Limit the length of the encrypted premaster key.

Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2288)
author: Cory Benfield <lukasaoz@gmail.com> 2017-01-25 19:42:16 +0000
committer: Richard Levitte <levitte@openssl.org> 2017-01-25 21:54:35 +0100
commit: f0deb4d352774491919f1b1ba861014659651d66 (patch)
tree: 3c4bbeee1b1463d2e6465381623e5de660ae2b29 /test/sslapitest.c
parent: 4bb0b4381edd96bc357e43d8f9a1c55fb405f121 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/test/sslapitest.c b/test/sslapitest.c
index ac065b281c..1bd7878960 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -198,6 +198,7 @@ static int test_keylog(void) {
     SSL_CTX *cctx = NULL, *sctx = NULL;
     SSL *clientssl = NULL, *serverssl = NULL;
     int testresult = 0;
+    int rc;
 
     /* Clean up logging space */
     memset(client_log_buffer, 0, LOG_BUFFER_SIZE + 1);
@@ -216,6 +217,13 @@ static int test_keylog(void) {
     SSL_CTX_set_options(cctx, SSL_OP_NO_TLSv1_3);
     SSL_CTX_set_options(sctx, SSL_OP_NO_TLSv1_3);
 
+    /* We also want to ensure that we use RSA-based key exchange. */
+    rc = SSL_CTX_set_cipher_list(cctx, "RSA");
+    if (rc == 0) {
+        printf("Unable to restrict to RSA key exchange.\n");
+        goto end;
+    }
+
     if (SSL_CTX_get_keylog_callback(cctx)) {
         printf("Unexpected initial value for client "
                "SSL_CTX_get_keylog_callback()\n");
author	Cory Benfield <lukasaoz@gmail.com>	2017-01-25 19:42:16 +0000
committer	Richard Levitte <levitte@openssl.org>	2017-01-25 21:54:35 +0100
commit	f0deb4d352774491919f1b1ba861014659651d66 (patch)
tree	3c4bbeee1b1463d2e6465381623e5de660ae2b29 /test/sslapitest.c
parent	4bb0b4381edd96bc357e43d8f9a1c55fb405f121 (diff)