Allow TLS 1.2 servers to report client versions from the supported ve…

…rsions extension Squashed commit of the following: commit 2b3c9b2 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Tue Oct 17 16:01:14 2023 -0400 fixes commit 3e27ec8 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Tue Oct 17 15:31:45 2023 -0400 update integ test to expect TLS 1.3 commit b66a361 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Tue Oct 17 11:44:41 2023 -0400 fixes commit c3b120b Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Tue Oct 17 11:38:17 2023 -0400 TLS 1.2 fallback tests commit 4245e3e Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Mon Oct 16 16:54:54 2023 -0400 add test for client getters commit 7e8e734 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Mon Oct 16 14:35:05 2023 -0400 add test for server getters with no supported versions extension commit 9f63693 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Mon Oct 16 14:09:27 2023 -0400 test for protocol getters on server with a received supported versions extension commit 08d3d78 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Mon Oct 16 10:29:51 2023 -0400 add supported versions RFC exception for legacy client hello version commit 4026318 Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Fri Oct 13 11:37:45 2023 -0400 parse supported versions extension in getter commit 4ee56eb Author: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Fri Oct 13 10:17:13 2023 -0400 refactor supported versions process
aws · Oct 17, 2023 · 78bd1a7 · 78bd1a7
1 parent 18dd059
commit 78bd1a7
Show file tree

Hide file tree

Showing 5 changed files with 491 additions and 15 deletions.
diff --git a/tests/integrationv2/test_version_negotiation.py b/tests/integrationv2/test_version_negotiation.py
@@ -77,12 +77,12 @@ def test_s2nc_tls13_negotiates_tls12(managed_process, cipher, curve, certificate
 
     for results in server.get_results():
         results.assert_success()
+        # This check only cares about S2N. Trying to maintain expected output of other providers doesn't add benefit to
+        # whether the S2N client was able to negotiate a lower TLS version.
         if provider is S2N:
-            # The server is only TLS12, so it reads the version from the CLIENT_HELLO, which is never above TLS12
-            # This check only cares about S2N. Trying to maintain expected output of other providers doesn't
-            # add benefit to whether the S2N client was able to negotiate a lower TLS version.
+            # The client sends a TLS 1.3 client hello so a client protocol version of TLS 1.3 should always be expected.
             assert to_bytes("Client protocol version: {}".format(
-                actual_version)) in results.stdout
+                Protocols.TLS13.value)) in results.stdout
             assert to_bytes("Actual protocol version: {}".format(
                 actual_version)) in results.stdout