{"for TLS 1.2 (RFC5246) support", test_tls1_2, "yes", "no", "dunno"},
{"fallback from TLS 1.6 to", test_tls1_6_fallback, NULL,
"failed (server requires fallback dance)", "dunno"},
+ {"for RFC7507 inappropriate fallback", test_rfc7507, "yes", "no", "dunno"},
{"for HTTPS server name", test_server, NULL, "failed", "not checked", 1},
{"for certificate information", test_certificate, NULL, "", ""},
{"for certificate chain order", test_chain_order, "sorted", "unsorted", "unknown"},
return ret;
}
+test_code_t test_rfc7507(gnutls_session_t session)
+{
+ int ret;
+ const char *pstr = NULL;
+
+ if (tls1_2_ok && tls1_1_ok)
+ pstr = "-VERS-TLS-ALL:+VERS-TLS1.1:%FALLBACK_SCSV";
+ else if (tls1_1_ok && tls1_ok)
+ pstr = "-VERS-TLS-ALL:+VERS-TLS1.0:%FALLBACK_SCSV";
+ else if (tls1_ok && ssl3_ok)
+ pstr = "-VERS-TLS-ALL:+VERS-SSL3:%FALLBACK_SCSV";
+ else
+ return TEST_IGNORE;
+
+ sprintf(prio_str, INIT_STR
+ ALL_CIPHERS ":" ALL_COMP ":%s:" ALL_MACS
+ ":"ALL_KX":%s", pstr, rest);
+ _gnutls_priority_set_direct(session, prio_str);
+
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+
+ ret = do_handshake(session);
+ if (ret < 0)
+ return TEST_IGNORE;
+
+ if (handshake_output < 0)
+ return TEST_SUCCEED;
+
+ return TEST_FAILED;
+}
+
test_code_t test_safe_renegotiation(gnutls_session_t session)
{
test_code_t test_no_extensions(gnutls_session_t state);
test_code_t test_heartbeat_extension(gnutls_session_t state);
test_code_t test_small_records(gnutls_session_t state);
+test_code_t test_rfc7507(gnutls_session_t state);
test_code_t test_dhe(gnutls_session_t state);
test_code_t test_dhe_group(gnutls_session_t state);
test_code_t test_ssl3(gnutls_session_t state);