diff options
Diffstat (limited to 'test/confs')
| -rw-r--r-- | test/confs/2102 | 1 | ||||
| -rw-r--r-- | test/confs/2107 | 1 | ||||
| -rw-r--r-- | test/confs/2111 | 5 | ||||
| -rw-r--r-- | test/confs/2125 | 3 | ||||
| -rw-r--r-- | test/confs/2127 | 4 | ||||
| -rw-r--r-- | test/confs/5841 | 10 |
6 files changed, 20 insertions, 4 deletions
diff --git a/test/confs/2102 b/test/confs/2102 index 0139a61c0..c9e00479b 100644 --- a/test/confs/2102 +++ b/test/confs/2102 @@ -43,6 +43,7 @@ check_recipient: !encrypted = * logwrite = cipher: $tls_in_cipher # This appears to lie. Despite what's on the wire, it returns the last cert loaded. +# Fixed in OpenSSL 1.1.1 ? Testcase golden logfile has the incorrect value. warn logwrite = ${if def:tls_in_ourcert \ {Our cert SN: <${certextract{subject}{$tls_in_ourcert}}>} \ {We did not present a cert}} diff --git a/test/confs/2107 b/test/confs/2107 index 679367315..9487445cc 100644 --- a/test/confs/2107 +++ b/test/confs/2107 @@ -16,7 +16,6 @@ queue_only queue_run_in_order tls_advertise_hosts = * -tls_require_ciphers = AES256-SHA # Set certificate only if server diff --git a/test/confs/2111 b/test/confs/2111 index 0d99a23bc..b54c9490d 100644 --- a/test/confs/2111 +++ b/test/confs/2111 @@ -23,6 +23,9 @@ tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail} tls_verify_hosts = * tls_verify_certificates = ${if eq {SERVER}{server}{DIR/aux-fixed/cert2}fail} +.ifdef _OPT_OPENSSL_NO_TLSV1_3_X +openssl_options = +no_tlsv1_3 +.endif # ----- Routers ----- @@ -47,7 +50,7 @@ send_to_server: port = PORT_D tls_certificate = DIR/aux-fixed/cert2 tls_privatekey = DIR/aux-fixed/cert2 - tls_require_ciphers = IDEA-CBC-MD5 \ + tls_require_ciphers = IDEA-CBC-MD5:\ ${if eq{$host_address}{127.0.0.1}{:AES256-SHA:RSA_ARCFOUR_SHA}} # End diff --git a/test/confs/2125 b/test/confs/2125 index be2fe1be3..589879133 100644 --- a/test/confs/2125 +++ b/test/confs/2125 @@ -25,6 +25,9 @@ tls_require_ciphers = ${if eq{$sender_host_address}{HOSTIPV4}\ tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail} tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail} +.ifdef _OPT_OPENSSL_NO_TLSV1_3_X +openssl_options = +no_tlsv1_3 +.endif # ----- Routers ----- diff --git a/test/confs/2127 b/test/confs/2127 index b177444e9..9807ccf11 100644 --- a/test/confs/2127 +++ b/test/confs/2127 @@ -20,6 +20,10 @@ tls_try_verify_hosts = 127.0.0.1 tls_verify_hosts = HOSTIPV4 tls_verify_certificates = DIR/aux-fixed/cert1 +tls_require_ciphers = -ALL:kRSA +.ifdef _OPT_OPENSSL_NO_TLSV1_3_X +openssl_options = +no_tlsv1_3 +.endif # ----- Routers ----- begin routers diff --git a/test/confs/5841 b/test/confs/5841 index 57d692826..98de91d76 100644 --- a/test/confs/5841 +++ b/test/confs/5841 @@ -2,7 +2,7 @@ # DANE/OpenSSL - ciphers option SERVER= -OPT= +LIST= .include DIR/aux-var/tls_conf_prefix @@ -25,6 +25,12 @@ tls_privatekey = ${if eq {SERVER}{server} {CDIR2/server1.example.com.unlocked.k # Permit two specific ciphers tls_require_ciphers = ECDHE-RSA-CAMELLIA256-SHA384:ECDHE-RSA-AES256-GCM-SHA384 +# Force TLS1.2 so that the ciphers choice works + +.ifdef _OPT_OPENSSL_NO_TLSV1_3_X +openssl_options = +no_tlsv1_3 +.endif + # ----- Routers ----- begin routers @@ -53,7 +59,7 @@ send_to_server: # Some commonly-available cipher, we hope tls_require_ciphers = ECDHE-RSA-AES256-GCM-SHA384 - dane_require_tls_ciphers = OPT + dane_require_tls_ciphers = LIST # ----- Retry ----- begin retry |