To reliably trigger HRR we must use P-384 group

Otherwise with newer FIPS providers P-256 is the first group supported. Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Tim Hudson <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from openssl#24763)
quictls · Jul 1, 2024 · 0da6d32 · 0da6d32
1 parent 3dc078f
commit 0da6d32
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/test/sslapitest.c b/test/sslapitest.c
@@ -3945,7 +3945,7 @@ static int early_data_skip_helper(int testtype, int cipher, int idx)
         if (!TEST_true(SSL_set1_groups_list(serverssl, "ffdhe3072")))
             goto end;
 #else
-        if (!TEST_true(SSL_set1_groups_list(serverssl, "P-256")))
+        if (!TEST_true(SSL_set1_groups_list(serverssl, "P-384")))
             goto end;
 #endif
     } else if (idx == 2) {
@@ -5560,7 +5560,7 @@ static int test_tls13_psk(int idx)
     if (!TEST_true(SSL_set1_groups_list(serverssl, "ffdhe3072")))
         goto end;
 #else
-    if (!TEST_true(SSL_set1_groups_list(serverssl, "P-256")))
+    if (!TEST_true(SSL_set1_groups_list(serverssl, "P-384")))
         goto end;
 #endif