Make tests agnostic about TLS v1.x.

benchmark-base/src/main/java/org/conscrypt/ServerSocketBenchmark.java

@@ -16,7 +16,7 @@
 
 package org.conscrypt;
 
-import static org.conscrypt.TestUtils.getProtocols;
+import static org.conscrypt.TestUtils.getCommonProtocolSuites;
 import static org.conscrypt.TestUtils.newTextMessage;
 import static org.junit.Assert.assertEquals;
 
@@ -62,7 +62,7 @@ interface Config {
         final ChannelType channelType = config.channelType();
 
         server = config.serverFactory().newServer(
-            channelType, config.messageSize(), getProtocols(), ciphers(config));
+            channelType, config.messageSize(), getCommonProtocolSuites(), ciphers(config));
         server.setMessageProcessor(new MessageProcessor() {
             @Override
             public void processMessage(byte[] inMessage, int numBytes, OutputStream os) {
@@ -86,7 +86,7 @@ public void processMessage(byte[] inMessage, int numBytes, OutputStream os) {
 
         // Always use the same client for consistency across the benchmarks.
         client = config.clientFactory().newClient(
-                ChannelType.CHANNEL, server.port(), getProtocols(), ciphers(config));
+                ChannelType.CHANNEL, server.port(), getCommonProtocolSuites(), ciphers(config));
         client.start();
 
         // Wait for the initial connection to complete.

common/src/test/java/org/conscrypt/javax/net/ssl/SSLSocketTest.java

@@ -384,6 +384,8 @@ public void test_SSLSocket_setEnabledProtocols() throws Exception {
     public void test_SSLSocket_noncontiguousProtocols_useLower() throws Exception {
         TestSSLContext c = TestSSLContext.create();
         SSLContext clientContext = c.clientContext;
+        // Can't test fallback without at least 3 protocol versions enabled.
+        TestUtils.assumeTlsV11Enabled(clientContext);
         SSLSocket client = (SSLSocket)
                 clientContext.getSocketFactory().createSocket(c.host, c.port);
         client.setEnabledProtocols(new String[] {"TLSv1.3", "TLSv1.1"});
@@ -413,6 +415,8 @@ public void test_SSLSocket_noncontiguousProtocols_useLower() throws Exception {
     public void test_SSLSocket_noncontiguousProtocols_canNegotiate() throws Exception {
         TestSSLContext c = TestSSLContext.create();
         SSLContext clientContext = c.clientContext;
+        // Can't test fallback without at least 3 protocol versions enabled.
+        TestUtils.assumeTlsV11Enabled(clientContext);
         SSLSocket client = (SSLSocket)
                 clientContext.getSocketFactory().createSocket(c.host, c.port);
         client.setEnabledProtocols(new String[] {"TLSv1.3", "TLSv1.1"});
@@ -926,6 +930,8 @@ public void test_SSLSocket_sendsTlsFallbackScsv_Fallback_Success() throws Except
     @Test
     public void test_SSLSocket_sendsNoTlsFallbackScsv_Fallback_Success() throws Exception {
         TestSSLContext context = TestSSLContext.create();
+        // TLS_FALLBACK_SCSV is only applicable to TLS <= 1.2
+        TestUtils.assumeTlsV11Enabled(context.clientContext);
         final SSLSocket client = (SSLSocket) context.clientContext.getSocketFactory().createSocket(
                 context.host, context.port);
         final SSLSocket server = (SSLSocket) context.serverSocket.accept();
@@ -959,6 +965,8 @@ private static void assertInappropriateFallbackIsCause(Throwable cause) {
     public void test_SSLSocket_sendsTlsFallbackScsv_InappropriateFallback_Failure()
             throws Exception {
         TestSSLContext context = TestSSLContext.create();
+        // TLS_FALLBACK_SCSV is only applicable to TLS <= 1.2
+        TestUtils.assumeTlsV11Enabled(context.clientContext);
         final SSLSocket client = (SSLSocket) context.clientContext.getSocketFactory().createSocket(
                 context.host, context.port);
         final SSLSocket server = (SSLSocket) context.serverSocket.accept();

openjdk/src/test/java/org/conscrypt/ConscryptEngineTest.java

@@ -18,7 +18,7 @@
 
 import static org.conscrypt.TestUtils.getConscryptProvider;
 import static org.conscrypt.TestUtils.getJdkProvider;
-import static org.conscrypt.TestUtils.getProtocols;
+import static org.conscrypt.TestUtils.highestCommonProtocol;
 import static org.conscrypt.TestUtils.initSslContext;
 import static org.conscrypt.TestUtils.newTextMessage;
 import static org.junit.Assert.assertArrayEquals;
@@ -569,7 +569,7 @@ private static byte[] toArray(ByteBuffer buffer) {
 
     private static SSLContext newContext(Provider provider, TestKeyStore keyStore) {
         try {
-            SSLContext ctx = SSLContext.getInstance(getProtocols()[0], provider);
+            SSLContext ctx = SSLContext.getInstance(highestCommonProtocol(), provider);
             return initSslContext(ctx, keyStore);
         } catch (NoSuchAlgorithmException e) {
             throw new RuntimeException(e);

openjdk/src/test/java/org/conscrypt/ConscryptTest.java

@@ -17,18 +17,16 @@
 package org.conscrypt;
 
 import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertSame;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
 import java.security.Provider;
 import java.security.Security;
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Set;
 import javax.net.ssl.SSLContext;
+
+import org.conscrypt.java.security.StandardNames;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
@@ -52,69 +50,61 @@ public void testVersionIsSensible() {
     }
 
     @Test
-    public void testProviderBuilder() throws Exception {
-        Provider p = Conscrypt.newProviderBuilder()
-            .setName("test name")
-            .provideTrustManager(true)
-            .defaultTlsProtocol("TLSv1.2").build();
-
-        assertEquals("test name", p.getName());
-        assertTrue(p.containsKey("TrustManagerFactory.PKIX"));
+    public void buildTls12WithTrustManager() throws Exception {
+        buildProvider("TLSv1.2", true);
+    }
+    @Test
+    public void buildTls12WithoutTrustManager() throws Exception {
+        buildProvider("TLSv1.2", false);
+    }
 
-        try {
-            Security.insertProviderAt(p, 1);
+    @Test
+    public void buildTls13WithTrustManager() throws Exception {
+        buildProvider("TLSv1.3", true);
+    }
 
-            SSLContext context = SSLContext.getInstance("TLS");
-            context.init(null, null, null);
-            assertEquals(p, context.getProvider());
-            Set<String> expected = new HashSet<>(Arrays.asList("TLSv1.2", "TLSv1.1", "TLSv1"));
-            Set<String> found =
-                new HashSet<>(Arrays.asList(context.createSSLEngine().getEnabledProtocols()));
-            assertEquals(expected, found);
+    @Test
+    public void buildTls13WithoutTrustManager() throws Exception {
+        buildProvider("TLSv1.3", false);
+    }
 
-            context = SSLContext.getInstance("Default");
-            assertEquals(p, context.getProvider());
-            expected = new HashSet<>(Arrays.asList("TLSv1.2", "TLSv1.1", "TLSv1"));
-            found = new HashSet<>(Arrays.asList(context.createSSLEngine().getEnabledProtocols()));
-            assertEquals(expected, found);
-        } finally {
-            Security.removeProvider("test name");
+    @Test
+    public void buildInvalid() {
+        try {
+            Conscrypt.newProviderBuilder()
+                .defaultTlsProtocol("invalid").build();
+            fail();
+        } catch (IllegalArgumentException e) {
+            // Expected.
         }
+    }
+
+    private void buildProvider(String defaultProtocol, boolean withTrustManager) throws Exception {
+        Provider provider = Conscrypt.newProviderBuilder()
+            .setName("test name")
+            .provideTrustManager(withTrustManager)
+            .defaultTlsProtocol(defaultProtocol)
+            .build();
 
-        p = Conscrypt.newProviderBuilder()
-            .setName("test name 2")
-            .provideTrustManager(false)
-            .defaultTlsProtocol("TLSv1.3").build();
+        assertEquals("test name", provider.getName());
+        assertEquals(withTrustManager, provider.containsKey("TrustManagerFactory.PKIX"));
 
-        assertEquals("test name 2", p.getName());
-        assertFalse(p.containsKey("TrustManagerFactory.PKIX"));
-
         try {
-            Security.insertProviderAt(p, 1);
+            Security.insertProviderAt(provider, 1);
 
             SSLContext context = SSLContext.getInstance("TLS");
             context.init(null, null, null);
-            assertEquals(p, context.getProvider());
-            Set<String> expected =
-                new HashSet<>(Arrays.asList("TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1"));
-            Set<String> found =
-                new HashSet<>(Arrays.asList(context.createSSLEngine().getEnabledProtocols()));
-            assertEquals(expected, found);
+            assertEquals(provider, context.getProvider());
+            StandardNames.assertSSLContextEnabledProtocols(
+                defaultProtocol, context.createSSLEngine().getEnabledProtocols());
+
 
             context = SSLContext.getInstance("Default");
-            assertEquals(p, context.getProvider());
-            expected = new HashSet<>(Arrays.asList("TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1"));
-            found = new HashSet<>(Arrays.asList(context.createSSLEngine().getEnabledProtocols()));
-            assertEquals(expected, found);
+            assertEquals(provider, context.getProvider());
+            StandardNames.assertSSLContextEnabledProtocols(
+                defaultProtocol, context.createSSLEngine().getEnabledProtocols());
         } finally {
-            Security.removeProvider("test name 2");
-        }
-
-        try {
-            Conscrypt.newProviderBuilder()
-                .defaultTlsProtocol("invalid").build();
-            fail();
-        } catch (IllegalArgumentException expected) {
+            Security.removeProvider("test name");
         }
     }
 }

openjdk/src/test/java/org/conscrypt/MockSessionBuilder.java

@@ -77,7 +77,7 @@ NativeSslSession build() {
         when(session.getId()).thenReturn(id);
         when(session.isValid()).thenReturn(valid);
         when(session.isSingleUse()).thenReturn(singleUse);
-        when(session.getProtocol()).thenReturn(TestUtils.getProtocols()[0]);
+        when(session.getProtocol()).thenReturn(TestUtils.highestCommonProtocol());
         when(session.getPeerHost()).thenReturn(host);
         when(session.getPeerPort()).thenReturn(port);
         when(session.getCipherSuite()).thenReturn(cipherSuite);

openjdk/src/test/java/org/conscrypt/RenegotiationTest.java

@@ -144,7 +144,7 @@ private static final class Client {
                 Conscrypt.setUseEngineSocket(socketFactory, useEngineSocket);
                 socket = (SSLSocket) socketFactory.createSocket(
                         TestUtils.getLoopbackAddress(), port);
-                socket.setEnabledProtocols(TestUtils.getProtocols());
+                socket.setEnabledProtocols(TestUtils.getCommonProtocolSuites());
                 socket.setEnabledCipherSuites(TestUtils.getCommonCipherSuites());
             } catch (IOException e) {
                 throw new RuntimeException(e);
@@ -234,7 +234,7 @@ private static final class Server {
             serverChannel = ServerSocketChannel.open();
             serverChannel.socket().bind(new InetSocketAddress(TestUtils.getLoopbackAddress(), 0));
             engine = newJdkServerContext().createSSLEngine();
-            engine.setEnabledProtocols(TestUtils.getProtocols());
+            engine.setEnabledProtocols(TestUtils.getCommonProtocolSuites());
             engine.setEnabledCipherSuites(TestUtils.getCommonCipherSuites());
             engine.setUseClientMode(false);