A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_6_BASE 2024-03-20T10:38:05+00:00 2024-03-20T10:38:05+00:00 jsing 2024-03-20T10:38:05+00:00 urn:sha1:0d9d9a5d218e051c66bca6e7d844cd95b2ede626 The new certificates are more representative of the real world. The old certificates use weak algorithms and expire in the very near future. Most of our regress has already been switched over, this changes the remainder. Thanks to Bernhard M. Wiedemann for reminding us of the upcoming expiry. ok tb@ 2023-07-02T17:21:33+00:00 beck 2023-07-02T17:21:33+00:00 urn:sha1:4edd92a57f3a74829fe519f35b5c7c79e03ce0b0 Their time has long since past, and they should not be used. This change restricts ssl to versions 1.2 and 1.3, and changes the regression tests to understand we no longer speak the legacy protocols. For the moment the magical "golden" byte for byte comparison tests of raw handshake values are disabled util jsing fixes them. ok jsing@ tb@ 2021-10-23T14:34:10+00:00 jsing 2021-10-23T14:34:10+00:00 urn:sha1:8df330f8ab4894190007c25d1efe71e7f5c58383 This currently exercises various combinations of TLS versions and their associated key exchange mechanisms. Note that this currently fails for TLSv1.0/TLSv1.1 with RSA KEX (to be fixed shortly). Over time all of the ssl regress should be moved into the dtls and tls regress tests.