quic: disable X25519Kyber768Draft00 in tests
Enabling this bloats the TLS handshake so flights no longer
fit in a single datagram. Disable it in tests. Add a test
using the crypto/tls defaults, to ensure we do handshake
properly with them.
Fixes golang/go#67783
Change-Id: I521188e7b5a313e9289e726935e5b26994090b4a
Reviewed-on: https://go-review.googlesource.com/c/net/+/589855
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
diff --git a/quic/endpoint_test.go b/quic/endpoint_test.go
index d5f436e..3cba142 100644
--- a/quic/endpoint_test.go
+++ b/quic/endpoint_test.go
@@ -23,6 +23,12 @@
newLocalConnPair(t, &Config{}, &Config{})
}
+func TestConnectDefaultTLSConfig(t *testing.T) {
+ serverConfig := newTestTLSConfigWithMoreDefaults(serverSide)
+ clientConfig := newTestTLSConfigWithMoreDefaults(clientSide)
+ newLocalConnPair(t, &Config{TLSConfig: serverConfig}, &Config{TLSConfig: clientConfig})
+}
+
func TestStreamTransfer(t *testing.T) {
ctx := context.Background()
cli, srv := newLocalConnPair(t, &Config{}, &Config{})
diff --git a/quic/tlsconfig_test.go b/quic/tlsconfig_test.go
index 47bfb05..5ed9818 100644
--- a/quic/tlsconfig_test.go
+++ b/quic/tlsconfig_test.go
@@ -20,6 +20,13 @@
tls.TLS_CHACHA20_POLY1305_SHA256,
},
MinVersion: tls.VersionTLS13,
+ // Default key exchange mechanisms as of Go 1.23 minus X25519Kyber768Draft00,
+ // which bloats the client hello enough to spill into a second datagram.
+ // Tests were written with the assuption each flight in the handshake
+ // fits in one datagram, and it's simpler to keep that property.
+ CurvePreferences: []tls.CurveID{
+ tls.X25519, tls.CurveP256, tls.CurveP384, tls.CurveP521,
+ },
}
if side == serverSide {
config.Certificates = []tls.Certificate{testCert}
@@ -27,6 +34,18 @@
return config
}
+// newTestTLSConfigWithMoreDefaults returns a *tls.Config for testing
+// which behaves more like a default, empty config.
+//
+// In particular, it uses the default curve preferences, which can increase
+// the size of the handshake.
+func newTestTLSConfigWithMoreDefaults(side connSide) *tls.Config {
+ config := newTestTLSConfig(side)
+ config.CipherSuites = nil
+ config.CurvePreferences = nil
+ return config
+}
+
var testCert = func() tls.Certificate {
cert, err := tls.X509KeyPair(localhostCert, localhostKey)
if err != nil {