refine tests for ancient servers which support both SSL 3.0 and TLS 1.0, but...

refine tests for ancient servers which support both SSL 3.0 and TLS 1.0, but both only with %NO_EXTENSIONS

This is a follow-up to !1221.

See #958 and openconnect/openconnect#145 for a
real-world example of ancient Cisco servers with these deficiencies.

With !1221 only, gnutls-cli-debug reports that these ancient servers only support
SSL 3.0 (but without extensions). Information after this point is
largely erroneous:

    $ gnutls-cli-debug ***vpn.***.com
    GnuTLS debug client 3.6.12
    Checking ***vpn.***.com:443
    whether the server accepts default record size (512 bytes)... no
                      whether %ALLOW_SMALL_RECORDS is required... no
                                 for SSL 3.0 (RFC6101) support... yes
                                   for SSL 3.0 with extensions... no

With this additional change, gnutls-cli-debug correctly reports that such a
server also supports TLS 1.0 (but again with extensions disabled). Below
I've marked some of the significant fields that have changed:

    $ gnutls-cli-debug ***vpn.***.com
    GnuTLS debug client 3.6.12
    Checking ***vpn.***.com:443
    whether the server accepts default record size (512 bytes)... no
                      whether %ALLOW_SMALL_RECORDS is required... no
                                 for SSL 3.0 (RFC6101) support... yes
                                   for SSL 3.0 with extensions... no
                            whether we need to disable TLS 1.2... yes
                            whether we need to disable TLS 1.1... yes
    # This is now correct:
                            whether we need to disable TLS 1.0... no
    # This is now correct:
                            whether %NO_EXTENSIONS is required... yes
    # This is now correct:
                                 for TLS 1.0 (RFC2246) support... yes
                                 for TLS 1.1 (RFC4346) support... no
                                      fallback from TLS 1.1 to... failed
                                 for TLS 1.2 (RFC5246) support... no
    # This is now correct:
                        for known TLS or SSL protocols support... yes
                           TLS1.2 neg fallback from TLS 1.6 to... failed (server requires fallback dance)
                  for inappropriate fallback (RFC7507) support... no
                                         for HTTPS server name... ******
                                   for certificate chain order... sorted
                         for Safe renegotiation support (SCSV)... no
                           for version rollback bug in RSA PMS... no
                      for version rollback bug in Client Hello... no
                whether the server ignores the RSA PMS version... no
    whether small records (512 bytes) are tolerated on handshake... yes
        whether cipher suites not in SSL 3.0 spec are accepted... yes
    whether a bogus TLS record version in the client hello is accepted... yes
             whether the server understands TLS closure alerts... partially
                whether the server supports session resumption... yes
                          for anonymous authentication support... no
                          for ephemeral Diffie-Hellman support... no
                            for RFC7919 Diffie-Hellman support... no
                          for AES-GCM cipher (RFC5288) support... no
                          for AES-CCM cipher (RFC6655) support... no
                        for AES-CCM-8 cipher (RFC6655) support... no
                          for AES-CBC cipher (RFC3268) support... no
                     for CAMELLIA-GCM cipher (RFC6367) support... no
                     for CAMELLIA-CBC cipher (RFC5932) support... no
    # This is now correct:
                         for 3DES-CBC cipher (RFC2246) support... yes
    # This is now correct:
                      for ARCFOUR 128 cipher (RFC2246) support... yes
                for CHACHA20-POLY1305 cipher (RFC7905) support... no
    for GOST28147-CNT cipher (draft-smyshlyaev-tls12-gost-suites) support... no
                                           for MD5 MAC support... yes
                                          for SHA1 MAC support... yes
                                        for SHA256 MAC support... no
    for GOST28147-IMIT MAC (draft-smyshlyaev-tls12-gost-suites) support... no

Signed-off-by: Daniel Lenski <[email protected]>
18 jobs for better_SSL3.0_tests in 69 minutes and 29 seconds (queued for 1 second)
Status Job ID Name Coverage
  Stage1 Testing
passed #556306256
linux docker shared
Debian.cross.aarch64-linux-gnu

00:57:51

passed #556306254
linux docker shared
Debian.cross.arm-linux-gnueabihf

01:05:51

passed #556306253
linux docker shared
Debian.cross.i686-linux-gnu

00:28:34

passed #556306255
linux docker shared
Debian.cross.mips-linux-gnu

01:04:14

passed #556306252
linux shared
Debian.x86_64

00:22:29

passed #556306245
linux shared
FIPS140-2.Fedora.x86_64

00:22:47

passed #556306250
linux docker shared
MinGW32

00:24:18

passed #556306249
linux docker shared
MinGW64

00:16:53

passed #556306244
linux shared
SSL-3.0.Fedora.x86_64

00:19:07

passed #556306251
linux shared
UB+ASAN-Werror.Fedora.x86_64.gcc

00:41:37

passed #556306242
linux shared
abi/coverage

00:25:03

passed #556306240
commit-check

00:00:51

passed #556306241
linux shared
doc-dist.Fedora

00:35:05

passed #556306243
linux shared
minimal.Fedora.x86_64

00:13:34

passed #556306257
linux shared
nettle-master.Fedora

00:27:19

passed #556306248
linux shared
static-analyzers.Fedora.x86_64

00:24:16

passed #556306247
linux shared
threadsan.Fedora.x86_64

00:07:02

passed #556306246
linux shared
valgrind.Fedora.x86_64

01:09:27