diff options
author | Daniel Lenski <dlenski@gmail.com> | 2020-03-22 19:00:32 -0700 |
---|---|---|
committer | Daniel Lenski <dlenski@gmail.com> | 2020-03-22 19:08:10 -0700 |
commit | 2fad80f5ac10e4d70a8caf31c6e935cab25a146c (patch) | |
tree | 86c628c83e0998bfefa8bdc88d473f7d879a8366 | |
parent | b7b0fb4e32b06b727f84a019157e5e05cb405f7c (diff) | |
download | gnutls-2fad80f5ac10e4d70a8caf31c6e935cab25a146c.tar.gz |
test_ssl3: minimize cipher suites to those actually included in SSL 3.0
See #958
Signed-off-by: Daniel Lenski <dlenski@gmail.com>
-rw-r--r-- | src/tests.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/tests.c b/src/tests.c index d12f381057..1062b3c168 100644 --- a/src/tests.c +++ b/src/tests.c @@ -128,9 +128,12 @@ char prio_str[768] = ""; #define ALL_CIPHERS "+CIPHER-ALL:+ARCFOUR-128:+3DES-CBC" GOST_CIPHERS #define BLOCK_CIPHERS "+3DES-CBC:+AES-128-CBC:+CAMELLIA-128-CBC:+AES-256-CBC:+CAMELLIA-256-CBC" +#define SSL3_CIPHERS "+ARCFOUR-128:+3DES-CBC" #define ALL_COMP "+COMP-NULL" #define ALL_MACS "+MAC-ALL:+MD5:+SHA1" GOST_MACS +#define SSL3_MACS "+MD5:+SHA1" #define ALL_KX "+RSA:+DHE-RSA:+DHE-DSS:+ANON-DH:+ECDHE-RSA:+ECDHE-ECDSA:+ANON-ECDH" GOST_KX +#define SSL3_KX "+RSA:+DHE-RSA:+DHE-DSS" #define INIT_STR "NONE:" char rest[384] = "%UNSAFE_RENEGOTIATION:+SIGN-ALL:+GROUP-ALL" GOST_REST; @@ -608,8 +611,8 @@ test_code_t test_ssl3(gnutls_session_t session) { int ret; sprintf(prio_str, INIT_STR - ALL3_CIPHERS ":" ALL_COMP ":+VERS-SSL3.0:%%NO_EXTENSIONS:" - ALL_MACS ":" ALL_KX ":%s", rest); + SSL3_CIPHERS ":" ALL_COMP ":+VERS-SSL3.0:%%NO_EXTENSIONS:" + SSL3_MACS ":" SSL3_KX ":%s", rest); _gnutls_priority_set_direct(session, prio_str); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); |