nodejs · mhdawson · Sep 19, 2024
diff --git a/test/parallel/test-tls-set-ciphers.js b/test/parallel/test-tls-set-ciphers.js
@@ -79,6 +79,11 @@ function test(cciphers, sciphers, cipher, cerr, serr, options) {
 
 const U = undefined;
 
+let expectedTLSAlertError = 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE';
+if (common.hasOpenSSL(3, 2)) {
+ expectedTLSAlertError = 'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE';
+}
+
 // Have shared ciphers.
 test(U, 'AES256-SHA', 'AES256-SHA');
 test('AES256-SHA', U, 'AES256-SHA');
@@ -89,13 +94,13 @@ test('TLS_AES_256_GCM_SHA384:!TLS_CHACHA20_POLY1305_SHA256', U, 'TLS_AES_256_GCM
 
 // Do not have shared ciphers.
 test('TLS_AES_256_GCM_SHA384', 'TLS_CHACHA20_POLY1305_SHA256',
- U, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', 'ERR_SSL_NO_SHARED_CIPHER');
+ U, expectedTLSAlertError, 'ERR_SSL_NO_SHARED_CIPHER');
 
-test('AES128-SHA', 'AES256-SHA', U, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE',
+test('AES256-SHA', 'AES256-SHA256', U, expectedTLSAlertError,
  'ERR_SSL_NO_SHARED_CIPHER');
-test('AES128-SHA:TLS_AES_256_GCM_SHA384',
- 'TLS_CHACHA20_POLY1305_SHA256:AES256-SHA',
- U, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', 'ERR_SSL_NO_SHARED_CIPHER');
+test('AES256-SHA:TLS_AES_256_GCM_SHA384',
+ 'TLS_CHACHA20_POLY1305_SHA256:AES256-SHA256',
+ U, expectedTLSAlertError, 'ERR_SSL_NO_SHARED_CIPHER');
 
 // Cipher order ignored, TLS1.3 chosen before TLS1.2.
 test('AES256-SHA:TLS_AES_256_GCM_SHA384', U, 'TLS_AES_256_GCM_SHA384');
@@ -110,11 +115,15 @@ test(U, 'AES256-SHA', 'TLS_AES_256_GCM_SHA384', U, U, { maxVersion: 'TLSv1.3' })
 
 // TLS_AES_128_CCM_8_SHA256 & TLS_AES_128_CCM_SHA256 are not enabled by
 // default, but work.
-test('TLS_AES_128_CCM_8_SHA256', U,
- U, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', 'ERR_SSL_NO_SHARED_CIPHER');
-
-test('TLS_AES_128_CCM_8_SHA256', 'TLS_AES_128_CCM_8_SHA256',
- 'TLS_AES_128_CCM_8_SHA256');
+// However, for OpenSSL32 AES_128 is not enabled due to the
+// default security level
+if (!common.hasOpenSSL(3, 2)) {
+ test('TLS_AES_128_CCM_8_SHA256', U,
+ U, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', 'ERR_SSL_NO_SHARED_CIPHER');
+
+ test('TLS_AES_128_CCM_8_SHA256', 'TLS_AES_128_CCM_8_SHA256',
+ 'TLS_AES_128_CCM_8_SHA256');
+}
 
 // Invalid cipher values
 test(9, 'AES256-SHA', U, 'ERR_INVALID_ARG_TYPE', U);