To reliably trigger HRR we must use P-384 group

Otherwise with newer FIPS providers P-256 is the first group
supported.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24763)

(cherry picked from commit 0da6d328d5f6d0fe0aca47a94bb55a9f2ed0628b)

diff --git a/test/sslapitest.c b/test/sslapitest.c
index 171298bd5b30106f1d220b73e96181b997aa7c9e..97cf0f3ef092f67e939567aa8408aa79fe1f5b18 100644 (file)
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -3938,7 +3938,7 @@ static int early_data_skip_helper(int testtype, int cipher, int idx)
         if (!TEST_true(SSL_set1_groups_list(serverssl, "ffdhe3072")))
             goto end;
 #else
-        if (!TEST_true(SSL_set1_groups_list(serverssl, "P-256")))
+        if (!TEST_true(SSL_set1_groups_list(serverssl, "P-384")))
             goto end;
 #endif
     } else if (idx == 2) {
@@ -5553,7 +5553,7 @@ static int test_tls13_psk(int idx)
     if (!TEST_true(SSL_set1_groups_list(serverssl, "ffdhe3072")))
         goto end;
 #else
-    if (!TEST_true(SSL_set1_groups_list(serverssl, "P-256")))
+    if (!TEST_true(SSL_set1_groups_list(serverssl, "P-384")))
         goto end;
 #endif