Skip to content

crypto/tls: re-enable two TLS tests with fips140tls.Required #70505

@cpu

Description

@cpu

Two small TODOs that came out of CR 629736:

  1. In handshake_server_test.go the "RSA" and "RSA with ec_point_format" subtests of TestTLSPointFormats are skipped when fips140tls.Requried() is enabled, otherwise a handshake failure error is observed. This should be debugged (I suspect I'm overlooking someting small) and the subtests re-enabled for FIPS TLS mode.

  2. The TestRenegotiationExtension test is skipped when fips140tls.Required() is enabled due to its use of RC4 ciphersuites and the RSA 1024 test certificate hiearchy. This should be possible to enable in FIPS TLS mode by replacing RC4 with an AES ciphersuite and using RSA 2048 test certs. Doing so was giving a "Server returned short message of length 7" error. This should be debugged and the test re-enabled for FIPS TLS mode.

Metadata

Metadata

Assignees

No one assigned

    Labels

    NeedsFixThe path to resolution is known, but the work has not been done.

    Type

    No type

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions