Mercurial > hg > nginx-tests
comparison ssl.t @ 1830:8dec885fa3da
Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
LibreSSL does not support session reuse with TLSv1.3 at all. BoringSSL
with TLSv1.3 only supports session tickets, but not server-side session
cache.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Thu, 23 Mar 2023 19:49:49 +0300 |
| parents | a78c32419f02 |
| children | cdcd75657e52 |
comparison
equal
deleted
inserted
replaced
| 1829:a78c32419f02 | 1830:8dec885fa3da |
|---|---|
| 183 TODO: { | 183 TODO: { |
| 184 local $TODO = 'no TLSv1.3 sessions, old Net::SSLeay' | 184 local $TODO = 'no TLSv1.3 sessions, old Net::SSLeay' |
| 185 if $Net::SSLeay::VERSION < 1.88 && test_tls13(); | 185 if $Net::SSLeay::VERSION < 1.88 && test_tls13(); |
| 186 local $TODO = 'no TLSv1.3 sessions, old IO::Socket::SSL' | 186 local $TODO = 'no TLSv1.3 sessions, old IO::Socket::SSL' |
| 187 if $IO::Socket::SSL::VERSION < 2.061 && test_tls13(); | 187 if $IO::Socket::SSL::VERSION < 2.061 && test_tls13(); |
| 188 local $TODO = 'no TLSv1.3 sessions in LibreSSL' | |
| 189 if $t->has_module('LibreSSL') && test_tls13(); | |
| 188 | 190 |
| 189 like(get('/', 8085, $ctx), qr/^body r$/m, 'session reused'); | 191 like(get('/', 8085, $ctx), qr/^body r$/m, 'session reused'); |
| 190 | 192 |
| 191 } | 193 } |
| 192 | 194 |
| 209 | 211 |
| 210 # embedded variables | 212 # embedded variables |
| 211 | 213 |
| 212 $ctx = get_ssl_context(); | 214 $ctx = get_ssl_context(); |
| 213 like(get('/id', 8085, $ctx), qr/^body (\w{64})?$/m, 'session id'); | 215 like(get('/id', 8085, $ctx), qr/^body (\w{64})?$/m, 'session id'); |
| 216 | |
| 217 TODO: { | |
| 218 local $TODO = 'no TLSv1.3 sessions in LibreSSL' | |
| 219 if $t->has_module('LibreSSL') && test_tls13(); | |
| 220 local $TODO = 'no TLSv1.3 sessions ids in BoringSSL' | |
| 221 if $t->has_module('BoringSSL') && test_tls13(); | |
| 222 | |
| 214 like(get('/id', 8085, $ctx), qr/^body \w{64}$/m, 'session id reused'); | 223 like(get('/id', 8085, $ctx), qr/^body \w{64}$/m, 'session id reused'); |
| 224 | |
| 225 } | |
| 215 | 226 |
| 216 unlike(http_get('/id'), qr/body \w/, 'session id no ssl'); | 227 unlike(http_get('/id'), qr/body \w/, 'session id no ssl'); |
| 217 | 228 |
| 218 like(get('/cipher', 8085), qr/^body [\w-]+$/m, 'cipher'); | 229 like(get('/cipher', 8085), qr/^body [\w-]+$/m, 'cipher'); |
| 219 | 230 |