fix noencryption tests on platforms with tls1.3 (dotnet/corefx#37213)

* fix noencryption tests on platforms with tls1.3

* feedback from review

* fix platform detection

Commit migrated from https://github.com/dotnet/corefx/commit/5a36da2d2cc19718dfffc5f05ca42541f4d8d8c6

diff --git a/src/libraries/CoreFx.Private.TestUtilities/ref/CoreFx.Private.TestUtilities.cs b/src/libraries/CoreFx.Private.TestUtilities/ref/CoreFx.Private.TestUtilities.cs
index 00a65a93bfab4a2f32848e86b24e7341f50ab44e..ba807993d1fb05dbd7eaf565bd3fc6555877fb6f 100644 (file)
--- a/src/libraries/CoreFx.Private.TestUtilities/ref/CoreFx.Private.TestUtilities.cs
+++ b/src/libraries/CoreFx.Private.TestUtilities/ref/CoreFx.Private.TestUtilities.cs
@@ -130,6 +130,7 @@ namespace System
         public static bool SupportsAlpn { get { throw null; } }
         public static bool SupportsClientAlpn { get { throw null; } }
         public static bool SupportsSsl3 { get { throw null; } }
+        public static bool SupportsTls13 { get { throw null; } }
         public static bool TargetsNetFx452OrLower { get { throw null; } }
         public static int WindowsVersion { get { throw null; } }
         public static string GetDistroVersionString() { throw null; }

diff --git a/src/libraries/CoreFx.Private.TestUtilities/src/System/PlatformDetection.cs b/src/libraries/CoreFx.Private.TestUtilities/src/System/PlatformDetection.cs
index 3413e1497f80c0f22b42396468094a100bdef71d..087f5040fed82c5bf05072fb7be9636988182115 100644 (file)
--- a/src/libraries/CoreFx.Private.TestUtilities/src/System/PlatformDetection.cs
+++ b/src/libraries/CoreFx.Private.TestUtilities/src/System/PlatformDetection.cs
@@ -57,8 +57,9 @@ namespace System
         public static bool SupportsAlpn => (IsWindows && !IsWindows7) ||
             ((!IsOSX && !IsWindows) &&
             (OpenSslVersion.Major >= 1 && (OpenSslVersion.Minor >= 1 || OpenSslVersion.Build >= 2)));
-        public static bool SupportsClientAlpn => SupportsAlpn ||
-            (RuntimeInformation.IsOSPlatform(OSPlatform.OSX) && PlatformDetection.OSXVersion > new Version(10, 12));
+        public static bool SupportsClientAlpn => SupportsAlpn || (IsOSX && PlatformDetection.OSXVersion > new Version(10, 12));
+        // OpenSSL 1.1.1 and above.
+        public static bool SupportsTls13 => !IsWindows && !IsOSX && (OpenSslVersion.CompareTo(new Version(1,1,1)) >= 0);
 
         // Officially, .NET Native only supports processes running in an AppContainer. However, the majority of tests still work fine
         // in a normal Win32 process and we often do so as running in an AppContainer imposes a substantial tax in debuggability

diff --git a/src/libraries/System.Net.Security/tests/FunctionalTests/ServerAllowNoEncryptionTest.cs b/src/libraries/System.Net.Security/tests/FunctionalTests/ServerAllowNoEncryptionTest.cs
index 6a56af4d33453b4f8e9fd7952e32da45c78332cf..12918eaf9c2a492cdfef56dfed77b6029759af4b 100644 (file)
--- a/src/libraries/System.Net.Security/tests/FunctionalTests/ServerAllowNoEncryptionTest.cs
+++ b/src/libraries/System.Net.Security/tests/FunctionalTests/ServerAllowNoEncryptionTest.cs
@@ -83,7 +83,8 @@ namespace System.Net.Security.Tests
 
                 using (var sslStream = new SslStream(client.GetStream(), false, AllowAnyServerCertificate, null, EncryptionPolicy.NoEncryption))
                 {
-                    await sslStream.AuthenticateAsClientAsync("localhost", null, SslProtocolSupport.DefaultSslProtocols, false);
+                    // null encryption is not permitted with Tls13
+                    await sslStream.AuthenticateAsClientAsync("localhost", null, SslProtocols.Tls | SslProtocols.Tls11 |  SslProtocols.Tls12, false);
                     _log.WriteLine("Client authenticated to server({0}) with encryption cipher: {1} {2}-bit strength",
                         serverAllowNoEncryption.RemoteEndPoint, sslStream.CipherAlgorithm, sslStream.CipherStrength);
 

diff --git a/src/libraries/System.Net.Security/tests/FunctionalTests/ServerNoEncryptionTest.cs b/src/libraries/System.Net.Security/tests/FunctionalTests/ServerNoEncryptionTest.cs
index 00093db3414d4091f70135c3156b51e6dab647e8..c1a3ddb0bfcb28c30ad606a9795939313aa2e125 100644 (file)
--- a/src/libraries/System.Net.Security/tests/FunctionalTests/ServerNoEncryptionTest.cs
+++ b/src/libraries/System.Net.Security/tests/FunctionalTests/ServerNoEncryptionTest.cs
@@ -85,7 +85,8 @@ namespace System.Net.Security.Tests
                 {
                     if (SupportsNullEncryption)
                     {
-                        await sslStream.AuthenticateAsClientAsync("localhost", null, SslProtocolSupport.DefaultSslProtocols, false);
+                        // null encryption is not permitted with Tls13
+                        await sslStream.AuthenticateAsClientAsync("localhost", null, SslProtocols.Tls | SslProtocols.Tls11 |  SslProtocols.Tls12, false);
                         _log.WriteLine("Client authenticated to server({0}) with encryption cipher: {1} {2}-bit strength",
                             serverNoEncryption.RemoteEndPoint, sslStream.CipherAlgorithm, sslStream.CipherStrength);
 

diff --git a/src/libraries/System.Net.Security/tests/FunctionalTests/ServerRequireEncryptionTest.cs b/src/libraries/System.Net.Security/tests/FunctionalTests/ServerRequireEncryptionTest.cs
index b94314d871bb07f7492df3cce7ad32337e60b1cb..8d6c3ba0c56183b2fd2518dddea1a5a068a75493 100644 (file)
--- a/src/libraries/System.Net.Security/tests/FunctionalTests/ServerRequireEncryptionTest.cs
+++ b/src/libraries/System.Net.Security/tests/FunctionalTests/ServerRequireEncryptionTest.cs
@@ -83,7 +83,7 @@ namespace System.Net.Security.Tests
                 using (var sslStream = new SslStream(client.GetStream(), false, AllowAnyServerCertificate, null, EncryptionPolicy.NoEncryption))
                 {
                     await Assert.ThrowsAsync<IOException>(() =>
-                        sslStream.AuthenticateAsClientAsync("localhost", null, SslProtocolSupport.DefaultSslProtocols, false));
+                        sslStream.AuthenticateAsClientAsync("localhost", null, SslProtocols.Tls | SslProtocols.Tls11 |  SslProtocols.Tls12, false));
                 }
             }
         }

diff --git a/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamNegotiatedCipherSuiteTest.cs b/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamNegotiatedCipherSuiteTest.cs
index 18c77ff665dc83f27f1a03dce20fa66db0260b10..971fa026a1386571d3767ca6d137f6ad1395f422 100644 (file)
--- a/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamNegotiatedCipherSuiteTest.cs
+++ b/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamNegotiatedCipherSuiteTest.cs
@@ -28,7 +28,7 @@ namespace System.Net.Security.Tests
 
         private const SslProtocols NonTls13Protocols = AllProtocols & (~SslProtocols.Tls13);
 
-        private static bool IsKnownPlatformSupportingTls13 => PlatformDetection.IsUbuntu1810OrHigher;
+        private static bool IsKnownPlatformSupportingTls13 => PlatformDetection.SupportsTls13;
         private static bool CipherSuitesPolicySupported => s_cipherSuitePolicySupported.Value;
         private static bool Tls13Supported { get; set; } = IsKnownPlatformSupportingTls13 || ProtocolsSupported(SslProtocols.Tls13);
         private static bool CipherSuitesPolicyAndTls13Supported => Tls13Supported && CipherSuitesPolicySupported;