From 1f11d681732616ccf09fc2381a7b9bf7ada8bd37 Mon Sep 17 00:00:00 2001
From: Michael Dawson <midawson@redhat.com>
Date: Wed, 18 Sep 2024 15:26:45 -0400
Subject: [PATCH] test: adjust key sizes to support OpenSSL32

Refs: https://github.com/nodejs/node/issues/53382

This test fails on OpenSSL32 because it complains the key
being used is too short.

Adjust the key sizes so that they will pass on OpenSSL32 in
addition to other OpenSSL3 versions.

Since the keys are not public key related I don't think the
increase in key size will be too bad in terms of performance so
I've just increased versus guarding for OpenSSL32

Signed-off-by: Michael Dawson <midawson@redhat.com>
PR-URL: https://github.com/nodejs/node/pull/54972
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
---
 test/parallel/test-tls-getcipher.js | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/test/parallel/test-tls-getcipher.js b/test/parallel/test-tls-getcipher.js
index 2a234d59016c1c..4d5042d6e6beab 100644
--- a/test/parallel/test-tls-getcipher.js
+++ b/test/parallel/test-tls-getcipher.js
@@ -47,13 +47,13 @@ server.listen(0, '127.0.0.1', common.mustCall(function() {
   tls.connect({
     host: '127.0.0.1',
     port: this.address().port,
-    ciphers: 'AES128-SHA256',
+    ciphers: 'AES256-SHA256',
     rejectUnauthorized: false,
     maxVersion: 'TLSv1.2',
   }, common.mustCall(function() {
     const cipher = this.getCipher();
-    assert.strictEqual(cipher.name, 'AES128-SHA256');
-    assert.strictEqual(cipher.standardName, 'TLS_RSA_WITH_AES_128_CBC_SHA256');
+    assert.strictEqual(cipher.name, 'AES256-SHA256');
+    assert.strictEqual(cipher.standardName, 'TLS_RSA_WITH_AES_256_CBC_SHA256');
     assert.strictEqual(cipher.version, 'TLSv1.2');
     this.end();
   }));
@@ -62,14 +62,14 @@ server.listen(0, '127.0.0.1', common.mustCall(function() {
   tls.connect({
     host: '127.0.0.1',
     port: this.address().port,
-    ciphers: 'ECDHE-RSA-AES128-GCM-SHA256',
+    ciphers: 'ECDHE-RSA-AES256-GCM-SHA384',
     rejectUnauthorized: false,
     maxVersion: 'TLSv1.2',
   }, common.mustCall(function() {
     const cipher = this.getCipher();
-    assert.strictEqual(cipher.name, 'ECDHE-RSA-AES128-GCM-SHA256');
+    assert.strictEqual(cipher.name, 'ECDHE-RSA-AES256-GCM-SHA384');
     assert.strictEqual(cipher.standardName,
-                       'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256');
+                       'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384');
     assert.strictEqual(cipher.version, 'TLSv1.2');
     this.end();
   }));
@@ -78,19 +78,19 @@ server.listen(0, '127.0.0.1', common.mustCall(function() {
 tls.createServer({
   key: fixtures.readKey('agent2-key.pem'),
   cert: fixtures.readKey('agent2-cert.pem'),
-  ciphers: 'TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_CCM_8_SHA256',
+  ciphers: 'TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384',
   maxVersion: 'TLSv1.3',
 }, common.mustCall(function() {
   this.close();
 })).listen(0, common.mustCall(function() {
   const client = tls.connect({
     port: this.address().port,
-    ciphers: 'TLS_AES_128_CCM_8_SHA256',
+    ciphers: 'TLS_AES_256_GCM_SHA384',
     maxVersion: 'TLSv1.3',
     rejectUnauthorized: false
   }, common.mustCall(() => {
     const cipher = client.getCipher();
-    assert.strictEqual(cipher.name, 'TLS_AES_128_CCM_8_SHA256');
+    assert.strictEqual(cipher.name, 'TLS_AES_256_GCM_SHA384');
     assert.strictEqual(cipher.standardName, cipher.name);
     assert.strictEqual(cipher.version, 'TLSv1.3');
     client.end();