Test failures with OpenSSL 3.2.2 #53382

richardlau · 2024-06-07T15:55:40Z

A number of Node.js tests fail when Node.js is compiled dynamically linked against OpenSSL 3.2 (tested with OpenSSL 3.2.2).
i.e.

./configure --shared-openssl
make -j 4 test-ci

Full tap results: https://gist.github.com/richardlau/ce642daf2ffd581755232a924f9f8f63

Failures:

out/Release/node /home/nodejs/node/test/parallel/test-crypto-dh.js test: fix OpenSSL version checks #53503
out/Release/node /home/nodejs/node/test/parallel/test-http2-https-fallback.js Also fails with OpenSSL 3.0.14 test: update tests for OpenSSL 3.0.14 #53373
out/Release/node /home/nodejs/node/test/parallel/test-http2-server-unknown-protocol.js Also fails with OpenSSL 3.0.14 test: update tests for OpenSSL 3.0.14 #53373
out/Release/node /home/nodejs/node/test/parallel/test-https-client-checkServerIdentity.js test: increase key size for ca2-cert.pem #54599
out/Release/node /home/nodejs/node/test/parallel/test-https-strict.js test: increase key size for ca2-cert.pem #54599
out/Release/node /home/nodejs/node/test/parallel/test-tls-alert-handling.js
out/Release/node /home/nodejs/node/test/parallel/test-tls-cert-regression.js test: update test to support OpenSSL32 #54968
out/Release/node /home/nodejs/node/test/parallel/test-tls-client-getephemeralkeyinfo.js
out/Release/node /home/nodejs/node/test/parallel/test-tls-alpn-server-client.js Also fails with OpenSSL 3.0.14 test: update tests for OpenSSL 3.0.14 #53373
out/Release/node /home/nodejs/node/test/parallel/test-tls-client-mindhsize.js test: fix test-tls-client-mindhsize for OpenSSL32 #54739
out/Release/node /home/nodejs/node/test/parallel/test-tls-client-renegotiation-13.js test: increase key size for ca2-cert.pem #54599
out/Release/node /home/nodejs/node/test/parallel/test-tls-client-auth.js test: fix test-tls-client-auth test for OpenSSL32 #54610
out/Release/node /home/nodejs/node/test/parallel/test-tls-client-verify.js test: increase key size for ca2-cert.pem #54599
out/Release/node /home/nodejs/node/test/parallel/test-tls-empty-sni-context.js test: update TLS tests for OpenSSL 3.2 #53384
out/Release/node --no-warnings /home/nodejs/node/test/parallel/test-tls-dhe.js test: fix test test-tls-dhe for OpenSSL32 #54903
out/Release/node /home/nodejs/node/test/parallel/test-tls-getcipher.js test: adjust key sizes to support OpenSSL32 #54972
out/Release/node /home/nodejs/node/test/parallel/test-tls-junk-server.js test: adjust test-tls-junk-server for OpenSSL32 #54926
out/Release/node /home/nodejs/node/test/parallel/test-tls-multiple-cas-as-string.js test: increase key size for ca2-cert.pem #54599
out/Release/node /home/nodejs/node/test/parallel/test-tls-peer-certificate-encoding.js test: increase key size for ca2-cert.pem #54599
out/Release/node /home/nodejs/node/test/parallel/test-tls-multi-key.js test: increase key size for ca2-cert.pem #54599
out/Release/node /home/nodejs/node/test/parallel/test-tls-psk-circuit.js test: update TLS tests for OpenSSL 3.2 #53384
out/Release/node /home/nodejs/node/test/parallel/test-tls-sni-server-client.js test: increase key size for ca2-cert.pem #54599
out/Release/node /home/nodejs/node/test/parallel/test-tls-set-ciphers.js
out/Release/node /home/nodejs/node/test/parallel/test-tls-sni-option.js test: increase key size for ca2-cert.pem #54599
out/Release/node /home/nodejs/node/test/parallel/test-tls-server-verify.js test: increase key size for ca2-cert.pem #54599
out/Release/node /home/nodejs/node/test/parallel/test-tls-junk-closes-server.js also reported in Pass node 18.x branch tests when compiled against shared openssl 3.2 #52482

In our Jenkins CI we currently test in node-test-commit-linux-containered Node.js dynamically linked against OpenSSL 3.0 and 3.1. Addressing the above test failures would be required before we can add testing against OpenSSL 3.2 to the CI.

The text was updated successfully, but these errors were encountered:

Update the following TLS tests to account for error code changes in OpenSSL 3.2 and later. - `parallel/test-tls-empty-sni-context` - `parallel/test-tls-psk-circuit` PR-URL: #53384 Refs: #53382 Refs: openssl/openssl#19950 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com> Reviewed-By: Yagiz Nizipli <yagiz.nizipli@sentry.io>

richardlau · 2024-06-13T17:29:12Z

FWIW I've added testing against OpenSSl 3.2 to my copy of node-test-commit-linux-containered: richardlau-node-test-commit-linux-containered

e.g. https://ci.nodejs.org/job/richardlau-node-test-commit-linux-containered/nodes=ubuntu2204_sharedlibs_openssl32_x64/26/consoleFull which is showing the current test failures with main when linked against OpenSSL 3.2.2.

richardlau · 2024-06-13T17:31:55Z

In terms of updating what is included in Node.js, for now we want to stay on the LTS version of OpenSSL (3.0) for as long as possible. OpenSSL have not yet decided/announced what the next LTS version of OpenSSL will be. Making sure Node.js can build and execute tests successfully on later OpenSSL versions should hopefully ease the migration when it is eventually time.

Update the following TLS tests to account for error code changes in OpenSSL 3.2 and later. - `parallel/test-tls-empty-sni-context` - `parallel/test-tls-psk-circuit` PR-URL: #53384 Refs: #53382 Refs: openssl/openssl#19950 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com> Reviewed-By: Yagiz Nizipli <yagiz.nizipli@sentry.io>

Update the following TLS tests to account for error code changes in OpenSSL 3.2 and later. - `parallel/test-tls-empty-sni-context` - `parallel/test-tls-psk-circuit` PR-URL: nodejs#53384 Refs: nodejs#53382 Refs: openssl/openssl#19950 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com> Reviewed-By: Yagiz Nizipli <yagiz.nizipli@sentry.io>

mhdawson · 2024-06-24T14:45:01Z

For those that want to help move it forward, you can run this job to confirm if you have fixed one of the tests - https://ci.nodejs.org/job/richardlau-node-test-commit-linux-containered/

As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: #50395 PR-URL: #53503 Refs: #53382 Reviewed-By: Luigi Pinca <luigipinca@gmail.com>

Update the following TLS tests to account for error code changes in OpenSSL 3.2 and later. - `parallel/test-tls-empty-sni-context` - `parallel/test-tls-psk-circuit` PR-URL: #53384 Refs: #53382 Refs: openssl/openssl#19950 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com> Reviewed-By: Yagiz Nizipli <yagiz.nizipli@sentry.io>

As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: #50395 PR-URL: #53503 Refs: #53382 Reviewed-By: Luigi Pinca <luigipinca@gmail.com>

Refs: nodejs#44498 Refs: nodejs#53382 Key sizes were increased to 2048 in PR 44498 including the configuration file for the generation of ca2-cert.pem. However, it seems like updating ca2-cert.pem and related files themselves were missed as they were not updated in the PR and the ca2-cert.pem reported as being associated with a 1024 bit key. I believe that was the cause of some of the failures mentioned in nodejs#53382 as OpenSSL 3.2 increased the default security level from 1 to 2 and that would mean that certificates associated with keys of 1024 bits would no longer be accepted. This PR updates the key size for ca2-cert.pem. It was not necessary to change the config, only run the generation for the ca2-cert.pem and related files. Signed-off-by: Michael Dawson <midawson@redhat.com>

richardlau · 2024-08-28T14:50:55Z

OpenSSL 3.2 does document:

The default security level can be configured when OpenSSL is compiled by setting -DOPENSSL_TLS_SECURITY_LEVEL=level. If not set then 2 is used.

https://docs.openssl.org/3.2/man3/SSL_CTX_set_security_level/#notes

Compare this to earlier versions (3.1, 3.0) where the default seclevel is 1:

OpenSSL 3.1: https://docs.openssl.org/3.1/man3/SSL_CTX_set_security_level/#notes
OpenSSL 3.0: https://docs.openssl.org/3.0/man3/SSL_CTX_set_security_level/#notes

We don't set -DOPENSSL_TLS_SECURITY_LEVEL when compiling OpenSSL in Node.js in upstream so will inherit the default.

Since we've had other issues relating to key sizes – perhaps the right long term solution would be to provide an API (either public or just for tests) to get the seclevel from OpenSSL at runtime and then Node.js' test could be selective (i.e. match the size of keys being used to the seclevel being run at).

The changing default seclevel also highlights that while OpenSSL 3.x is ABI compatible, updating (e.g. 3.0 -> 3.2) may still cause observable changes (i.e. with the increased seclevel smaller keys are no longer allowed out of the box without dropping the seclevel down to what it was previously).

richardlau · 2024-08-28T15:11:19Z

I ran the CI variant again on main: https://ci.nodejs.org/job/richardlau-node-test-commit-linux-containered/32/nodes=ubuntu2204_sharedlibs_openssl32_x64/

This is showing a new failure in parallel.test-tls-set-sigalgs:

  (node:2717679) [DEP0060] DeprecationWarning: The `util._extend` API is deprecated. Please use Object.assign() instead.
  (Use `node --trace-deprecation ...` to show where the warning was created)
  node:assert:126
    throw new AssertionError(obj);
    ^

  AssertionError [ERR_ASSERTION]: Expected values to be strictly equal:
  + actual - expected

  + 'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE'
  - 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE'
      at /home/iojs/build/workspace/richardlau-node-test-commit-linux-containered/test/parallel/test-tls-set-sigalgs.js:51:16
      at /home/iojs/build/workspace/richardlau-node-test-commit-linux-containered/test/common/index.js:488:15
      at /home/iojs/build/workspace/richardlau-node-test-commit-linux-containered/test/common/index.js:488:15
      at maybeCallback (/home/iojs/build/workspace/richardlau-node-test-commit-linux-containered/test/fixtures/tls-connect.js:97:7)
      at TLSSocket.<anonymous> (/home/iojs/build/workspace/richardlau-node-test-commit-linux-containered/test/fixtures/tls-connect.js:73:13)
      at TLSSocket.emit (node:events:520:28)
      at emitErrorNT (node:internal/streams/destroy:170:8)
      at emitErrorCloseNT (node:internal/streams/destroy:129:3)
      at process.processTicksAndRejections (node:internal/process/task_queues:90:21) {
    generatedMessage: true,
    code: 'ERR_ASSERTION',
    actual: 'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE',
    expected: 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE',
    operator: 'strictEqual'
  }

  Node.js v23.0.0-pre

This didn't fail before (see description) likely due to the changes from #54208 landing since the run for the description.

Refs: nodejs#53382 Refs: nodejs#53384 Same change as in 53384 where OpenSSL32 returns a slightly different error but for a different test. Signed-off-by: Michael Dawson <midawson@redhat.com>

Refs: #44498 Refs: #53382 Key sizes were increased to 2048 in PR 44498 including the configuration file for the generation of ca2-cert.pem. However, it seems like updating ca2-cert.pem and related files themselves were missed as they were not updated in the PR and the ca2-cert.pem reported as being associated with a 1024 bit key. I believe that was the cause of some of the failures mentioned in #53382 as OpenSSL 3.2 increased the default security level from 1 to 2 and that would mean that certificates associated with keys of 1024 bits would no longer be accepted. This PR updates the key size for ca2-cert.pem. It was not necessary to change the config, only run the generation for the ca2-cert.pem and related files. Signed-off-by: Michael Dawson <midawson@redhat.com> PR-URL: #54599 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: James M Snell <jasnell@gmail.com>

Refs: #53382 OpenSSL32 returns different error text. Looking through the test it seems like the expected error text has been adjusted for different OpenSSL versions in the past and what the test is testing is not related to the error being returned. Update test to allow for error returned by OpenSSL32 Signed-off-by: Michael Dawson <midawson@redhat.com> PR-URL: #54926 Refs: #53382 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>

Refs: #53382 - OpenSSL32 has a minimum dh key size by 2048 by default. - Adjust test to use larger 3072 key instead of 1024 when OpenSSL32 is present. Signed-off-by: Michael Dawson <midawson@redhat.com> PR-URL: #54903 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: James M Snell <jasnell@gmail.com>

Refs: #53382 Looks like test is forcing an error through bad data and the error code we get is different for OpenSSL32. Adjust test to cope with the variation across versions. Signed-off-by: Michael Dawson <midawson@redhat.com> PR-URL: #54909 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: James M Snell <jasnell@gmail.com>

Refs: #53382 OpenSSL32 returns different error text. Looking through the test it seems like the expected error text has been adjusted for different OpenSSL versions in the past and what the test is testing is not related to the error being returned. Update test to allow for error returned by OpenSSL32 Signed-off-by: Michael Dawson <midawson@redhat.com> PR-URL: #54926 Refs: #53382 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>

Refs: #53382 - OpenSSL32 has a minimum dh key size by 2048 by default. - Adjust test to use larger 3072 key instead of 1024 when OpenSSL32 is present. Signed-off-by: Michael Dawson <midawson@redhat.com> PR-URL: #54903 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: James M Snell <jasnell@gmail.com>

Refs: #53382 Looks like test is forcing an error through bad data and the error code we get is different for OpenSSL32. Adjust test to cope with the variation across versions. Signed-off-by: Michael Dawson <midawson@redhat.com> PR-URL: #54909 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: James M Snell <jasnell@gmail.com>

Refs: #53382 OpenSSL32 returns different error text. Looking through the test it seems like the expected error text has been adjusted for different OpenSSL versions in the past and what the test is testing is not related to the error being returned. Update test to allow for error returned by OpenSSL32 Signed-off-by: Michael Dawson <midawson@redhat.com> PR-URL: #54926 Refs: #53382 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>

Refs: nodejs#53382 This test fails on OpenSS32 because it complains the key being used is too short. It seems to have been missed when the test suite was udpated to have a Makefile to generate key material as the keys are hard coded in the test as opposed to being read in from the fixtures/key directory. Looking at the test it was added 8 years ago in nodejs@cdde9a3 to test the case where the key did not have a newline at the end. However, looking at the fixtures used in the test suite I see that for the test https://github.com/nodejs/node/blob/main/test/parallel/test-tls-inception.js, the key test/fixtures/keys/rsa_private.pem and certificate test/fixtures/keys/rsa-cert.crt do not have any newlines (which I think is the case for most of the test keys/certificates now) so it would already cover the same case. So while we could update the test to use a larger key, it seems like it is redundant and we can just remove it. Signed-off-by: Michael Dawson <midawson@redhat.com>

Refs: nodejs#53382 This test fails on OpenSSL32 because it complains the key being used is too short. Adjust the key sizes so that they will pass on OpenSSL32 in addition to other OpenSSL3 versions. Since the keys are not public key related I don't think the increase in key size will be too bad in terms of performance so I've just increased versus guarding for OpenSSL32 Signed-off-by: Michael Dawson <midawson@redhat.com>

Refs: nodejs#53382 This test fails on OpenSS32 because it complains the key being used is too short. It seems to have been missed when the test suite was udpated to have a Makefile to generate key material as the keys are hard coded in the test as opposed to being read in from the fixtures/key directory. Looking at the test it was added 8 years ago in nodejs@cdde9a3 to test the case where the key did not have a newline at the end. However, looking at the fixtures used in the test suite I see that for the test https://github.com/nodejs/node/blob/main/test/parallel/test-tls-inception.js, the key test/fixtures/keys/rsa_private.pem and certificate test/fixtures/keys/rsa-cert.crt do not have any newlines (which I think is the case for most of the test keys/certificates now) so it would already cover the same case. So while we could update the test to use a larger key, it seems like it is redundant and we can just remove it. Signed-off-by: Michael Dawson <midawson@redhat.com>

Refs: nodejs#53382 This test fails on OpenSSL32 because it complains the key being used is too short. It seems to have been missed when the test suite was udpated to have a Makefile to generate key material as the keys are hard coded in the test as opposed to being read in from the fixtures/key directory. Update the test to use keys/certs from the fixtures directory and to remove newlines at the end of the key and cert to retain the inteded test. Signed-off-by: Michael Dawson <midawson@redhat.com>

Refs: #53382 - OpenSSL32 has a minimum dh key size by 2048 by default. - Adjust test to use larger 3072 key instead of 1024 when OpenSSL32 is present. Signed-off-by: Michael Dawson <midawson@redhat.com> PR-URL: #54903 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: James M Snell <jasnell@gmail.com>

Refs: #53382 Looks like test is forcing an error through bad data and the error code we get is different for OpenSSL32. Adjust test to cope with the variation across versions. Signed-off-by: Michael Dawson <midawson@redhat.com> PR-URL: #54909 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: James M Snell <jasnell@gmail.com>

Refs: #53382 OpenSSL32 returns different error text. Looking through the test it seems like the expected error text has been adjusted for different OpenSSL versions in the past and what the test is testing is not related to the error being returned. Update test to allow for error returned by OpenSSL32 Signed-off-by: Michael Dawson <midawson@redhat.com> PR-URL: #54926 Refs: #53382 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>

Refs: #53382 - OpenSSL32 has a minimum dh key size by 2048 by default. - Adjust test to use larger 3072 key instead of 1024 when OpenSSL32 is present. Signed-off-by: Michael Dawson <midawson@redhat.com> PR-URL: #54903 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: James M Snell <jasnell@gmail.com>

Refs: #53382 Looks like test is forcing an error through bad data and the error code we get is different for OpenSSL32. Adjust test to cope with the variation across versions. Signed-off-by: Michael Dawson <midawson@redhat.com> PR-URL: #54909 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: James M Snell <jasnell@gmail.com>

Refs: #53382 OpenSSL32 returns different error text. Looking through the test it seems like the expected error text has been adjusted for different OpenSSL versions in the past and what the test is testing is not related to the error being returned. Update test to allow for error returned by OpenSSL32 Signed-off-by: Michael Dawson <midawson@redhat.com> PR-URL: #54926 Refs: #53382 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>

Refs: #53382 This test fails on OpenSSL32 because it complains the key being used is too short. It seems to have been missed when the test suite was udpated to have a Makefile to generate key material as the keys are hard coded in the test as opposed to being read in from the fixtures/key directory. Update the test to use keys/certs from the fixtures directory and to remove newlines at the end of the key and cert to retain the inteded test. Signed-off-by: Michael Dawson <midawson@redhat.com> PR-URL: #54968 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com>

Refs: #53382 This test fails on OpenSSL32 because it complains the key being used is too short. Adjust the key sizes so that they will pass on OpenSSL32 in addition to other OpenSSL3 versions. Since the keys are not public key related I don't think the increase in key size will be too bad in terms of performance so I've just increased versus guarding for OpenSSL32 Signed-off-by: Michael Dawson <midawson@redhat.com> PR-URL: #54972 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>

Refs: nodejs#54968 Refs: nodejs#53382 Add additional asserts as suggestd by Richard in: nodejs#54968 Signed-off-by: Michael Dawson <midawson@redhat.com>

Refs: nodejs#53382 The test failed as it was using AES128 which is not supported in OpenSSL32 due to default security level. Adjusted to use AES256 where it made sense and not run tests on OpenSSL32 where test was specific to AES128. Signed-off-by: Michael Dawson <midawson@redhat.com>

Refs: nodejs#53382 The test failed as it was using AES128 which is not supported in OpenSSL32 due to default security level and because some error messages have changed. Adjusted to use AES256 where it made sense and not run tests on OpenSSL32 where test was specific to AES128. Adjust to use the expected error messages based on version. Signed-off-by: Michael Dawson <midawson@redhat.com>

Refs: nodejs#53382 OpenSSL32 does not support AES128 to update test to use a newer algorithm. Signed-off-by: Michael Dawson <midawson@redhat.com>

Refs: nodejs#53382 OpenSSL32 does not support AES128 and DH 1024 to update test to use newer algorithms. Signed-off-by: Michael Dawson <midawson@redhat.com>

richardlau added help wanted Issues that need assistance from volunteers or PRs that need help to proceed. openssl Issues and PRs related to the OpenSSL dependency. labels Jun 7, 2024

richardlau mentioned this issue Jun 7, 2024

test: update TLS tests for OpenSSL 3.2 #53384

Merged

nodejs deleted a comment Jun 7, 2024

richardlau mentioned this issue Jun 13, 2024

ansible: update sharedlibs containers nodejs/build#3758

Merged

richardlau mentioned this issue Jun 18, 2024

test: fix OpenSSL version checks #53503

Merged

mhdawson mentioned this issue Aug 27, 2024

test: increase key size for ca2-cert.pem #54599

Merged

mhdawson mentioned this issue Aug 28, 2024

test: fix test-tls-client-auth test for OpenSSL32 #54610

Closed

This was referenced Aug 28, 2024

test: update TLS test for OpenSSL 3.2 #54612

Merged

build: explicitly set OpenSSL default TLS seclevel #54639

Open

mhdawson mentioned this issue Sep 16, 2024

test: update test to support OpenSSL32 #54968

Merged

mhdawson mentioned this issue Sep 16, 2024

test: adjust key sizes to support OpenSSL32 #54972

Merged

mhdawson added a commit to mhdawson/io.js that referenced this issue Sep 18, 2024

test: add asserts to validate test assumptions

7ad09ca

Refs: nodejs#54968 Refs: nodejs#53382 Add additional asserts as suggestd by Richard in: nodejs#54968 Signed-off-by: Michael Dawson <midawson@redhat.com>

mhdawson mentioned this issue Sep 18, 2024

test: add asserts to validate test assumptions #54997

Open

mhdawson mentioned this issue Sep 19, 2024

test: adjust tls-set-ciphers for OpenSSL32 #55016

Open

mhdawson added a commit to mhdawson/io.js that referenced this issue Sep 19, 2024

test: uptdate tls test to support OpenSSL32

032c500

Refs: nodejs#53382 OpenSSL32 does not support AES128 to update test to use a newer algorithm. Signed-off-by: Michael Dawson <midawson@redhat.com>

mhdawson added a commit to mhdawson/io.js that referenced this issue Sep 20, 2024

test: uptdate tls test to support OpenSSL32

a47c500

Refs: nodejs#53382 OpenSSL32 does not support AES128 and DH 1024 to update test to use newer algorithms. Signed-off-by: Michael Dawson <midawson@redhat.com>

mhdawson mentioned this issue Sep 20, 2024

test: uptdate tls test to support OpenSSL32 #55030

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Test failures with OpenSSL 3.2.2 #53382

Test failures with OpenSSL 3.2.2 #53382

richardlau commented Jun 7, 2024 •

edited

Loading

richardlau commented Jun 13, 2024

richardlau commented Jun 13, 2024

mhdawson commented Jun 24, 2024

richardlau commented Aug 28, 2024 •

edited

Loading

richardlau commented Aug 28, 2024

Test failures with OpenSSL 3.2.2 #53382

Test failures with OpenSSL 3.2.2 #53382

Comments

richardlau commented Jun 7, 2024 • edited Loading

richardlau commented Jun 13, 2024

richardlau commented Jun 13, 2024

mhdawson commented Jun 24, 2024

richardlau commented Aug 28, 2024 • edited Loading

richardlau commented Aug 28, 2024

richardlau commented Jun 7, 2024 •

edited

Loading

richardlau commented Aug 28, 2024 •

edited

Loading