openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	Retire OpenSSL 1.0.2 interop	tb	2023-02-01	1	-13/+3
\| \| \| \| \| \|	Now that the OpenSSL 1.0.2 port is gone, there's no need to keep the interop tests anymore. anton's and bluhm's regress tests will switch to testing interoperability with OpenSSL 3.0.
*	Add openssl 3.0 interop tests	tb	2023-01-27	1	-5/+10
\| \| \| \| \| \| \| \| \| \|	The plan is to retire the 1.0.2 interop tests soon so as to be able to drop the dead and dangerous OpenSSL 1.0.2 port. The cert part is extremely slow on arm64: the whole interop test on an m1 is about 10x slower (~45 min!) than on a modern amd64 laptop, so people running regress may want to wait a bit with adding OpenSSL 3 to their test boxes until this is sorted out.
*	Add a workaround due to OpenSSL's limitation of SSL_CTX_set_cipher_list	tb	2022-02-05	1	-1/+5
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	SSL_CTX_set_cipher_list() in OpenSSL 1.1 does not accept TLSv1.3 ciphers. This wasn't a problem until now since the AEAD- ciphers were counted as distinct from TLS_ ciphers by the regress test, so they were never used in the {run,check}-cipher-${cipher}-client-${clib}-server-${slib} tests With the renaming, the TLSv1.3 ciphers are now considered as common ciphers, so they're tested. With openssl11 this results in 0:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl/ssl_lib.c:2573: The design of these tests doesn't allow easily adding a call to SSL_CTX_set_ciphersuites (since they also need to work with openssl 1.0.2) so skip the TLS_* ciphers for the time being.
*	Mechanically adjust from AEAD- to TLS_ to adjust to the new cipher names.	tb	2022-02-05	1	-10/+5
\|
*	Remove echo headlines.	bluhm	2020-12-17	1	-4/+1
\|
*	1) Move the interop tests to the end so we see tlsfuzzer first	beck	2020-09-21	1	-1/+9
\| \| \| \| \| \| \| \| \| \|	2) Reorder the interop tests so the really slow "cert" test is at the end 3) Change the cert tests to use REGRESS_SLOW_TARGETS when testing combination of client and server that does not involve libressl. This way we can skip testing openssl to openssl11 when running these manually by setting REGRESS_SKIP_SLOW to "yet" in mk.conf ok jsing@
*	If CPU does not support AES-NI, LibreSSL TLS 1.3 client prefers	bluhm	2020-09-12	1	-9/+18
\| \| \| \|	chacha-poly over aes-gcm. Expect both fallbacks for non 1.3 ciphers.
*	Enable cert and cipher interop tests. cert just works. cipher has	bluhm	2020-09-11	1	-50/+31
\| \| \| \| \| \| \| \|	been fixed to work with libressl TLS 1.3. Both libressl and openssl11 replace obsolete TLS 1.2 ciphers with AEAD-AES256-GCM-SHA384 or TLS_AES_256_GCM_SHA384 in TLS 1.3 respectively. The test expects that now. Currently GOST does not work with libressl and TLS 1.3 and is disabled.
*	Enable GOST cipher selection test after libssl has been fixed.	bluhm	2019-03-28	1	-6/+1
\|
*	Fix typo in usage and comment.	bluhm	2019-03-21	1	-2/+2
\|
*	Test that all supported TLS ciphers actually work. Establish	bluhm	2019-02-21	1	-0/+180
	connections between client and server implemented with LibreSSL or OpenSSL with a fixed cipher on each side. Check the used cipher in the session print out.