From 72ae26dae8f85784d231af60a3a7ca60a11cb040 Mon Sep 17 00:00:00 2001
From: toidiu <apoorv@toidiu.com>
Date: Wed, 20 Nov 2024 22:05:03 -0800
Subject: [PATCH] test: pin optional client auth test to a TLS 1.2 policy
 (#4914)

---
 tests/unit/s2n_optional_client_auth_test.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/tests/unit/s2n_optional_client_auth_test.c b/tests/unit/s2n_optional_client_auth_test.c
index 9a0f664c8a3..01ae317301a 100644
--- a/tests/unit/s2n_optional_client_auth_test.c
+++ b/tests/unit/s2n_optional_client_auth_test.c
@@ -35,7 +35,6 @@ int main(int argc, char **argv)
     struct s2n_cert_chain_and_key *chain_and_key = NULL;
 
     BEGIN_TEST();
-    EXPECT_SUCCESS(s2n_disable_tls13_in_test());
 
     EXPECT_NOT_NULL(cert_chain_pem = malloc(S2N_MAX_TEST_PEM_SIZE));
     EXPECT_NOT_NULL(private_key_pem = malloc(S2N_MAX_TEST_PEM_SIZE));
@@ -43,6 +42,7 @@ int main(int argc, char **argv)
 
     /* Setup baseline server config and certs. */
     EXPECT_NOT_NULL(server_config = s2n_config_new());
+    EXPECT_SUCCESS(s2n_config_set_cipher_preferences(server_config, "20240501"));
     EXPECT_SUCCESS(s2n_read_test_pem(S2N_DEFAULT_TEST_CERT_CHAIN, cert_chain_pem, S2N_MAX_TEST_PEM_SIZE));
     EXPECT_SUCCESS(s2n_read_test_pem(S2N_DEFAULT_TEST_PRIVATE_KEY, private_key_pem, S2N_MAX_TEST_PEM_SIZE));
     EXPECT_SUCCESS(s2n_read_test_pem(S2N_DEFAULT_TEST_DHPARAMS, dhparams_pem, S2N_MAX_TEST_PEM_SIZE));
@@ -65,6 +65,7 @@ int main(int argc, char **argv)
      */
 
     EXPECT_NOT_NULL(client_config = s2n_config_new());
+    EXPECT_SUCCESS(s2n_config_set_cipher_preferences(client_config, "20240501"));
     EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(client_config, chain_and_key));
     EXPECT_SUCCESS(s2n_config_disable_x509_verification(client_config));
     EXPECT_SUCCESS(s2n_config_set_client_auth_type(client_config, S2N_CERT_AUTH_OPTIONAL));
@@ -129,6 +130,7 @@ int main(int argc, char **argv)
      */
 
     EXPECT_NOT_NULL(client_config = s2n_config_new());
+    EXPECT_SUCCESS(s2n_config_set_cipher_preferences(client_config, "20240501"));
     EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(client_config, chain_and_key));
     EXPECT_SUCCESS(s2n_config_disable_x509_verification(client_config));
     EXPECT_SUCCESS(s2n_config_set_client_auth_type(client_config, S2N_CERT_AUTH_OPTIONAL));
@@ -193,6 +195,7 @@ int main(int argc, char **argv)
      */
 
     EXPECT_NOT_NULL(client_config = s2n_config_new());
+    EXPECT_SUCCESS(s2n_config_set_cipher_preferences(client_config, "20240501"));
     EXPECT_SUCCESS(s2n_config_disable_x509_verification(client_config));
     EXPECT_SUCCESS(s2n_config_set_client_auth_type(client_config, S2N_CERT_AUTH_OPTIONAL));
 
@@ -256,6 +259,7 @@ int main(int argc, char **argv)
      */
 
     EXPECT_NOT_NULL(client_config = s2n_config_new());
+    EXPECT_SUCCESS(s2n_config_set_cipher_preferences(client_config, "20240501"));
     EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(client_config, chain_and_key));
     EXPECT_SUCCESS(s2n_config_disable_x509_verification(client_config));
     EXPECT_SUCCESS(s2n_config_set_client_auth_type(client_config, S2N_CERT_AUTH_REQUIRED));
@@ -326,6 +330,7 @@ int main(int argc, char **argv)
      */
 
     EXPECT_NOT_NULL(client_config = s2n_config_new());
+    EXPECT_SUCCESS(s2n_config_set_cipher_preferences(client_config, "20240501"));
     EXPECT_SUCCESS(s2n_config_disable_x509_verification(client_config));
     EXPECT_SUCCESS(s2n_config_set_client_auth_type(client_config, S2N_CERT_AUTH_REQUIRED));
 
@@ -397,6 +402,7 @@ int main(int argc, char **argv)
      */
 
     EXPECT_NOT_NULL(client_config = s2n_config_new());
+    EXPECT_SUCCESS(s2n_config_set_cipher_preferences(client_config, "20240501"));
     EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(client_config, chain_and_key));
     EXPECT_SUCCESS(s2n_config_disable_x509_verification(client_config));
     EXPECT_SUCCESS(s2n_config_set_client_auth_type(client_config, S2N_CERT_AUTH_OPTIONAL));
@@ -404,6 +410,7 @@ int main(int argc, char **argv)
     /* Server requires optional client auth but will reject the client cert. We need to reset the config, to turn validation back on*/
     EXPECT_SUCCESS(s2n_config_free(server_config));
     EXPECT_NOT_NULL(server_config = s2n_config_new());
+    EXPECT_SUCCESS(s2n_config_set_cipher_preferences(server_config, "20240501"));
     EXPECT_SUCCESS(s2n_read_test_pem(S2N_DEFAULT_TEST_DHPARAMS, dhparams_pem, S2N_MAX_TEST_PEM_SIZE));
     EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(server_config, chain_and_key));
     EXPECT_SUCCESS(s2n_config_add_dhparams(server_config, dhparams_pem));