diff options
author | Jeremy Harris <jgh146exb@wizmail.org> | 2023-01-01 12:18:38 +0000 |
---|---|---|
committer | Jeremy Harris <jgh146exb@wizmail.org> | 2023-01-01 12:18:38 +0000 |
commit | ca4014de81e6aa367aa0a54c49b4c3d4b137814c (patch) | |
tree | 47c9a125b457e95b832faf4bbcb1a6b72fa6ff0a /test/scripts/2100-OpenSSL | |
parent | cbaecb979ad04aeb7eb2fce524facc862496b8b7 (diff) |
OpenSSL: fix tls_eccurve setting explicit curve/group. Bug 2954
Diffstat (limited to 'test/scripts/2100-OpenSSL')
-rw-r--r-- | test/scripts/2100-OpenSSL/2148 | 50 | ||||
-rw-r--r-- | test/scripts/2100-OpenSSL/2149 | 50 |
2 files changed, 76 insertions, 24 deletions
diff --git a/test/scripts/2100-OpenSSL/2148 b/test/scripts/2100-OpenSSL/2148 new file mode 100644 index 000000000..691814644 --- /dev/null +++ b/test/scripts/2100-OpenSSL/2148 @@ -0,0 +1,50 @@ +# TLS: DH params for OpenSSL +# +# DH param from file +exim -DSERVER=server -DDATA=DIR/aux-fixed/dh2048 -bd -oX PORT_D +**** +exim -odf userw@test.ex +Test message +**** +killdaemon +# +# Too-big DH param (vs. tls_dh_max_bits), from file +exim -DSERVER=server -DDATA=DIR/aux-fixed/dh3072 -bd -oX PORT_D +**** +exim -odf userx@test.ex +Test message +**** +killdaemon +# +# Too-small DH param (library limitation), from file +exim -DSERVER=server -DDATA=DIR/aux-fixed/dh512 -bd -oX PORT_D +**** +exim -odf usery@test.ex +Test message +**** +killdaemon +# +# Named DH-param +exim -DSERVER=server -DDATA=ffdhe2048 -bd -oX PORT_D +**** +exim -odf userz@test.ex +Test message +**** +killdaemon +# +# Named DH-param, logged deprecation +exim -DSERVER=server -DDATA=ike24 -bd -oX PORT_D +**** +exim -odf usera@test.ex +Test message +**** +killdaemon +# +# Named DH-param, panic-logged deprecation +exim -DSERVER=server -DDATA=ike22 -bd -oX PORT_D +**** +exim -odf userb@test.ex +Test message +**** +killdaemon +no_message_check diff --git a/test/scripts/2100-OpenSSL/2149 b/test/scripts/2100-OpenSSL/2149 index b8ff65560..59263df81 100644 --- a/test/scripts/2100-OpenSSL/2149 +++ b/test/scripts/2100-OpenSSL/2149 @@ -1,50 +1,52 @@ -# TLS: DH ciphers for OpenSSL +# TLS: EC curves for OpenSSL # -# DH param from file -exim -DSERVER=server -DDATA=DIR/aux-fixed/dh2048 -bd -oX PORT_D +# This is only checking the acceptability of option settings, not their effect +# See packet captures for actual effects +# +# Baseline: tls_eccurve option not present +exim -DSERVER=server -bd -oX PORT_D **** -exim -odf userw@test.ex -Test message +exim -odf userx@test.ex **** killdaemon # -# Too-big DH param (vs. tls_dh_max_bits), from file -exim -DSERVER=server -DDATA=DIR/aux-fixed/dh3072 -bd -oX PORT_D +# Explicit tls_eccurve setting of "auto" +exim -DSERVER=server -DDATA=auto -bd -oX PORT_D **** exim -odf userx@test.ex -Test message **** killdaemon # -# Too-small DH param (library limitation), from file -exim -DSERVER=server -DDATA=DIR/aux-fixed/dh512 -bd -oX PORT_D +# Explicit tls_eccurve setting of "" +# - unclear this works. At least with OpenSSL 3.0.5 we still get an x25519 keyshare in the Server Hello +exim -DSERVER=server -DDATA= -bd -oX PORT_D **** -exim -odf usery@test.ex -Test message +exim -odf userx@test.ex **** killdaemon # -# Named DH-param -exim -DSERVER=server -DDATA=ffdhe2048 -bd -oX PORT_D +# prime256v1 +exim -DSERVER=server -DDATA=prime256v1 -bd -oX PORT_D **** -exim -odf userz@test.ex -Test message +exim -odf userx@test.ex **** killdaemon # -# Named DH-param, logged deprecation -exim -DSERVER=server -DDATA=ike24 -bd -oX PORT_D +# X448 +# Client Hello offers an x25519 keyshare, server says "Hello Retry Request" with a KeyShare extension "X448" +# and the client retries Client Hello with that in the KeyShare. +exim -DSERVER=server -DDATA=X448 -bd -oX PORT_D **** -exim -odf usera@test.ex -Test message +exim -odf userx@test.ex **** killdaemon # -# Named DH-param, panic-logged deprecation -exim -DSERVER=server -DDATA=ike22 -bd -oX PORT_D +# "bogus". Should fail to make connection. +exim -DSERVER=server -DDATA=bogus -bd -oX PORT_D **** -exim -odf userb@test.ex -Test message +exim -odf userx@test.ex **** killdaemon +# +# no_message_check |