Fix no-tls1_2, no-tls1_2-method, no-chacha and no-poly1305

Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6205)
author: Matt Caswell <matt@openssl.org> 2018-05-09 11:49:02 +0100
committer: Matt Caswell <matt@openssl.org> 2018-05-09 23:22:11 +0100
commit: 60155b9ae1bcf8490a193b2c1cf8ae57f8746321 (patch)
tree: ee31980df43e40d978c15432c7707d86f2d87653
parent: 7f35627c7943c213f7f8555d13b83288cccd5fc9 (diff)
1 files changed, 14 insertions, 1 deletions
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 0aac80b919..0a3d515644 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -4460,6 +4460,11 @@ static struct {
     const char *srvrtls13ciphers;
     const char *shared;
 } shared_ciphers_data[] = {
+/*
+ * We can't establish a connection (even in TLSv1.1) with these ciphersuites if
+ * TLSv1.3 is enabled but TLSv1.2 is disabled.
+ */
+#if defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2)
     {
         TLS1_2_VERSION,
         "AES128-SHA:AES256-SHA",
@@ -4484,7 +4489,13 @@ static struct {
         NULL,
         "AES128-SHA"
     },
-#ifndef OPENSSL_NO_TLS1_3
+#endif
+/*
+ * This test combines TLSv1.3 and TLSv1.2 ciphersuites so they must both be
+ * enabled.
+ */
+#if !defined(OPENSSL_NO_TLS1_3) && !defined(OPENSSL_NO_TLS1_2) \
+    && !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
     {
         TLS1_3_VERSION,
         "AES128-SHA:AES256-SHA",
@@ -4494,6 +4505,8 @@ static struct {
         "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:"
         "TLS_AES_128_GCM_SHA256:AES256-SHA"
     },
+#endif
+#ifndef OPENSSL_NO_TLS1_3
     {
         TLS1_3_VERSION,
         "AES128-SHA",
author	Matt Caswell <matt@openssl.org>	2018-05-09 11:49:02 +0100
committer	Matt Caswell <matt@openssl.org>	2018-05-09 23:22:11 +0100
commit	60155b9ae1bcf8490a193b2c1cf8ae57f8746321 (patch)
tree	ee31980df43e40d978c15432c7707d86f2d87653
parent	7f35627c7943c213f7f8555d13b83288cccd5fc9 (diff)