A unit test is included to verify that a TLS-ALPN-01 challenge to a TLS 1.3 only server doesn't succeed when the `GODEBUG` value to disable TLS 1.3 in `docker-compose.yml` is set. Without this env var the test fails on the Go 1.13 build because of the new default: ``` === RUN TestTLSALPN01TLS13 --- FAIL: TestTLSALPN01TLS13 (0.04s) tlsalpn_test.go:531: expected problem validating TLS-ALPN-01 challenge against a TLS 1.3 only server, got nil FAIL FAIL github.com/letsencrypt/boulder/va 0.065s ``` With the env var set the test passes, getting the expected connection problem reporting a tls error: ``` === RUN TestTLSALPN01TLS13 2019/09/13 18:59:00 http: TLS handshake error from 127.0.0.1:51240: tls: client offered only unsupported versions: [303 302 301] --- PASS: TestTLSALPN01TLS13 (0.03s) PASS ok github.com/letsencrypt/boulder/va 1.054s ``` Since we plan to eventually enable TLS 1.3 support and the `GODEBUG` mechanism tested in the above test is platform-wide vs package specific I decided it wasn't worth the time investment to write a similar HTTP-01 unit test that verifies the TLS 1.3 behaviour on a HTTP-01 HTTP->HTTPS redirect. Resolves https://github.com/letsencrypt/boulder/issues/4415 |
||
---|---|---|
.. | ||
const.go |