diff options
author | Jeremy Harris <jgh146exb@wizmail.org> | 2018-11-27 20:50:28 +0000 |
---|---|---|
committer | Jeremy Harris <jgh146exb@wizmail.org> | 2018-11-27 20:55:13 +0000 |
commit | f94aac30115bc94f2a1c8e3536ad7d40e7e4f302 (patch) | |
tree | 486490c39265d9c88b4b358971e1a4fa6ba7c3f9 | |
parent | 625f40fc27846bbb28fdd14fdc6941b99a431180 (diff) |
Testsuite: switch ciphersuite use
This is to accomodate RHEL 7, where openssl seems to not support ECDHE Kx + CAMELIA
nor any of the CHACHA20s, but does support DHE Kx + CAMELIA.
All we really wanted was something distinguishable from default
(which is commonly ECDHE-RSA-AUE256-GCM-SHA).
-rw-r--r-- | test/confs/5841 | 2 | ||||
-rw-r--r-- | test/log/5841 | 4 | ||||
-rw-r--r-- | test/scripts/5840-DANE-OpenSSL/5841 | 4 |
3 files changed, 5 insertions, 5 deletions
diff --git a/test/confs/5841 b/test/confs/5841 index 98de91d76..ccecd7e1f 100644 --- a/test/confs/5841 +++ b/test/confs/5841 @@ -23,7 +23,7 @@ tls_certificate = ${if eq {SERVER}{server} {CDIR2/fullchain.pem}fail} tls_privatekey = ${if eq {SERVER}{server} {CDIR2/server1.example.com.unlocked.key}fail} # Permit two specific ciphers -tls_require_ciphers = ECDHE-RSA-CAMELLIA256-SHA384:ECDHE-RSA-AES256-GCM-SHA384 +tls_require_ciphers = DHE-RSA-CAMELLIA256-SHA:ECDHE-RSA-AES256-GCM-SHA384 # Force TLS1.2 so that the ciphers choice works diff --git a/test/log/5841 b/test/log/5841 index 863107c2e..2589379fa 100644 --- a/test/log/5841 +++ b/test/log/5841 @@ -8,7 +8,7 @@ 1999-03-02 09:44:33 10HmbB-0005vi-00 => CALLER@localhost.test.ex R=client T=send_to_server H=localhost.test.ex [127.0.0.1] X=TLSv1:ke-RSA-AES256-SHA:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbC-0005vi-00" 1999-03-02 09:44:33 10HmbB-0005vi-00 Completed 1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@dane256ee.test.ex -1999-03-02 09:44:33 10HmbD-0005vi-00 => CALLER@dane256ee.test.ex R=client T=send_to_server H=dane256ee.test.ex [ip4.ip4.ip4.ip4] X=TLSv1:ECDHE-RSA-CAMELLIA256-SHA384:256 CV=dane DN="/CN=server1.example.com" C="250 OK id=10HmbE-0005vi-00" +1999-03-02 09:44:33 10HmbD-0005vi-00 => CALLER@dane256ee.test.ex R=client T=send_to_server H=dane256ee.test.ex [ip4.ip4.ip4.ip4] X=TLSv1:DHE-RSA-CAMELLIA256-SHA:256 CV=dane DN="/CN=server1.example.com" C="250 OK id=10HmbE-0005vi-00" 1999-03-02 09:44:33 10HmbD-0005vi-00 Completed ******** SERVER ******** @@ -26,6 +26,6 @@ 1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: <CALLER@localhost.test.ex> R=server 1999-03-02 09:44:33 10HmbC-0005vi-00 Completed 1999-03-02 09:44:33 "rcpt ACL" -1999-03-02 09:44:33 10HmbE-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:ECDHE-RSA-CAMELLIA256-SHA384:256 CV=no S=sss id=E10HmbD-0005vi-00@myhost.test.ex for CALLER@dane256ee.test.ex +1999-03-02 09:44:33 10HmbE-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:DHE-RSA-CAMELLIA256-SHA:256 CV=no S=sss id=E10HmbD-0005vi-00@myhost.test.ex for CALLER@dane256ee.test.ex 1999-03-02 09:44:33 10HmbE-0005vi-00 => :blackhole: <CALLER@dane256ee.test.ex> R=server 1999-03-02 09:44:33 10HmbE-0005vi-00 Completed diff --git a/test/scripts/5840-DANE-OpenSSL/5841 b/test/scripts/5840-DANE-OpenSSL/5841 index fff416e2a..2dc94ebe0 100644 --- a/test/scripts/5840-DANE-OpenSSL/5841 +++ b/test/scripts/5840-DANE-OpenSSL/5841 @@ -15,12 +15,12 @@ Testing # ### Dane cipher specified, dane unused # Since dane unused, should get the same cipher as the baseline -exim -odf -DLIST=ECDHE-RSA-CAMELLIA256-SHA384 CALLER@localhost.test.ex +exim -odf -DLIST=DHE-RSA-CAMELLIA256-SHA CALLER@localhost.test.ex Testing **** ### Dane cipher specified, dane used # Should get the cipher specified here -exim -odf -DLIST=ECDHE-RSA-CAMELLIA256-SHA384 CALLER@dane256ee.test.ex +exim -odf -DLIST=DHE-RSA-CAMELLIA256-SHA CALLER@dane256ee.test.ex Testing **** # |