From: Matt Caswell <matt@openssl.org>
Date: Mon, 12 Mar 2018 11:42:00 +0000 (+0000)
Subject: Don't negotiate TLSv1.3 with the ossl_shim
X-Git-Tag: OpenSSL_1_1_1-pre3~122
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=aaaa6ac11bdffb02eda132973c9740b4a45a3242;p=oweals%2Fopenssl.git

Don't negotiate TLSv1.3 with the ossl_shim

The ossl_shim doesn't know about TLSv1.3 so we should disable that
protocol version for all tests for now.

This fixes the current Travis failures.

[extended tests]

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5593)
---

diff --git a/test/ossl_shim/ossl_shim.cc b/test/ossl_shim/ossl_shim.cc
index fd6fa06a1f..739d1bd167 100644
--- a/test/ossl_shim/ossl_shim.cc
+++ b/test/ossl_shim/ossl_shim.cc
@@ -533,6 +533,12 @@ static bssl::UniquePtr<SSL_CTX> SetupCtx(const TestConfig *config) {
       !SSL_CTX_set_max_proto_version(ssl_ctx.get(), TLS1_3_VERSION)) {
     return nullptr;
   }
+#else
+  /* Ensure we don't negotiate TLSv1.3 until we can handle it */
+  if (!config->is_dtls &&
+      !SSL_CTX_set_max_proto_version(ssl_ctx.get(), TLS1_2_VERSION)) {
+    return nullptr;
+  }
 #endif
 
   std::string cipher_list = "ALL";