mirror of
https://github.com/refraction-networking/utls.git
synced 2025-04-01 19:17:36 +03:00
Fork of the Go standard TLS library, providing low-level access to the ClientHello for mimicry purposes.
anticensorshipcipher-suitesclienthellocryptogolanghandshakelow-level-tlsobfuscationparrottlstls-extension
4cb059fbbf
For tests that are interested in testing the difference between TLS in FIPS 140-3 required mode or otherwise two new helpers are introduced, runWithFIPSEnabled and runWithFIPSDisabled. They take care of forcing the correct TLS FIPS 140-3 state regardless of the overal GODEBUG=fips state, and restoring it afterwards. For the tests that use features or test data not appropriate for TLS in FIPS 140-3 required mode we add skips. For some tests we can make them appropriate for both TLS FIPS 140-3 required or not by tweaking some parameters that weren't important to the subject under test, but would otherwise preclude TLS FIPS 140-3 required mode (e.g. because they used TLS 1.0 when the test could use TLS 1.2 instead). For others, switching test certificates to a RSA 2048 hierarchy is sufficient. We avoid regenerating the existing RSA 1024 certs as 2048 since it would invalidate recorded static flow data. Tests that rely on static message flows (primarily the client and server handshake) tests are skipped due to FIPS mode being non-deterministic and inappropriate for this style of testing. Change-Id: I311f3828dac890bb3ff8ebda6ed73d50f0797110 Reviewed-on: https://go-review.googlesource.com/c/go/+/629736 Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> |
||
|---|---|---|
| fipsonly | ||
| internal/fips140tls | ||
| testdata | ||
| alert.go | ||
| auth.go | ||
| auth_test.go | ||
| bogo_config.json | ||
| bogo_shim_test.go | ||
| cache.go | ||
| cache_test.go | ||
| cipher_suites.go | ||
| common.go | ||
| common_string.go | ||
| conn.go | ||
| conn_test.go | ||
| defaults.go | ||
| ech.go | ||
| ech_test.go | ||
| example_test.go | ||
| fips_test.go | ||
| generate_cert.go | ||
| handshake_client.go | ||
| handshake_client_test.go | ||
| handshake_client_tls13.go | ||
| handshake_messages.go | ||
| handshake_messages_test.go | ||
| handshake_server.go | ||
| handshake_server_test.go | ||
| handshake_server_tls13.go | ||
| handshake_test.go | ||
| handshake_unix_test.go | ||
| key_agreement.go | ||
| key_schedule.go | ||
| key_schedule_test.go | ||
| link_test.go | ||
| prf.go | ||
| prf_test.go | ||
| quic.go | ||
| quic_test.go | ||
| ticket.go | ||
| ticket_test.go | ||
| tls.go | ||
| tls_test.go | ||