Welcome! Log In Create A New Profile

Advanced

[PATCH 02 of 20] Tests: LibreSSL and BoringSSL session reuse with TLSv1.3

Maxim Dounin
March 18, 2023 10:18AM
# HG changeset patch
# User Maxim Dounin <mdounin@mdounin.ru>
# Date 1679105692 -10800
# Sat Mar 18 05:14:52 2023 +0300
# Node ID 125fb8461d88a81a62ccb40d0e205a01ecc759f5
# Parent 86c394a226d2a7d463da7a1b7e88375c71c0c69b
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.

LibreSSL does not support session reuse with TLSv1.3 at all. BoringSSL
with TLSv1.3 only supports session tickets, but not server-side session
cache.

diff --git a/ssl.t b/ssl.t
--- a/ssl.t
+++ b/ssl.t
@@ -185,6 +185,8 @@ local $TODO = 'no TLSv1.3 sessions, old
if $Net::SSLeay::VERSION < 1.88 && test_tls13();
local $TODO = 'no TLSv1.3 sessions, old IO::Socket::SSL'
if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
+local $TODO = 'no TLSv1.3 sessions in LibreSSL'
+ if $t->has_module('LibreSSL') && test_tls13();

like(get('/', 8085, $ctx), qr/^body r$/m, 'session reused');

@@ -211,8 +213,17 @@ like(get('/', 8086, $ctx), qr/^body \.$/

$ctx = get_ssl_context();
like(get('/id', 8085, $ctx), qr/^body (\w{64})?$/m, 'session id');
+
+TODO: {
+local $TODO = 'no TLSv1.3 sessions in LibreSSL'
+ if $t->has_module('LibreSSL') && test_tls13();
+local $TODO = 'no TLSv1.3 sessions ids in BoringSSL'
+ if $t->has_module('BoringSSL') && test_tls13();
+
like(get('/id', 8085, $ctx), qr/^body \w{64}$/m, 'session id reused');

+}
+
unlike(http_get('/id'), qr/body \w/, 'session id no ssl');

like(get('/cipher', 8085), qr/^body [\w-]+$/m, 'cipher');
diff --git a/ssl_session_reuse.t b/ssl_session_reuse.t
--- a/ssl_session_reuse.t
+++ b/ssl_session_reuse.t
@@ -175,14 +175,22 @@ local $TODO = 'no TLSv1.3 sessions, old
if $Net::SSLeay::VERSION < 1.88 && test_tls13();
local $TODO = 'no TLSv1.3 sessions, old IO::Socket::SSL'
if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
+local $TODO = 'no TLSv1.3 sessions in LibreSSL'
+ if $t->has_module('LibreSSL') && test_tls13();

is(test_reuse(8443), 1, 'tickets reused');
is(test_reuse(8444), 1, 'tickets and cache reused');
+
+TODO: {
+local $TODO = 'no TLSv1.3 session cache in BoringSSL'
+ if $t->has_module('BoringSSL') && test_tls13();
+
is(test_reuse(8445), 1, 'cache shared reused');
is(test_reuse(8446), 1, 'cache builtin reused');
is(test_reuse(8447), 1, 'cache builtin size reused');

}
+}

is(test_reuse(8448), 0, 'cache none not reused');
is(test_reuse(8449), 0, 'cache off not reused');
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[PATCH 02 of 20] Tests: LibreSSL and BoringSSL session reuse with TLSv1.3

Maxim Dounin 483 March 18, 2023 10:18AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 229
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready