Improve tests for TLS fallback.
This is a small improvement over the changes that were submitted to
Android when TLS_FALLBACK_SCSV was introduced.
Previously the test would cripple the server to use a low quality
protocol so the TLS_FALLBACK_SCSV check would pass for all connection
attempts.
This change modifies that approach. Instead it introduces a test
client socket factory that ignores any attempt to set the
TLS_FALLBACK_SCSV cipher. This means that the server will
not attempt to enforce the fallback check.
The ideal solution would be to disable TLS_FALLBACK_SCSV checks in
the MockWebServer for the tests that are supposed to simulate servers
that do not perform TLS_FALLBACK_SCSV checks. However, we do not
currently have a mechanism to do this.
This change also adjusts tests that test fallback to explicitly
enable SSLv3 for server-side socket factories. The Android default
was changed to disable SSLv3 (though it is still supported). An
up-coming change should remove the need for this.
Change-Id: I5bd6c2659ebbb8eff729f75b5208ca414d70e385
1 file changed