cross_compatibility should test more sanity policies

Author: lrstewart

tests/integrationv2/common.py

@@ -511,6 +511,14 @@ class Ciphers(object):
         "PQ-TLS-1-3-2023-06-01", Protocols.TLS12, False, False, s2n=True, pq=True
     )
 
+
+    SECURITY_POLICY_DEFAULT = Cipher(
+        "default", Protocols.TLS12, False, False, s2n=True, pq=False
+    )
+    SECURITY_POLICY_DEFAULT_TLS13 = Cipher(
+        "default_tls13", Protocols.TLS12, False, False, s2n=True, pq=False
+    )
+
     SECURITY_POLICY_20210816 = Cipher(
         "20210816", Protocols.TLS12, False, False, s2n=True, pq=False
     )

tests/integrationv2/providers.py

@@ -177,7 +177,7 @@ def supports_protocol(cls, protocol):
         # SSLv3 cannot be negotiated in FIPS mode with libcryptos other than AWS-LC.
         if all(
             [
-                protocol == Protocols.SSLv3,
+                protocol and protocol == Protocols.SSLv3,
                 get_flag(S2N_FIPS_MODE),
                 "awslc" not in get_flag(S2N_PROVIDER_VERSION),
             ]

tests/integrationv2/test_cross_compatibility.py

@@ -10,11 +10,16 @@
     ALL_TEST_CURVES,
     ALL_TEST_CERTS,
 )
-from common import ProviderOptions, Protocols, data_bytes
+from common import Ciphers, ProviderOptions, Protocols, data_bytes
 from fixtures import managed_process  # lgtm [py/unused-import]
 from providers import Provider, S2N, OpenSSL
 from utils import invalid_test_parameters, get_parameter_name, to_bytes
 
+S2N_TEST_POLICIES = [
+    Ciphers.SECURITY_POLICY_DEFAULT,
+    Ciphers.SECURITY_POLICY_DEFAULT_TLS13,
+]
+
 S2N_RESUMPTION_MARKER = to_bytes("Resumed session")
 CLOSE_MARKER_BYTES = data_bytes(10)
 
@@ -177,10 +182,8 @@ def test_s2n_new_server_old_ticket(
 
 
 @pytest.mark.uncollect_if(func=invalid_test_parameters)
-@pytest.mark.parametrize("cipher", ALL_TEST_CIPHERS, ids=get_parameter_name)
-@pytest.mark.parametrize("curve", ALL_TEST_CURVES, ids=get_parameter_name)
+@pytest.mark.parametrize("cipher", S2N_TEST_POLICIES, ids=get_parameter_name)
 @pytest.mark.parametrize("certificate", ALL_TEST_CERTS, ids=get_parameter_name)
-@pytest.mark.parametrize("protocol", RESUMPTION_PROTOCOLS, ids=get_parameter_name)
 @pytest.mark.parametrize("provider", [S2N], ids=get_parameter_name)
 @pytest.mark.parametrize("other_provider", [S2N], ids=get_parameter_name)
 def test_s2n_old_client_new_ticket(
@@ -246,10 +249,8 @@ def test_s2n_old_client_new_ticket(
 
 
 @pytest.mark.uncollect_if(func=invalid_test_parameters)
-@pytest.mark.parametrize("cipher", ALL_TEST_CIPHERS, ids=get_parameter_name)
-@pytest.mark.parametrize("curve", ALL_TEST_CURVES, ids=get_parameter_name)
+@pytest.mark.parametrize("cipher", S2N_TEST_POLICIES, ids=get_parameter_name)
 @pytest.mark.parametrize("certificate", ALL_TEST_CERTS, ids=get_parameter_name)
-@pytest.mark.parametrize("protocol", RESUMPTION_PROTOCOLS, ids=get_parameter_name)
 @pytest.mark.parametrize("provider", [S2N], ids=get_parameter_name)
 @pytest.mark.parametrize("other_provider", [S2N], ids=get_parameter_name)
 def test_s2n_new_client_old_ticket(