Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

compat.sh doesn't run TLS 1.2 CCM tests against OpenSSL #9207

Open
gilles-peskine-arm opened this issue May 30, 2024 · 0 comments
Open

compat.sh doesn't run TLS 1.2 CCM tests against OpenSSL #9207

gilles-peskine-arm opened this issue May 30, 2024 · 0 comments
Labels
component-tls enhancement

Comments

@gilles-peskine-arm
Copy link
Contributor

compat.sh doesn't run any interoperability test against OpenSSL with a CCM cipher suite.

Observed in several ways, both in 2.28 and development (and very likely 3.6 as well, but I haven't checked):

  • Grab an outcome file from a nightly run and <outcomes.csv grep -E ';compat;(O->m|m->O)' | grep CCM — there are no hits, whereas there are hits for CBC and GCM.
  • Run tests/compat.sh -t tls12 (or dtls12) in the default configuration: there are m->m and G->m and m->G tests with CCM and CCM-8, but no m->O or O->m. There are m->O or O->m with other ciphers, but not CCM.

OpenSSL acquired CCM cipher suite support in version 1.1.0, so our default OpenSSL on the CI (the antique OpenSSL 1.0.2g) doesn't have it. But OPENSSL_NEXT (1.1.1a) does have it, so I would expect at least some CCM tests to run.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component-tls enhancement
Projects
Risks
Status: No status
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gilles-peskine-arm