blob: 18b43bd5ef36c0c1e484a3542276ea1a70eebe54 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
# TLS: EC curves for OpenSSL
#
# This is only checking the acceptability of option settings, not their effect
# See packet captures for actual effects
#
# Baseline: tls_eccurve option not present
exim -DSERVER=server -bd -oX PORT_D
****
exim -odf optnotpresent@test.ex
****
killdaemon
#
# Explicit tls_eccurve setting of "auto"
exim -DSERVER=server -DDATA=auto -bd -oX PORT_D
****
exim -odf explicitauto@test.ex
****
killdaemon
#
# prime256v1
# Oddly, 3.0.5 packets show an EC-groups negotiation of C:x255519 S:secp256r1 C:secp256r1 S:secp256r1.
# Hoever, note that RFC 8446 (TLS1.3) does NOT include prime256v1 as one of the allowable
# supported groups (and it's not in the client "supported groups" extension, so what we see seems good.
exim -DSERVER=server -DDATA=prime256v1 -bd -oX PORT_D
****
exim -odf prime256v1@test.ex
****
killdaemon
#
# secp384r1
# C:x25519 S:secp384r1
exim -DSERVER=server -DDATA=secp384r1 -bd -oX PORT_D
****
exim -odf secp384r1@test.ex
****
killdaemon
#
# "bogus". Should fail to make connection.
exim -DSERVER=server -DDATA=bogus -bd -oX PORT_D
****
exim -odf user_fail@test.ex
****
killdaemon
#
# Two-element list - will fail for pre- 1.1.1 OpenSSL
# - the Hello Retry Req goes out with the earliest one from the list which matches the client's Supported Groups
exim -DSERVER=server -DDATA=P-521:secp384r1 -bd -oX PORT_D
****
exim -odf user_list2@test.ex
****
killdaemon
#
#
# List with an "auto" element embedded, which should override.
exim -DSERVER=server '-DDATA= P-521 : P-384 : auto : P-256' -bd -oX PORT_D
****
exim -odf user_list_auto@test.ex
****
killdaemon
#
no_message_check
|
