diff options
| author | Matt Caswell <matt@openssl.org> | 2017-06-30 09:41:03 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2017-07-07 16:08:05 +0100 |
| commit | e3c0d76bc7848aae01fe9a86720d435b999f3bc1 (patch) | |
| tree | 7b4e014eee678d04c4bef40ccfa1da623a5c6009 /test | |
| parent | 515982154031b679f58d5e2cbd7752294779221e (diff) | |
Do not allow non-dhe kex_modes by default
Allow that mode to be configured if desired.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3833)
Diffstat (limited to 'test')
| -rw-r--r-- | test/recipes/70-test_tls13kexmodes.t | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/test/recipes/70-test_tls13kexmodes.t b/test/recipes/70-test_tls13kexmodes.t index 07020c686e..ec23e132e2 100644 --- a/test/recipes/70-test_tls13kexmodes.t +++ b/test/recipes/70-test_tls13kexmodes.t @@ -171,7 +171,8 @@ ok(TLSProxy::Message->fail(), "Resume with empty kex modes"); #Test 4: Attempt a resume with non-dhe kex mode only. Should resume without a # key_share $proxy->clear(); -$proxy->clientflags("-sess_in ".$session); +$proxy->clientflags("-allow_no_dhe_kex -sess_in ".$session); +$proxy->serverflags("-allow_no_dhe_kex"); $testtype = NON_DHE_KEX_MODE_ONLY; $proxy->start(); checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, @@ -256,8 +257,8 @@ checkhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE, # initial key_share and no overlapping groups. Should resume without a # key_share $proxy->clear(); -$proxy->clientflags("-curves P-384 -sess_in ".$session); -$proxy->serverflags("-curves P-256"); +$proxy->clientflags("-allow_no_dhe_kex -curves P-384 -sess_in ".$session); +$proxy->serverflags("-allow_no_dhe_kex -curves P-256"); $testtype = BOTH_KEX_MODES; $proxy->start(); checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, |