summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2018-11-27 20:50:28 +0000
committerJeremy Harris <jgh146exb@wizmail.org>2018-11-27 20:55:13 +0000
commitf94aac30115bc94f2a1c8e3536ad7d40e7e4f302 (patch)
tree486490c39265d9c88b4b358971e1a4fa6ba7c3f9
parent625f40fc27846bbb28fdd14fdc6941b99a431180 (diff)
Testsuite: switch ciphersuite use
This is to accomodate RHEL 7, where openssl seems to not support ECDHE Kx + CAMELIA nor any of the CHACHA20s, but does support DHE Kx + CAMELIA. All we really wanted was something distinguishable from default (which is commonly ECDHE-RSA-AUE256-GCM-SHA).
-rw-r--r--test/confs/58412
-rw-r--r--test/log/58414
-rw-r--r--test/scripts/5840-DANE-OpenSSL/58414
3 files changed, 5 insertions, 5 deletions
diff --git a/test/confs/5841 b/test/confs/5841
index 98de91d76..ccecd7e1f 100644
--- a/test/confs/5841
+++ b/test/confs/5841
@@ -23,7 +23,7 @@ tls_certificate = ${if eq {SERVER}{server} {CDIR2/fullchain.pem}fail}
tls_privatekey = ${if eq {SERVER}{server} {CDIR2/server1.example.com.unlocked.key}fail}
# Permit two specific ciphers
-tls_require_ciphers = ECDHE-RSA-CAMELLIA256-SHA384:ECDHE-RSA-AES256-GCM-SHA384
+tls_require_ciphers = DHE-RSA-CAMELLIA256-SHA:ECDHE-RSA-AES256-GCM-SHA384
# Force TLS1.2 so that the ciphers choice works
diff --git a/test/log/5841 b/test/log/5841
index 863107c2e..2589379fa 100644
--- a/test/log/5841
+++ b/test/log/5841
@@ -8,7 +8,7 @@
1999-03-02 09:44:33 10HmbB-0005vi-00 => CALLER@localhost.test.ex R=client T=send_to_server H=localhost.test.ex [127.0.0.1] X=TLSv1:ke-RSA-AES256-SHA:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbC-0005vi-00"
1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@dane256ee.test.ex
-1999-03-02 09:44:33 10HmbD-0005vi-00 => CALLER@dane256ee.test.ex R=client T=send_to_server H=dane256ee.test.ex [ip4.ip4.ip4.ip4] X=TLSv1:ECDHE-RSA-CAMELLIA256-SHA384:256 CV=dane DN="/CN=server1.example.com" C="250 OK id=10HmbE-0005vi-00"
+1999-03-02 09:44:33 10HmbD-0005vi-00 => CALLER@dane256ee.test.ex R=client T=send_to_server H=dane256ee.test.ex [ip4.ip4.ip4.ip4] X=TLSv1:DHE-RSA-CAMELLIA256-SHA:256 CV=dane DN="/CN=server1.example.com" C="250 OK id=10HmbE-0005vi-00"
1999-03-02 09:44:33 10HmbD-0005vi-00 Completed
******** SERVER ********
@@ -26,6 +26,6 @@
1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: <CALLER@localhost.test.ex> R=server
1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
1999-03-02 09:44:33 "rcpt ACL"
-1999-03-02 09:44:33 10HmbE-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:ECDHE-RSA-CAMELLIA256-SHA384:256 CV=no S=sss id=E10HmbD-0005vi-00@myhost.test.ex for CALLER@dane256ee.test.ex
+1999-03-02 09:44:33 10HmbE-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:DHE-RSA-CAMELLIA256-SHA:256 CV=no S=sss id=E10HmbD-0005vi-00@myhost.test.ex for CALLER@dane256ee.test.ex
1999-03-02 09:44:33 10HmbE-0005vi-00 => :blackhole: <CALLER@dane256ee.test.ex> R=server
1999-03-02 09:44:33 10HmbE-0005vi-00 Completed
diff --git a/test/scripts/5840-DANE-OpenSSL/5841 b/test/scripts/5840-DANE-OpenSSL/5841
index fff416e2a..2dc94ebe0 100644
--- a/test/scripts/5840-DANE-OpenSSL/5841
+++ b/test/scripts/5840-DANE-OpenSSL/5841
@@ -15,12 +15,12 @@ Testing
#
### Dane cipher specified, dane unused
# Since dane unused, should get the same cipher as the baseline
-exim -odf -DLIST=ECDHE-RSA-CAMELLIA256-SHA384 CALLER@localhost.test.ex
+exim -odf -DLIST=DHE-RSA-CAMELLIA256-SHA CALLER@localhost.test.ex
Testing
****
### Dane cipher specified, dane used
# Should get the cipher specified here
-exim -odf -DLIST=ECDHE-RSA-CAMELLIA256-SHA384 CALLER@dane256ee.test.ex
+exim -odf -DLIST=DHE-RSA-CAMELLIA256-SHA CALLER@dane256ee.test.ex
Testing
****
#