test: adapt tests for OpenSSL 3.1

PR-URL: #47859
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Richard Lau <rlau@redhat.com>

Author: OttoHollmann

test/common/index.js

@@ -56,7 +56,10 @@ const hasCrypto = Boolean(process.versions.openssl) &&
                   !process.env.NODE_SKIP_CRYPTO;
 
 const hasOpenSSL3 = hasCrypto &&
-    require('crypto').constants.OPENSSL_VERSION_NUMBER >= 805306368;
+    require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x30000000;
+
+const hasOpenSSL31 = hasCrypto &&
+    require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x30100000;
 
 const hasQuic = hasCrypto && !!process.config.variables.openssl_quic;
 
@@ -898,6 +901,7 @@ const common = {
   hasIntl,
   hasCrypto,
   hasOpenSSL3,
+  hasOpenSSL31,
   hasQuic,
   hasMultiLocalhost,
   invalidArgTypeHelper,

test/parallel/test-https-agent-session-eviction.js

@@ -54,6 +54,7 @@ function faultyServer(port) {
 function second(server, session) {
   const req = https.request({
     port: server.address().port,
+    ciphers: (common.hasOpenSSL31 ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT'),
     rejectUnauthorized: false
   }, function(res) {
     res.resume();

test/parallel/test-tls-alert.js

@@ -42,6 +42,7 @@ const server = tls.Server({
   cert: loadPEM('agent2-cert')
 }, null).listen(0, common.mustCall(() => {
   const args = ['s_client', '-quiet', '-tls1_1',
+                '-cipher', (common.hasOpenSSL31 ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT'),
                 '-connect', `127.0.0.1:${server.address().port}`];
 
   execFile(common.opensslCli, args, common.mustCall((err, _, stderr) => {

test/parallel/test-tls-getprotocol.js

@@ -11,9 +11,18 @@ const tls = require('tls');
 const fixtures = require('../common/fixtures');
 
 const clientConfigs = [
-  { secureProtocol: 'TLSv1_method', version: 'TLSv1' },
-  { secureProtocol: 'TLSv1_1_method', version: 'TLSv1.1' },
-  { secureProtocol: 'TLSv1_2_method', version: 'TLSv1.2' },
+  {
+    secureProtocol: 'TLSv1_method',
+    version: 'TLSv1',
+    ciphers: (common.hasOpenSSL31 ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT')
+  }, {
+    secureProtocol: 'TLSv1_1_method',
+    version: 'TLSv1.1',
+    ciphers: (common.hasOpenSSL31 ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT')
+  }, {
+    secureProtocol: 'TLSv1_2_method',
+    version: 'TLSv1.2'
+  },
 ];
 
 const serverConfig = {
@@ -30,6 +39,7 @@ const server = tls.createServer(serverConfig, common.mustCall(clientConfigs.leng
     tls.connect({
       host: common.localhostIPv4,
       port: server.address().port,
+      ciphers: v.ciphers,
       rejectUnauthorized: false,
       secureProtocol: v.secureProtocol
     }, common.mustCall(function() {

test/parallel/test-tls-min-max-version.js

@@ -22,6 +22,9 @@ function test(cmin, cmax, cprot, smin, smax, sprot, proto, cerr, serr) {
     if (serr !== 'ERR_SSL_UNSUPPORTED_PROTOCOL')
       ciphers = 'ALL@SECLEVEL=0';
   }
+  if (common.hasOpenSSL31 && cerr === 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION') {
+    ciphers = 'DEFAULT@SECLEVEL=0';
+  }
   // Report where test was called from. Strip leading garbage from
   //     at Object.<anonymous> (file:line)
   // from the stack location, we only want the file:line part.

test/parallel/test-tls-session-cache.js

@@ -100,6 +100,7 @@ function doTest(testOptions, callback) {
     const args = [
       's_client',
       '-tls1',
+      '-cipher', (common.hasOpenSSL31 ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT'),
       '-connect', `localhost:${this.address().port}`,
       '-servername', 'ohgod',
       '-key', fixtures.path('keys/rsa_private.pem'),