crypto/tls: TestBoringClientHello failure
derekparker opened this issue · comments
Derek Parker commented
Testing the latest commit on master I'm now seeing the following failure:
--- FAIL: TestBoringClientHello (0.00s)
boring_test.go:292: client offered disallowed suite 0x1303
FAIL
FAIL crypto/tls 2.827s
Derek Parker commented
I believe this is because we've started enabling TLS 1.3, the disallowed suite causing the test to fail is TLS_CHACHA20_POLY1305_SHA256
.
cc @ueno
Derek Parker commented
Daiki Ueno commented
Hmm, that's strange, as we exclude TLS_CHACHA20_POLY1305_SHA256
here and here. I've tried to reproduce with the following, but couldn't.
$ fips-mode-setup --check
FIPS mode is enabled.
$ cd go
# apply patches
$ cd src
$ ./make.bash
$ cd ..
$ export GOROOT=$PWD
$ export PATH="$GOROOT/bin:$PATH"
$ cd src/crypto/tls
$ GOLANG_FIPS=1 go test -v -run "Boring"
=== RUN TestBoringClientHello
--- PASS: TestBoringClientHello (0.00s)
Derek Parker commented
@ueno run it without GOLANG_FIPS=1
and it should fail.
David Benoit commented
Fixed by #54