From 0de7bc03aad450226c6768848dd0364f5dde623b Mon Sep 17 00:00:00 2001 From: Margo Crawford Date: Wed, 23 Mar 2022 08:18:06 -0700 Subject: [PATCH] Change order of hardcoded cipher list for fips Signed-off-by: Margo Crawford --- test/integration/securetls_fips_test.go | 20 ++------------------ 1 file changed, 2 insertions(+), 18 deletions(-) diff --git a/test/integration/securetls_fips_test.go b/test/integration/securetls_fips_test.go index 1a1c170c..47e94f48 100644 --- a/test/integration/securetls_fips_test.go +++ b/test/integration/securetls_fips_test.go @@ -17,7 +17,6 @@ import ( "net/http" "os/exec" "regexp" - "sort" "strconv" "strings" "testing" @@ -36,10 +35,10 @@ import ( // hard-coded list, copied from here: // https://github.com/golang/go/blob/dev.boringcrypto/src/crypto/tls/boring.go. var defaultCipherSuitesFIPS []uint16 = []uint16{ - tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, tls.TLS_RSA_WITH_AES_128_GCM_SHA256, tls.TLS_RSA_WITH_AES_256_GCM_SHA384, } @@ -217,21 +216,6 @@ func getExpectedCiphers(configFunc ptls.ConfigFunc) string { var tls12Bit, tls13Bit string - // sort the TLS 1.2 ciphers. - sort.SliceStable(cipherSuites, func(i, j int) bool { - a := tls.CipherSuiteName(config.CipherSuites[i]) - b := tls.CipherSuiteName(config.CipherSuites[j]) - - ok1 := strings.Contains(a, "_ECDSA_") - ok2 := strings.Contains(b, "_ECDSA_") - - if ok1 && ok2 { - return false - } - - return ok1 - }) - // use the TLS 1.2 ciphers to create the output in nmap's format. var s strings.Builder for i, id := range cipherSuites {