diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-02-12 11:18:06 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-02-12 11:55:44 +0100 |
| commit | ef44477127952c13e93d7ea88f7b549bf36602f5 (patch) | |
| tree | d43ea0c64ec350dd261704ce71df5ba4580a7ad5 /tests/tls-neg-ext4-key.c | |
| parent | 32aa795a81e413672dd2485e461ff87f64e211aa (diff) | |
| download | gnutls-ef44477127952c13e93d7ea88f7b549bf36602f5.tar.gz | |
priority: disable the enabled by default RSA-PSS signature algorithmstmp-tests-include-ccm
They have been modified in the latest (yet unsupported) TLS 1.3
drafts, so prevent causes interoperability failures by keeping them
on.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Diffstat (limited to 'tests/tls-neg-ext4-key.c')
| -rw-r--r-- | tests/tls-neg-ext4-key.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/tests/tls-neg-ext4-key.c b/tests/tls-neg-ext4-key.c index b916294d3e..1ee12d7ae4 100644 --- a/tests/tls-neg-ext4-key.c +++ b/tests/tls-neg-ext4-key.c @@ -228,7 +228,8 @@ void try_with_key(const char *name, const char *client_prio, s_xcred); gnutls_priority_set_direct(server, - "NORMAL:+VERS-SSL3.0:+ANON-ECDH:+ANON-DH:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+CURVE-X25519:+SIGN-EDDSA-ED25519", + /*"NORMAL:+VERS-SSL3.0:+ANON-ECDH:+ANON-DH:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+CURVE-X25519:+SIGN-EDDSA-ED25519",*/ + "NORMAL:+VERS-SSL3.0:+ANON-ECDH:+ANON-DH:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+CURVE-X25519:+SIGN-EDDSA-ED25519:+SIGN-RSA-PSS-SHA256:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA512", NULL); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); @@ -387,7 +388,8 @@ static const test_st tests[] = { }, {.name = "rsa-pss-sign key", .pk = GNUTLS_PK_RSA_PSS, - .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2", + .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2:+SIGN-RSA-PSS-SHA256:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA512", + /*.prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2",*/ .cert = &server_ca3_rsa_pss2_cert, .key = &server_ca3_rsa_pss2_key, .sig = GNUTLS_SIGN_RSA_PSS_SHA256, @@ -395,7 +397,8 @@ static const test_st tests[] = { }, {.name = "rsa-pss cert, rsa-sign key", /* we expect the server to refuse negotiating */ .pk = GNUTLS_PK_RSA, - .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2", + .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2:+SIGN-RSA-PSS-SHA256:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA512", + /*.prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2",*/ .cert = &server_ca3_rsa_pss_cert, .key = &server_ca3_rsa_pss_key, .exp_kx = GNUTLS_KX_ECDHE_RSA, |