changes for TLSv1.3Matt Caswell2016-11-231-0/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add a test for the wrong version number in a recordMatt Caswell2016-11-071-1/+31
| | | | | | | | Prior to TLS1.3 we check that the received record version number is correct. In TLS1.3 we need to ignore the record version number. This adds a test to make sure we do it correctly. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add a test for unrecognised record typesMatt Caswell2016-11-021-1/+47
| | | | | | We should fail if we receive an unrecognised record type Reviewed-by: Tim Hudson <tjh@openssl.org>
* Enable TLSProxy to talk TLS1.3Matt Caswell2016-11-021-0/+9
| | | | | | | Now that ossltest knows about a TLS1.3 cipher we can now do TLS1.3 in TLSProxy Reviewed-by: Rich Salz <rsalz@openssl.org>
* Remove a stray unneeded line in 70-test_sslrecords.tMatt Caswell2016-08-151-1/+0
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Add some SSLv2 ClientHello testsMatt Caswell2016-08-151-1/+197
| | | | | | Test that we handle a TLS ClientHello in an SSLv2 record correctly. Reviewed-by: Tim Hudson <tjh@openssl.org>
* spelling fixes, just comments and readme.klemens2016-08-051-1/+1
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1413)
* Fix no-tls1_2Matt Caswell2016-07-251-2/+2
| | | | | | Misc fixes impacting no-tls1_2. Also fixes no-dtls1_2. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add a test for fragmented alertsMatt Caswell2016-06-271-1/+61
| | | | | | | The previous commit fixed a problem where fragmented alerts would cause an infinite loop. This commit adds a test for these fragmented alerts. Reviewed-by: Andy Polyakov <appro@openssl.org>
* Skip the TLSProxy tests if environmental problems are an issueMatt Caswell2016-06-161-3/+2
| | | | | | | | | | | | | | | | On some platforms we can't startup the TLSProxy due to environmental problems (e.g. network set up on the build machine). These aren't OpenSSL problems so we shouldn't treat them as test failures. Just visibly indicate that we are skipping the test. We only skip the first time we attempt to start up the proxy. If that works then everything else should do...if not we should probably investigate and so report as a failure. This also removes test_networking...there is a danger that this turns into a test of user's environmental set up rather than OpenSSL. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add empty record testsMatt Caswell2016-06-071-0/+81
The previous commit changed how we handle out-of-context empty records. This commit adds some tests for the various scenarios. There are three tests: 1: Check that if we inject an out-of-context empty record then we fail 2: Check that if we inject an in-context empty record then we succeed 3: Check that if we inject too many in-context empty records then we fail. Reviewed-by: Andy Polyakov <appro@openssl.org>
View Lorry Controller Status