Skip to content

Commit

Permalink
test: fix test test-tls-dhe for OpenSSL32
Browse files Browse the repository at this point in the history
Refs: #53382

- OpenSSL32 has a minimum dh key size by 2048 by default.
- Adjust test to use larger 3072 key instead of 1024
  when OpenSSL32 is present.

Signed-off-by: Michael Dawson <midawson@redhat.com>
PR-URL: #54903
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
  • Loading branch information
mhdawson authored and targos committed Sep 26, 2024
1 parent 1302e33 commit 5c9cd42
Showing 1 changed file with 11 additions and 4 deletions.
15 changes: 11 additions & 4 deletions test/parallel/test-tls-dhe.js
Original file line number Diff line number Diff line change
Expand Up @@ -43,9 +43,12 @@ const dheCipher = 'DHE-RSA-AES128-SHA256';
const ecdheCipher = 'ECDHE-RSA-AES128-SHA256';
const ciphers = `${dheCipher}:${ecdheCipher}`;

// Test will emit a warning because the DH parameter size is < 2048 bits
common.expectWarning('SecurityWarning',
'DH parameter is less than 2048 bits');
if (!common.hasOpenSSL(3, 2)) {
// Test will emit a warning because the DH parameter size is < 2048 bits
// when the test is run on versions lower than OpenSSL32
common.expectWarning('SecurityWarning',
'DH parameter is less than 2048 bits');
}

function loadDHParam(n) {
const keyname = `dh${n}.pem`;
Expand Down Expand Up @@ -104,7 +107,11 @@ function testCustomParam(keylen, expectedCipher) {
}, /DH parameter is less than 1024 bits/);

// Custom DHE parameters are supported (but discouraged).
await testCustomParam(1024, dheCipher);
if (!common.hasOpenSSL(3, 2)) {
await testCustomParam(1024, dheCipher);
} else {
await testCustomParam(3072, dheCipher);
}
await testCustomParam(2048, dheCipher);

// Invalid DHE parameters are discarded. ECDHE remains enabled.
Expand Down

0 comments on commit 5c9cd42

Please sign in to comment.