Fix tests for OTP-25+

test/cowboy_test.erl

@@ -115,7 +115,7 @@ gun_open(Config, Opts) ->
 	{ok, ConnPid} = gun:open("localhost", config(port, Config), Opts#{
 		retry => 0,
 		transport => config(type, Config),
-		tls_opts => proplists:get_value(tls_opts, Config, []),
+		tls_opts => [{versions, ['tlsv1.2']}|proplists:get_value(tls_opts, Config, [])],
 		protocols => [config(protocol, Config)]
 	}),
 	ConnPid.

test/proxy_header_SUITE.erl

@@ -126,7 +126,7 @@ do_proxy_header_https(Config, ProxyInfo) ->
 	{ok, Socket0} = gen_tcp:connect("localhost", config(port, Config),
 		[binary, {active, false}, {packet, raw}]),
 	ok = gen_tcp:send(Socket0, ranch_proxy_header:header(ProxyInfo)),
-	{ok, Socket} = ssl:connect(Socket0, [], 1000),
+	{ok, Socket} = ssl:connect(Socket0, [{versions, ['tlsv1.2']}], 1000),
 	do_proxy_header_http_common({raw_client, Socket, ssl}, ProxyInfo).
 
 do_proxy_header_http_common(Client, ProxyInfo) ->
@@ -151,7 +151,8 @@ do_proxy_header_h2(Config, ProxyInfo) ->
 	{ok, Socket0} = gen_tcp:connect("localhost", config(port, Config),
 		[binary, {active, false}, {packet, raw}]),
 	ok = gen_tcp:send(Socket0, ranch_proxy_header:header(ProxyInfo)),
-	{ok, Socket} = ssl:connect(Socket0, [{alpn_advertised_protocols, [<<"h2">>]}], 1000),
+	{ok, Socket} = ssl:connect(Socket0,
+		[{alpn_advertised_protocols, [<<"h2">>]}, {versions, ['tlsv1.2']}], 1000),
 	do_proxy_header_h2_common({raw_client, Socket, ssl}, ProxyInfo).
 
 do_proxy_header_h2c(Config, ProxyInfo) ->

test/rfc7540_SUITE.erl

@@ -590,7 +590,8 @@ http_upgrade_response_half_closed(Config) ->
 alpn_ignore_h2c(Config) ->
 	doc("An h2c ALPN protocol identifier must be ignored. (RFC7540 3.3)"),
 	{ok, Socket} = ssl:connect("localhost", config(port, Config),
-		[{alpn_advertised_protocols, [<<"h2c">>, <<"http/1.1">>]}, binary, {active, false}]),
+		[{alpn_advertised_protocols, [<<"h2c">>, <<"http/1.1">>]},
+			binary, {active, false}, {versions, ['tlsv1.2']}]),
 	{ok, <<"http/1.1">>} = ssl:negotiated_protocol(Socket),
 	ok.
 
@@ -598,7 +599,8 @@ alpn_server_preface(Config) ->
 	doc("The first frame must be a SETTINGS frame "
 		"for the server connection preface. (RFC7540 3.3, RFC7540 3.5, RFC7540 6.5)"),
 	{ok, Socket} = ssl:connect("localhost", config(port, Config),
-		[{alpn_advertised_protocols, [<<"h2">>]}, binary, {active, false}]),
+		[{alpn_advertised_protocols, [<<"h2">>]},
+			binary, {active, false}, {versions, ['tlsv1.2']}]),
 	{ok, <<"h2">>} = ssl:negotiated_protocol(Socket),
 	%% Receive the server preface.
 	{ok, << _:24, 4:8, 0:40 >>} = ssl:recv(Socket, 9, 1000),
@@ -608,7 +610,8 @@ alpn_client_preface_timeout(Config) ->
 	doc("Clients negotiating HTTP/2 and not sending a preface in "
 		"a timely manner must be disconnected."),
 	{ok, Socket} = ssl:connect("localhost", config(port, Config),
-		[{alpn_advertised_protocols, [<<"h2">>]}, binary, {active, false}]),
+		[{alpn_advertised_protocols, [<<"h2">>]},
+			binary, {active, false}, {versions, ['tlsv1.2']}]),
 	{ok, <<"h2">>} = ssl:negotiated_protocol(Socket),
 	%% Receive the server preface.
 	{ok, << Len:24 >>} = ssl:recv(Socket, 3, 1000),
@@ -621,7 +624,8 @@ alpn_reject_missing_client_preface(Config) ->
 	doc("Servers must treat an invalid connection preface as a "
 		"connection error of type PROTOCOL_ERROR. (RFC7540 3.3, RFC7540 3.5)"),
 	{ok, Socket} = ssl:connect("localhost", config(port, Config),
-		[{alpn_advertised_protocols, [<<"h2">>]}, binary, {active, false}]),
+		[{alpn_advertised_protocols, [<<"h2">>]},
+			binary, {active, false}, {versions, ['tlsv1.2']}]),
 	{ok, <<"h2">>} = ssl:negotiated_protocol(Socket),
 	%% Send a SETTINGS frame directly instead of the proper preface.
 	ok = ssl:send(Socket, cow_http2:settings(#{})),
@@ -636,7 +640,8 @@ alpn_reject_invalid_client_preface(Config) ->
 	doc("Servers must treat an invalid connection preface as a "
 		"connection error of type PROTOCOL_ERROR. (RFC7540 3.3, RFC7540 3.5)"),
 	{ok, Socket} = ssl:connect("localhost", config(port, Config),
-		[{alpn_advertised_protocols, [<<"h2">>]}, binary, {active, false}]),
+		[{alpn_advertised_protocols, [<<"h2">>]},
+			binary, {active, false}, {versions, ['tlsv1.2']}]),
 	{ok, <<"h2">>} = ssl:negotiated_protocol(Socket),
 	%% Send a slightly incorrect preface.
 	ok = ssl:send(Socket, "PRI * HTTP/2.0\r\n\r\nSM: Value\r\n\r\n"),
@@ -651,7 +656,8 @@ alpn_reject_missing_client_preface_settings(Config) ->
 	doc("Servers must treat an invalid connection preface as a "
 		"connection error of type PROTOCOL_ERROR. (RFC7540 3.3, RFC7540 3.5)"),
 	{ok, Socket} = ssl:connect("localhost", config(port, Config),
-		[{alpn_advertised_protocols, [<<"h2">>]}, binary, {active, false}]),
+		[{alpn_advertised_protocols, [<<"h2">>]},
+			binary, {active, false}, {versions, ['tlsv1.2']}]),
 	{ok, <<"h2">>} = ssl:negotiated_protocol(Socket),
 	%% Send a valid preface sequence except followed by a PING instead of a SETTINGS frame.
 	ok = ssl:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", cow_http2:ping(0)]),
@@ -666,7 +672,8 @@ alpn_reject_invalid_client_preface_settings(Config) ->
 	doc("Servers must treat an invalid connection preface as a "
 		"connection error of type PROTOCOL_ERROR. (RFC7540 3.3, RFC7540 3.5)"),
 	{ok, Socket} = ssl:connect("localhost", config(port, Config),
-		[{alpn_advertised_protocols, [<<"h2">>]}, binary, {active, false}]),
+		[{alpn_advertised_protocols, [<<"h2">>]},
+			binary, {active, false}, {versions, ['tlsv1.2']}]),
 	{ok, <<"h2">>} = ssl:negotiated_protocol(Socket),
 	%% Send a valid preface sequence except followed by a badly formed SETTINGS frame.
 	ok = ssl:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", << 0:24, 4:8, 0:9, 1:31 >>]),
@@ -680,7 +687,8 @@ alpn_reject_invalid_client_preface_settings(Config) ->
 alpn_accept_client_preface_empty_settings(Config) ->
 	doc("The SETTINGS frame in the client preface may be empty. (RFC7540 3.3, RFC7540 3.5)"),
 	{ok, Socket} = ssl:connect("localhost", config(port, Config),
-		[{alpn_advertised_protocols, [<<"h2">>]}, binary, {active, false}]),
+		[{alpn_advertised_protocols, [<<"h2">>]},
+			binary, {active, false}, {versions, ['tlsv1.2']}]),
 	{ok, <<"h2">>} = ssl:negotiated_protocol(Socket),
 	%% Send a valid preface sequence except followed by an empty SETTINGS frame.
 	ok = ssl:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", cow_http2:settings(#{})]),
@@ -695,7 +703,8 @@ alpn_client_preface_settings_ack_timeout(Config) ->
 	doc("Failure to acknowledge the server's SETTINGS frame "
 		"results in a SETTINGS_TIMEOUT connection error. (RFC7540 3.5, RFC7540 6.5.3)"),
 	{ok, Socket} = ssl:connect("localhost", config(port, Config),
-		[{alpn_advertised_protocols, [<<"h2">>]}, binary, {active, false}]),
+		[{alpn_advertised_protocols, [<<"h2">>]},
+			binary, {active, false}, {versions, ['tlsv1.2']}]),
 	{ok, <<"h2">>} = ssl:negotiated_protocol(Socket),
 	%% Send a valid preface.
 	ok = ssl:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", cow_http2:settings(#{})]),
@@ -711,7 +720,8 @@ alpn_client_preface_settings_ack_timeout(Config) ->
 alpn(Config) ->
 	doc("Successful ALPN negotiation. (RFC7540 3.3)"),
 	{ok, Socket} = ssl:connect("localhost", config(port, Config),
-		[{alpn_advertised_protocols, [<<"h2">>]}, binary, {active, false}]),
+		[{alpn_advertised_protocols, [<<"h2">>]},
+			binary, {active, false}, {versions, ['tlsv1.2']}]),
 	{ok, <<"h2">>} = ssl:negotiated_protocol(Socket),
 	%% Send a valid preface.
 	%% @todo Use non-empty SETTINGS here. Just because.
@@ -735,7 +745,8 @@ alpn(Config) ->
 
 prior_knowledge_reject_tls(Config) ->
 	doc("Implementations that support HTTP/2 over TLS must use ALPN. (RFC7540 3.4)"),
-	{ok, Socket} = ssl:connect("localhost", config(port, Config), [binary, {active, false}]),
+	{ok, Socket} = ssl:connect("localhost", config(port, Config),
+		[binary, {active, false}, {versions, ['tlsv1.2']}]),
 	%% Send a valid preface.
 	ok = ssl:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", cow_http2:settings(#{})]),
 	%% We expect the server to send an HTTP 400 error

test/sys_SUITE.erl

@@ -109,7 +109,8 @@ bad_system_from_h1(Config) ->
 bad_system_from_h2(Config) ->
 	doc("h2: Sending a system message with a bad From value results in a process crash."),
 	{ok, Socket} = ssl:connect("localhost", config(tls_port, Config),
-		[{active, false}, binary, {alpn_advertised_protocols, [<<"h2">>]}]),
+		[{active, false}, binary, {versions, ['tlsv1.2']},
+			{alpn_advertised_protocols, [<<"h2">>]}]),
 	%% Skip the SETTINGS frame.
 	{ok, <<_,_,_,4,_/bits>>} = ssl:recv(Socket, 0, 1000),
 	timer:sleep(100),
@@ -176,7 +177,8 @@ bad_system_message_h1(Config) ->
 bad_system_message_h2(Config) ->
 	doc("h2: Sending a system message with a bad Request value results in an error."),
 	{ok, Socket} = ssl:connect("localhost", config(tls_port, Config),
-		[{active, false}, binary, {alpn_advertised_protocols, [<<"h2">>]}]),
+		[{active, false}, binary, {versions, ['tlsv1.2']},
+			{alpn_advertised_protocols, [<<"h2">>]}]),
 	%% Skip the SETTINGS frame.
 	{ok, <<_,_,_,4,_/bits>>} = ssl:recv(Socket, 0, 1000),
 	timer:sleep(100),
@@ -252,7 +254,8 @@ good_system_message_h1(Config) ->
 good_system_message_h2(Config) ->
 	doc("h2: System messages are handled properly."),
 	{ok, Socket} = ssl:connect("localhost", config(tls_port, Config),
-		[{active, false}, binary, {alpn_advertised_protocols, [<<"h2">>]}]),
+		[{active, false}, binary, {versions, ['tlsv1.2']},
+			{alpn_advertised_protocols, [<<"h2">>]}]),
 	%% Skip the SETTINGS frame.
 	{ok, <<_,_,_,4,_/bits>>} = ssl:recv(Socket, 0, 1000),
 	timer:sleep(100),
@@ -336,7 +339,8 @@ trap_exit_parent_exit_h2(Config) ->
 	doc("h2: A process trapping exits must stop when receiving "
 		"an 'EXIT' message from its parent."),
 	{ok, Socket} = ssl:connect("localhost", config(tls_port, Config),
-		[{active, false}, binary, {alpn_advertised_protocols, [<<"h2">>]}]),
+		[{active, false}, binary, {versions, ['tlsv1.2']},
+			{alpn_advertised_protocols, [<<"h2">>]}]),
 	%% Skip the SETTINGS frame.
 	{ok, <<_,_,_,4,_/bits>>} = ssl:recv(Socket, 0, 1000),
 	timer:sleep(100),
@@ -408,7 +412,8 @@ trap_exit_other_exit_h2(Config) ->
 	doc("h2: A process trapping exits must ignore "
 		"'EXIT' messages from unknown processes."),
 	{ok, Socket} = ssl:connect("localhost", config(tls_port, Config),
-		[{active, false}, binary, {alpn_advertised_protocols, [<<"h2">>]}]),
+		[{active, false}, binary, {versions, ['tlsv1.2']},
+			{alpn_advertised_protocols, [<<"h2">>]}]),
 	do_http2_handshake(Socket),
 	Pid = get_remote_pid_tls(Socket),
 	Pid ! {'EXIT', self(), {shutdown, ?MODULE}},
@@ -526,7 +531,8 @@ sys_change_code_h1(Config) ->
 sys_change_code_h2(Config) ->
 	doc("h2: The sys:change_code/4 function works as expected."),
 	{ok, Socket} = ssl:connect("localhost", config(tls_port, Config),
-		[{active, false}, binary, {alpn_advertised_protocols, [<<"h2">>]}]),
+		[{active, false}, binary, {versions, ['tlsv1.2']},
+			{alpn_advertised_protocols, [<<"h2">>]}]),
 	do_http2_handshake(Socket),
 	Pid = get_remote_pid_tls(Socket),
 	%% Suspend the process and try to get a request in. The
@@ -609,7 +615,8 @@ sys_get_state_h1(Config) ->
 sys_get_state_h2(Config) ->
 	doc("h2: The sys:get_state/1 function works as expected."),
 	{ok, Socket} = ssl:connect("localhost", config(tls_port, Config),
-		[{active, false}, binary, {alpn_advertised_protocols, [<<"h2">>]}]),
+		[{active, false}, binary, {versions, ['tlsv1.2']},
+			{alpn_advertised_protocols, [<<"h2">>]}]),
 	%% Skip the SETTINGS frame.
 	{ok, <<_,_,_,4,_/bits>>} = ssl:recv(Socket, 0, 1000),
 	timer:sleep(100),
@@ -671,7 +678,8 @@ sys_get_status_h1(Config) ->
 sys_get_status_h2(Config) ->
 	doc("h2: The sys:get_status/1 function works as expected."),
 	{ok, Socket} = ssl:connect("localhost", config(tls_port, Config),
-		[{active, false}, binary, {alpn_advertised_protocols, [<<"h2">>]}]),
+		[{active, false}, binary, {versions, ['tlsv1.2']},
+			{alpn_advertised_protocols, [<<"h2">>]}]),
 	%% Skip the SETTINGS frame.
 	{ok, <<_,_,_,4,_/bits>>} = ssl:recv(Socket, 0, 1000),
 	timer:sleep(100),
@@ -732,7 +740,8 @@ sys_replace_state_h1(Config) ->
 sys_replace_state_h2(Config) ->
 	doc("h2: The sys:replace_state/2 function works as expected."),
 	{ok, Socket} = ssl:connect("localhost", config(tls_port, Config),
-		[{active, false}, binary, {alpn_advertised_protocols, [<<"h2">>]}]),
+		[{active, false}, binary, {versions, ['tlsv1.2']},
+			{alpn_advertised_protocols, [<<"h2">>]}]),
 	%% Skip the SETTINGS frame.
 	{ok, <<_,_,_,4,_/bits>>} = ssl:recv(Socket, 0, 1000),
 	timer:sleep(100),
@@ -801,7 +810,8 @@ sys_suspend_and_resume_h1(Config) ->
 sys_suspend_and_resume_h2(Config) ->
 	doc("h2: The sys:suspend/1 and sys:resume/1 functions work as expected."),
 	{ok, Socket} = ssl:connect("localhost", config(tls_port, Config),
-		[{active, false}, binary, {alpn_advertised_protocols, [<<"h2">>]}]),
+		[{active, false}, binary, {versions, ['tlsv1.2']},
+			{alpn_advertised_protocols, [<<"h2">>]}]),
 	do_http2_handshake(Socket),
 	Pid = get_remote_pid_tls(Socket),
 	%% Suspend the process and try to get a request in. The
@@ -880,7 +890,8 @@ sys_terminate_h1(Config) ->
 sys_terminate_h2(Config) ->
 	doc("h2: The sys:terminate/2,3 function works as expected."),
 	{ok, Socket} = ssl:connect("localhost", config(tls_port, Config),
-		[{active, false}, binary, {alpn_advertised_protocols, [<<"h2">>]}]),
+		[{active, false}, binary, {versions, ['tlsv1.2']},
+			{alpn_advertised_protocols, [<<"h2">>]}]),
 	%% Skip the SETTINGS frame.
 	{ok, <<_,_,_,4,_/bits>>} = ssl:recv(Socket, 0, 1000),
 	timer:sleep(100),
@@ -983,7 +994,8 @@ supervisor_count_children_h1(Config) ->
 supervisor_count_children_h2(Config) ->
 	doc("h2: The function supervisor:count_children/1 must work."),
 	{ok, Socket} = ssl:connect("localhost", config(tls_port, Config),
-		[{active, false}, binary, {alpn_advertised_protocols, [<<"h2">>]}]),
+		[{active, false}, binary, {versions, ['tlsv1.2']},
+			{alpn_advertised_protocols, [<<"h2">>]}]),
 	do_http2_handshake(Socket),
 	Pid = get_remote_pid_tls(Socket),
 	%% No request was sent so there's no children.
@@ -1055,7 +1067,8 @@ supervisor_delete_child_not_found_h1(Config) ->
 supervisor_delete_child_not_found_h2(Config) ->
 	doc("h2: The function supervisor:delete_child/2 must return {error, not_found}."),
 	{ok, Socket} = ssl:connect("localhost", config(tls_port, Config),
-		[{active, false}, binary, {alpn_advertised_protocols, [<<"h2">>]}]),
+		[{active, false}, binary, {versions, ['tlsv1.2']},
+			{alpn_advertised_protocols, [<<"h2">>]}]),
 	do_http2_handshake(Socket),
 	Pid = get_remote_pid_tls(Socket),
 	%% When no children exist.
@@ -1114,7 +1127,8 @@ supervisor_get_childspec_not_found_h1(Config) ->
 supervisor_get_childspec_not_found_h2(Config) ->
 	doc("h2: The function supervisor:get_childspec/2 must return {error, not_found}."),
 	{ok, Socket} = ssl:connect("localhost", config(tls_port, Config),
-		[{active, false}, binary, {alpn_advertised_protocols, [<<"h2">>]}]),
+		[{active, false}, binary, {versions, ['tlsv1.2']},
+			{alpn_advertised_protocols, [<<"h2">>]}]),
 	do_http2_handshake(Socket),
 	Pid = get_remote_pid_tls(Socket),
 	%% When no children exist.
@@ -1173,7 +1187,8 @@ supervisor_restart_child_not_found_h1(Config) ->
 supervisor_restart_child_not_found_h2(Config) ->
 	doc("h2: The function supervisor:restart_child/2 must return {error, not_found}."),
 	{ok, Socket} = ssl:connect("localhost", config(tls_port, Config),
-		[{active, false}, binary, {alpn_advertised_protocols, [<<"h2">>]}]),
+		[{active, false}, binary, {versions, ['tlsv1.2']},
+			{alpn_advertised_protocols, [<<"h2">>]}]),
 	do_http2_handshake(Socket),
 	Pid = get_remote_pid_tls(Socket),
 	%% When no children exist.
@@ -1227,7 +1242,8 @@ supervisor_start_child_not_found_h1(Config) ->
 supervisor_start_child_not_found_h2(Config) ->
 	doc("h2: The function supervisor:start_child/2 must return {error, start_child_disabled}."),
 	{ok, Socket} = ssl:connect("localhost", config(tls_port, Config),
-		[{active, false}, binary, {alpn_advertised_protocols, [<<"h2">>]}]),
+		[{active, false}, binary, {versions, ['tlsv1.2']},
+			{alpn_advertised_protocols, [<<"h2">>]}]),
 	do_http2_handshake(Socket),
 	Pid = get_remote_pid_tls(Socket),
 	{error, start_child_disabled} = supervisor:start_child(Pid, #{
@@ -1281,7 +1297,8 @@ supervisor_terminate_child_not_found_h1(Config) ->
 supervisor_terminate_child_not_found_h2(Config) ->
 	doc("h2: The function supervisor:terminate_child/2 must return {error, not_found}."),
 	{ok, Socket} = ssl:connect("localhost", config(tls_port, Config),
-		[{active, false}, binary, {alpn_advertised_protocols, [<<"h2">>]}]),
+		[{active, false}, binary, {versions, ['tlsv1.2']},
+			{alpn_advertised_protocols, [<<"h2">>]}]),
 	do_http2_handshake(Socket),
 	Pid = get_remote_pid_tls(Socket),
 	%% When no children exist.
@@ -1344,7 +1361,8 @@ supervisor_which_children_h1(Config) ->
 supervisor_which_children_h2(Config) ->
 	doc("h2: The function supervisor:which_children/1 must work."),
 	{ok, Socket} = ssl:connect("localhost", config(tls_port, Config),
-		[{active, false}, binary, {alpn_advertised_protocols, [<<"h2">>]}]),
+		[{active, false}, binary, {versions, ['tlsv1.2']},
+			{alpn_advertised_protocols, [<<"h2">>]}]),
 	do_http2_handshake(Socket),
 	Pid = get_remote_pid_tls(Socket),
 	%% No request was sent so there's no children.