Allow TLS 1.2 servers to report client versions from the supported ve…

…rsions extension (#4249)
aws · Oct 24, 2023 · e9d48da · e9d48da
1 parent e4f5bf6
commit e9d48da
Show file tree

Hide file tree

Showing 5 changed files with 489 additions and 15 deletions.
diff --git a/tests/integrationv2/test_version_negotiation.py b/tests/integrationv2/test_version_negotiation.py
@@ -77,12 +77,12 @@ def test_s2nc_tls13_negotiates_tls12(managed_process, cipher, curve, certificate
 
     for results in server.get_results():
         results.assert_success()
+        # This check only cares about S2N. Trying to maintain expected output of other providers doesn't add benefit to
+        # whether the S2N client was able to negotiate a lower TLS version.
         if provider is S2N:
-            # The server is only TLS12, so it reads the version from the CLIENT_HELLO, which is never above TLS12
-            # This check only cares about S2N. Trying to maintain expected output of other providers doesn't
-            # add benefit to whether the S2N client was able to negotiate a lower TLS version.
+            # The client sends a TLS 1.3 client hello so a client protocol version of TLS 1.3 should always be expected.
             assert to_bytes("Client protocol version: {}".format(
-                actual_version)) in results.stdout
+                Protocols.TLS13.value)) in results.stdout
             assert to_bytes("Actual protocol version: {}".format(
                 actual_version)) in results.stdout