svn commit: r1864499 - in /httpd/test/framework/trunk/t/ssl: pr12355.t pr43738.t

[rj...@apache.org]

Author: rjung
Date: Tue Aug  6 10:24:04 2019
New Revision: 1864499

URL: http://svn.apache.org/viewvc?rev=1864499&view=rev
Log:
Test whether TLSv13 works and only then hard
code use of TLSv12. In all other cases stick to
defaults. This ensures, that old client versions
that do not support TLSv12 still work.
Followup to r1858849.

Modified:
    httpd/test/framework/trunk/t/ssl/pr12355.t
    httpd/test/framework/trunk/t/ssl/pr43738.t

Modified: httpd/test/framework/trunk/t/ssl/pr12355.t
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/ssl/pr12355.t?rev=1864499&r1=1864498&r2=1864499&view=diff
==============================================================================
--- httpd/test/framework/trunk/t/ssl/pr12355.t (original)
+++ httpd/test/framework/trunk/t/ssl/pr12355.t Tue Aug  6 10:24:04 2019
@@ -7,11 +7,26 @@ use Apache::TestUtil;
 
 plan tests => 10, need 'ssl', need_min_apache_version('2.0');
 
-Apache::TestRequest::user_agent( ssl_opts => { SSL_cipher_list => 'ALL', SSL_version => 'TLSv12'});
-Apache::TestRequest::user_agent_keepalive(1);
+my $r;
+
+Apache::TestRequest::user_agent(ssl_opts => {SSL_version => 'TLSv13'});
 Apache::TestRequest::scheme('https');
 
-my $r;
+$r = GET "/";
+my $tls13_works = $r->is_success;
+
+# Forget the above user agent settings, start fresh
+Apache::TestRequest::user_agent(reset => 1);
+
+# If TLS 1.3 worked, downgrade to TLS 1.2, otherwise use what works.
+if ($tls13_works) {
+    t_debug "Downgrading to TLSv12";
+    Apache::TestRequest::user_agent(ssl_opts => {SSL_cipher_list => 'ALL', SSL_version => 'TLSv12'});
+} else {
+    Apache::TestRequest::user_agent(ssl_opts => {SSL_cipher_list => 'ALL'});
+}
+Apache::TestRequest::user_agent_keepalive(1);
+Apache::TestRequest::scheme('https');
 
 # Send a series of POST requests with varying size request bodies.
 # Alternate between the location which requires a AES128-SHA ciphersuite

Modified: httpd/test/framework/trunk/t/ssl/pr43738.t
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/ssl/pr43738.t?rev=1864499&r1=1864498&r2=1864499&view=diff
==============================================================================
--- httpd/test/framework/trunk/t/ssl/pr43738.t (original)
+++ httpd/test/framework/trunk/t/ssl/pr43738.t Tue Aug  6 10:24:04 2019
@@ -9,11 +9,26 @@ plan tests => 4,
     need 'ssl', need_module('actions'),
     need_min_apache_version('2.2.7');
 
-Apache::TestRequest::user_agent( ssl_opts => { SSL_cipher_list => 'ALL', SSL_version => 'TLSv12'});
-Apache::TestRequest::user_agent_keepalive(1);
+my $r;
+
+Apache::TestRequest::user_agent(ssl_opts => {SSL_version => 'TLSv13'});
 Apache::TestRequest::scheme('https');
 
-my $r;
+$r = GET "/";
+my $tls13_works = $r->is_success;
+
+# Forget the above user agent settings, start fresh
+Apache::TestRequest::user_agent(reset => 1);
+
+# If TLS 1.3 worked, downgrade to TLS 1.2, otherwise use what works.
+if ($tls13_works) {
+    t_debug "Downgrading to TLSv12";
+    Apache::TestRequest::user_agent(ssl_opts => {SSL_cipher_list => 'ALL', SSL_version => 'TLSv12'});
+} else {
+    Apache::TestRequest::user_agent(ssl_opts => {SSL_cipher_list => 'ALL'});
+}
+Apache::TestRequest::user_agent_keepalive(1);
+Apache::TestRequest::scheme('https');
 
 # Variation of the PR 12355 test which breaks per PR 43738.