mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-25 21:45:47 +01:00
Update default configuration
Change the default settings for SSL and modify the tests accordingly.
This commit is contained in:
Janos Follath
parent
f10f85f676
commit
542ee5d8f3
@ -111,7 +111,7 @@ if(ENABLE_TESTING)
|
|||||||
ADD_CUSTOM_TARGET(covtest
|
ADD_CUSTOM_TARGET(covtest
|
||||||
COMMAND make test
|
COMMAND make test
|
||||||
COMMAND programs/test/selftest
|
COMMAND programs/test/selftest
|
||||||
COMMAND tests/compat.sh
|
COMMAND tests/compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2'
|
||||||
COMMAND tests/ssl-opt.sh
|
COMMAND tests/ssl-opt.sh
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|||||||
@ -1039,7 +1039,7 @@
|
|||||||
*
|
*
|
||||||
* Comment this macro to disable support for SSL 3.0
|
* Comment this macro to disable support for SSL 3.0
|
||||||
*/
|
*/
|
||||||
#define MBEDTLS_SSL_PROTO_SSL3
|
//#define MBEDTLS_SSL_PROTO_SSL3
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \def MBEDTLS_SSL_PROTO_TLS1
|
* \def MBEDTLS_SSL_PROTO_TLS1
|
||||||
|
|||||||
@ -695,6 +695,7 @@ run_test "Encrypt then MAC: client disabled, server enabled" \
|
|||||||
-C "using encrypt then mac" \
|
-C "using encrypt then mac" \
|
||||||
-S "using encrypt then mac"
|
-S "using encrypt then mac"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
||||||
run_test "Encrypt then MAC: client SSLv3, server enabled" \
|
run_test "Encrypt then MAC: client SSLv3, server enabled" \
|
||||||
"$P_SRV debug_level=3 min_version=ssl3 \
|
"$P_SRV debug_level=3 min_version=ssl3 \
|
||||||
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
|
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
|
||||||
@ -707,6 +708,7 @@ run_test "Encrypt then MAC: client SSLv3, server enabled" \
|
|||||||
-C "using encrypt then mac" \
|
-C "using encrypt then mac" \
|
||||||
-S "using encrypt then mac"
|
-S "using encrypt then mac"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
||||||
run_test "Encrypt then MAC: client enabled, server SSLv3" \
|
run_test "Encrypt then MAC: client enabled, server SSLv3" \
|
||||||
"$P_SRV debug_level=3 force_version=ssl3 \
|
"$P_SRV debug_level=3 force_version=ssl3 \
|
||||||
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
|
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
|
||||||
@ -754,6 +756,7 @@ run_test "Extended Master Secret: client disabled, server enabled" \
|
|||||||
-C "using extended master secret" \
|
-C "using extended master secret" \
|
||||||
-S "using extended master secret"
|
-S "using extended master secret"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
||||||
run_test "Extended Master Secret: client SSLv3, server enabled" \
|
run_test "Extended Master Secret: client SSLv3, server enabled" \
|
||||||
"$P_SRV debug_level=3 min_version=ssl3" \
|
"$P_SRV debug_level=3 min_version=ssl3" \
|
||||||
"$P_CLI debug_level=3 force_version=ssl3" \
|
"$P_CLI debug_level=3 force_version=ssl3" \
|
||||||
@ -765,6 +768,7 @@ run_test "Extended Master Secret: client SSLv3, server enabled" \
|
|||||||
-C "using extended master secret" \
|
-C "using extended master secret" \
|
||||||
-S "using extended master secret"
|
-S "using extended master secret"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
||||||
run_test "Extended Master Secret: client enabled, server SSLv3" \
|
run_test "Extended Master Secret: client enabled, server SSLv3" \
|
||||||
"$P_SRV debug_level=3 force_version=ssl3" \
|
"$P_SRV debug_level=3 force_version=ssl3" \
|
||||||
"$P_CLI debug_level=3 min_version=ssl3" \
|
"$P_CLI debug_level=3 min_version=ssl3" \
|
||||||
@ -883,6 +887,7 @@ run_test "CBC Record splitting: TLS 1.0, splitting" \
|
|||||||
-s "Read from client: 1 bytes read" \
|
-s "Read from client: 1 bytes read" \
|
||||||
-s "122 bytes read"
|
-s "122 bytes read"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
||||||
run_test "CBC Record splitting: SSLv3, splitting" \
|
run_test "CBC Record splitting: SSLv3, splitting" \
|
||||||
"$P_SRV min_version=ssl3" \
|
"$P_SRV min_version=ssl3" \
|
||||||
"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
|
"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
|
||||||
@ -1674,6 +1679,7 @@ run_test "Authentication: client no cert, openssl server optional" \
|
|||||||
-c "skip write certificate verify" \
|
-c "skip write certificate verify" \
|
||||||
-C "! mbedtls_ssl_handshake returned"
|
-C "! mbedtls_ssl_handshake returned"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
||||||
run_test "Authentication: client no cert, ssl3" \
|
run_test "Authentication: client no cert, ssl3" \
|
||||||
"$P_SRV debug_level=3 auth_mode=optional force_version=ssl3" \
|
"$P_SRV debug_level=3 auth_mode=optional force_version=ssl3" \
|
||||||
"$P_CLI debug_level=3 crt_file=none key_file=none min_version=ssl3" \
|
"$P_CLI debug_level=3 crt_file=none key_file=none min_version=ssl3" \
|
||||||
@ -2501,6 +2507,7 @@ run_test "PSK callback: wrong key" \
|
|||||||
|
|
||||||
# Tests for ciphersuites per version
|
# Tests for ciphersuites per version
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
||||||
run_test "Per-version suites: SSL3" \
|
run_test "Per-version suites: SSL3" \
|
||||||
"$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
|
"$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
|
||||||
"$P_CLI force_version=ssl3" \
|
"$P_CLI force_version=ssl3" \
|
||||||
@ -2550,6 +2557,7 @@ run_test "mbedtls_ssl_get_bytes_avail: extra data" \
|
|||||||
|
|
||||||
# Tests for small packets
|
# Tests for small packets
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
||||||
run_test "Small packet SSLv3 BlockCipher" \
|
run_test "Small packet SSLv3 BlockCipher" \
|
||||||
"$P_SRV min_version=ssl3" \
|
"$P_SRV min_version=ssl3" \
|
||||||
"$P_CLI request_size=1 force_version=ssl3 \
|
"$P_CLI request_size=1 force_version=ssl3 \
|
||||||
@ -2557,6 +2565,7 @@ run_test "Small packet SSLv3 BlockCipher" \
|
|||||||
0 \
|
0 \
|
||||||
-s "Read from client: 1 bytes read"
|
-s "Read from client: 1 bytes read"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
||||||
run_test "Small packet SSLv3 StreamCipher" \
|
run_test "Small packet SSLv3 StreamCipher" \
|
||||||
"$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
"$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||||
"$P_CLI request_size=1 force_version=ssl3 \
|
"$P_CLI request_size=1 force_version=ssl3 \
|
||||||
@ -2691,6 +2700,7 @@ run_test "Small packet TLS 1.2 AEAD shorter tag" \
|
|||||||
|
|
||||||
# Test for large packets
|
# Test for large packets
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
||||||
run_test "Large packet SSLv3 BlockCipher" \
|
run_test "Large packet SSLv3 BlockCipher" \
|
||||||
"$P_SRV min_version=ssl3" \
|
"$P_SRV min_version=ssl3" \
|
||||||
"$P_CLI request_size=16384 force_version=ssl3 recsplit=0 \
|
"$P_CLI request_size=16384 force_version=ssl3 recsplit=0 \
|
||||||
@ -2698,6 +2708,7 @@ run_test "Large packet SSLv3 BlockCipher" \
|
|||||||
0 \
|
0 \
|
||||||
-s "Read from client: 16384 bytes read"
|
-s "Read from client: 16384 bytes read"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
||||||
run_test "Large packet SSLv3 StreamCipher" \
|
run_test "Large packet SSLv3 StreamCipher" \
|
||||||
"$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
"$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||||
"$P_CLI request_size=16384 force_version=ssl3 \
|
"$P_CLI request_size=16384 force_version=ssl3 \
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user