1 files changed, 44 insertions, 19 deletions
diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
index 3b281d1078..bd3816378e 100644
--- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
+++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
@@ -42,6 +42,8 @@
 #include <QtNetwork/qtcpserver.h>
 #include <QtNetwork/qsslpresharedkeyauthenticator.h>
 
+#include <QtTest/private/qemulationdetector_p.h>
+
 #include <QTest>
 #include <QNetworkProxy>
 #include <QAuthenticator>
@@ -1556,24 +1558,20 @@ void tst_QSslSocket::protocolServerSide_data()
     QTest::addColumn<QSsl::SslProtocol>("clientProtocol");
     QTest::addColumn<bool>("works");
 
-    QTest::newRow("tls1.0-tls1.0") << QSsl::TlsV1_0 << QSsl::TlsV1_0 << true;
     QTest::newRow("any-any") << QSsl::AnyProtocol << QSsl::AnyProtocol << true;
     QTest::newRow("secure-secure") << QSsl::SecureProtocols << QSsl::SecureProtocols << true;
 
-    QTest::newRow("tls1.0-secure") << QSsl::TlsV1_0 << QSsl::SecureProtocols << true;
-    QTest::newRow("tls1.0-any") << QSsl::TlsV1_0 << QSsl::AnyProtocol << true;
+    const bool tls1Works = !isTestingOpenSsl || (QSslSocket::sslLibraryVersionNumber() >> 28 < 3);
 
-    QTest::newRow("secure-tls1.0") << QSsl::SecureProtocols << QSsl::TlsV1_0 << true;
+    QTest::newRow("tls1.0-secure") << QSsl::TlsV1_0 << QSsl::SecureProtocols << tls1Works;
+    QTest::newRow("secure-tls1.0") << QSsl::SecureProtocols << QSsl::TlsV1_0 << tls1Works;
     QTest::newRow("secure-any") << QSsl::SecureProtocols << QSsl::AnyProtocol << true;
 
-    QTest::newRow("tls1.0orlater-tls1.0") << QSsl::TlsV1_0OrLater << QSsl::TlsV1_0 << true;
-    QTest::newRow("tls1.0orlater-tls1.1") << QSsl::TlsV1_0OrLater << QSsl::TlsV1_1 << true;
     QTest::newRow("tls1.0orlater-tls1.2") << QSsl::TlsV1_0OrLater << QSsl::TlsV1_2 << true;
     if (supportsTls13())
         QTest::newRow("tls1.0orlater-tls1.3") << QSsl::TlsV1_0OrLater << QSsl::TlsV1_3 << true;
 
     QTest::newRow("tls1.1orlater-tls1.0") << QSsl::TlsV1_1OrLater << QSsl::TlsV1_0 << false;
-    QTest::newRow("tls1.1orlater-tls1.1") << QSsl::TlsV1_1OrLater << QSsl::TlsV1_1 << true;
     QTest::newRow("tls1.1orlater-tls1.2") << QSsl::TlsV1_1OrLater << QSsl::TlsV1_2 << true;
 
     if (supportsTls13())
@@ -1590,7 +1588,6 @@ void tst_QSslSocket::protocolServerSide_data()
         QTest::newRow("tls1.3orlater-tls1.3") << QSsl::TlsV1_3OrLater << QSsl::TlsV1_3 << true;
     }
 
-    QTest::newRow("any-tls1.0") << QSsl::AnyProtocol << QSsl::TlsV1_0 << true;
     QTest::newRow("any-secure") << QSsl::AnyProtocol << QSsl::SecureProtocols << true;
 }
 
@@ -1658,10 +1655,28 @@ void tst_QSslSocket::serverCipherPreferences()
     if (setProxy)
         return;
 
-    // First using the default (server preference)
+    QSslCipher testedCiphers[2];
     {
+        // First using the default (server preference)
+        const auto supportedCiphers = QSslConfiguration::supportedCiphers();
+        int nSet = 0;
+        for (const auto &cipher : supportedCiphers) {
+            // Ciphersuites from TLS 1.2 and 1.3 are set separately,
+            // let's select 1.3 or above explicitly.
+            if (cipher.protocol() < QSsl::TlsV1_3)
+                continue;
+
+            testedCiphers[nSet++] = cipher;
+            if (nSet == 2)
+                break;
+        }
+
+        if (nSet != 2)
+            QSKIP("Failed to find two proper ciphersuites to test, bailing out.");
+
         SslServer server;
-        server.ciphers = {QSslCipher("AES128-SHA"), QSslCipher("AES256-SHA")};
+        server.protocol = QSsl::TlsV1_2OrLater;
+        server.ciphers = {testedCiphers[0], testedCiphers[1]};
         QVERIFY(server.listen());
 
         QEventLoop loop;
@@ -1671,7 +1686,8 @@ void tst_QSslSocket::serverCipherPreferences()
         socket = &client;
 
         auto sslConfig = socket->sslConfiguration();
-        sslConfig.setCiphers({QSslCipher("AES256-SHA"), QSslCipher("AES128-SHA")});
+        sslConfig.setProtocol(QSsl::TlsV1_2OrLater);
+        sslConfig.setCiphers({testedCiphers[1], testedCiphers[0]});
         socket->setSslConfiguration(sslConfig);
 
         // upon SSL wrong version error, errorOccurred will be triggered, not sslErrors
@@ -1684,16 +1700,19 @@ void tst_QSslSocket::serverCipherPreferences()
         loop.exec();
 
         QVERIFY(client.isEncrypted());
-        QCOMPARE(client.sessionCipher().name(), QString("AES128-SHA"));
+        QCOMPARE(client.sessionCipher().name(), testedCiphers[0].name());
     }
 
     {
+        if (QTestPrivate::isRunningArmOnX86())
+            QSKIP("This test is known to crash on QEMU emulation for no good reason.");
         // Now using the client preferences
         SslServer server;
         QSslConfiguration config = QSslConfiguration::defaultConfiguration();
         config.setSslOption(QSsl::SslOptionDisableServerCipherPreference, true);
         server.config = config;
-        server.ciphers = {QSslCipher("AES128-SHA"), QSslCipher("AES256-SHA")};
+        server.protocol = QSsl::TlsV1_2OrLater;
+        server.ciphers = {testedCiphers[0], testedCiphers[1]};
         QVERIFY(server.listen());
 
         QEventLoop loop;
@@ -1703,7 +1722,8 @@ void tst_QSslSocket::serverCipherPreferences()
         socket = &client;
 
         auto sslConfig = socket->sslConfiguration();
-        sslConfig.setCiphers({QSslCipher("AES256-SHA"), QSslCipher("AES128-SHA")});
+        sslConfig.setProtocol(QSsl::TlsV1_2OrLater);
+        sslConfig.setCiphers({testedCiphers[1], testedCiphers[0]});
         socket->setSslConfiguration(sslConfig);
 
         // upon SSL wrong version error, errorOccurred will be triggered, not sslErrors
@@ -1716,7 +1736,7 @@ void tst_QSslSocket::serverCipherPreferences()
         loop.exec();
 
         QVERIFY(client.isEncrypted());
-        QCOMPARE(client.sessionCipher().name(), QString("AES256-SHA"));
+        QCOMPARE(client.sessionCipher().name(), testedCiphers[1].name());
     }
 }
 
@@ -1798,8 +1818,10 @@ void tst_QSslSocket::setLocalCertificateChain()
     }
 
     QCOMPARE(chain.size(), 2);
-    QCOMPARE(chain[0].serialNumber(), QByteArray("10:a0:ad:77:58:f6:6e:ae:46:93:a3:43:f9:59:8a:9e"));
-    QCOMPARE(chain[1].serialNumber(), QByteArray("3b:eb:99:c5:ea:d8:0b:5d:0b:97:5d:4f:06:75:4b:e1"));
+    QCOMPARE(chain[0].serialNumber(),
+             QByteArray("58:df:33:c1:9b:bc:c5:51:7a:00:86:64:43:94:41:e2:26:ef:3f:89"));
+    QCOMPARE(chain[1].serialNumber(),
+             QByteArray("11:72:34:bc:21:e6:ca:04:24:13:f8:35:48:84:a6:e9:de:96:22:15"));
 }
 
 void tst_QSslSocket::tlsConfiguration()
@@ -3621,6 +3643,7 @@ void tst_QSslSocket::verifyClientCertificate()
     }
 
     SslServer server;
+    server.protocol = QSsl::TlsV1_2;
     server.addCaCertificates = testDataDir + "certs/bogus-ca.crt";
     server.ignoreSslErrors = false;
     server.peerVerifyMode = peerVerifyMode;
@@ -4535,13 +4558,15 @@ void tst_QSslSocket::oldErrorsOnSocketReuse()
     if (setProxy)
         return; // not relevant
     SslServer server;
-    server.protocol = QSsl::TlsV1_1;
+    if (!isTestingOpenSsl)
+        server.protocol = QSsl::TlsV1_1;
     server.m_certFile = testDataDir + "certs/fluke.cert";
     server.m_keyFile = testDataDir + "certs/fluke.key";
     QVERIFY(server.listen(QHostAddress::SpecialAddress::LocalHost));
 
     QSslSocket socket;
-    socket.setProtocol(QSsl::TlsV1_1);
+    if (!isTestingOpenSsl)
+        socket.setProtocol(QSsl::TlsV1_1);
     QList<QSslError> errorList;
     auto connection = connect(&socket, QOverload<const QList<QSslError> &>::of(&QSslSocket::sslErrors),
         [&socket, &errorList](const QList<QSslError> &errors) {