blob: 59263df814e4a6e696c8cf8c09a982411ad61558 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
# TLS: EC curves for OpenSSL
#
# This is only checking the acceptability of option settings, not their effect
# See packet captures for actual effects
#
# Baseline: tls_eccurve option not present
exim -DSERVER=server -bd -oX PORT_D
****
exim -odf userx@test.ex
****
killdaemon
#
# Explicit tls_eccurve setting of "auto"
exim -DSERVER=server -DDATA=auto -bd -oX PORT_D
****
exim -odf userx@test.ex
****
killdaemon
#
# Explicit tls_eccurve setting of ""
# - unclear this works. At least with OpenSSL 3.0.5 we still get an x25519 keyshare in the Server Hello
exim -DSERVER=server -DDATA= -bd -oX PORT_D
****
exim -odf userx@test.ex
****
killdaemon
#
# prime256v1
exim -DSERVER=server -DDATA=prime256v1 -bd -oX PORT_D
****
exim -odf userx@test.ex
****
killdaemon
#
# X448
# Client Hello offers an x25519 keyshare, server says "Hello Retry Request" with a KeyShare extension "X448"
# and the client retries Client Hello with that in the KeyShare.
exim -DSERVER=server -DDATA=X448 -bd -oX PORT_D
****
exim -odf userx@test.ex
****
killdaemon
#
# "bogus". Should fail to make connection.
exim -DSERVER=server -DDATA=bogus -bd -oX PORT_D
****
exim -odf userx@test.ex
****
killdaemon
#
#
no_message_check
|
