[PATCH 00 of 20] tests suite fixes for TLSv1.3

Maxim Dounin mdounin at mdounin.ru
Sat Mar 18 14:14:55 UTC 2023


Hello!

Here are patch series for the test suite to address test failures
observed with TLSv1.3 enabled with BoringSSL and LibreSSL.

Short summary of the issues seen:

- BoringSSL with TLSv1.3 does not support session reuse via server-side
  session cache, only with tickets.

- BoringSSL with TLSv1.3 does not provide $ssl_session_id.

- LibreSSL with TLSv1.3 does not support session reuse.

- LibreSSL with TLSv1.3 fails to negotiate certificates based on
  signature algorithms supported by the client, and fails with
  "missing rsa certificate" and "unknown pkey type" errors.

- LibreSSL with TLSv1.3 does not send CA lists to the client.

-- 
Maxim Dounin


More information about the nginx-devel mailing list