Drop testing TLS 1.1

Recent distributions disables TLS 1.1 by default due to its vulnerability so that tests for it is always failed: 2021-02-18T01:09:13.2360942Z Failure: test: can specify multiple TLS versions by min_version/max_version(ServerPluginHelperTest::#server_create_tls::TLS version connection check): 2021-02-18T01:09:13.2362181Z Exception raised: 2021-02-18T01:09:13.2363101Z OpenSSL::SSL::SSLError(<SSL_connect returned=1 errno=0 state=error: no protocols available>) ... 2021-02-18T01:09:13.2479586Z /home/runner/work/fluentd/fluentd/test/plugin_helper/test_server.rb:1515:in `block (4 levels) in <class:ServerPluginHelperTest>' 2021-02-18T01:09:13.2480420Z 1512: end 2021-02-18T01:09:13.2480756Z 1513: } 2021-02-18T01:09:13.2481333Z 1514: [:'TLS1_1', :'TLS1_2'].each { |ver| 2021-02-18T01:09:13.2481799Z => 1515: assert_nothing_raised { 2021-02-18T01:09:13.2482655Z 1516: open_tls_session('127.0.0.1', PORT, cert_path: @cert_path, version: ver) do |sock| 2021-02-18T01:09:13.2483202Z 1517: end 2021-02-18T01:09:13.2483544Z 1518: } Signed-off-by: Takuro Ashie <ashie@clear-code.com>
fluent · Feb 18, 2021 · 8f4ad60 · 8f4ad60
1 parent af001b7
commit 8f4ad60
Showing 1 changed file with 15 additions and 3 deletions.
diff --git a/test/plugin_helper/test_server.rb b/test/plugin_helper/test_server.rb
@@ -1495,23 +1495,35 @@ def assert_certificate(cert, expected_extensions)
       test "can't connect with different TLS version" do
         @d.server_create_tls(:s, PORT, tls_options: @tls_options) do |data, conn|
         end
+        if defined?(OpenSSL::SSL::TLS1_3_VERSION)
+          version = :'TLS1_3'
+        else
+          version = :'TLS1_1'
+        end
         assert_raise(OpenSSL::SSL::SSLError, Errno::ECONNRESET) {
-          open_tls_session('127.0.0.1', PORT, cert_path: @cert_path, version: :'TLS1_1') do |sock|
+          open_tls_session('127.0.0.1', PORT, cert_path: @cert_path, version: version) do |sock|
           end
         }
       end
 
       test "can specify multiple TLS versions by min_version/max_version" do
         omit "min_version=/max_version= is not supported" unless Fluent::TLS::MIN_MAX_AVAILABLE
 
-        opts = @tls_options.merge(min_version: :'TLS1_1', max_version: :'TLSv1_2')
+        min_version = :'TLS1_2'
+        if defined?(OpenSSL::SSL::TLS1_3_VERSION)
+          max_version = :'TLS1_3'
+        else
+          max_version = :'TLS1_2'
+        end
+
+        opts = @tls_options.merge(min_version: min_version, max_version: max_version)
         @d.server_create_tls(:s, PORT, tls_options: opts) do |data, conn|
         end
         assert_raise(OpenSSL::SSL::SSLError, Errno::ECONNRESET) {
           open_tls_session('127.0.0.1', PORT, cert_path: @cert_path, version: :'TLS1') do |sock|
           end
         }
-        [:'TLS1_1', :'TLS1_2'].each { |ver|
+        [min_version, max_version].each { |ver|
           assert_nothing_raised {
             open_tls_session('127.0.0.1', PORT, cert_path: @cert_path, version: ver) do |sock|
             end