From: Tomas Weinfurt <tweinfurt@yahoo.com>
Date: Mon, 29 Apr 2019 16:41:33 +0000 (-0700)
Subject: fix noencryption tests on platforms with tls1.3 (dotnet/corefx#37213)
X-Git-Tag: submit/tizen/20210909.063632~11031^2~1751
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=025a0353d75c7466b5b574e2d5153293bba33be6;p=platform%2Fupstream%2Fdotnet%2Fruntime.git

fix noencryption tests on platforms with tls1.3 (dotnet/corefx#37213)

* fix noencryption tests on platforms with tls1.3

* feedback from review

* fix platform detection


Commit migrated from https://github.com/dotnet/corefx/commit/5a36da2d2cc19718dfffc5f05ca42541f4d8d8c6
---

diff --git a/src/libraries/CoreFx.Private.TestUtilities/ref/CoreFx.Private.TestUtilities.cs b/src/libraries/CoreFx.Private.TestUtilities/ref/CoreFx.Private.TestUtilities.cs
index 00a65a93bfa..ba807993d1f 100644
--- a/src/libraries/CoreFx.Private.TestUtilities/ref/CoreFx.Private.TestUtilities.cs
+++ b/src/libraries/CoreFx.Private.TestUtilities/ref/CoreFx.Private.TestUtilities.cs
@@ -130,6 +130,7 @@ namespace System
         public static bool SupportsAlpn { get { throw null; } }
         public static bool SupportsClientAlpn { get { throw null; } }
         public static bool SupportsSsl3 { get { throw null; } }
+        public static bool SupportsTls13 { get { throw null; } }
         public static bool TargetsNetFx452OrLower { get { throw null; } }
         public static int WindowsVersion { get { throw null; } }
         public static string GetDistroVersionString() { throw null; }
diff --git a/src/libraries/CoreFx.Private.TestUtilities/src/System/PlatformDetection.cs b/src/libraries/CoreFx.Private.TestUtilities/src/System/PlatformDetection.cs
index 3413e1497f8..087f5040fed 100644
--- a/src/libraries/CoreFx.Private.TestUtilities/src/System/PlatformDetection.cs
+++ b/src/libraries/CoreFx.Private.TestUtilities/src/System/PlatformDetection.cs
@@ -57,8 +57,9 @@ namespace System
         public static bool SupportsAlpn => (IsWindows && !IsWindows7) ||
             ((!IsOSX && !IsWindows) &&
             (OpenSslVersion.Major >= 1 && (OpenSslVersion.Minor >= 1 || OpenSslVersion.Build >= 2)));
-        public static bool SupportsClientAlpn => SupportsAlpn ||
-            (RuntimeInformation.IsOSPlatform(OSPlatform.OSX) && PlatformDetection.OSXVersion > new Version(10, 12));
+        public static bool SupportsClientAlpn => SupportsAlpn || (IsOSX && PlatformDetection.OSXVersion > new Version(10, 12));
+        // OpenSSL 1.1.1 and above.
+        public static bool SupportsTls13 => !IsWindows && !IsOSX && (OpenSslVersion.CompareTo(new Version(1,1,1)) >= 0);
 
         // Officially, .NET Native only supports processes running in an AppContainer. However, the majority of tests still work fine
         // in a normal Win32 process and we often do so as running in an AppContainer imposes a substantial tax in debuggability
diff --git a/src/libraries/System.Net.Security/tests/FunctionalTests/ServerAllowNoEncryptionTest.cs b/src/libraries/System.Net.Security/tests/FunctionalTests/ServerAllowNoEncryptionTest.cs
index 6a56af4d334..12918eaf9c2 100644
--- a/src/libraries/System.Net.Security/tests/FunctionalTests/ServerAllowNoEncryptionTest.cs
+++ b/src/libraries/System.Net.Security/tests/FunctionalTests/ServerAllowNoEncryptionTest.cs
@@ -83,7 +83,8 @@ namespace System.Net.Security.Tests
 
                 using (var sslStream = new SslStream(client.GetStream(), false, AllowAnyServerCertificate, null, EncryptionPolicy.NoEncryption))
                 {
-                    await sslStream.AuthenticateAsClientAsync("localhost", null, SslProtocolSupport.DefaultSslProtocols, false);
+                    // null encryption is not permitted with Tls13
+                    await sslStream.AuthenticateAsClientAsync("localhost", null, SslProtocols.Tls | SslProtocols.Tls11 |  SslProtocols.Tls12, false);
                     _log.WriteLine("Client authenticated to server({0}) with encryption cipher: {1} {2}-bit strength",
                         serverAllowNoEncryption.RemoteEndPoint, sslStream.CipherAlgorithm, sslStream.CipherStrength);
 
diff --git a/src/libraries/System.Net.Security/tests/FunctionalTests/ServerNoEncryptionTest.cs b/src/libraries/System.Net.Security/tests/FunctionalTests/ServerNoEncryptionTest.cs
index 00093db3414..c1a3ddb0bfc 100644
--- a/src/libraries/System.Net.Security/tests/FunctionalTests/ServerNoEncryptionTest.cs
+++ b/src/libraries/System.Net.Security/tests/FunctionalTests/ServerNoEncryptionTest.cs
@@ -85,7 +85,8 @@ namespace System.Net.Security.Tests
                 {
                     if (SupportsNullEncryption)
                     {
-                        await sslStream.AuthenticateAsClientAsync("localhost", null, SslProtocolSupport.DefaultSslProtocols, false);
+                        // null encryption is not permitted with Tls13
+                        await sslStream.AuthenticateAsClientAsync("localhost", null, SslProtocols.Tls | SslProtocols.Tls11 |  SslProtocols.Tls12, false);
                         _log.WriteLine("Client authenticated to server({0}) with encryption cipher: {1} {2}-bit strength",
                             serverNoEncryption.RemoteEndPoint, sslStream.CipherAlgorithm, sslStream.CipherStrength);
 
diff --git a/src/libraries/System.Net.Security/tests/FunctionalTests/ServerRequireEncryptionTest.cs b/src/libraries/System.Net.Security/tests/FunctionalTests/ServerRequireEncryptionTest.cs
index b94314d871b..8d6c3ba0c56 100644
--- a/src/libraries/System.Net.Security/tests/FunctionalTests/ServerRequireEncryptionTest.cs
+++ b/src/libraries/System.Net.Security/tests/FunctionalTests/ServerRequireEncryptionTest.cs
@@ -83,7 +83,7 @@ namespace System.Net.Security.Tests
                 using (var sslStream = new SslStream(client.GetStream(), false, AllowAnyServerCertificate, null, EncryptionPolicy.NoEncryption))
                 {
                     await Assert.ThrowsAsync<IOException>(() =>
-                        sslStream.AuthenticateAsClientAsync("localhost", null, SslProtocolSupport.DefaultSslProtocols, false));
+                        sslStream.AuthenticateAsClientAsync("localhost", null, SslProtocols.Tls | SslProtocols.Tls11 |  SslProtocols.Tls12, false));
                 }
             }
         }
diff --git a/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamNegotiatedCipherSuiteTest.cs b/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamNegotiatedCipherSuiteTest.cs
index 18c77ff665d..971fa026a13 100644
--- a/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamNegotiatedCipherSuiteTest.cs
+++ b/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamNegotiatedCipherSuiteTest.cs
@@ -28,7 +28,7 @@ namespace System.Net.Security.Tests
 
         private const SslProtocols NonTls13Protocols = AllProtocols & (~SslProtocols.Tls13);
 
-        private static bool IsKnownPlatformSupportingTls13 => PlatformDetection.IsUbuntu1810OrHigher;
+        private static bool IsKnownPlatformSupportingTls13 => PlatformDetection.SupportsTls13;
         private static bool CipherSuitesPolicySupported => s_cipherSuitePolicySupported.Value;
         private static bool Tls13Supported { get; set; } = IsKnownPlatformSupportingTls13 || ProtocolsSupported(SslProtocols.Tls13);
         private static bool CipherSuitesPolicyAndTls13Supported => Tls13Supported && CipherSuitesPolicySupported;