From ee1be2db0a4255a2ead43712570eb70f4cf8d326 Mon Sep 17 00:00:00 2001 From: Michael Dawson Date: Sat, 14 Sep 2024 09:25:24 -0400 Subject: [PATCH] test: fix test test-tls-dhe for OpenSSL32 Refs: /~https://github.com/nodejs/node/issues/53382 - OpenSSL32 has a minimum dh key size by 2048 by default. - Adjust test to use larger 3072 key instead of 1024 when OpenSSL32 is present. Signed-off-by: Michael Dawson PR-URL: /~https://github.com/nodejs/node/pull/54903 Reviewed-By: Luigi Pinca Reviewed-By: Richard Lau Reviewed-By: James M Snell --- test/parallel/test-tls-dhe.js | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/test/parallel/test-tls-dhe.js b/test/parallel/test-tls-dhe.js index 46779b09ff6b8f..21739ce42428eb 100644 --- a/test/parallel/test-tls-dhe.js +++ b/test/parallel/test-tls-dhe.js @@ -43,9 +43,12 @@ const dheCipher = 'DHE-RSA-AES128-SHA256'; const ecdheCipher = 'ECDHE-RSA-AES128-SHA256'; const ciphers = `${dheCipher}:${ecdheCipher}`; -// Test will emit a warning because the DH parameter size is < 2048 bits -common.expectWarning('SecurityWarning', - 'DH parameter is less than 2048 bits'); +if (!common.hasOpenSSL(3, 2)) { + // Test will emit a warning because the DH parameter size is < 2048 bits + // when the test is run on versions lower than OpenSSL32 + common.expectWarning('SecurityWarning', + 'DH parameter is less than 2048 bits'); +} function loadDHParam(n) { const keyname = `dh${n}.pem`; @@ -104,7 +107,11 @@ function testCustomParam(keylen, expectedCipher) { }, /DH parameter is less than 1024 bits/); // Custom DHE parameters are supported (but discouraged). - await testCustomParam(1024, dheCipher); + if (!common.hasOpenSSL(3, 2)) { + await testCustomParam(1024, dheCipher); + } else { + await testCustomParam(3072, dheCipher); + } await testCustomParam(2048, dheCipher); // Invalid DHE parameters are discarded. ECDHE remains enabled.