From 8fccce31a4e30b948ccd39ee69a574e524dea14d Mon Sep 17 00:00:00 2001
From: Margo Crawford <margaretc@vmware.com>
Date: Wed, 23 Mar 2022 16:27:18 -0700
Subject: [PATCH] Fix testsecuretlssupervisor

Signed-off-by: Margo Crawford <margaretc@vmware.com>
---
 test/integration/securetls_fips_test.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/test/integration/securetls_fips_test.go b/test/integration/securetls_fips_test.go
index 70658db0..27c75ef3 100644
--- a/test/integration/securetls_fips_test.go
+++ b/test/integration/securetls_fips_test.go
@@ -35,6 +35,8 @@ import (
 // The expected cipher suites should belong to this
 // hard-coded list, copied from here:
 // https://github.com/golang/go/blob/dev.boringcrypto/src/crypto/tls/boring.go.
+// TODO this is a private variable in the tls package... is there a better
+//  way to get access to it than just copying?
 var defaultCipherSuitesFIPS []uint16 = []uint16{
 	tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 	tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
@@ -143,8 +145,8 @@ func TestSecureTLSSupervisor(t *testing.T) { // does not run in parallel because
 	// supervisor's cert is ECDSA
 	defaultECDSAOnly := func(rootCAs *x509.CertPool) *tls.Config {
 		c := ptls.Default(rootCAs)
-		ciphers := make([]uint16, 0, len(c.CipherSuites)/2)
-		for _, id := range c.CipherSuites {
+		ciphers := make([]uint16, 0, len(defaultCipherSuitesFIPS)/3)
+		for _, id := range defaultCipherSuitesFIPS {
 			id := id
 			if !strings.Contains(tls.CipherSuiteName(id), "_ECDSA_") {
 				continue