summaryrefslogtreecommitdiffstats
path: root/test
diff options
context:
space:
mode:
authorMatt Caswell <matt@openssl.org>2017-04-26 11:28:20 +0100
committerMatt Caswell <matt@openssl.org>2017-04-26 14:31:00 +0100
commit38a7315060ec4ca49799b2a7ea83e8678e3acd20 (patch)
tree00e5267d01e6b52e247769b3d613f077b3b65899 /test
parentaafec89c63efeade20f1bdc8023d2bb611e419b8 (diff)
Add a ciphersuite config sanity check for servers
Ensure that there are ciphersuites enabled for the maximum supported version we will accept in a ClientHello. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3316)
Diffstat (limited to 'test')
-rw-r--r--test/recipes/70-test_sslmessages.t1
-rw-r--r--test/ssl-tests/23-srp.conf4
-rw-r--r--test/ssl-tests/23-srp.conf.in154
3 files changed, 84 insertions, 75 deletions
diff --git a/test/recipes/70-test_sslmessages.t b/test/recipes/70-test_sslmessages.t
index 790b3aeda2..a6278dc630 100644
--- a/test/recipes/70-test_sslmessages.t
+++ b/test/recipes/70-test_sslmessages.t
@@ -396,6 +396,7 @@ SKIP: {
skip "No EC support in this OpenSSL build", 1 if disabled("ec");
$proxy->clear();
$proxy->clientflags("-no_tls1_3");
+ $proxy->serverflags("-no_tls1_3");
$proxy->ciphers("ECDHE-RSA-AES128-SHA");
$proxy->start();
checkhandshake($proxy, checkhandshake::EC_HANDSHAKE,
diff --git a/test/ssl-tests/23-srp.conf b/test/ssl-tests/23-srp.conf
index 6ae49e6814..610a0bb08a 100644
--- a/test/ssl-tests/23-srp.conf
+++ b/test/ssl-tests/23-srp.conf
@@ -18,6 +18,7 @@ client = 0-srp-client
[0-srp-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = SRP
+MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[0-srp-client]
@@ -52,6 +53,7 @@ client = 1-srp-bad-password-client
[1-srp-bad-password-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = SRP
+MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[1-srp-bad-password-client]
@@ -86,6 +88,7 @@ client = 2-srp-auth-client
[2-srp-auth-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = aSRP
+MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[2-srp-auth-client]
@@ -120,6 +123,7 @@ client = 3-srp-auth-bad-password-client
[3-srp-auth-bad-password-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = aSRP
+MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[3-srp-auth-bad-password-client]
diff --git a/test/ssl-tests/23-srp.conf.in b/test/ssl-tests/23-srp.conf.in
index b7601fc3e5..dcbd9f4ff9 100644
--- a/test/ssl-tests/23-srp.conf.in
+++ b/test/ssl-tests/23-srp.conf.in
@@ -15,89 +15,93 @@ package ssltests;
our @tests = (
{
- name => "srp",
- server => {
- "CipherString" => "SRP",
- extra => {
- "SRPUser" => "user",
- "SRPPassword" => "password",
- },
+ name => "srp",
+ server => {
+ "CipherString" => "SRP",
+ "MaxProtocol" => "TLSv1.2",
+ extra => {
+ "SRPUser" => "user",
+ "SRPPassword" => "password",
+ },
+ },
+ client => {
+ "CipherString" => "SRP",
+ "MaxProtocol" => "TLSv1.2",
+ extra => {
+ "SRPUser" => "user",
+ "SRPPassword" => "password",
+ },
+ },
+ test => {
+ "ExpectedResult" => "Success"
},
- client => {
- "CipherString" => "SRP",
- "MaxProtocol" => "TLSv1.2",
- extra => {
- "SRPUser" => "user",
- "SRPPassword" => "password",
- },
- },
- test => {
- "ExpectedResult" => "Success"
- },
},
{
- name => "srp-bad-password",
- server => {
- "CipherString" => "SRP",
- extra => {
- "SRPUser" => "user",
- "SRPPassword" => "password",
- },
+ name => "srp-bad-password",
+ server => {
+ "CipherString" => "SRP",
+ "MaxProtocol" => "TLSv1.2",
+ extra => {
+ "SRPUser" => "user",
+ "SRPPassword" => "password",
+ },
+ },
+ client => {
+ "CipherString" => "SRP",
+ "MaxProtocol" => "TLSv1.2",
+ extra => {
+ "SRPUser" => "user",
+ "SRPPassword" => "passw0rd",
+ },
+ },
+ test => {
+ # Server fails first with bad client Finished.
+ "ExpectedResult" => "ServerFail"
},
- client => {
- "CipherString" => "SRP",
- "MaxProtocol" => "TLSv1.2",
- extra => {
- "SRPUser" => "user",
- "SRPPassword" => "passw0rd",
- },
- },
- test => {
- # Server fails first with bad client Finished.
- "ExpectedResult" => "ServerFail"
- },
},
{
- name => "srp-auth",
- server => {
- "CipherString" => "aSRP",
- extra => {
- "SRPUser" => "user",
- "SRPPassword" => "password",
- },
+ name => "srp-auth",
+ server => {
+ "CipherString" => "aSRP",
+ "MaxProtocol" => "TLSv1.2",
+ extra => {
+ "SRPUser" => "user",
+ "SRPPassword" => "password",
+ },
+ },
+ client => {
+ "CipherString" => "aSRP",
+ "MaxProtocol" => "TLSv1.2",
+ extra => {
+ "SRPUser" => "user",
+ "SRPPassword" => "password",
+ },
+ },
+ test => {
+ "ExpectedResult" => "Success"
},
- client => {
- "CipherString" => "aSRP",
- "MaxProtocol" => "TLSv1.2",
- extra => {
- "SRPUser" => "user",
- "SRPPassword" => "password",
- },
- },
- test => {
- "ExpectedResult" => "Success"
- },
},
{
- name => "srp-auth-bad-password",
- server => {
- "CipherString" => "aSRP",
- extra => {
- "SRPUser" => "user",
- "SRPPassword" => "password",
- },
+ name => "srp-auth-bad-password",
+ server => {
+ "CipherString" => "aSRP",
+ "MaxProtocol" => "TLSv1.2",
+ extra => {
+ "SRPUser" => "user",
+ "SRPPassword" => "password",
+ },
+ },
+ client => {
+ "CipherString" => "aSRP",
+ "MaxProtocol" => "TLSv1.2",
+ extra => {
+ "SRPUser" => "user",
+ "SRPPassword" => "passw0rd",
+ },
+ },
+ test => {
+ # Server fails first with bad client Finished.
+ "ExpectedResult" => "ServerFail"
},
- client => {
- "CipherString" => "aSRP",
- "MaxProtocol" => "TLSv1.2",
- extra => {
- "SRPUser" => "user",
- "SRPPassword" => "passw0rd",
- },
- },
- test => {
- # Server fails first with bad client Finished.
- "ExpectedResult" => "ServerFail"
- },
},
-); \ No newline at end of file
+);
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-17 13:16:05 +0000