Merge branch 'main' into dependabot/github_actions/dot-github/workflo…

…ws/aws-actions/configure-aws-credentials-4.0.2

.github/workflows/ci_linting.yml

@@ -101,7 +101,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: nixbuild/nix-quick-install-action@v21
+      - uses: nixbuild/nix-quick-install-action@v29
         with:
           nix_conf: experimental-features = nix-command flakes
       - name: nix flake check
@@ -110,7 +110,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: nixbuild/nix-quick-install-action@v21
+      - uses: nixbuild/nix-quick-install-action@v29
         with:
           nix_conf: experimental-features = nix-command flakes
       - name: nix fmt

.github/workflows/team_label.yml

@@ -11,7 +11,7 @@ jobs:
   team-labeler:
     runs-on: ubuntu-latest
     steps:
-      - uses: JulienKode/team-labeler-action@v0.1.1
+      - uses: JulienKode/team-labeler-action@v1.3
         with:
           repo-token: "${{ secrets.GITHUB_TOKEN }}"
 

bindings/rust/s2n-tls-hyper/tests/common/echo.rs

@@ -17,7 +17,7 @@ async fn echo(
     Ok(Response::new(req.into_body().boxed()))
 }
 
-async fn serve_echo<B>(
+pub async fn serve_echo<B>(
     tcp_listener: TcpListener,
     builder: B,
 ) -> Result<(), Box<dyn Error + Send + Sync>>

bindings/rust/s2n-tls-hyper/tests/common/mod.rs

@@ -6,10 +6,9 @@ use s2n_tls::{callbacks::VerifyHostNameCallback, config, error::Error, security:
 pub mod echo;
 
 /// NOTE: this certificate and key are used for testing purposes only!
-pub static CERT_PEM: &[u8] =
+pub const CERT_PEM: &[u8] =
     include_bytes!(concat!(env!("CARGO_MANIFEST_DIR"), "/../certs/cert.pem"));
-pub static KEY_PEM: &[u8] =
-    include_bytes!(concat!(env!("CARGO_MANIFEST_DIR"), "/../certs/key.pem"));
+pub const KEY_PEM: &[u8] = include_bytes!(concat!(env!("CARGO_MANIFEST_DIR"), "/../certs/key.pem"));
 
 pub fn config() -> Result<config::Builder, Error> {
     let mut builder = config::Config::builder();

bindings/rust/s2n-tls-hyper/tests/http.rs

@@ -3,15 +3,19 @@
 
 use crate::common::InsecureAcceptAllCertificatesHandler;
 use bytes::Bytes;
+use common::echo::serve_echo;
 use http::{Method, Request, Uri};
 use http_body_util::{BodyExt, Empty, Full};
 use hyper_util::{client::legacy::Client, rt::TokioExecutor};
 use s2n_tls::{
     callbacks::{ClientHelloCallback, ConnectionFuture},
+    config,
     connection::Connection,
+    security::DEFAULT_TLS13,
 };
 use s2n_tls_hyper::connector::HttpsConnector;
 use std::{error::Error, pin::Pin, str::FromStr};
+use tokio::{net::TcpListener, task::JoinHandle};
 
 pub mod common;
 
@@ -138,3 +142,76 @@ async fn test_sni() -> Result<(), Box<dyn Error + Send + Sync>> {
 
     Ok(())
 }
+
+/// This test covers the general customer TLS Error experience. We want to
+/// confirm that s2n-tls errors are correctly bubbled up and that details can be
+/// extracted/matched on.
+#[tokio::test]
+async fn error_matching() -> Result<(), Box<dyn Error + Send + Sync>> {
+    let (server_task, addr) = {
+        let listener = TcpListener::bind("127.0.0.1:0").await?;
+        let addr = listener.local_addr()?;
+        let server_task = tokio::spawn(serve_echo(listener, common::config()?.build()?));
+        (server_task, addr)
+    };
+
+    let client_task: JoinHandle<Result<(), Box<dyn Error + Send + Sync>>> =
+        tokio::spawn(async move {
+            // the client config won't trust the self-signed cert that the server
+            // uses.
+            let client_config = {
+                let mut builder = config::Config::builder();
+                builder.set_security_policy(&DEFAULT_TLS13)?;
+                builder.set_max_blinding_delay(0)?;
+                builder.build()?
+            };
+
+            let connector = HttpsConnector::new(client_config);
+            let client: Client<_, Empty<Bytes>> =
+                Client::builder(TokioExecutor::new()).build(connector);
+
+            let uri = Uri::from_str(format!("https://localhost:{}", addr.port()).as_str())?;
+            client.get(uri).await?;
+
+            panic!("the client request should fail");
+        });
+
+    // expected error:
+    // hyper_util::client::legacy::Error(
+    //     Connect,
+    //     TlsError(
+    //         Error {
+    //             code: 335544366,
+    //             name: "S2N_ERR_CERT_UNTRUSTED",
+    //             message: "Certificate is untrusted",
+    //             kind: ProtocolError,
+    //             source: Library,
+    //             debug: "Error encountered in lib/tls/s2n_x509_validator.c:721",
+    //             errno: "No such file or directory",
+    //         },
+    //     ),
+    // )
+    let client_response = client_task.await?;
+    let client_error = client_response.unwrap_err();
+    let hyper_error: &hyper_util::client::legacy::Error = client_error.downcast_ref().unwrap();
+
+    // the error happened when attempting to connect to the endpoint.
+    assert!(hyper_error.is_connect());
+
+    let error_source = hyper_error.source().unwrap();
+    let s2n_tls_hyper_error: &s2n_tls_hyper::error::Error = error_source.downcast_ref().unwrap();
+
+    let s2n_tls_error = match s2n_tls_hyper_error {
+        s2n_tls_hyper::error::Error::TlsError(s2n_tls_error) => s2n_tls_error,
+        _ => panic!("unexpected error type"),
+    };
+
+    assert_eq!(
+        s2n_tls_error.kind(),
+        s2n_tls::error::ErrorType::ProtocolError
+    );
+    assert_eq!(s2n_tls_error.name(), "S2N_ERR_CERT_UNTRUSTED");
+
+    server_task.abort();
+    Ok(())
+}

tests/fuzz/s2n_certificate_extensions_parse_test.c

@@ -49,14 +49,6 @@ static uint8_t verify_host_accept_everything(const char *host_name, size_t host_
 /* This test is for TLS versions 1.3 and up only */
 static const uint8_t TLS_VERSIONS[] = {S2N_TLS13};
 
-int s2n_fuzz_init(int *argc, char **argv[])
-{
-    /* Initialize the trust store */
-    POSIX_GUARD_RESULT(s2n_config_testing_defaults_init_tls13_certs());
-    POSIX_GUARD(s2n_enable_tls13_in_test());
-    return S2N_SUCCESS;
-}
-
 int s2n_fuzz_test(const uint8_t *buf, size_t len)
 {
     /* We need at least one byte of input to set parameters */
@@ -67,8 +59,13 @@ int s2n_fuzz_test(const uint8_t *buf, size_t len)
     POSIX_GUARD(s2n_stuffer_alloc(&fuzz_stuffer, len));
     POSIX_GUARD(s2n_stuffer_write_bytes(&fuzz_stuffer, buf, len));
 
+    DEFER_CLEANUP(struct s2n_config *config = s2n_config_new(), s2n_config_ptr_free);
+    EXPECT_NOT_NULL(config);
+    POSIX_GUARD(s2n_config_set_cipher_preferences(config, "20240503"));
+
     struct s2n_connection *client_conn = s2n_connection_new(S2N_CLIENT);
     POSIX_ENSURE_REF(client_conn);
+    POSIX_GUARD(s2n_connection_set_config(client_conn, config));
 
     /* Pull a byte off the libfuzzer input and use it to set parameters */
     uint8_t randval = 0;
@@ -115,4 +112,4 @@ int s2n_fuzz_test(const uint8_t *buf, size_t len)
     return S2N_SUCCESS;
 }
 
-S2N_FUZZ_TARGET(s2n_fuzz_init, s2n_fuzz_test, NULL)
+S2N_FUZZ_TARGET(NULL, s2n_fuzz_test, NULL)

tests/unit/s2n_alerts_protocol_test.c

@@ -479,13 +479,13 @@ int main(int argc, char **argv)
                 s2n_connection_ptr_free);
         EXPECT_SUCCESS(s2n_connection_set_blinding(server, S2N_SELF_SERVICE_BLINDING));
         EXPECT_SUCCESS(s2n_connection_set_config(server, config));
-        EXPECT_SUCCESS(s2n_connection_set_cipher_preferences(server, "default"));
+        EXPECT_SUCCESS(s2n_connection_set_cipher_preferences(server, "20240501"));
 
         DEFER_CLEANUP(struct s2n_connection *client = s2n_connection_new(S2N_CLIENT),
                 s2n_connection_ptr_free);
         EXPECT_SUCCESS(s2n_connection_set_blinding(client, S2N_SELF_SERVICE_BLINDING));
         EXPECT_SUCCESS(s2n_connection_set_config(client, config));
-        EXPECT_SUCCESS(s2n_connection_set_cipher_preferences(client, "default"));
+        EXPECT_SUCCESS(s2n_connection_set_cipher_preferences(client, "20240501"));
 
         DEFER_CLEANUP(struct s2n_test_io_stuffer_pair io_pair = { 0 }, s2n_io_stuffer_pair_free);
         EXPECT_OK(s2n_io_stuffer_pair_init(&io_pair));

tests/unit/s2n_client_hello_request_test.c

@@ -76,13 +76,13 @@ int main(int argc, char **argv)
 
     DEFER_CLEANUP(struct s2n_config *config = s2n_config_new(), s2n_config_ptr_free);
     EXPECT_NOT_NULL(config);
-    EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, "default"));
+    EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, "20240501"));
     EXPECT_SUCCESS(s2n_config_set_unsafe_for_testing(config));
     EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(config, chain_and_key));
 
     DEFER_CLEANUP(struct s2n_config *config_with_reneg_cb = s2n_config_new(), s2n_config_ptr_free);
     EXPECT_NOT_NULL(config_with_reneg_cb);
-    EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config_with_reneg_cb, "default"));
+    EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config_with_reneg_cb, "20240501"));
     EXPECT_SUCCESS(s2n_config_set_unsafe_for_testing(config_with_reneg_cb));
     EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(config_with_reneg_cb, chain_and_key));
     EXPECT_SUCCESS(s2n_config_set_renegotiate_request_cb(config_with_reneg_cb, s2n_test_reneg_req_cb, NULL));
@@ -167,7 +167,7 @@ int main(int argc, char **argv)
     {
         DEFER_CLEANUP(struct s2n_config *config_with_warns = s2n_config_new(), s2n_config_ptr_free);
         EXPECT_NOT_NULL(config_with_warns);
-        EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config_with_warns, "default"));
+        EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config_with_warns, "20240501"));
         EXPECT_SUCCESS(s2n_config_set_unsafe_for_testing(config_with_warns));
         EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(config_with_warns, chain_and_key));
         EXPECT_SUCCESS(s2n_config_set_alert_behavior(config_with_warns, S2N_ALERT_IGNORE_WARNINGS));

tests/unit/s2n_client_hello_test.c

@@ -759,7 +759,7 @@ int main(int argc, char **argv)
             struct s2n_connection *conn = NULL;
             EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_CLIENT));
             EXPECT_SUCCESS(s2n_connection_set_config(conn, config));
-            EXPECT_SUCCESS(s2n_connection_set_cipher_preferences(conn, "default"));
+            EXPECT_SUCCESS(s2n_connection_set_cipher_preferences(conn, "20240501"));
 
             const struct s2n_security_policy *security_policy = NULL;
             POSIX_GUARD(s2n_connection_get_security_policy(conn, &security_policy));

tests/unit/s2n_connection_serialize_test.c

@@ -78,6 +78,7 @@ int main(int argc, char **argv)
             S2N_DEFAULT_TEST_CERT_CHAIN, S2N_DEFAULT_TEST_PRIVATE_KEY));
 
     DEFER_CLEANUP(struct s2n_config *tls12_config = s2n_config_new(), s2n_config_ptr_free);
+    EXPECT_SUCCESS(s2n_config_set_cipher_preferences(tls12_config, "20240501"));
     EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(tls12_config, chain_and_key));
     EXPECT_SUCCESS(s2n_config_disable_x509_verification(tls12_config));
     EXPECT_SUCCESS(s2n_config_set_serialization_version(tls12_config, S2N_SERIALIZED_CONN_V1));
@@ -594,6 +595,7 @@ int main(int argc, char **argv)
     /* Self-talk: Test interaction between TLS1.2 session resumption and serialization */
     {
         DEFER_CLEANUP(struct s2n_config *resumption_config = s2n_config_new(), s2n_config_ptr_free);
+        EXPECT_SUCCESS(s2n_config_set_cipher_preferences(resumption_config, "20240501"));
         EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(resumption_config, chain_and_key));
         EXPECT_SUCCESS(s2n_config_disable_x509_verification(resumption_config));
         EXPECT_SUCCESS(s2n_config_set_serialization_version(resumption_config, S2N_SERIALIZED_CONN_V1));

tests/unit/s2n_extended_master_secret_test.c

@@ -157,7 +157,7 @@ int main(int argc, char **argv)
         EXPECT_NOT_NULL(config);
 
         /* TLS1.2 cipher preferences */
-        EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, "default"));
+        EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, "20240501"));
         EXPECT_SUCCESS(s2n_config_set_unsafe_for_testing(config));
         struct s2n_cert_chain_and_key *chain_and_key = NULL;
         EXPECT_SUCCESS(s2n_test_cert_chain_and_key_new(&chain_and_key,
@@ -208,7 +208,7 @@ int main(int argc, char **argv)
         struct s2n_config *config = s2n_config_new();
         EXPECT_NOT_NULL(config);
 
-        EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, "default"));
+        EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, "20240501"));
         EXPECT_SUCCESS(s2n_config_set_unsafe_for_testing(config));
         struct s2n_cert_chain_and_key *chain_and_key = NULL;
         EXPECT_SUCCESS(s2n_test_cert_chain_and_key_new(&chain_and_key,
@@ -253,7 +253,7 @@ int main(int argc, char **argv)
         struct s2n_config *config = s2n_config_new();
         EXPECT_NOT_NULL(config);
 
-        EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, "default"));
+        EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, "20240501"));
         EXPECT_SUCCESS(s2n_config_set_unsafe_for_testing(config));
         struct s2n_cert_chain_and_key *chain_and_key = NULL;
         EXPECT_SUCCESS(s2n_test_cert_chain_and_key_new(&chain_and_key,

tests/unit/s2n_renegotiate_io_test.c

@@ -61,7 +61,7 @@ int main(int argc, char *argv[])
     EXPECT_NOT_NULL(config);
     EXPECT_SUCCESS(s2n_config_set_unsafe_for_testing(config));
     EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(config, chain_and_key));
-    EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, "default"));
+    EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, "20240501"));
 
     uint8_t app_data[] = "test application data";
 

tests/unit/s2n_renegotiate_test.c

@@ -80,7 +80,7 @@ int main(int argc, char *argv[])
     EXPECT_NOT_NULL(config);
     EXPECT_SUCCESS(s2n_config_set_unsafe_for_testing(config));
     EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(config, chain_and_key));
-    EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, "default"));
+    EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, "20240501"));
 
     uint8_t app_data[] = "smaller hello world";
     uint8_t large_app_data[S2N_TLS_MAXIMUM_FRAGMENT_LENGTH] = "hello world and a lot of zeroes";
@@ -275,15 +275,15 @@ int main(int argc, char *argv[])
             EXPECT_NOT_NULL(small_frag_config);
             EXPECT_SUCCESS(s2n_config_set_unsafe_for_testing(small_frag_config));
             EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(small_frag_config, chain_and_key));
-            EXPECT_SUCCESS(s2n_config_set_cipher_preferences(small_frag_config, "default"));
+            EXPECT_SUCCESS(s2n_config_set_cipher_preferences(small_frag_config, "20240501"));
             EXPECT_SUCCESS(s2n_config_accept_max_fragment_length(small_frag_config));
             EXPECT_SUCCESS(s2n_config_send_max_fragment_length(small_frag_config, S2N_TLS_MAX_FRAG_LEN_512));
 
             DEFER_CLEANUP(struct s2n_config *larger_frag_config = s2n_config_new(), s2n_config_ptr_free);
             EXPECT_NOT_NULL(larger_frag_config);
             EXPECT_SUCCESS(s2n_config_set_unsafe_for_testing(larger_frag_config));
             EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(larger_frag_config, chain_and_key));
-            EXPECT_SUCCESS(s2n_config_set_cipher_preferences(larger_frag_config, "default"));
+            EXPECT_SUCCESS(s2n_config_set_cipher_preferences(larger_frag_config, "20240501"));
             EXPECT_SUCCESS(s2n_config_accept_max_fragment_length(larger_frag_config));
             EXPECT_SUCCESS(s2n_config_send_max_fragment_length(larger_frag_config, S2N_TLS_MAX_FRAG_LEN_4096));
 

tests/unit/s2n_self_talk_alerts_test.c

@@ -55,6 +55,7 @@ int mock_client(struct s2n_test_io_pair *io_pair, s2n_alert_behavior alert_behav
 
     conn = s2n_connection_new(S2N_CLIENT);
     config = s2n_config_new();
+    EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, "20240501"));
     s2n_config_disable_x509_verification(config);
     s2n_config_set_alert_behavior(config, alert_behavior);
     s2n_connection_set_config(conn, config);
@@ -177,7 +178,7 @@ int main(int argc, char **argv)
         DEFER_CLEANUP(struct s2n_config *config = s2n_config_new(),
                 s2n_config_ptr_free);
         EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(config, chain_and_key));
-        EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, "default"));
+        EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, "20240501"));
 
         /* Set up the callback to send an alert after receiving ClientHello */
         struct alert_ctx warning_alert = { .write_fd = io_pair.server, .invoked = 0, .count = 2, .level = TLS_ALERT_LEVEL_WARNING, .code = TLS_ALERT_UNRECOGNIZED_NAME };

tests/unit/s2n_self_talk_broken_pipe_test.c

@@ -122,7 +122,7 @@ int main(int argc, char **argv)
         EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_SERVER));
 
         EXPECT_NOT_NULL(config = s2n_config_new());
-        EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, "default"));
+        EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, "20240501"));
         for (int cert = 0; cert < SUPPORTED_CERTIFICATE_FORMATS; cert++) {
             EXPECT_SUCCESS(s2n_read_test_pem(certificate_paths[cert], cert_chain_pem, S2N_MAX_TEST_PEM_SIZE));
             EXPECT_SUCCESS(s2n_read_test_pem(private_key_paths[cert], private_key_pem, S2N_MAX_TEST_PEM_SIZE));

tests/unit/s2n_self_talk_key_log_test.c

@@ -77,7 +77,7 @@ int main(int argc, char **argv)
                 S2N_DEFAULT_TEST_CERT_CHAIN, S2N_DEFAULT_TEST_PRIVATE_KEY));
         struct s2n_config *client_config = NULL;
         EXPECT_NOT_NULL(client_config = s2n_config_new());
-        EXPECT_SUCCESS(s2n_config_set_cipher_preferences(client_config, "default"));
+        EXPECT_SUCCESS(s2n_config_set_cipher_preferences(client_config, "20240501"));
         EXPECT_SUCCESS(s2n_config_set_unsafe_for_testing(client_config));
         EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(client_config, chain_and_key));
         DEFER_CLEANUP(struct s2n_stuffer client_key_log, s2n_stuffer_free);
@@ -87,7 +87,7 @@ int main(int argc, char **argv)
 
         struct s2n_config *server_config = NULL;
         EXPECT_NOT_NULL(server_config = s2n_config_new());
-        EXPECT_SUCCESS(s2n_config_set_cipher_preferences(server_config, "default"));
+        EXPECT_SUCCESS(s2n_config_set_cipher_preferences(server_config, "20240501"));
         EXPECT_SUCCESS(s2n_config_set_unsafe_for_testing(server_config));
         EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(server_config, chain_and_key));
         DEFER_CLEANUP(struct s2n_stuffer server_key_log, s2n_stuffer_free);

tests/unit/s2n_self_talk_npn_test.c

@@ -50,7 +50,7 @@ int main(int argc, char **argv)
     DEFER_CLEANUP(struct s2n_config *config = s2n_config_new(), s2n_config_ptr_free);
     EXPECT_NOT_NULL(config);
     EXPECT_SUCCESS(s2n_config_set_unsafe_for_testing(config));
-    EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, "default"));
+    EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, "20240501"));
     struct s2n_cert_chain_and_key *chain_and_key = NULL;
     EXPECT_SUCCESS(s2n_test_cert_chain_and_key_new(&chain_and_key, S2N_DEFAULT_TEST_CERT_CHAIN, S2N_DEFAULT_TEST_PRIVATE_KEY));
     EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(config, chain_and_key));
@@ -61,7 +61,7 @@ int main(int argc, char **argv)
     DEFER_CLEANUP(struct s2n_config *npn_config = s2n_config_new(), s2n_config_ptr_free);
     EXPECT_NOT_NULL(npn_config);
     EXPECT_SUCCESS(s2n_config_set_unsafe_for_testing(npn_config));
-    EXPECT_SUCCESS(s2n_config_set_cipher_preferences(npn_config, "default"));
+    EXPECT_SUCCESS(s2n_config_set_cipher_preferences(npn_config, "20240501"));
     EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(npn_config, chain_and_key));
     EXPECT_SUCCESS(s2n_config_set_protocol_preferences(npn_config, protocols, protocols_count));
     EXPECT_SUCCESS(s2n_config_set_client_hello_cb(npn_config, s2n_wipe_alpn_ext, NULL));
@@ -135,7 +135,7 @@ int main(int argc, char **argv)
         DEFER_CLEANUP(struct s2n_config *different_config = s2n_config_new(), s2n_config_ptr_free);
         EXPECT_NOT_NULL(different_config);
         EXPECT_SUCCESS(s2n_config_set_unsafe_for_testing(different_config));
-        EXPECT_SUCCESS(s2n_config_set_cipher_preferences(different_config, "default"));
+        EXPECT_SUCCESS(s2n_config_set_cipher_preferences(different_config, "20240501"));
         EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(different_config, chain_and_key));
         EXPECT_SUCCESS(s2n_config_set_protocol_preferences(different_config, server_protocols, server_protocols_count));
         EXPECT_SUCCESS(s2n_config_set_client_hello_cb(different_config, s2n_wipe_alpn_ext, NULL));