summaryrefslogtreecommitdiff
path: root/test/scripts/2100-OpenSSL
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2023-01-01 12:18:38 +0000
committerJeremy Harris <jgh146exb@wizmail.org>2023-01-01 12:18:38 +0000
commitca4014de81e6aa367aa0a54c49b4c3d4b137814c (patch)
tree47c9a125b457e95b832faf4bbcb1a6b72fa6ff0a /test/scripts/2100-OpenSSL
parentcbaecb979ad04aeb7eb2fce524facc862496b8b7 (diff)
OpenSSL: fix tls_eccurve setting explicit curve/group. Bug 2954
Diffstat (limited to 'test/scripts/2100-OpenSSL')
-rw-r--r--test/scripts/2100-OpenSSL/214850
-rw-r--r--test/scripts/2100-OpenSSL/214950
2 files changed, 76 insertions, 24 deletions
diff --git a/test/scripts/2100-OpenSSL/2148 b/test/scripts/2100-OpenSSL/2148
new file mode 100644
index 000000000..691814644
--- /dev/null
+++ b/test/scripts/2100-OpenSSL/2148
@@ -0,0 +1,50 @@
+# TLS: DH params for OpenSSL
+#
+# DH param from file
+exim -DSERVER=server -DDATA=DIR/aux-fixed/dh2048 -bd -oX PORT_D
+****
+exim -odf userw@test.ex
+Test message
+****
+killdaemon
+#
+# Too-big DH param (vs. tls_dh_max_bits), from file
+exim -DSERVER=server -DDATA=DIR/aux-fixed/dh3072 -bd -oX PORT_D
+****
+exim -odf userx@test.ex
+Test message
+****
+killdaemon
+#
+# Too-small DH param (library limitation), from file
+exim -DSERVER=server -DDATA=DIR/aux-fixed/dh512 -bd -oX PORT_D
+****
+exim -odf usery@test.ex
+Test message
+****
+killdaemon
+#
+# Named DH-param
+exim -DSERVER=server -DDATA=ffdhe2048 -bd -oX PORT_D
+****
+exim -odf userz@test.ex
+Test message
+****
+killdaemon
+#
+# Named DH-param, logged deprecation
+exim -DSERVER=server -DDATA=ike24 -bd -oX PORT_D
+****
+exim -odf usera@test.ex
+Test message
+****
+killdaemon
+#
+# Named DH-param, panic-logged deprecation
+exim -DSERVER=server -DDATA=ike22 -bd -oX PORT_D
+****
+exim -odf userb@test.ex
+Test message
+****
+killdaemon
+no_message_check
diff --git a/test/scripts/2100-OpenSSL/2149 b/test/scripts/2100-OpenSSL/2149
index b8ff65560..59263df81 100644
--- a/test/scripts/2100-OpenSSL/2149
+++ b/test/scripts/2100-OpenSSL/2149
@@ -1,50 +1,52 @@
-# TLS: DH ciphers for OpenSSL
+# TLS: EC curves for OpenSSL
#
-# DH param from file
-exim -DSERVER=server -DDATA=DIR/aux-fixed/dh2048 -bd -oX PORT_D
+# This is only checking the acceptability of option settings, not their effect
+# See packet captures for actual effects
+#
+# Baseline: tls_eccurve option not present
+exim -DSERVER=server -bd -oX PORT_D
****
-exim -odf userw@test.ex
-Test message
+exim -odf userx@test.ex
****
killdaemon
#
-# Too-big DH param (vs. tls_dh_max_bits), from file
-exim -DSERVER=server -DDATA=DIR/aux-fixed/dh3072 -bd -oX PORT_D
+# Explicit tls_eccurve setting of "auto"
+exim -DSERVER=server -DDATA=auto -bd -oX PORT_D
****
exim -odf userx@test.ex
-Test message
****
killdaemon
#
-# Too-small DH param (library limitation), from file
-exim -DSERVER=server -DDATA=DIR/aux-fixed/dh512 -bd -oX PORT_D
+# Explicit tls_eccurve setting of ""
+# - unclear this works. At least with OpenSSL 3.0.5 we still get an x25519 keyshare in the Server Hello
+exim -DSERVER=server -DDATA= -bd -oX PORT_D
****
-exim -odf usery@test.ex
-Test message
+exim -odf userx@test.ex
****
killdaemon
#
-# Named DH-param
-exim -DSERVER=server -DDATA=ffdhe2048 -bd -oX PORT_D
+# prime256v1
+exim -DSERVER=server -DDATA=prime256v1 -bd -oX PORT_D
****
-exim -odf userz@test.ex
-Test message
+exim -odf userx@test.ex
****
killdaemon
#
-# Named DH-param, logged deprecation
-exim -DSERVER=server -DDATA=ike24 -bd -oX PORT_D
+# X448
+# Client Hello offers an x25519 keyshare, server says "Hello Retry Request" with a KeyShare extension "X448"
+# and the client retries Client Hello with that in the KeyShare.
+exim -DSERVER=server -DDATA=X448 -bd -oX PORT_D
****
-exim -odf usera@test.ex
-Test message
+exim -odf userx@test.ex
****
killdaemon
#
-# Named DH-param, panic-logged deprecation
-exim -DSERVER=server -DDATA=ike22 -bd -oX PORT_D
+# "bogus". Should fail to make connection.
+exim -DSERVER=server -DDATA=bogus -bd -oX PORT_D
****
-exim -odf userb@test.ex
-Test message
+exim -odf userx@test.ex
****
killdaemon
+#
+#
no_message_check