mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-12-15 06:31:03 +01:00
85689b072a
Simplify ssl_reuse.vtci so it can be started with variables: - SSL_CACHESIZE allow to specify the size of the session cache size for the frontend - NO_TLS_TICKETS allow to specify the "no-tls-tickets" option on bind It introduces these files: - ssl/tls12_resume_stateful.vtc - ssl/tls12_resume_stateless.vtc - ssl/tls13_resume_stateless.vtc - ssl/tls13_resume_stateful.vtc - quic/tls13_resume_stateless.vtc - quic/tls13_resume_stateful.vtc - quic/tls13_0rtt_stateful.vtc - quic/tls13_0rtt_stateless.vtc stateful files have "no-tls-tickets" + tune.tls.cachesize 20000 stateless files have "tls-tickets" + tune.tls.cachesize 0 This allows to enable AWS-LC on TCP TLS1.2 and TCP TL1.3+tickets. TLS1.2+stateless does not seem to work on WolfSSL.
18 lines
776 B
Plaintext
18 lines
776 B
Plaintext
#REGTEST_TYPE=devel
|
|
|
|
# This reg-test tests 8 scenarios with tickets, with various
|
|
# combinations of settings for allow-0rtt, with TLSv1.2. Each client will try
|
|
# to established a connection, then try to reconnect 10 times resuming, and
|
|
# check for which combination(s) 0-rtt is used and fail if any does so since
|
|
# it's not expected to work with 1.2.
|
|
|
|
varnishtest "Test if the SSL session/ticket reuse works correctly for TLSv1.2"
|
|
feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL_AWSLC) || feature(OPENSSL_WOLFSSL) || feature(OPENSSL) && ssllib_name_startswith(OpenSSL) && openssl_version_atleast(1.1.1)'"
|
|
|
|
setenv VTC_SOCK_TYPE stream
|
|
setenv TLSV TLSv1.2
|
|
setenv NO_TLS_TICKETS tls-tickets
|
|
setenv SSL_CACHESIZE 0
|
|
setenv ALPN http/1.1
|
|
include ${testdir}/../ssl/ssl-0rtt.vtci
|