diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-02-25 21:39:53 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-02-25 21:39:53 +0000 |
commit | 9459f247cb80debfdecc12675d8e21c3c9c4e508 (patch) | |
tree | 1c6d86907113e09cc58a7ec36c4ab345f1dfa719 | |
parent | ea38531beb3463b4df19af58ee484ca2f2a6c1c9 (diff) | |
download | gnutls-9459f247cb80debfdecc12675d8e21c3c9c4e508.tar.gz |
Added option to disable all TLS 1.0 extensions.
-rw-r--r-- | src/cli-gaa.c | 129 | ||||
-rw-r--r-- | src/cli-gaa.h | 54 | ||||
-rw-r--r-- | src/cli.c | 10 | ||||
-rw-r--r-- | src/cli.gaa | 5 | ||||
-rw-r--r-- | src/tests.c | 2 | ||||
-rw-r--r-- | src/tls_test.c | 4 |
6 files changed, 113 insertions, 91 deletions
diff --git a/src/cli-gaa.c b/src/cli-gaa.c index 81ab6de58f..05257dc33c 100644 --- a/src/cli-gaa.c +++ b/src/cli-gaa.c @@ -132,6 +132,7 @@ void gaa_help(void) __gaa_helpsingle(0, "crlf", "", "Send CR LF instead of LF."); __gaa_helpsingle(0, "x509fmtder", "", "Use DER format for certificates"); __gaa_helpsingle('f', "fingerprint", "", "Send the openpgp fingerprint, instead of the key."); + __gaa_helpsingle(0, "disable-extensions", "", "Disable all the TLS extensions."); __gaa_helpsingle(0, "xml", "", "Print the certificate information in XML format."); __gaa_helpsingle('p', "port", "integer ", "The port to connect to."); __gaa_helpsingle(0, "recordsize", "integer ", "The maximum record size to advertize."); @@ -169,58 +170,60 @@ typedef struct _gaainfo gaainfo; struct _gaainfo { -#line 100 "cli.gaa" +#line 103 "cli.gaa" char *rest_args; -#line 90 "cli.gaa" +#line 93 "cli.gaa" char *srp_passwd; -#line 87 "cli.gaa" +#line 90 "cli.gaa" char *srp_username; -#line 84 "cli.gaa" +#line 87 "cli.gaa" char *x509_certfile; -#line 81 "cli.gaa" +#line 84 "cli.gaa" char *x509_keyfile; -#line 78 "cli.gaa" +#line 81 "cli.gaa" char *pgp_certfile; -#line 75 "cli.gaa" +#line 78 "cli.gaa" char *pgp_trustdb; -#line 72 "cli.gaa" +#line 75 "cli.gaa" char *pgp_keyring; -#line 69 "cli.gaa" +#line 72 "cli.gaa" char *pgp_keyfile; -#line 66 "cli.gaa" +#line 69 "cli.gaa" char *x509_crlfile; -#line 63 "cli.gaa" +#line 66 "cli.gaa" char *x509_cafile; -#line 60 "cli.gaa" +#line 63 "cli.gaa" char **ctype; -#line 59 "cli.gaa" +#line 62 "cli.gaa" int nctype; -#line 56 "cli.gaa" +#line 59 "cli.gaa" char **kx; -#line 55 "cli.gaa" +#line 58 "cli.gaa" int nkx; -#line 52 "cli.gaa" +#line 55 "cli.gaa" char **macs; -#line 51 "cli.gaa" +#line 54 "cli.gaa" int nmacs; -#line 48 "cli.gaa" +#line 51 "cli.gaa" char **comp; -#line 47 "cli.gaa" +#line 50 "cli.gaa" int ncomp; -#line 44 "cli.gaa" +#line 47 "cli.gaa" char **proto; -#line 43 "cli.gaa" +#line 46 "cli.gaa" int nproto; -#line 40 "cli.gaa" +#line 43 "cli.gaa" char **ciphers; -#line 39 "cli.gaa" +#line 42 "cli.gaa" int nciphers; -#line 35 "cli.gaa" +#line 38 "cli.gaa" int record_size; -#line 32 "cli.gaa" +#line 35 "cli.gaa" int port; -#line 29 "cli.gaa" +#line 32 "cli.gaa" int xml; +#line 29 "cli.gaa" + int disable_extensions; #line 26 "cli.gaa" int fingerprint; #line 23 "cli.gaa" @@ -285,7 +288,7 @@ int gaa_error = 0; #define GAA_MULTIPLE_OPTION 3 #define GAA_REST 0 -#define GAA_NB_OPTION 28 +#define GAA_NB_OPTION 29 #define GAAOPTID_copyright 1 #define GAAOPTID_version 2 #define GAAOPTID_help 3 @@ -309,11 +312,12 @@ int gaa_error = 0; #define GAAOPTID_recordsize 21 #define GAAOPTID_port 22 #define GAAOPTID_xml 23 -#define GAAOPTID_fingerprint 24 -#define GAAOPTID_x509fmtder 25 -#define GAAOPTID_crlf 26 -#define GAAOPTID_starttls 27 -#define GAAOPTID_resume 28 +#define GAAOPTID_disable_extensions 24 +#define GAAOPTID_fingerprint 25 +#define GAAOPTID_x509fmtder 26 +#define GAAOPTID_crlf 27 +#define GAAOPTID_starttls 28 +#define GAAOPTID_resume 29 #line 168 "gaa.skel" @@ -669,6 +673,7 @@ int gaa_get_option_num(char *str, int status) GAA_CHECK1STR("h", GAAOPTID_help); GAA_CHECK1STR("l", GAAOPTID_list); GAA_CHECK1STR("", GAAOPTID_xml); + GAA_CHECK1STR("", GAAOPTID_disable_extensions); GAA_CHECK1STR("f", GAAOPTID_fingerprint); GAA_CHECK1STR("", GAAOPTID_x509fmtder); GAA_CHECK1STR("", GAAOPTID_crlf); @@ -701,6 +706,7 @@ int gaa_get_option_num(char *str, int status) GAA_CHECKSTR("recordsize", GAAOPTID_recordsize); GAA_CHECKSTR("port", GAAOPTID_port); GAA_CHECKSTR("xml", GAAOPTID_xml); + GAA_CHECKSTR("disable-extensions", GAAOPTID_disable_extensions); GAA_CHECKSTR("fingerprint", GAAOPTID_fingerprint); GAA_CHECKSTR("x509fmtder", GAAOPTID_x509fmtder); GAA_CHECKSTR("crlf", GAAOPTID_crlf); @@ -758,28 +764,28 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) { case GAAOPTID_copyright: OK = 0; -#line 98 "cli.gaa" +#line 101 "cli.gaa" { print_license(); exit(0); ;}; return GAA_OK; break; case GAAOPTID_version: OK = 0; -#line 97 "cli.gaa" +#line 100 "cli.gaa" { cli_version(); exit(0); ;}; return GAA_OK; break; case GAAOPTID_help: OK = 0; -#line 95 "cli.gaa" +#line 98 "cli.gaa" { gaa_help(); exit(0); ;}; return GAA_OK; break; case GAAOPTID_list: OK = 0; -#line 94 "cli.gaa" +#line 97 "cli.gaa" { print_list(); exit(0); ;}; return GAA_OK; @@ -789,7 +795,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_srppasswd.arg1, gaa_getstr, GAATMP_srppasswd.size1); gaa_index++; -#line 91 "cli.gaa" +#line 94 "cli.gaa" { gaaval->srp_passwd = GAATMP_srppasswd.arg1 ;}; return GAA_OK; @@ -799,7 +805,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_srpusername.arg1, gaa_getstr, GAATMP_srpusername.size1); gaa_index++; -#line 88 "cli.gaa" +#line 91 "cli.gaa" { gaaval->srp_username = GAATMP_srpusername.arg1 ;}; return GAA_OK; @@ -809,7 +815,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_x509certfile.arg1, gaa_getstr, GAATMP_x509certfile.size1); gaa_index++; -#line 85 "cli.gaa" +#line 88 "cli.gaa" { gaaval->x509_certfile = GAATMP_x509certfile.arg1 ;}; return GAA_OK; @@ -819,7 +825,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_x509keyfile.arg1, gaa_getstr, GAATMP_x509keyfile.size1); gaa_index++; -#line 82 "cli.gaa" +#line 85 "cli.gaa" { gaaval->x509_keyfile = GAATMP_x509keyfile.arg1 ;}; return GAA_OK; @@ -829,7 +835,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_pgpcertfile.arg1, gaa_getstr, GAATMP_pgpcertfile.size1); gaa_index++; -#line 79 "cli.gaa" +#line 82 "cli.gaa" { gaaval->pgp_certfile = GAATMP_pgpcertfile.arg1 ;}; return GAA_OK; @@ -839,7 +845,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_pgptrustdb.arg1, gaa_getstr, GAATMP_pgptrustdb.size1); gaa_index++; -#line 76 "cli.gaa" +#line 79 "cli.gaa" { gaaval->pgp_trustdb = GAATMP_pgptrustdb.arg1 ;}; return GAA_OK; @@ -849,7 +855,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_pgpkeyring.arg1, gaa_getstr, GAATMP_pgpkeyring.size1); gaa_index++; -#line 73 "cli.gaa" +#line 76 "cli.gaa" { gaaval->pgp_keyring = GAATMP_pgpkeyring.arg1 ;}; return GAA_OK; @@ -859,7 +865,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_pgpkeyfile.arg1, gaa_getstr, GAATMP_pgpkeyfile.size1); gaa_index++; -#line 70 "cli.gaa" +#line 73 "cli.gaa" { gaaval->pgp_keyfile = GAATMP_pgpkeyfile.arg1 ;}; return GAA_OK; @@ -869,7 +875,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_x509crlfile.arg1, gaa_getstr, GAATMP_x509crlfile.size1); gaa_index++; -#line 67 "cli.gaa" +#line 70 "cli.gaa" { gaaval->x509_crlfile = GAATMP_x509crlfile.arg1 ;}; return GAA_OK; @@ -879,7 +885,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_x509cafile.arg1, gaa_getstr, GAATMP_x509cafile.size1); gaa_index++; -#line 64 "cli.gaa" +#line 67 "cli.gaa" { gaaval->x509_cafile = GAATMP_x509cafile.arg1 ;}; return GAA_OK; @@ -887,7 +893,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_ctypes: OK = 0; GAA_LIST_FILL(GAATMP_ctypes.arg1, gaa_getstr, char*, GAATMP_ctypes.size1); -#line 61 "cli.gaa" +#line 64 "cli.gaa" { gaaval->ctype = GAATMP_ctypes.arg1; gaaval->nctype = GAATMP_ctypes.size1 ;}; return GAA_OK; @@ -895,7 +901,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_kx: OK = 0; GAA_LIST_FILL(GAATMP_kx.arg1, gaa_getstr, char*, GAATMP_kx.size1); -#line 57 "cli.gaa" +#line 60 "cli.gaa" { gaaval->kx = GAATMP_kx.arg1; gaaval->nkx = GAATMP_kx.size1 ;}; return GAA_OK; @@ -903,7 +909,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_macs: OK = 0; GAA_LIST_FILL(GAATMP_macs.arg1, gaa_getstr, char*, GAATMP_macs.size1); -#line 53 "cli.gaa" +#line 56 "cli.gaa" { gaaval->macs = GAATMP_macs.arg1; gaaval->nmacs = GAATMP_macs.size1 ;}; return GAA_OK; @@ -911,7 +917,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_comp: OK = 0; GAA_LIST_FILL(GAATMP_comp.arg1, gaa_getstr, char*, GAATMP_comp.size1); -#line 49 "cli.gaa" +#line 52 "cli.gaa" { gaaval->comp = GAATMP_comp.arg1; gaaval->ncomp = GAATMP_comp.size1 ;}; return GAA_OK; @@ -919,7 +925,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_protocols: OK = 0; GAA_LIST_FILL(GAATMP_protocols.arg1, gaa_getstr, char*, GAATMP_protocols.size1); -#line 45 "cli.gaa" +#line 48 "cli.gaa" { gaaval->proto = GAATMP_protocols.arg1; gaaval->nproto = GAATMP_protocols.size1 ;}; return GAA_OK; @@ -927,7 +933,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_ciphers: OK = 0; GAA_LIST_FILL(GAATMP_ciphers.arg1, gaa_getstr, char*, GAATMP_ciphers.size1); -#line 41 "cli.gaa" +#line 44 "cli.gaa" { gaaval->ciphers = GAATMP_ciphers.arg1; gaaval->nciphers = GAATMP_ciphers.size1 ;}; return GAA_OK; @@ -937,7 +943,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_recordsize.arg1, gaa_getint, GAATMP_recordsize.size1); gaa_index++; -#line 36 "cli.gaa" +#line 39 "cli.gaa" { gaaval->record_size = GAATMP_recordsize.arg1 ;}; return GAA_OK; @@ -947,18 +953,25 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_port.arg1, gaa_getint, GAATMP_port.size1); gaa_index++; -#line 33 "cli.gaa" +#line 36 "cli.gaa" { gaaval->port = GAATMP_port.arg1 ;}; return GAA_OK; break; case GAAOPTID_xml: OK = 0; -#line 30 "cli.gaa" +#line 33 "cli.gaa" { gaaval->xml = 1 ;}; return GAA_OK; break; + case GAAOPTID_disable_extensions: + OK = 0; +#line 30 "cli.gaa" +{ gaaval->disable_extensions = 1 ;}; + + return GAA_OK; + break; case GAAOPTID_fingerprint: OK = 0; #line 27 "cli.gaa" @@ -998,7 +1011,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAAREST_tmp.arg1, gaa_getstr, GAAREST_tmp.size1); gaa_index++; -#line 101 "cli.gaa" +#line 104 "cli.gaa" { gaaval->rest_args = GAAREST_tmp.arg1; ;}; return GAA_OK; @@ -1027,12 +1040,12 @@ int gaa(int argc, char **argv, gaainfo *gaaval) if(inited == 0) { -#line 103 "cli.gaa" +#line 106 "cli.gaa" { gaaval->resume=0; gaaval->port=443; gaaval->rest_args=NULL; gaaval->ciphers=NULL; gaaval->kx=NULL; gaaval->comp=NULL; gaaval->macs=NULL; gaaval->ctype=NULL; gaaval->nciphers=0; gaaval->nkx=0; gaaval->ncomp=0; gaaval->nmacs=0; gaaval->nctype = 0; gaaval->record_size=0; gaaval->fingerprint=0; gaaval->pgp_trustdb=NULL; gaaval->pgp_keyring=NULL; gaaval->x509_crlfile = NULL; - gaaval->x509_cafile = NULL; gaaval->pgp_keyfile=NULL; gaaval->pgp_certfile=NULL; + gaaval->x509_cafile = NULL; gaaval->pgp_keyfile=NULL; gaaval->pgp_certfile=NULL; gaaval->disable_extensions = 0; gaaval->x509_keyfile=NULL; gaaval->x509_certfile=NULL; gaaval->crlf = 0; gaaval->xml = 0; gaaval->srp_username=NULL; gaaval->srp_passwd=NULL; gaaval->fmtder = 0; gaaval->starttls =0; ;}; diff --git a/src/cli-gaa.h b/src/cli-gaa.h index 128804cd4b..66d0714f6d 100644 --- a/src/cli-gaa.h +++ b/src/cli-gaa.h @@ -8,58 +8,60 @@ typedef struct _gaainfo gaainfo; struct _gaainfo { -#line 100 "cli.gaa" +#line 103 "cli.gaa" char *rest_args; -#line 90 "cli.gaa" +#line 93 "cli.gaa" char *srp_passwd; -#line 87 "cli.gaa" +#line 90 "cli.gaa" char *srp_username; -#line 84 "cli.gaa" +#line 87 "cli.gaa" char *x509_certfile; -#line 81 "cli.gaa" +#line 84 "cli.gaa" char *x509_keyfile; -#line 78 "cli.gaa" +#line 81 "cli.gaa" char *pgp_certfile; -#line 75 "cli.gaa" +#line 78 "cli.gaa" char *pgp_trustdb; -#line 72 "cli.gaa" +#line 75 "cli.gaa" char *pgp_keyring; -#line 69 "cli.gaa" +#line 72 "cli.gaa" char *pgp_keyfile; -#line 66 "cli.gaa" +#line 69 "cli.gaa" char *x509_crlfile; -#line 63 "cli.gaa" +#line 66 "cli.gaa" char *x509_cafile; -#line 60 "cli.gaa" +#line 63 "cli.gaa" char **ctype; -#line 59 "cli.gaa" +#line 62 "cli.gaa" int nctype; -#line 56 "cli.gaa" +#line 59 "cli.gaa" char **kx; -#line 55 "cli.gaa" +#line 58 "cli.gaa" int nkx; -#line 52 "cli.gaa" +#line 55 "cli.gaa" char **macs; -#line 51 "cli.gaa" +#line 54 "cli.gaa" int nmacs; -#line 48 "cli.gaa" +#line 51 "cli.gaa" char **comp; -#line 47 "cli.gaa" +#line 50 "cli.gaa" int ncomp; -#line 44 "cli.gaa" +#line 47 "cli.gaa" char **proto; -#line 43 "cli.gaa" +#line 46 "cli.gaa" int nproto; -#line 40 "cli.gaa" +#line 43 "cli.gaa" char **ciphers; -#line 39 "cli.gaa" +#line 42 "cli.gaa" int nciphers; -#line 35 "cli.gaa" +#line 38 "cli.gaa" int record_size; -#line 32 "cli.gaa" +#line 35 "cli.gaa" int port; -#line 29 "cli.gaa" +#line 32 "cli.gaa" int xml; +#line 29 "cli.gaa" + int disable_extensions; #line 26 "cli.gaa" int fingerprint; #line 23 "cli.gaa" @@ -70,6 +70,7 @@ char *x509_certfile; char *x509_cafile; char *x509_crlfile = NULL; static int x509ctype; +static int disable_extensions; static gnutls_srp_client_credentials srp_cred; static gnutls_anon_client_credentials anon_cred; @@ -150,9 +151,11 @@ static gnutls_session init_tls_session( const char* hostname) /* allow the use of private ciphersuites. */ - gnutls_handshake_set_private_extensions(session, 1); + if (disable_extensions == 0) + gnutls_handshake_set_private_extensions(session, 1); - gnutls_set_server_name( session, GNUTLS_NAME_DNS, hostname, strlen(hostname)); + if (disable_extensions == 0) + gnutls_set_server_name( session, GNUTLS_NAME_DNS, hostname, strlen(hostname)); gnutls_cipher_set_priority(session, cipher_priority); gnutls_compression_set_priority(session, comp_priority); @@ -174,7 +177,7 @@ static gnutls_session init_tls_session( const char* hostname) gnutls_openpgp_send_key(session, GNUTLS_OPENPGP_KEY_FINGERPRINT); /* use the max record size extension */ - if (record_max_size > 0) { + if (record_max_size > 0 && disable_extensions == 0) { if (gnutls_record_set_max_size(session, record_max_size) < 0) { fprintf(stderr, "Cannot set the maximum record size to %d.\n", @@ -402,6 +405,7 @@ void gaa_parser(int argc, char **argv) exit(1); } + disable_extensions = info.disable_extensions; xml = info.xml; starttls = info.starttls; resume = info.resume; diff --git a/src/cli.gaa b/src/cli.gaa index 3b21543cff..acc583cb98 100644 --- a/src/cli.gaa +++ b/src/cli.gaa @@ -26,6 +26,9 @@ option (x509fmtder) { $fmtder = 1 } "Use DER format for certificates" #int fingerprint; option (f, fingerprint) { $fingerprint = 1 } "Send the openpgp fingerprint, instead of the key." +#int disable_extensions; +option ( disable-extensions) { $disable_extensions = 1 } "Disable all the TLS extensions." + #int xml; option (xml) { $xml = 1 } "Print the certificate information in XML format." @@ -104,7 +107,7 @@ init { $resume=0; $port=443; $rest_args=NULL; $ciphers=NULL; $kx=NULL; $comp=NULL; $macs=NULL; $ctype=NULL; $nciphers=0; $nkx=0; $ncomp=0; $nmacs=0; $nctype = 0; $record_size=0; $fingerprint=0; $pgp_trustdb=NULL; $pgp_keyring=NULL; $x509_crlfile = NULL; - $x509_cafile = NULL; $pgp_keyfile=NULL; $pgp_certfile=NULL; + $x509_cafile = NULL; $pgp_keyfile=NULL; $pgp_certfile=NULL; $disable_extensions = 0; $x509_keyfile=NULL; $x509_certfile=NULL; $crlf = 0; $xml = 0; $srp_username=NULL; $srp_passwd=NULL; $fmtder = 0; $starttls =0; } diff --git a/src/tests.c b/src/tests.c index 21cb10d641..8b3b5036a2 100644 --- a/src/tests.c +++ b/src/tests.c @@ -446,7 +446,7 @@ int ret; ret = do_handshake( session); if (ret < 0) return FAILED; - + if (gnutls_protocol_get_version(session)==GNUTLS_TLS1) return SUCCEED; return UNSURE; } diff --git a/src/tls_test.c b/src/tls_test.c index 9c4b3b2768..4e6c00eb9c 100644 --- a/src/tls_test.c +++ b/src/tls_test.c @@ -79,11 +79,11 @@ typedef struct { static const TLS_TEST tls_tests[] = { { "for TLS 1.0 support", test_tls1, "yes", "no", "dunno" }, { "for SSL 3.0 support", test_ssl3, "yes", "no", "dunno" }, + { "for version rollback bug in RSA PMS", test_rsa_pms, "no", "yes", "dunno" }, + { "for version rollback bug in Client Hello", test_version_rollback, "no", "yes", "dunno" }, { "whether we need to disable TLS 1.0", test_tls1_2, "no", "yes", "dunno" }, { "for certificate information", test_certificate, "", "", "" }, { "for trusted CAs", test_server_cas, "", "", "" }, - { "for version rollback bug in RSA PMS", test_rsa_pms, "no", "yes", "dunno" }, - { "for version rollback bug in Client Hello", test_version_rollback, "no", "yes", "dunno" }, /* this test will disable TLS 1.0 if the server is * buggy */ { "whether the server can accept Hello Extensions", test_hello_extension, "yes", "no", "dunno"}, |