Switch TLS intolerance tests to EmbeddedTestServer

We can simulate TLS intolerance with the ClientHello callback, so no
need for tlslite.

Bug: 1250903
Change-Id: Icbe85b17f94d04b375d744de1959f61cdb4da703
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3282446
Reviewed-by: Matt Mueller <mattm@chromium.org>
Commit-Queue: David Benjamin <davidben@chromium.org>
Cr-Commit-Position: refs/heads/main@{#942237}
NOKEYCHECK=True
GitOrigin-RevId: d8d00b6458d3f65be7b98aaacfe81a18d9db47e2
diff --git a/testserver.py b/testserver.py
index 2f8d643..3126802 100755
--- a/testserver.py
+++ b/testserver.py
@@ -102,9 +102,8 @@
 
   def __init__(self, server_address, request_hander_class, pem_cert_and_key,
                ssl_client_auth, ssl_client_cas, ssl_client_cert_types,
-               tls_intolerant, tls_intolerance_type, alert_after_handshake,
-               simulate_tls13_downgrade, simulate_tls12_downgrade,
-               tls_max_version):
+               alert_after_handshake, simulate_tls13_downgrade,
+               simulate_tls12_downgrade, tls_max_version):
     self.cert_chain = tlslite.api.X509CertChain()
     self.cert_chain.parsePemList(pem_cert_and_key)
     # Force using only python implementation - otherwise behavior is different
@@ -134,9 +133,6 @@
     self.ssl_handshake_settings = tlslite.api.HandshakeSettings()
     # Enable SSLv3 for testing purposes.
     self.ssl_handshake_settings.minVersion = (3, 0)
-    if tls_intolerant != 0:
-      self.ssl_handshake_settings.tlsIntolerant = (3, tls_intolerant)
-      self.ssl_handshake_settings.tlsIntoleranceType = tls_intolerance_type
     if alert_after_handshake:
       self.ssl_handshake_settings.alertAfterHandshake = True
     if simulate_tls13_downgrade:
@@ -412,8 +408,7 @@
         server = HTTPSServer(
             (host, port), TestPageHandler, pem_cert_and_key,
             self.options.ssl_client_auth, self.options.ssl_client_ca,
-            self.options.ssl_client_cert_type, self.options.tls_intolerant,
-            self.options.tls_intolerance_type,
+            self.options.ssl_client_cert_type,
             self.options.alert_after_handshake,
             self.options.simulate_tls13_downgrade,
             self.options.simulate_tls12_downgrade, self.options.tls_max_version)
@@ -503,21 +498,6 @@
                                   'path to the file containing the certificate '
                                   'and private key for the server in PEM '
                                   'format')
-    self.option_parser.add_option('--tls-intolerant', dest='tls_intolerant',
-                                  default='0', type='int',
-                                  help='If nonzero, certain TLS connections '
-                                  'will be aborted in order to test version '
-                                  'fallback. 1 means all TLS versions will be '
-                                  'aborted. 2 means TLS 1.1 or higher will be '
-                                  'aborted. 3 means TLS 1.2 or higher will be '
-                                  'aborted. 4 means TLS 1.3 or higher will be '
-                                  'aborted.')
-    self.option_parser.add_option('--tls-intolerance-type',
-                                  dest='tls_intolerance_type',
-                                  default="alert",
-                                  help='Controls how the server reacts to a '
-                                  'TLS version it is intolerant to. Valid '
-                                  'values are "alert", "close", and "reset".')
     self.option_parser.add_option('--ssl-client-auth', action='store_true',
                                   help='Require SSL client auth on every '
                                   'connection.')