Hardened TLS-F ServerHello selection

Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>

src/tls_front/tests/emulator_profile_fidelity_security_tests.rs

@@ -4,7 +4,7 @@ use crate::crypto::SecureRandom;
 use crate::protocol::constants::{
     TLS_RECORD_APPLICATION, TLS_RECORD_CHANGE_CIPHER, TLS_RECORD_HANDSHAKE,
 };
-use crate::protocol::tls::{ClientHelloTlsVersion, TLS_NAMED_GROUP_X25519MLKEM768};
+use crate::protocol::tls::ClientHelloTlsVersion;
 use crate::tls_front::emulator::build_emulated_server_hello;
 use crate::tls_front::types::{
     CachedTlsData, ParsedServerHello, TlsBehaviorProfile, TlsProfileSource,
@@ -66,7 +66,6 @@ fn emulated_server_hello_keeps_single_change_cipher_spec_for_client_compatibilit
         true,
         ClientHelloTlsVersion::Tls13,
         [0x13, 0x01],
-        TLS_NAMED_GROUP_X25519MLKEM768,
         &rng,
         None,
         0,
@@ -92,7 +91,6 @@ fn emulated_server_hello_does_not_emit_profile_ticket_tail_when_disabled() {
         true,
         ClientHelloTlsVersion::Tls13,
         [0x13, 0x01],
-        TLS_NAMED_GROUP_X25519MLKEM768,
         &rng,
         None,
         0,
@@ -116,7 +114,6 @@ fn emulated_server_hello_uses_profile_ticket_lengths_when_enabled() {
         true,
         ClientHelloTlsVersion::Tls13,
         [0x13, 0x01],
-        TLS_NAMED_GROUP_X25519MLKEM768,
         &rng,
         None,
         2,

src/tls_front/tests/emulator_security_tests.rs

@@ -4,7 +4,7 @@ use crate::crypto::SecureRandom;
 use crate::protocol::constants::{
     TLS_RECORD_APPLICATION, TLS_RECORD_CHANGE_CIPHER, TLS_RECORD_HANDSHAKE,
 };
-use crate::protocol::tls::{ClientHelloTlsVersion, TLS_NAMED_GROUP_X25519MLKEM768};
+use crate::protocol::tls::ClientHelloTlsVersion;
 use crate::tls_front::emulator::build_emulated_server_hello;
 use crate::tls_front::types::{
     CachedTlsData, ParsedServerHello, TlsBehaviorProfile, TlsCertPayload, TlsProfileSource,
@@ -59,7 +59,6 @@ fn emulated_server_hello_ignores_oversized_alpn_when_marker_would_not_fit() {
         true,
         ClientHelloTlsVersion::Tls13,
         [0x13, 0x01],
-        TLS_NAMED_GROUP_X25519MLKEM768,
         &rng,
         Some(oversized_alpn),
         0,
@@ -99,7 +98,6 @@ fn emulated_server_hello_keeps_alpn_marker_out_of_appdata() {
         true,
         ClientHelloTlsVersion::Tls13,
         [0x13, 0x01],
-        TLS_NAMED_GROUP_X25519MLKEM768,
         &rng,
         Some(b"h2".to_vec()),
         0,
@@ -131,7 +129,6 @@ fn emulated_server_hello_prefers_cert_payload_over_alpn_marker() {
         true,
         ClientHelloTlsVersion::Tls12,
         [0x13, 0x01],
-        TLS_NAMED_GROUP_X25519MLKEM768,
         &rng,
         Some(b"h2".to_vec()),
         0,