Tests that the MinVersion of tls.Config is not changed if it is set by the user.
(t *testing.T)
| 166 | // Tests that the MinVersion of tls.Config is not changed if it is set by the |
| 167 | // user. |
| 168 | func (s) TestTLS_MinVersionOverridable(t *testing.T) { |
| 169 | ctx, cancel := context.WithTimeout(context.Background(), defaultTestTimeout) |
| 170 | defer cancel() |
| 171 | |
| 172 | var allCipherSuites []uint16 |
| 173 | for _, cs := range tls.CipherSuites() { |
| 174 | allCipherSuites = append(allCipherSuites, cs.ID) |
| 175 | } |
| 176 | testCases := []struct { |
| 177 | name string |
| 178 | serverTLS func() *tls.Config |
| 179 | }{ |
| 180 | { |
| 181 | name: "base_case", |
| 182 | serverTLS: func() *tls.Config { |
| 183 | return &tls.Config{ |
| 184 | MinVersion: tls.VersionTLS10, |
| 185 | Certificates: []tls.Certificate{serverCert}, |
| 186 | CipherSuites: allCipherSuites, |
| 187 | } |
| 188 | }, |
| 189 | }, |
| 190 | { |
| 191 | name: "fallback_to_base", |
| 192 | serverTLS: func() *tls.Config { |
| 193 | config := &tls.Config{ |
| 194 | MinVersion: tls.VersionTLS10, |
| 195 | Certificates: []tls.Certificate{serverCert}, |
| 196 | CipherSuites: allCipherSuites, |
| 197 | } |
| 198 | config.GetConfigForClient = func(*tls.ClientHelloInfo) (*tls.Config, error) { |
| 199 | return nil, nil |
| 200 | } |
| 201 | return config |
| 202 | }, |
| 203 | }, |
| 204 | { |
| 205 | name: "dynamic_using_get_config_for_client", |
| 206 | serverTLS: func() *tls.Config { |
| 207 | return &tls.Config{ |
| 208 | GetConfigForClient: func(*tls.ClientHelloInfo) (*tls.Config, error) { |
| 209 | return &tls.Config{ |
| 210 | MinVersion: tls.VersionTLS10, |
| 211 | Certificates: []tls.Certificate{serverCert}, |
| 212 | CipherSuites: allCipherSuites, |
| 213 | }, nil |
| 214 | }, |
| 215 | } |
| 216 | }, |
| 217 | }, |
| 218 | } |
| 219 | |
| 220 | for _, tc := range testCases { |
| 221 | t.Run(tc.name, func(t *testing.T) { |
| 222 | // Create server creds that allow v1.0. |
| 223 | serverCreds := credentials.NewTLS(tc.serverTLS()) |
| 224 | ss := stubserver.StubServer{ |
| 225 | EmptyCallF: func(context.Context, *testpb.Empty) (*testpb.Empty, error) { |