Identify existing tests and build a matrix for new tests

[rday]

Problem

We need a list of existing tests to make sure we don’t lose any coverage with the new framework. Each of these existing tests should have an issue created. We need to track what we are not testing at the same time. This can be done with a matrix.

A tag exists in the public Github repo which identifies new integration tests, and bugs in existing integration tests[0]. We need to make sure these features and bug fixes will be possible to add/fix as we build out the infrastructure.

[0] https://github.com/awslabs/s2n/labels/type%2Fintegration_test

Completion Requirement

• [ ] Each required test (new or existing) must have an issue created
• [ ] To be comprehensive, we should have a table built which gives us an easy way to track tests. This table can be tracked in this issue, or in another location which is easier to manage a test matrix.

	OpenSSL	BoringSSL	LibreSSL
SSLv3	0	0	0
TLS1.0	0	0	0
TLS1.1	0	0	0
TLS1.2	0	0	0
TLS1.3	0	0	0

[zz85]

one of the places to look to review which dimensions are tested is https://github.com/awslabs/s2n/blob/4ce3517eaa716ce8f6756e0dea97f9032bfd4664/tests/integration/s2n_handshake_test_s_client.py#L213 https://github.com/awslabs/s2n/blob/4ce3517eaa716ce8f6756e0dea97f9032bfd4664/tests/integration/s2n_handshake_test_s_client.py#L812

[rday]

Integ test parity in order of priority:

• [x] Dynamic sized record tests (#1838)
• [x] TLS1.3 ciphers/curves/certs (need to take from existing tests) (#1839 #1613 )
• [x] Session resumption - Client TLS1.1 / TLS1.2 / Default - Session ID (#1869)
• [x] Session resumption - Client TLS1.1 / TLS1.2 / Default - Session Ticket (#1869)
• [x] TLS1.3 to TLS1.2 fallback (#1726 #1558 #1443 )
• [x] PQ handshakes (#1973)
• [x] Well Known Endpoints (#1972)
• [x] All available client certs w/ TLS1.0, 1.1, 1.2, 1.3 (#1839 #1613 )
• [x] Signature algorithms test using all digests, Client Auth false, test for supported and unsupported (#1873? #1512?)
• [x] Signature algorithms test all digests, Client Auth true, test for supported and unsupported ((#1873? #1512?)
• [x] SNI match tests (#1974)
• [x] Max Fragment Length Extension (#1975)
• [x] OCSP tests (#2140)
• [x] SSLyze (not a new framework thing, but we need to keep doing this) (#2141)

[goatgoose]

Support for running v2 tests with different libcryptos was added in #3244. Problems with v2 are being tracked in #3246.