diff options
author | Adam Vartanian <flooey@google.com> | 2018-08-16 15:49:37 +0100 |
---|---|---|
committer | android-build-prod (mdb) <android-build-team-robot@google.com> | 2021-05-04 23:25:47 +0000 |
commit | c321e1977a1359f4f34c9b9a084e863ca926be5c (patch) | |
tree | bf3b7813a2d39f4910218f5f6f770e9261644cf5 | |
parent | 6ae402aa03bbc08d5007bcd2c4fac05dc3da0092 (diff) | |
download | okhttp-c321e1977a1359f4f34c9b9a084e863ca926be5c.tar.gz |
[DO NOT MERGE] Update ConnectionSpecTest for cipher suite removal
Cherry-pick note:
Vendor is back-porting a later BoringSSL to Android 9 (in collaboration with Android Security and Privacy team) for certification purposes and so the cipher suite used in this test is removed as described below. Backporting this change will allow such devices to pass this test without affecting existing Android 9 devices.
NB this change explicitly *does not* cherry-pick the StandardNames change in the same topic as that would then cause tests to fail on Android 9 devices with the original BoringSSL. We will address those failures separately.
Original Change Description:
BoringSSL has removed support for some old cipher suites, swap uses of
them in tests for the related GCM cipher suites, which are still
supported.
Bug: 178993246
Test: cts -m CtsLibcoreTestCases
Test: cts -m CtsLibcoreOkHttpTestCases
Change-Id: I648b64dc77860bb758e09b6938d8f47a12c3a453
Merged-In: I648b64dc77860bb758e09b6938d8f47a12c3a453
(cherry picked from commit 68a1cc1e1f3a54fb47a0a5f99ceb35d6bfc480d3)
(cherry picked from commit 81c69c682727857791fee354a64cf37408c46aac)
-rw-r--r-- | okhttp-tests/src/test/java/com/squareup/okhttp/ConnectionSpecTest.java | 27 |
1 files changed, 18 insertions, 9 deletions
diff --git a/okhttp-tests/src/test/java/com/squareup/okhttp/ConnectionSpecTest.java b/okhttp-tests/src/test/java/com/squareup/okhttp/ConnectionSpecTest.java index 47eee24..2318a68 100644 --- a/okhttp-tests/src/test/java/com/squareup/okhttp/ConnectionSpecTest.java +++ b/okhttp-tests/src/test/java/com/squareup/okhttp/ConnectionSpecTest.java @@ -87,7 +87,8 @@ public final class ConnectionSpecTest { SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); socket.setEnabledCipherSuites(new String[] { CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA.javaName, - CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256.javaName, + // Android-changed: Replace removed CBC cipher with GCM version + CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256.javaName, }); socket.setEnabledProtocols(new String[] { TlsVersion.TLS_1_2.javaName, @@ -102,7 +103,8 @@ public final class ConnectionSpecTest { Set<String> expectedCipherSet = set( CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA.javaName, - CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256.javaName); + // Android-changed: Replace removed CBC cipher with GCM version + CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256.javaName); assertEquals(expectedCipherSet, expectedCipherSet); } @@ -115,7 +117,8 @@ public final class ConnectionSpecTest { SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); socket.setEnabledCipherSuites(new String[] { CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA.javaName, - CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256.javaName, + // Android-changed: Replace removed CBC cipher with GCM version + CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256.javaName, }); socket.setEnabledProtocols(new String[] { TlsVersion.TLS_1_2.javaName, @@ -130,7 +133,8 @@ public final class ConnectionSpecTest { Set<String> expectedCipherSet = set( CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA.javaName, - CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256.javaName); + // Android-changed: Replace removed CBC cipher with GCM version + CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256.javaName); if (Arrays.asList(socket.getSupportedCipherSuites()).contains("TLS_FALLBACK_SCSV")) { expectedCipherSet.add("TLS_FALLBACK_SCSV"); } @@ -147,7 +151,8 @@ public final class ConnectionSpecTest { SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); socket.setEnabledCipherSuites(new String[] { CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA.javaName, - CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256.javaName, + // Android-changed: Replace removed CBC cipher with GCM version + CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256.javaName, }); socket.setEnabledProtocols(new String[] { TlsVersion.TLS_1_2.javaName, @@ -189,13 +194,15 @@ public final class ConnectionSpecTest { }); socket.setEnabledCipherSuites(new String[] { - CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256.javaName, + // Android-changed: Replace removed CBC cipher with GCM version + CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256.javaName, CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA.javaName, }); assertTrue(tlsSpec.isCompatible(socket)); socket.setEnabledCipherSuites(new String[] { - CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256.javaName, + // Android-changed: Replace removed CBC cipher with GCM version + CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256.javaName, }); assertFalse(tlsSpec.isCompatible(socket)); } @@ -208,13 +215,15 @@ public final class ConnectionSpecTest { SSLSocket sslSocket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); sslSocket.setEnabledCipherSuites(new String[] { - CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256.javaName, + // Android-changed: Replace removed CBC cipher with GCM version + CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256.javaName, CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA.javaName, }); tlsSpec.apply(sslSocket, false); assertEquals(Arrays.asList( - CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256.javaName, + // Android-changed: Replace removed CBC cipher with GCM version + CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256.javaName, CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA.javaName), Arrays.asList(sslSocket.getEnabledCipherSuites())); } |