Fix failure in SSLv3 per-version suites test

The test used 3DES as the suite for SSLv3, which now makes the handshake fails
with "no ciphersuite in common", failing the test as well. Use Camellia
instead (as there are not enough AES ciphersuites before TLS 1.2 to
distinguish between the 3 versions).

Document some dependencies, but not all. Just trying to avoid introducing new
issues by using a new cipher here, not trying to make it perfect, which is a
much larger task out of scope of this commit.
This commit is contained in:
Manuel Pégourié-Gonnard 2019-03-01 10:14:58 +01:00
parent 37e0a8c455
commit f1e62e8e1e

View File

@ -3993,26 +3993,37 @@ run_test "ECJPAKE: working, DTLS, nolog" \
# Tests for ciphersuites per version # Tests for ciphersuites per version
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
requires_config_enabled MBEDTLS_CAMELLIA_C
requires_config_enabled MBEDTLS_AES_C
run_test "Per-version suites: SSL3" \ run_test "Per-version suites: SSL3" \
"$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ "$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
"$P_CLI force_version=ssl3" \ "$P_CLI force_version=ssl3" \
0 \ 0 \
-c "Ciphersuite is TLS-RSA-WITH-3DES-EDE-CBC-SHA" -c "Ciphersuite is TLS-RSA-WITH-CAMELLIA-128-CBC-SHA"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1
requires_config_enabled MBEDTLS_CAMELLIA_C
requires_config_enabled MBEDTLS_AES_C
run_test "Per-version suites: TLS 1.0" \ run_test "Per-version suites: TLS 1.0" \
"$P_SRV arc4=1 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ "$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
"$P_CLI force_version=tls1 arc4=1" \ "$P_CLI force_version=tls1 arc4=1" \
0 \ 0 \
-c "Ciphersuite is TLS-RSA-WITH-AES-256-CBC-SHA" -c "Ciphersuite is TLS-RSA-WITH-AES-256-CBC-SHA"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
requires_config_enabled MBEDTLS_CAMELLIA_C
requires_config_enabled MBEDTLS_AES_C
run_test "Per-version suites: TLS 1.1" \ run_test "Per-version suites: TLS 1.1" \
"$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ "$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
"$P_CLI force_version=tls1_1" \ "$P_CLI force_version=tls1_1" \
0 \ 0 \
-c "Ciphersuite is TLS-RSA-WITH-AES-128-CBC-SHA" -c "Ciphersuite is TLS-RSA-WITH-AES-128-CBC-SHA"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_CAMELLIA_C
requires_config_enabled MBEDTLS_AES_C
run_test "Per-version suites: TLS 1.2" \ run_test "Per-version suites: TLS 1.2" \
"$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ "$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
"$P_CLI force_version=tls1_2" \ "$P_CLI force_version=tls1_2" \
0 \ 0 \
-c "Ciphersuite is TLS-RSA-WITH-AES-128-GCM-SHA256" -c "Ciphersuite is TLS-RSA-WITH-AES-128-GCM-SHA256"