From 00d538f8f996601f3ef8b88d0ad855f84ae6f3c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 31 Mar 2014 10:44:40 +0200 Subject: [PATCH] Disable renegotiation by default in example cli/srv --- programs/ssl/ssl_client2.c | 2 +- programs/ssl/ssl_server2.c | 2 +- tests/ssl-opt.sh | 16 ++++++++-------- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 3b8dec740..eb48eb126 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -54,7 +54,7 @@ #define DFL_PSK "" #define DFL_PSK_IDENTITY "Client_identity" #define DFL_FORCE_CIPHER 0 -#define DFL_RENEGOTIATION SSL_RENEGOTIATION_ENABLED +#define DFL_RENEGOTIATION SSL_RENEGOTIATION_DISABLED #define DFL_ALLOW_LEGACY SSL_LEGACY_NO_RENEGOTIATION #define DFL_RENEGOTIATE 0 #define DFL_MIN_VERSION -1 diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 7a23e7728..4bb457ca1 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -73,7 +73,7 @@ #define DFL_PSK "" #define DFL_PSK_IDENTITY "Client_identity" #define DFL_FORCE_CIPHER 0 -#define DFL_RENEGOTIATION SSL_RENEGOTIATION_ENABLED +#define DFL_RENEGOTIATION SSL_RENEGOTIATION_DISABLED #define DFL_ALLOW_LEGACY SSL_LEGACY_NO_RENEGOTIATION #define DFL_RENEGOTIATE 0 #define DFL_MIN_VERSION -1 diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2ec39b794..60efe8d83 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -496,8 +496,8 @@ run_test "Renegotiation #0 (none)" \ -S "write hello request" run_test "Renegotiation #1 (enabled, client-initiated)" \ - "$P_SRV debug_level=4" \ - "$P_CLI debug_level=4 renegotiate=1" \ + "$P_SRV debug_level=4 renegotiation=1" \ + "$P_CLI debug_level=4 renegotiation=1 renegotiate=1" \ 0 \ -c "client hello, adding renegotiation extension" \ -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ @@ -509,8 +509,8 @@ run_test "Renegotiation #1 (enabled, client-initiated)" \ -S "write hello request" run_test "Renegotiation #2 (enabled, server-initiated)" \ - "$P_SRV debug_level=4 renegotiate=1" \ - "$P_CLI debug_level=4" \ + "$P_SRV debug_level=4 renegotiation=1 renegotiate=1" \ + "$P_CLI debug_level=4 renegotiation=1" \ 0 \ -c "client hello, adding renegotiation extension" \ -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ @@ -522,8 +522,8 @@ run_test "Renegotiation #2 (enabled, server-initiated)" \ -s "write hello request" run_test "Renegotiation #3 (enabled, double)" \ - "$P_SRV debug_level=4 renegotiate=1" \ - "$P_CLI debug_level=4 renegotiate=1" \ + "$P_SRV debug_level=4 renegotiation=1 renegotiate=1" \ + "$P_CLI debug_level=4 renegotiation=1 renegotiate=1" \ 0 \ -c "client hello, adding renegotiation extension" \ -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ @@ -536,7 +536,7 @@ run_test "Renegotiation #3 (enabled, double)" \ run_test "Renegotiation #4 (client-initiated, server-rejected)" \ "$P_SRV debug_level=4 renegotiation=0" \ - "$P_CLI debug_level=4 renegotiate=1" \ + "$P_CLI debug_level=4 renegotiation=1 renegotiate=1" \ 1 \ -c "client hello, adding renegotiation extension" \ -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ @@ -548,7 +548,7 @@ run_test "Renegotiation #4 (client-initiated, server-rejected)" \ -S "write hello request" run_test "Renegotiation #5 (server-initiated, client-rejected)" \ - "$P_SRV debug_level=4 renegotiate=1" \ + "$P_SRV debug_level=4 renegotiation=1 renegotiate=1" \ "$P_CLI debug_level=4 renegotiation=0" \ 0 \ -C "client hello, adding renegotiation extension" \