[openssl/openssl] 97fbbc: Exclude retry test with msquic server from interop
2 views
Skip to first unread message
Neil Horman
Mar 12, 2025, 10:40:38 AM3/12/25
to openssl...@openssl.org
Branch: refs/heads/openssl-3.5
Home: https://github.com/openssl/openssl
Commit: 97fbbc2f1f023d712d38263c824b6c5c8ffe6e61
https://github.com/openssl/openssl/commit/97fbbc2f1f023d712d38263c824b6c5c8ffe6e61
Author: Neil Horman <nho...@openssl.org>
Date: 2025-03-12 (Wed, 12 Mar 2025)
Changed paths:
M .github/workflows/run_quic_interop.yml
Log Message:
-----------
Exclude retry test with msquic server from interop
With the addition of larger ml-kem keys in our tls handshake, we've
uncovered a interop failure, as described here:
https://github.com/microsoft/msquic/issues/4905
In short, when we send a client hello that spans multiple datagrams, the
servers sends an ACK frame in a datagram prior to sending its server
hello. msquic however, recomputes a new SCID always when sending its
sserver hello, which is fine nominally, but because in this test the
server sends a retry frame to update the SCID, followed by an ACK using
that SCID (which is an initial packet), msquic violates the RFC in
section 7.2 which states:
Once a client has received a valid Initial packet from the server, it MUST
discard any subsequent packet it receives on that connection with a
different Source Connection ID
Because msquic sent an initial packet with that ACK frame, we are
required to discard subsequent frames on the connection containing a
different SCID.
Until msquic fixes that in their implementation we are going to fail the
retry interop test, so for now, lets exclude the test.
Also, while we're at it, re-add chrome into the client list for our
server tests, as that seems to have been lost during the merge.
Fixes openssl/project#1132
Reviewed-by: Saša Nedvědický <sas...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27014)
(cherry picked from commit 2fb4cfe143daa4644cf10b9f1ed3cdd940c5e1f8)
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
Home: https://github.com/openssl/openssl
Commit: 97fbbc2f1f023d712d38263c824b6c5c8ffe6e61
https://github.com/openssl/openssl/commit/97fbbc2f1f023d712d38263c824b6c5c8ffe6e61
Author: Neil Horman <nho...@openssl.org>
Date: 2025-03-12 (Wed, 12 Mar 2025)
Changed paths:
M .github/workflows/run_quic_interop.yml
Log Message:
-----------
Exclude retry test with msquic server from interop
With the addition of larger ml-kem keys in our tls handshake, we've
uncovered a interop failure, as described here:
https://github.com/microsoft/msquic/issues/4905
In short, when we send a client hello that spans multiple datagrams, the
servers sends an ACK frame in a datagram prior to sending its server
hello. msquic however, recomputes a new SCID always when sending its
sserver hello, which is fine nominally, but because in this test the
server sends a retry frame to update the SCID, followed by an ACK using
that SCID (which is an initial packet), msquic violates the RFC in
section 7.2 which states:
Once a client has received a valid Initial packet from the server, it MUST
discard any subsequent packet it receives on that connection with a
different Source Connection ID
Because msquic sent an initial packet with that ACK frame, we are
required to discard subsequent frames on the connection containing a
different SCID.
Until msquic fixes that in their implementation we are going to fail the
retry interop test, so for now, lets exclude the test.
Also, while we're at it, re-add chrome into the client list for our
server tests, as that seems to have been lost during the merge.
Fixes openssl/project#1132
Reviewed-by: Saša Nedvědický <sas...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27014)
(cherry picked from commit 2fb4cfe143daa4644cf10b9f1ed3cdd940c5e1f8)
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
Reply all
Reply to author
Forward
0 new messages