handshake , S2nTls , S2nTls , π₯³
handshake , S2nTls , Rustls , π₯³
handshake , S2nTls , Java , π₯³
handshake , S2nTls , Go , π₯³
handshake , OpenSSL , S2nTls , π₯³
handshake , OpenSSL , Rustls , π₯³
handshake , OpenSSL , Java , π₯³
handshake , OpenSSL , Go , π₯³
greeting , S2nTls , S2nTls , π₯³
greeting , S2nTls , Rustls , π₯³
greeting , S2nTls , Java , π₯³
greeting , S2nTls , Go , π₯³
greeting , OpenSSL , S2nTls , π₯³
greeting , OpenSSL , Rustls , π₯³
greeting , OpenSSL , Java , π₯³
greeting , OpenSSL , Go , π₯³
large_data_download , S2nTls , S2nTls , π₯³
large_data_download , S2nTls , Rustls , π₯³
large_data_download , S2nTls , Java , π
large_data_download , S2nTls , Go , π₯³
large_data_download , OpenSSL , S2nTls , π₯³
large_data_download , OpenSSL , Rustls , π₯³
large_data_download , OpenSSL , Java , π
large_data_download , OpenSSL , Go , π₯³
large_data_download_with_frequent_key_updates, S2nTls , S2nTls , π₯³
large_data_download_with_frequent_key_updates, S2nTls , Rustls , π₯³
large_data_download_with_frequent_key_updates, S2nTls , Java , π₯³
large_data_download_with_frequent_key_updates, S2nTls , Go , π₯³
large_data_download_with_frequent_key_updates, OpenSSL , S2nTls , π₯³
large_data_download_with_frequent_key_updates, OpenSSL , Rustls , π₯³
large_data_download_with_frequent_key_updates, OpenSSL , Java , π₯³
large_data_download_with_frequent_key_updates, OpenSSL , Go , π₯³
mtls_request_response , S2nTls , S2nTls , π₯³
mtls_request_response , S2nTls , Rustls , π₯³
mtls_request_response , S2nTls , Java , π§
mtls_request_response , S2nTls , Go , π₯³
mtls_request_response , OpenSSL , S2nTls , π₯³
mtls_request_response , OpenSSL , Rustls , π₯³
mtls_request_response , OpenSSL , Java , π§
mtls_request_response , OpenSSL , Go , π₯³
π₯³ -> success π -> unimplemented π§ -> unimplemented
$ java --version
openjdk 21.0.2 2024-01-16 LTS
OpenJDK Runtime Environment Corretto-21.0.2.14.1 (build 21.0.2+14-LTS)
OpenJDK 64-Bit Server VM Corretto-21.0.2.14.1 (build 21.0.2+14-LTS, mixed mode, sharing)
$ go version
go version go1.22.2 linux/arm64
Java failures are expected, due to https://bugs.openjdk.org/browse/JDK-8329548
# build the rust (binding) clients (s2n-tls, rustls, openssl)
cargo build --manifest-path tls-shim/Cargo.toml --release
# build the java client
javac java/SSLSocketClient.java
# build the go client
cd go/
go build client.go
cd ..
cd common/
cargo run --bin runner
The goal of the tests in this category is to test interoperability with other TLS implementations.
The interop tests are largely inspired by the work done with the Quic Interop Runner. Client and Server implementations are invoked with the name of the scenario under test, and then execute the scenario-specific logic. Clients and Servers communicate with each other in a "request/response" pattern.
The only available client implementations are
- s2n-tls
- rustls
- java
And the only server implementation is
- s2n-tls
The interop runner defines a number of test cases. Binaries are invoked with the following arguments
client_binary $TEST_CASE $SERVER_PORT
server_binary $TEST_CASE $SERVER_PORT
All tests currently use TLS 1.3. Acceptable cipher suites/groups are not specified
- Handshake (
handshake
)- handshake
- client initiates graceful TLS closure
- Greeting (
greeting
)- handshake
- client sends
i am the client. nice to meet you server.
- server responds
i am the server. a pleasure to make your acquaintance.
- client initiates graceful TLS closure
- Large Data Download (
large_data_download
):- handshake
- client sends
i am the client. nice to meet you server.
- server responds with 256 Gb of data. This number is chosen to be higher than the default key update limits that most implementations have set
- The first byte of each Mb (1,000,000 bytes) is equal to the "Gb's sent". So the first 1,000 Mb have
payload[0] = 0
. The next 1,000 Mb havepayload[0] = 1
, and so on.
- The first byte of each Mb (1,000,000 bytes) is equal to the "Gb's sent". So the first 1,000 Mb have
- client initiates graceful TLS closure
- Large Data Download with Frequent Key Updates (
large_data_download_with_frequent_key_updates
):- handshake
- client sends
i am the client. nice to meet you server.
- server responds with 256 Gb of data, identical to the data sent in the
Large Data Download
trial. - server updates it's send key every Gb. This is not a precisely monitored number, but servers should send ~256 Key Updates over the course of this scenario
- client initiates graceful TLS closure
The "Large Data Download" cases are motivated by JDK behavior: https://bugs.openjdk.org/browse/JDK-8329548. As of 2024-04-16 the JDK will send a KeyUpdate message for each TLS record that it receives past it's CipherLimit (137 Gb). Typical server implementations won't stop to read those messages until they are finished sending data. This results in a huge number of KeyUpdates exhausting the TCP flow control window, deadlocking the connection and causing the Large Data Download tests to time out and fail. If the server sends a key update before the JDK requests them this behavior can be avoided, so the Large Data Download With Frequent Key Updates
scenario is expected to pass.
- Server Initiated Close
- Half Close
- Resumption
- example incompatibility: aws/s2n-tls#4124
- Early Data
- OOB PSK
- Client Hello Retry
- example incompatibility: rustls/rustls#1373
- Small TCP Packet
Test certificates are available in interop/certificates. Clients should trust ca-certificate.pem
, and servers should send the full server-chain.pem
.