tests: skip RENEGOTIATION-INFO SCSV in record_size cipher loop

julek-wolfssl · julek-wolfssl · commit 7930892629da · 2026-05-14T14:05:42.000+02:00
TLS_EMPTY_RENEGOTIATION_INFO_SCSV appears in GetCipherNames() when
HAVE_RENEGOTIATION_INDICATION is set. It is a signaling value, not a
real suite; set_cipher_list accepts it but the handshake rejects it
with UNSUPPORTED_SUITE. Add it to record_size_skip_cipher's deny list.
diff --git a/tests/api/test_tls.c b/tests/api/test_tls.c
@@ -1128,9 +1128,11 @@ int test_tls12_peerauth_failsafe(void)
 static int record_size_skip_cipher(const char *name)
 {
     /* "ECDH-" matches static-ECDH ciphers ("ECDH-RSA-*", "ECDH-ECDSA-*")
-     * and not ECDHE-* because of the trailing '-'. */
+     * and not ECDHE-* because of the trailing '-'. RENEGOTIATION-INFO is the
+     * TLS_EMPTY_RENEGOTIATION_INFO_SCSV signaling value, not a real cipher. */
     static const char* const deny[] = {
-        "PSK", "SRP", "ANON", "NULL", "ECDSA", "ECDH-", "SM"
+        "PSK", "SRP", "ANON", "NULL", "ECDSA", "ECDH-", "SM",
+        "RENEGOTIATION-INFO"
     };
     size_t i;
     for (i = 0; i < XELEM_CNT(deny); i++) {
