From f6cb3c63083ed210bfab76cebd250ee7a506bd94 Mon Sep 17 00:00:00 2001 From: Stefan Eissing Date: Thu, 1 Aug 2024 16:16:55 +0200 Subject: [PATCH] tests/http: configure test httpd to honor client cipher order Let the client, e.g. curl, influence the cipher selected in a TLS handshake. TLS backends have different preferences and honor that in httpd the same as Caddy does. Also makes for a more fair compare of different TLS backends. Closes #14338 --- tests/http/test_17_ssl_use.py | 4 ++-- tests/http/testenv/httpd.py | 8 +------- 2 files changed, 3 insertions(+), 9 deletions(-) diff --git a/tests/http/test_17_ssl_use.py b/tests/http/test_17_ssl_use.py index 813bcffd42..7ba5b29e41 100644 --- a/tests/http/test_17_ssl_use.py +++ b/tests/http/test_17_ssl_use.py @@ -176,11 +176,11 @@ class TestSSLUse: # test setting cipher suites, the AES 256 ciphers are disabled in the test server @pytest.mark.parametrize("ciphers, succeed", [ [[0x1301], True], - [[0x1302], False], + [[0x1302], True], [[0x1303], True], [[0x1302, 0x1303], True], [[0xC02B, 0xC02F], True], - [[0xC02C, 0xC030], False], + [[0xC02C, 0xC030], True], [[0xCCA9, 0xCCA8], True], [[0xC02C, 0xC030, 0xCCA9, 0xCCA8], True], ]) diff --git a/tests/http/testenv/httpd.py b/tests/http/testenv/httpd.py index 4771ea3606..c8331c8e6d 100644 --- a/tests/http/testenv/httpd.py +++ b/tests/http/testenv/httpd.py @@ -257,13 +257,7 @@ class Httpd: f'Listen {self.env.proxys_port}', f'TypesConfig "{self._conf_dir}/mime.types', f'SSLSessionCache "shmcb:ssl_gcache_data(32000)"', - (f'SSLCipherSuite SSL' - f' ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256' - f':ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305' - ), - (f'SSLCipherSuite TLSv1.3' - f' TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256' - ), + f'SSLHonorCipherOrder on', ] if 'base' in self._extra_configs: conf.extend(self._extra_configs['base']) -- 2.47.3