diff options
author | Phil Pennock <pdp@exim.org> | 2012-05-17 17:24:36 -0400 |
---|---|---|
committer | Phil Pennock <pdp@exim.org> | 2012-05-17 17:24:36 -0400 |
commit | 75fe387d4b7dd458b79fc22d593095cd84ca8ea4 (patch) | |
tree | 5277f61ddc0ad8abde4d7eeaada57111c85668a2 /test/runtest | |
parent | 4fe99a6c7949056e1bf27f146ad604061b6a3669 (diff) |
fix tls_cipher memory lifetime.
Some tests had not been updated for the new cert because they were missing an X= log-line.
Updated those tests now.
Diffstat (limited to 'test/runtest')
-rwxr-xr-x | test/runtest | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/test/runtest b/test/runtest index 9bcace082..6418d8d3f 100755 --- a/test/runtest +++ b/test/runtest @@ -484,6 +484,7 @@ RESET_AFTER_EXTRA_LINE_READ: # So far, have seen: # TLSv1:AES256-SHA:256 # TLSv1.2:AES256-GCM-SHA384:256 + # TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128 # We also need to handle the ciphersuite without the TLS part present, for # client-ssl's output. We also see some older forced ciphersuites, but # negotiating TLS 1.2 instead of 1.0. @@ -493,6 +494,20 @@ RESET_AFTER_EXTRA_LINE_READ: s/( (?: (?:\b|\s) [\(=] ) | \s )TLSv1\.2:/$1TLSv1:/xg; s/\bAES256-GCM-SHA384\b/AES256-SHA/g; + # GnuTLS have seen: + # TLS1.2:RSA_AES_256_CBC_SHA1:256 (canonical) + # TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128 + # + # X=TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256 + # X=TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256 + # and as stand-alone cipher: + # DHE-RSA-AES256-SHA256 + # DHE-RSA-AES256-SHA + # picking latter as canonical simply because regex easier that way. + s/\bDHE_RSA_AES_128_CBC_SHA1:128/RSA_AES_256_CBC_SHA1:256/g; + s/X=TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256/X=TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256/g; + s/\bDHE-RSA-AES256-SHA256\b/DHE-RSA-AES256-SHA/g; + # ======== Caller's login, uid, gid, home, gecos ======== |