Skip to content

Commit 299c55e

Browse files
cconloncconlon
committed
Testing: fix WolfSSLEngineTest TLS 1.3/DTLS 1.3 cipher selection after wolfSSL d088fee72
1 parent e43f9ef commit 299c55e

1 file changed

Lines changed: 23 additions & 10 deletions

File tree

src/test/com/wolfssl/provider/jsse/test/WolfSSLEngineTest.java

Lines changed: 23 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -280,22 +280,35 @@ private void testCipherConnectionByProtocol(String protocol)
280280
fail("no certs available from server SSLEngine.getSession()");
281281
}
282282
else {
283-
certType = ((X509Certificate)certs[0]).getSigAlgName();
284-
if (certType.contains("RSA")) {
285-
/* use a ECDHE-RSA suite if available */
283+
/* For (D)TLS 1.3, pick the first available cipher. */
284+
if (protocol.equals("TLSv1.3") || protocol.equals("DTLSv1.3")) {
286285
for (String x : ciphers) {
287-
if (x.contains("ECDHE_RSA")) {
286+
if (x.startsWith("TLS_AES_") ||
287+
x.startsWith("TLS_CHACHA20_")) {
288288
cipher = x;
289289
break;
290290
}
291291
}
292292
}
293-
if (certType.contains("ECDSA")) {
294-
/* use a ECDHE-RSA suite if available */
295-
for (String x : ciphers) {
296-
if (x.contains("ECDHE_ECDSA")) {
297-
cipher = x;
298-
break;
293+
else {
294+
/* TLS 1.2 and below: select cipher based on cert type */
295+
certType = ((X509Certificate)certs[0]).getSigAlgName();
296+
if (certType.contains("RSA")) {
297+
/* use a ECDHE-RSA suite if available */
298+
for (String x : ciphers) {
299+
if (x.contains("ECDHE_RSA")) {
300+
cipher = x;
301+
break;
302+
}
303+
}
304+
}
305+
if (certType.contains("ECDSA")) {
306+
/* use a ECDHE-ECDSA suite if available */
307+
for (String x : ciphers) {
308+
if (x.contains("ECDHE_ECDSA")) {
309+
cipher = x;
310+
break;
311+
}
299312
}
300313
}
301314
}

0 commit comments

Comments
 (0)