diff options
| author | Bodo Möller <bodo@openssl.org> | 1999-09-03 16:31:36 +0000 |
|---|---|---|
| committer | Bodo Möller <bodo@openssl.org> | 1999-09-03 16:31:36 +0000 |
| commit | 77fa04a9bca6686b7123bdbe80c4dd4c2a3cc8cb (patch) | |
| tree | 7e96c3ce381db06835675771dfad44b0d2ce3065 /ssl | |
| parent | 497cc4b35ec0f60491490a82bfd8cc973fd6a0a2 (diff) | |
-no_dhe option for ssltest.c
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/ssltest.c | 56 |
1 files changed, 32 insertions, 24 deletions
diff --git a/ssl/ssltest.c b/ssl/ssltest.c index f9c96975d4..53a6570df6 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -122,6 +122,9 @@ static void sv_usage(void) #if !defined NO_DH && !defined NO_DSA fprintf(stderr," -dhe1024 - generate 1024 bit key for DHE\n"); #endif +#if !defined NO_DH + fprintf(stderr," -no_dhe - disable DHE\n"); +#endif #ifndef NO_SSL2 fprintf(stderr," -ssl2 - use SSLv2\n"); #endif @@ -159,7 +162,7 @@ int main(int argc, char *argv[]) int number=1,reuse=0; long bytes=1L; SSL_CIPHER *ciph; - int dhe1024 = 0; + int dhe1024 = 0, no_dhe = 0; #ifndef NO_DH DH *dh; #endif @@ -186,6 +189,8 @@ int main(int argc, char *argv[]) reuse=1; else if (strcmp(*argv,"-dhe1024") == 0) dhe1024=1; + else if (strcmp(*argv,"-no_dhe") == 0) + no_dhe=1; else if (strcmp(*argv,"-ssl2") == 0) ssl2=1; else if (strcmp(*argv,"-tls1") == 0) @@ -311,33 +316,36 @@ bad: } #ifndef NO_DH -# ifndef NO_DSA - if (dhe1024) + if (!no_dhe) { - DSA *dsa; - unsigned char seed[20]; - - if (verbose) +# ifndef NO_DSA + if (dhe1024) { - fprintf(stdout, "Creating 1024 bit DHE parameters ..."); - fflush(stdout); + DSA *dsa; + unsigned char seed[20]; + + if (verbose) + { + fprintf(stdout, "Creating 1024 bit DHE parameters ..."); + fflush(stdout); + } + + memcpy(seed, "Random String no. 12", 20); + dsa = DSA_generate_parameters(1024, seed, 20, NULL, NULL, 0, NULL); + dh = DSA_dup_DH(dsa); + DSA_free(dsa); + /* important: SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */ + SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE); + + if (verbose) + fprintf(stdout, " done\n"); } - - memcpy(seed, "Random String no. 12", 20); - dsa = DSA_generate_parameters(1024, seed, 20, NULL, NULL, 0, NULL); - dh = DSA_dup_DH(dsa); - DSA_free(dsa); - /* important: SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */ - SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE); - - if (verbose) - fprintf(stdout, " done\n"); - } - else + else # endif - dh=get_dh512(); - SSL_CTX_set_tmp_dh(s_ctx,dh); - DH_free(dh); + dh=get_dh512(); + SSL_CTX_set_tmp_dh(s_ctx,dh); + DH_free(dh); + } #endif #ifndef NO_RSA |