Commit
b3618f44 added a test for mac-then-encrypt. However the test fails
when running with "enable-tls1_3". The problem is that the test creates a
connection, which ends up being TLSv1.3. However it also restricts the
ciphers to a single mac-then-encrypt ciphersuite that is not TLSv1.3
compatible so the connection aborts and the test fails. Mac-then-encrypt
is not relevant to TLSv1.3, so the test should disable that protocol
version.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
my $is_default_dtls = (!disabled("dtls1") && !disabled("dtls1_2"));
+my @all_pre_tls1_3 = ("ssl3", "tls1", "tls1_1", "tls1_2");
my $no_tls = alldisabled(available_protocols("tls"));
+my $no_pre_tls1_3 = alldisabled(@all_pre_tls1_3);
my $no_dtls = alldisabled(available_protocols("dtls"));
my $no_npn = disabled("nextprotoneg");
my $no_ct = disabled("ct");
"15-certstatus.conf" => $no_tls || $no_ocsp,
"16-dtls-certstatus.conf" => $no_dtls || $no_ocsp,
"18-dtls-renegotiate.conf" => $no_dtls,
+ "19-mac-then-encrypt.conf" => $no_pre_tls1_3
);
foreach my $conf (@conf_files) {
[0-disable-encrypt-then-mac-server-sha-client]
CipherString = AES128-SHA
+MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[1-disable-encrypt-then-mac-client-sha-client]
CipherString = AES128-SHA
+MaxProtocol = TLSv1.2
Options = -EncryptThenMac
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[2-disable-encrypt-then-mac-both-sha-client]
CipherString = AES128-SHA
+MaxProtocol = TLSv1.2
Options = -EncryptThenMac
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[3-disable-encrypt-then-mac-server-sha2-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
+MaxProtocol = TLSv1.2
Options = -EncryptThenMac
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[4-disable-encrypt-then-mac-client-sha2-client]
CipherString = AES128-SHA256
+MaxProtocol = TLSv1.2
Options = -EncryptThenMac
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[5-disable-encrypt-then-mac-both-sha2-client]
CipherString = AES128-SHA256
+MaxProtocol = TLSv1.2
Options = -EncryptThenMac
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
},
client => {
"CipherString" => "AES128-SHA",
+ "MaxProtocol" => "TLSv1.2"
},
test => {
"ExpectedResult" => "Success",
client => {
"CipherString" => "AES128-SHA",
"Options" => "-EncryptThenMac",
+ "MaxProtocol" => "TLSv1.2"
},
test => {
"ExpectedResult" => "Success",
client => {
"CipherString" => "AES128-SHA",
"Options" => "-EncryptThenMac",
+ "MaxProtocol" => "TLSv1.2"
},
test => {
"ExpectedResult" => "Success",
name => "disable-encrypt-then-mac-server-sha2",
server => {
"Options" => "-EncryptThenMac",
+ "MaxProtocol" => "TLSv1.2"
},
client => {
"CipherString" => "AES128-SHA256",
client => {
"CipherString" => "AES128-SHA256",
"Options" => "-EncryptThenMac",
+ "MaxProtocol" => "TLSv1.2"
},
test => {
"ExpectedResult" => "Success",
client => {
"CipherString" => "AES128-SHA256",
"Options" => "-EncryptThenMac",
+ "MaxProtocol" => "TLSv1.2"
},
test => {
"ExpectedResult" => "Success",
projects / oweals / openssl.git / commitdiff