diff options
author | Matt Caswell <matt@openssl.org> | 2018-02-09 10:19:14 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-02-09 17:44:43 +0000 |
commit | c423ecaa7f6d0cc77c4f121c6de7d585439bca8f (patch) | |
tree | 8dd31481afb05f8febe065821ad74a0e17ea02df /test/cipherlist_test.c | |
parent | 83739b39e55fcdd9dd395bc619b1b7fafcc32f5c (diff) |
Fixes for no-tls1_2 and no-tls1_2-method
The no-tls1_2 option does not work properly in conjunction with TLSv1.3
being enabled (which is now the default). This commit fixes the issues.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5301)
Diffstat (limited to 'test/cipherlist_test.c')
-rw-r--r-- | test/cipherlist_test.c | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c index 336bdb0318..b4e6ea26d6 100644 --- a/test/cipherlist_test.c +++ b/test/cipherlist_test.c @@ -105,20 +105,23 @@ static const uint32_t default_ciphers_in_order[] = { # endif #endif /* !OPENSSL_NO_TLS1_2 */ -#ifndef OPENSSL_NO_EC +#if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3) + /* These won't be usable if TLSv1.3 is available but TLSv1.2 isn't */ +# ifndef OPENSSL_NO_EC TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, -#endif -#ifndef OPENSSL_NO_DH +# endif + #ifndef OPENSSL_NO_DH TLS1_CK_DHE_RSA_WITH_AES_256_SHA, -#endif -#ifndef OPENSSL_NO_EC +# endif +# ifndef OPENSSL_NO_EC TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, -#endif -#ifndef OPENSSL_NO_DH +# endif +# ifndef OPENSSL_NO_DH TLS1_CK_DHE_RSA_WITH_AES_128_SHA, -#endif +# endif +#endif /* !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3) */ #ifndef OPENSSL_NO_TLS1_2 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, @@ -135,8 +138,11 @@ static const uint32_t default_ciphers_in_order[] = { TLS1_CK_RSA_WITH_AES_256_SHA256, TLS1_CK_RSA_WITH_AES_128_SHA256, #endif +#if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3) + /* These won't be usable if TLSv1.3 is available but TLSv1.2 isn't */ TLS1_CK_RSA_WITH_AES_256_SHA, TLS1_CK_RSA_WITH_AES_128_SHA, +#endif }; static int test_default_cipherlist(SSL_CTX *ctx) |