11cb0ef41Sopenharmony_ci'use strict'; 21cb0ef41Sopenharmony_ciconst common = require('../common'); 31cb0ef41Sopenharmony_ciconst fixtures = require('../common/fixtures'); 41cb0ef41Sopenharmony_ciconst { inspect } = require('util'); 51cb0ef41Sopenharmony_ci 61cb0ef41Sopenharmony_ci// Check min/max protocol versions. 71cb0ef41Sopenharmony_ci 81cb0ef41Sopenharmony_ciconst { 91cb0ef41Sopenharmony_ci assert, connect, keys, tls 101cb0ef41Sopenharmony_ci} = require(fixtures.path('tls-connect')); 111cb0ef41Sopenharmony_ciconst DEFAULT_MIN_VERSION = tls.DEFAULT_MIN_VERSION; 121cb0ef41Sopenharmony_ciconst DEFAULT_MAX_VERSION = tls.DEFAULT_MAX_VERSION; 131cb0ef41Sopenharmony_ci 141cb0ef41Sopenharmony_ci 151cb0ef41Sopenharmony_cifunction test(cmin, cmax, cprot, smin, smax, sprot, proto, cerr, serr) { 161cb0ef41Sopenharmony_ci assert(proto || cerr || serr, 'test missing any expectations'); 171cb0ef41Sopenharmony_ci 181cb0ef41Sopenharmony_ci let ciphers; 191cb0ef41Sopenharmony_ci if (common.hasOpenSSL3 && (proto === 'TLSv1' || proto === 'TLSv1.1' || 201cb0ef41Sopenharmony_ci proto === 'TLSv1_1_method' || proto === 'TLSv1_method' || 211cb0ef41Sopenharmony_ci sprot === 'TLSv1_1_method' || sprot === 'TLSv1_method')) { 221cb0ef41Sopenharmony_ci if (serr !== 'ERR_SSL_UNSUPPORTED_PROTOCOL') 231cb0ef41Sopenharmony_ci ciphers = 'ALL@SECLEVEL=0'; 241cb0ef41Sopenharmony_ci } 251cb0ef41Sopenharmony_ci if (common.hasOpenSSL31 && cerr === 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION') { 261cb0ef41Sopenharmony_ci ciphers = 'DEFAULT@SECLEVEL=0'; 271cb0ef41Sopenharmony_ci } 281cb0ef41Sopenharmony_ci // Report where test was called from. Strip leading garbage from 291cb0ef41Sopenharmony_ci // at Object.<anonymous> (file:line) 301cb0ef41Sopenharmony_ci // from the stack location, we only want the file:line part. 311cb0ef41Sopenharmony_ci const where = inspect(new Error()).split('\n')[2].replace(/[^(]*/, ''); 321cb0ef41Sopenharmony_ci connect({ 331cb0ef41Sopenharmony_ci client: { 341cb0ef41Sopenharmony_ci checkServerIdentity: (servername, cert) => { }, 351cb0ef41Sopenharmony_ci ca: `${keys.agent1.cert}\n${keys.agent6.ca}`, 361cb0ef41Sopenharmony_ci minVersion: cmin, 371cb0ef41Sopenharmony_ci maxVersion: cmax, 381cb0ef41Sopenharmony_ci secureProtocol: cprot, 391cb0ef41Sopenharmony_ci ciphers: ciphers 401cb0ef41Sopenharmony_ci }, 411cb0ef41Sopenharmony_ci server: { 421cb0ef41Sopenharmony_ci cert: keys.agent6.cert, 431cb0ef41Sopenharmony_ci key: keys.agent6.key, 441cb0ef41Sopenharmony_ci minVersion: smin, 451cb0ef41Sopenharmony_ci maxVersion: smax, 461cb0ef41Sopenharmony_ci secureProtocol: sprot, 471cb0ef41Sopenharmony_ci ciphers: ciphers 481cb0ef41Sopenharmony_ci }, 491cb0ef41Sopenharmony_ci }, common.mustCall((err, pair, cleanup) => { 501cb0ef41Sopenharmony_ci function u(_) { return _ === undefined ? 'U' : _; } 511cb0ef41Sopenharmony_ci console.log('test:', u(cmin), u(cmax), u(cprot), u(smin), u(smax), u(sprot), 521cb0ef41Sopenharmony_ci u(ciphers), 'expect', u(proto), u(cerr), u(serr)); 531cb0ef41Sopenharmony_ci console.log(' ', where); 541cb0ef41Sopenharmony_ci if (!proto) { 551cb0ef41Sopenharmony_ci console.log('client', pair.client.err ? pair.client.err.code : undefined); 561cb0ef41Sopenharmony_ci console.log('server', pair.server.err ? pair.server.err.code : undefined); 571cb0ef41Sopenharmony_ci if (cerr) { 581cb0ef41Sopenharmony_ci assert(pair.client.err); 591cb0ef41Sopenharmony_ci // Accept these codes as aliases, the one reported depends on the 601cb0ef41Sopenharmony_ci // OpenSSL version. 611cb0ef41Sopenharmony_ci if (cerr === 'ERR_SSL_UNSUPPORTED_PROTOCOL' && 621cb0ef41Sopenharmony_ci pair.client.err.code === 'ERR_SSL_VERSION_TOO_LOW') 631cb0ef41Sopenharmony_ci cerr = 'ERR_SSL_VERSION_TOO_LOW'; 641cb0ef41Sopenharmony_ci assert.strictEqual(pair.client.err.code, cerr); 651cb0ef41Sopenharmony_ci } 661cb0ef41Sopenharmony_ci if (serr) { 671cb0ef41Sopenharmony_ci assert(pair.server.err); 681cb0ef41Sopenharmony_ci assert.strictEqual(pair.server.err.code, serr); 691cb0ef41Sopenharmony_ci } 701cb0ef41Sopenharmony_ci return cleanup(); 711cb0ef41Sopenharmony_ci } 721cb0ef41Sopenharmony_ci 731cb0ef41Sopenharmony_ci assert.ifError(err); 741cb0ef41Sopenharmony_ci assert.ifError(pair.server.err); 751cb0ef41Sopenharmony_ci assert.ifError(pair.client.err); 761cb0ef41Sopenharmony_ci assert(pair.server.conn); 771cb0ef41Sopenharmony_ci assert(pair.client.conn); 781cb0ef41Sopenharmony_ci assert.strictEqual(pair.client.conn.getProtocol(), proto); 791cb0ef41Sopenharmony_ci assert.strictEqual(pair.server.conn.getProtocol(), proto); 801cb0ef41Sopenharmony_ci return cleanup(); 811cb0ef41Sopenharmony_ci })); 821cb0ef41Sopenharmony_ci} 831cb0ef41Sopenharmony_ci 841cb0ef41Sopenharmony_ciconst U = undefined; 851cb0ef41Sopenharmony_ci 861cb0ef41Sopenharmony_ci// Default protocol is the max version. 871cb0ef41Sopenharmony_citest(U, U, U, U, U, U, DEFAULT_MAX_VERSION); 881cb0ef41Sopenharmony_ci 891cb0ef41Sopenharmony_ci// Insecure or invalid protocols cannot be enabled. 901cb0ef41Sopenharmony_citest(U, U, U, U, U, 'SSLv2_method', 911cb0ef41Sopenharmony_ci U, U, 'ERR_TLS_INVALID_PROTOCOL_METHOD'); 921cb0ef41Sopenharmony_citest(U, U, U, U, U, 'SSLv3_method', 931cb0ef41Sopenharmony_ci U, U, 'ERR_TLS_INVALID_PROTOCOL_METHOD'); 941cb0ef41Sopenharmony_citest(U, U, 'SSLv2_method', U, U, U, 951cb0ef41Sopenharmony_ci U, 'ERR_TLS_INVALID_PROTOCOL_METHOD'); 961cb0ef41Sopenharmony_citest(U, U, 'SSLv3_method', U, U, U, 971cb0ef41Sopenharmony_ci U, 'ERR_TLS_INVALID_PROTOCOL_METHOD'); 981cb0ef41Sopenharmony_citest(U, U, 'hokey-pokey', U, U, U, 991cb0ef41Sopenharmony_ci U, 'ERR_TLS_INVALID_PROTOCOL_METHOD'); 1001cb0ef41Sopenharmony_citest(U, U, U, U, U, 'hokey-pokey', 1011cb0ef41Sopenharmony_ci U, U, 'ERR_TLS_INVALID_PROTOCOL_METHOD'); 1021cb0ef41Sopenharmony_ci 1031cb0ef41Sopenharmony_ci// Regression test: this should not crash because node should not pass the error 1041cb0ef41Sopenharmony_ci// message (including unsanitized user input) to a printf-like function. 1051cb0ef41Sopenharmony_citest(U, U, U, U, U, '%s_method', 1061cb0ef41Sopenharmony_ci U, U, 'ERR_TLS_INVALID_PROTOCOL_METHOD'); 1071cb0ef41Sopenharmony_ci 1081cb0ef41Sopenharmony_ci// Cannot use secureProtocol and min/max versions simultaneously. 1091cb0ef41Sopenharmony_citest(U, U, U, U, 'TLSv1.2', 'TLS1_2_method', 1101cb0ef41Sopenharmony_ci U, U, 'ERR_TLS_PROTOCOL_VERSION_CONFLICT'); 1111cb0ef41Sopenharmony_citest(U, U, U, 'TLSv1.2', U, 'TLS1_2_method', 1121cb0ef41Sopenharmony_ci U, U, 'ERR_TLS_PROTOCOL_VERSION_CONFLICT'); 1131cb0ef41Sopenharmony_citest(U, 'TLSv1.2', 'TLS1_2_method', U, U, U, 1141cb0ef41Sopenharmony_ci U, 'ERR_TLS_PROTOCOL_VERSION_CONFLICT'); 1151cb0ef41Sopenharmony_citest('TLSv1.2', U, 'TLS1_2_method', U, U, U, 1161cb0ef41Sopenharmony_ci U, 'ERR_TLS_PROTOCOL_VERSION_CONFLICT'); 1171cb0ef41Sopenharmony_ci 1181cb0ef41Sopenharmony_ci// TLS_method means "any supported protocol". 1191cb0ef41Sopenharmony_citest(U, U, 'TLSv1_2_method', U, U, 'TLS_method', 'TLSv1.2'); 1201cb0ef41Sopenharmony_citest(U, U, 'TLSv1_1_method', U, U, 'TLS_method', 'TLSv1.1'); 1211cb0ef41Sopenharmony_citest(U, U, 'TLSv1_method', U, U, 'TLS_method', 'TLSv1'); 1221cb0ef41Sopenharmony_citest(U, U, 'TLS_method', U, U, 'TLSv1_2_method', 'TLSv1.2'); 1231cb0ef41Sopenharmony_citest(U, U, 'TLS_method', U, U, 'TLSv1_1_method', 'TLSv1.1'); 1241cb0ef41Sopenharmony_citest(U, U, 'TLS_method', U, U, 'TLSv1_method', 'TLSv1'); 1251cb0ef41Sopenharmony_ci 1261cb0ef41Sopenharmony_ci// OpenSSL 1.1.1 and 3.0 use a different error code and alert (sent to the 1271cb0ef41Sopenharmony_ci// client) when no protocols are enabled on the server. 1281cb0ef41Sopenharmony_ciconst NO_PROTOCOLS_AVAILABLE_SERVER = common.hasOpenSSL3 ? 1291cb0ef41Sopenharmony_ci 'ERR_SSL_NO_PROTOCOLS_AVAILABLE' : 'ERR_SSL_INTERNAL_ERROR'; 1301cb0ef41Sopenharmony_ciconst NO_PROTOCOLS_AVAILABLE_SERVER_ALERT = common.hasOpenSSL3 ? 1311cb0ef41Sopenharmony_ci 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION' : 'ERR_SSL_TLSV1_ALERT_INTERNAL_ERROR'; 1321cb0ef41Sopenharmony_ci 1331cb0ef41Sopenharmony_ci// SSLv23 also means "any supported protocol" greater than the default 1341cb0ef41Sopenharmony_ci// minimum (which is configurable via command line). 1351cb0ef41Sopenharmony_ciif (DEFAULT_MIN_VERSION === 'TLSv1.3') { 1361cb0ef41Sopenharmony_ci test(U, U, 'TLSv1_2_method', U, U, 'SSLv23_method', 1371cb0ef41Sopenharmony_ci U, NO_PROTOCOLS_AVAILABLE_SERVER_ALERT, NO_PROTOCOLS_AVAILABLE_SERVER); 1381cb0ef41Sopenharmony_ci} else { 1391cb0ef41Sopenharmony_ci test(U, U, 'TLSv1_2_method', U, U, 'SSLv23_method', 'TLSv1.2'); 1401cb0ef41Sopenharmony_ci} 1411cb0ef41Sopenharmony_ci 1421cb0ef41Sopenharmony_ciif (DEFAULT_MIN_VERSION === 'TLSv1.3') { 1431cb0ef41Sopenharmony_ci test(U, U, 'TLSv1_1_method', U, U, 'SSLv23_method', 1441cb0ef41Sopenharmony_ci U, NO_PROTOCOLS_AVAILABLE_SERVER_ALERT, NO_PROTOCOLS_AVAILABLE_SERVER); 1451cb0ef41Sopenharmony_ci test(U, U, 'TLSv1_method', U, U, 'SSLv23_method', 1461cb0ef41Sopenharmony_ci U, NO_PROTOCOLS_AVAILABLE_SERVER_ALERT, NO_PROTOCOLS_AVAILABLE_SERVER); 1471cb0ef41Sopenharmony_ci test(U, U, 'SSLv23_method', U, U, 'TLSv1_1_method', 1481cb0ef41Sopenharmony_ci U, 'ERR_SSL_NO_PROTOCOLS_AVAILABLE', 'ERR_SSL_UNEXPECTED_MESSAGE'); 1491cb0ef41Sopenharmony_ci test(U, U, 'SSLv23_method', U, U, 'TLSv1_method', 1501cb0ef41Sopenharmony_ci U, 'ERR_SSL_NO_PROTOCOLS_AVAILABLE', 'ERR_SSL_UNEXPECTED_MESSAGE'); 1511cb0ef41Sopenharmony_ci} 1521cb0ef41Sopenharmony_ci 1531cb0ef41Sopenharmony_ciif (DEFAULT_MIN_VERSION === 'TLSv1.2') { 1541cb0ef41Sopenharmony_ci test(U, U, 'TLSv1_1_method', U, U, 'SSLv23_method', 1551cb0ef41Sopenharmony_ci U, 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION', 1561cb0ef41Sopenharmony_ci 'ERR_SSL_UNSUPPORTED_PROTOCOL'); 1571cb0ef41Sopenharmony_ci test(U, U, 'TLSv1_method', U, U, 'SSLv23_method', 1581cb0ef41Sopenharmony_ci U, 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION', 1591cb0ef41Sopenharmony_ci 'ERR_SSL_UNSUPPORTED_PROTOCOL'); 1601cb0ef41Sopenharmony_ci test(U, U, 'SSLv23_method', U, U, 'TLSv1_1_method', 1611cb0ef41Sopenharmony_ci U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER'); 1621cb0ef41Sopenharmony_ci test(U, U, 'SSLv23_method', U, U, 'TLSv1_method', 1631cb0ef41Sopenharmony_ci U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER'); 1641cb0ef41Sopenharmony_ci} 1651cb0ef41Sopenharmony_ci 1661cb0ef41Sopenharmony_ciif (DEFAULT_MIN_VERSION === 'TLSv1.1') { 1671cb0ef41Sopenharmony_ci test(U, U, 'TLSv1_1_method', U, U, 'SSLv23_method', 'TLSv1.1'); 1681cb0ef41Sopenharmony_ci test(U, U, 'TLSv1_method', U, U, 'SSLv23_method', 1691cb0ef41Sopenharmony_ci U, 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION', 1701cb0ef41Sopenharmony_ci 'ERR_SSL_UNSUPPORTED_PROTOCOL'); 1711cb0ef41Sopenharmony_ci test(U, U, 'SSLv23_method', U, U, 'TLSv1_1_method', 'TLSv1.1'); 1721cb0ef41Sopenharmony_ci test(U, U, 'SSLv23_method', U, U, 'TLSv1_method', 1731cb0ef41Sopenharmony_ci U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER'); 1741cb0ef41Sopenharmony_ci} 1751cb0ef41Sopenharmony_ci 1761cb0ef41Sopenharmony_ciif (DEFAULT_MIN_VERSION === 'TLSv1') { 1771cb0ef41Sopenharmony_ci test(U, U, 'TLSv1_1_method', U, U, 'SSLv23_method', 'TLSv1.1'); 1781cb0ef41Sopenharmony_ci test(U, U, 'TLSv1_method', U, U, 'SSLv23_method', 'TLSv1'); 1791cb0ef41Sopenharmony_ci test(U, U, 'SSLv23_method', U, U, 'TLSv1_1_method', 'TLSv1.1'); 1801cb0ef41Sopenharmony_ci test(U, U, 'SSLv23_method', U, U, 'TLSv1_method', 'TLSv1'); 1811cb0ef41Sopenharmony_ci} 1821cb0ef41Sopenharmony_ci 1831cb0ef41Sopenharmony_ci// TLSv1 thru TLSv1.2 are only supported with explicit configuration with API or 1841cb0ef41Sopenharmony_ci// CLI (--tls-v1.0 and --tls-v1.1). 1851cb0ef41Sopenharmony_citest(U, U, 'TLSv1_2_method', U, U, 'TLSv1_2_method', 'TLSv1.2'); 1861cb0ef41Sopenharmony_citest(U, U, 'TLSv1_1_method', U, U, 'TLSv1_1_method', 'TLSv1.1'); 1871cb0ef41Sopenharmony_citest(U, U, 'TLSv1_method', U, U, 'TLSv1_method', 'TLSv1'); 1881cb0ef41Sopenharmony_ci 1891cb0ef41Sopenharmony_ci// The default default. 1901cb0ef41Sopenharmony_ciif (DEFAULT_MIN_VERSION === 'TLSv1.2') { 1911cb0ef41Sopenharmony_ci test(U, U, 'TLSv1_1_method', U, U, U, 1921cb0ef41Sopenharmony_ci U, 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION', 1931cb0ef41Sopenharmony_ci 'ERR_SSL_UNSUPPORTED_PROTOCOL'); 1941cb0ef41Sopenharmony_ci test(U, U, 'TLSv1_method', U, U, U, 1951cb0ef41Sopenharmony_ci U, 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION', 1961cb0ef41Sopenharmony_ci 'ERR_SSL_UNSUPPORTED_PROTOCOL'); 1971cb0ef41Sopenharmony_ci 1981cb0ef41Sopenharmony_ci if (DEFAULT_MAX_VERSION === 'TLSv1.2') { 1991cb0ef41Sopenharmony_ci test(U, U, U, U, U, 'TLSv1_1_method', 2001cb0ef41Sopenharmony_ci U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER'); 2011cb0ef41Sopenharmony_ci test(U, U, U, U, U, 'TLSv1_method', 2021cb0ef41Sopenharmony_ci U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER'); 2031cb0ef41Sopenharmony_ci } else { 2041cb0ef41Sopenharmony_ci // TLS1.3 client hellos are are not understood by TLS1.1 or below. 2051cb0ef41Sopenharmony_ci test(U, U, U, U, U, 'TLSv1_1_method', 2061cb0ef41Sopenharmony_ci U, 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION', 2071cb0ef41Sopenharmony_ci 'ERR_SSL_UNSUPPORTED_PROTOCOL'); 2081cb0ef41Sopenharmony_ci test(U, U, U, U, U, 'TLSv1_method', 2091cb0ef41Sopenharmony_ci U, 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION', 2101cb0ef41Sopenharmony_ci 'ERR_SSL_UNSUPPORTED_PROTOCOL'); 2111cb0ef41Sopenharmony_ci } 2121cb0ef41Sopenharmony_ci} 2131cb0ef41Sopenharmony_ci 2141cb0ef41Sopenharmony_ci// The default with --tls-v1.1. 2151cb0ef41Sopenharmony_ciif (DEFAULT_MIN_VERSION === 'TLSv1.1') { 2161cb0ef41Sopenharmony_ci test(U, U, 'TLSv1_1_method', U, U, U, 'TLSv1.1'); 2171cb0ef41Sopenharmony_ci test(U, U, 'TLSv1_method', U, U, U, 2181cb0ef41Sopenharmony_ci U, 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION', 2191cb0ef41Sopenharmony_ci 'ERR_SSL_UNSUPPORTED_PROTOCOL'); 2201cb0ef41Sopenharmony_ci test(U, U, U, U, U, 'TLSv1_1_method', 'TLSv1.1'); 2211cb0ef41Sopenharmony_ci 2221cb0ef41Sopenharmony_ci if (DEFAULT_MAX_VERSION === 'TLSv1.2') { 2231cb0ef41Sopenharmony_ci test(U, U, U, U, U, 'TLSv1_method', 2241cb0ef41Sopenharmony_ci U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER'); 2251cb0ef41Sopenharmony_ci } else { 2261cb0ef41Sopenharmony_ci // TLS1.3 client hellos are are not understood by TLS1.1 or below. 2271cb0ef41Sopenharmony_ci test(U, U, U, U, U, 'TLSv1_method', 2281cb0ef41Sopenharmony_ci U, 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION', 2291cb0ef41Sopenharmony_ci 'ERR_SSL_UNSUPPORTED_PROTOCOL'); 2301cb0ef41Sopenharmony_ci } 2311cb0ef41Sopenharmony_ci} 2321cb0ef41Sopenharmony_ci 2331cb0ef41Sopenharmony_ci// The default with --tls-v1.0. 2341cb0ef41Sopenharmony_ciif (DEFAULT_MIN_VERSION === 'TLSv1') { 2351cb0ef41Sopenharmony_ci test(U, U, 'TLSv1_1_method', U, U, U, 'TLSv1.1'); 2361cb0ef41Sopenharmony_ci test(U, U, 'TLSv1_method', U, U, U, 'TLSv1'); 2371cb0ef41Sopenharmony_ci test(U, U, U, U, U, 'TLSv1_1_method', 'TLSv1.1'); 2381cb0ef41Sopenharmony_ci test(U, U, U, U, U, 'TLSv1_method', 'TLSv1'); 2391cb0ef41Sopenharmony_ci} 2401cb0ef41Sopenharmony_ci 2411cb0ef41Sopenharmony_ci// TLS min/max are respected when set with no secureProtocol. 2421cb0ef41Sopenharmony_citest('TLSv1', 'TLSv1.2', U, U, U, 'TLSv1_method', 'TLSv1'); 2431cb0ef41Sopenharmony_citest('TLSv1', 'TLSv1.2', U, U, U, 'TLSv1_1_method', 'TLSv1.1'); 2441cb0ef41Sopenharmony_citest('TLSv1', 'TLSv1.2', U, U, U, 'TLSv1_2_method', 'TLSv1.2'); 2451cb0ef41Sopenharmony_citest('TLSv1', 'TLSv1.2', U, U, U, 'TLS_method', 'TLSv1.2'); 2461cb0ef41Sopenharmony_ci 2471cb0ef41Sopenharmony_citest(U, U, 'TLSv1_method', 'TLSv1', 'TLSv1.2', U, 'TLSv1'); 2481cb0ef41Sopenharmony_citest(U, U, 'TLSv1_1_method', 'TLSv1', 'TLSv1.2', U, 'TLSv1.1'); 2491cb0ef41Sopenharmony_citest(U, U, 'TLSv1_2_method', 'TLSv1', 'TLSv1.2', U, 'TLSv1.2'); 2501cb0ef41Sopenharmony_ci 2511cb0ef41Sopenharmony_citest('TLSv1', 'TLSv1.1', U, 'TLSv1', 'TLSv1.3', U, 'TLSv1.1'); 2521cb0ef41Sopenharmony_citest('TLSv1', 'TLSv1.1', U, 'TLSv1', 'TLSv1.2', U, 'TLSv1.1'); 2531cb0ef41Sopenharmony_citest('TLSv1', 'TLSv1.2', U, 'TLSv1', 'TLSv1.1', U, 'TLSv1.1'); 2541cb0ef41Sopenharmony_citest('TLSv1', 'TLSv1.3', U, 'TLSv1', 'TLSv1.1', U, 'TLSv1.1'); 2551cb0ef41Sopenharmony_citest('TLSv1', 'TLSv1', U, 'TLSv1', 'TLSv1.1', U, 'TLSv1'); 2561cb0ef41Sopenharmony_citest('TLSv1', 'TLSv1.2', U, 'TLSv1', 'TLSv1', U, 'TLSv1'); 2571cb0ef41Sopenharmony_citest('TLSv1', 'TLSv1.3', U, 'TLSv1', 'TLSv1', U, 'TLSv1'); 2581cb0ef41Sopenharmony_citest('TLSv1.1', 'TLSv1.1', U, 'TLSv1', 'TLSv1.2', U, 'TLSv1.1'); 2591cb0ef41Sopenharmony_citest('TLSv1', 'TLSv1.2', U, 'TLSv1.1', 'TLSv1.1', U, 'TLSv1.1'); 2601cb0ef41Sopenharmony_citest('TLSv1', 'TLSv1.2', U, 'TLSv1', 'TLSv1.3', U, 'TLSv1.2'); 2611cb0ef41Sopenharmony_ci 2621cb0ef41Sopenharmony_ci// v-any client can connect to v-specific server 2631cb0ef41Sopenharmony_citest('TLSv1', 'TLSv1.3', U, 'TLSv1.3', 'TLSv1.3', U, 'TLSv1.3'); 2641cb0ef41Sopenharmony_citest('TLSv1', 'TLSv1.3', U, 'TLSv1.2', 'TLSv1.3', U, 'TLSv1.3'); 2651cb0ef41Sopenharmony_citest('TLSv1', 'TLSv1.3', U, 'TLSv1.2', 'TLSv1.2', U, 'TLSv1.2'); 2661cb0ef41Sopenharmony_citest('TLSv1', 'TLSv1.3', U, 'TLSv1.1', 'TLSv1.1', U, 'TLSv1.1'); 2671cb0ef41Sopenharmony_citest('TLSv1', 'TLSv1.3', U, 'TLSv1', 'TLSv1', U, 'TLSv1'); 2681cb0ef41Sopenharmony_ci 2691cb0ef41Sopenharmony_ci// v-specific client can connect to v-any server 2701cb0ef41Sopenharmony_citest('TLSv1.3', 'TLSv1.3', U, 'TLSv1', 'TLSv1.3', U, 'TLSv1.3'); 2711cb0ef41Sopenharmony_citest('TLSv1.2', 'TLSv1.2', U, 'TLSv1', 'TLSv1.3', U, 'TLSv1.2'); 2721cb0ef41Sopenharmony_citest('TLSv1.1', 'TLSv1.1', U, 'TLSv1', 'TLSv1.3', U, 'TLSv1.1'); 2731cb0ef41Sopenharmony_citest('TLSv1', 'TLSv1', U, 'TLSv1', 'TLSv1.3', U, 'TLSv1'); 274