[TLS, V3] Have TLS Minimum Version Tests #26308
Assignees
Labels
Comments
mgattozzi
added a commit
that referenced
this issue
Apr 24, 2025
This is a follow on to #26307. In this commit we add a test where we check that connections only pass if TLS is set to v1.3. The default is 1.2 and other tests connect with that just fine. In this test we spin up a server using only v1.3 as the minimum and try to connect with v1.2 which we expect to fail and then v1.3 which should pass. Closes #26308
hiltontj
pushed a commit
that referenced
this issue
May 2, 2025
* feat: Add a negative cert test This adds a test that will panic on server startup because connections to said server are invalid. We add a bad expired cert to our cert generation for usage in our tests. Note that this test is only really valid if other tests pass as it depends on waiting for the server start checks to fail. If other tests run then their server started fine and so did this one, the only difference being that connections will error due to a bad tls cert. Closes #26256 * feat: Add minimum TLS version test This is a follow on to #26307. In this commit we add a test where we check that connections only pass if TLS is set to v1.3. The default is 1.2 and other tests connect with that just fine. In this test we spin up a server using only v1.3 as the minimum and try to connect with v1.2 which we expect to fail and then v1.3 which should pass. Closes #26308
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is a follow up to #26307.
We should add automated tests for TLS that make sure that if we set TLS 1.3 as the minimum that TLS 1.2 connections will be refused. We can use the min and max versions with reqwest to make those connections. Currently all of our tests are set to use TLS 1.2 as the minimum version so we only need to test that TLS 1.2 fails on a 1.3 only setting.
The text was updated successfully, but these errors were encountered: