| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SSL_CTX_set_cipher_list() in OpenSSL 1.1 does not accept TLSv1.3 ciphers.
This wasn't a problem until now since the AEAD- ciphers were counted as
distinct from TLS_ ciphers by the regress test, so they were never used
in the {run,check}-cipher-${cipher}-client-${clib}-server-${slib} tests
With the renaming, the TLSv1.3 ciphers are now considered as common
ciphers, so they're tested. With openssl11 this results in
0:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl/ssl_lib.c:2573:
The design of these tests doesn't allow easily adding a call to
SSL_CTX_set_ciphersuites (since they also need to work with openssl 1.0.2)
so skip the TLS_* ciphers for the time being.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
2) Reorder the interop tests so the really slow "cert" test is at the end
3) Change the cert tests to use REGRESS_SLOW_TARGETS when testing combination
of client and server that does not involve libressl. This way we can
skip testing openssl to openssl11 when running these manually by
setting REGRESS_SKIP_SLOW to "yet" in mk.conf
ok jsing@
|
| |
|
|
| |
chacha-poly over aes-gcm. Expect both fallbacks for non 1.3 ciphers.
|
| |
|
|
|
|
|
|
| |
been fixed to work with libressl TLS 1.3. Both libressl and openssl11
replace obsolete TLS 1.2 ciphers with AEAD-AES256-GCM-SHA384 or
TLS_AES_256_GCM_SHA384 in TLS 1.3 respectively. The test expects
that now. Currently GOST does not work with libressl and TLS 1.3
and is disabled.
|
| | |
|
| | |
|
|
|
connections between client and server implemented with LibreSSL or
OpenSSL with a fixed cipher on each side. Check the used cipher
in the session print out.
|
