diff options
author | Tim Taubert <ttaubert@mozilla.com> | 2016-03-11 11:52:04 +0100 |
---|---|---|
committer | Tim Taubert <ttaubert@mozilla.com> | 2016-03-11 11:52:04 +0100 |
commit | f83759faedaff3ec275ac5bfb2e71a5cdc84c605 (patch) | |
tree | 48582892e21db6fef3b9da5883b51bdad679b14e /tests/ssl | |
parent | 4a18517e2130ec789aed957e3f9ffafd30f04075 (diff) | |
download | nss-hg-f83759faedaff3ec275ac5bfb2e71a5cdc84c605.tar.gz |
Bug 1228555 - Remove support for SSLv2 r=mt,wtc,ekr
Diffstat (limited to 'tests/ssl')
-rwxr-xr-x | tests/ssl/ssl.sh | 40 | ||||
-rw-r--r-- | tests/ssl/sslcov.txt | 14 | ||||
-rw-r--r-- | tests/ssl/sslstress.txt | 2 |
3 files changed, 8 insertions, 48 deletions
diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh index 125ad59cc..4143b67ef 100755 --- a/tests/ssl/ssl.sh +++ b/tests/ssl/ssl.sh @@ -86,14 +86,13 @@ ssl_init() if [ -z "$NSS_DISABLE_ECC" ] ; then ECC_STRING=" - with ECC" # List of cipher suites to test, including ECC cipher suites. - CIPHER_SUITES="-c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014:C023:C027:C02B:C02F:CCA8:CCA9:CCAA:0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B:0084:009C:009E:00A2cdefgijklmnvyz" + CIPHER_SUITES="-c :C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014:C023:C027:C02B:C02F:CCA8:CCA9:CCAA:0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B:0084:009C:009E:00A2cdefgijklmnvyz" else ECC_STRING="" # List of cipher suites to test, excluding ECC cipher suites. - CIPHER_SUITES="-c ABCDEF:0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B:0084:009C:009E:00A2:CCAAcdefgijklmnvyz" + CIPHER_SUITES="-c :0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B:0084:009C:009E:00A2:CCAAcdefgijklmnvyz" fi - if [ "${OS_ARCH}" != "WINNT" ]; then ulimit -n 1000 # make sure we have enough file descriptors fi @@ -267,7 +266,7 @@ ssl_cov() mixed=0 start_selfserv # Launch the server - VMIN="ssl2" + VMIN="ssl3" VMAX="tls1.1" exec < ${SSLCOV} @@ -275,26 +274,10 @@ ssl_cov() do echo "${testname}" | grep "EXPORT" > /dev/null EXP=$? - echo "${testname}" | grep "SSL2" > /dev/null - SSL2=$? - if [ "${SSL2}" -eq 0 ] ; then - # We cannot use asynchronous cert verification with SSL2 - SSL2_FLAGS=-O - VMIN="ssl2" - else - # Do not enable SSL2 for non-SSL2-specific tests. SSL2 is disabled by - # default in libssl but it is enabled by default in tstclnt; we want - # to test the libssl default whenever possible. - SSL2_FLAGS= - VMIN="ssl3" - fi - - if [ "$NORM_EXT" = "Extended Test" -a "${SSL2}" -eq 0 ] ; then - echo "$SCRIPTNAME: skipping $testname for $NORM_EXT" - elif [ "$ectype" = "ECC" -a -n "$NSS_DISABLE_ECC" ] ; then + if [ "$ectype" = "ECC" -a -n "$NSS_DISABLE_ECC" ] ; then echo "$SCRIPTNAME: skipping $testname (ECC only)" - elif [ "$SERVER_MODE" = "fips" -o "$CLIENT_MODE" = "fips" ] && [ "$SSL2" -eq 0 -o "$EXP" -eq 0 ] ; then + elif [ "$SERVER_MODE" = "fips" -o "$CLIENT_MODE" = "fips" ] && [ "$EXP" -eq 0 ] ; then echo "$SCRIPTNAME: skipping $testname (non-FIPS only)" elif [ "`echo $ectype | cut -b 1`" != "#" ] ; then echo "$SCRIPTNAME: running $testname ----------------------------" @@ -337,11 +320,11 @@ ssl_cov() fi fi - echo "tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${SSL2_FLAGS} ${CLIENT_OPTIONS} \\" + echo "tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\" echo " -f -d ${P_R_CLIENTDIR} -v -w nss < ${REQUEST_FILE}" rm ${TMP}/$HOST.tmp.$$ 2>/dev/null - ${PROFTOOL} ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${SSL2_FLAGS} ${CLIENT_OPTIONS} -f \ + ${PROFTOOL} ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} -f \ -d ${P_R_CLIENTDIR} -v -w nss < ${REQUEST_FILE} \ >${TMP}/$HOST.tmp.$$ 2>&1 ret=$? @@ -585,19 +568,13 @@ ssl_stress() continue fi - echo "${testname}" | grep "SSL2" > /dev/null - SSL2=$? echo "${testname}" | grep "client auth" > /dev/null CAUTH=$? - if [ "${SSL2}" -eq 0 -a "$NORM_EXT" = "Extended Test" ] ; then - echo "$SCRIPTNAME: skipping $testname for $NORM_EXT" - elif [ "$ectype" = "SNI" -a "$NORM_EXT" = "Extended Test" ] ; then + if [ "$ectype" = "SNI" -a "$NORM_EXT" = "Extended Test" ] ; then echo "$SCRIPTNAME: skipping $testname for $NORM_EXT" elif [ "$ectype" = "ECC" -a -n "$NSS_DISABLE_ECC" ] ; then echo "$SCRIPTNAME: skipping $testname (ECC only)" - elif [ "${SERVER_MODE}" = "fips" -o "${CLIENT_MODE}" = "fips" ] && [ "${SSL2}" -eq 0 ] ; then - echo "$SCRIPTNAME: skipping $testname (non-FIPS only)" elif [ "${CLIENT_MODE}" = "fips" -a "${CAUTH}" -ne 0 ] ; then echo "$SCRIPTNAME: skipping $testname (non-FIPS only)" elif [ "`echo $ectype | cut -b 1`" != "#" ]; then @@ -747,7 +724,6 @@ ssl_policy() exec < ${SSLPOLICY} while read value ectype testmax param policy testname do - SSL2_FLAGS= VMIN="ssl3" if [ "$ectype" = "ECC" -a -n "$NSS_DISABLE_ECC" ] ; then diff --git a/tests/ssl/sslcov.txt b/tests/ssl/sslcov.txt index da6f23e76..4dbe207be 100644 --- a/tests/ssl/sslcov.txt +++ b/tests/ssl/sslcov.txt @@ -4,23 +4,9 @@ # # This file enables test coverage of the various SSL ciphers # -# NOTE: SSL2 ciphers are independent of whether TLS is enabled or not. We -# mix up the enable functions so we can tests boths paths. -# # Enable Enable Cipher Test Name # EC TLS # - noECC SSL3 A SSL2_RC4_128_WITH_MD5 - noECC TLS10 B SSL2_RC4_128_EXPORT40_WITH_MD5 - noECC TLS10 C SSL2_RC2_128_CBC_WITH_MD5 - noECC SSL3 D SSL2_RC2_128_CBC_EXPORT40_WITH_MD5 - noECC TLS10 E SSL2_DES_64_CBC_WITH_MD5 - noECC SSL3 F SSL2_DES_192_EDE3_CBC_WITH_MD5 -# - noECC TLS11 B SSL2_RC4_128_EXPORT40_WITH_MD5 - noECC TLS11 C SSL2_RC2_128_CBC_WITH_MD5 - noECC TLS11 E SSL2_DES_64_CBC_WITH_MD5 -# noECC SSL3 c SSL3_RSA_WITH_RC4_128_MD5 noECC SSL3 d SSL3_RSA_WITH_3DES_EDE_CBC_SHA noECC SSL3 e SSL3_RSA_WITH_DES_CBC_SHA diff --git a/tests/ssl/sslstress.txt b/tests/ssl/sslstress.txt index 738d69041..3da588c41 100644 --- a/tests/ssl/sslstress.txt +++ b/tests/ssl/sslstress.txt @@ -8,7 +8,6 @@ # Enable return server client Test Case name # ECC value params params # ------- ------ ------ ------ --------------- - noECC 0 _ -c_1000_-C_A Stress SSL2 RC4 128 with MD5 noECC 0 _ -c_1000_-C_c_-V_:ssl3 Stress SSL3 RC4 128 with MD5 noECC 0 _ -c_1000_-C_c Stress TLS RC4 128 with MD5 noECC 0 _ -c_1000_-C_c_-g Stress TLS RC4 128 with MD5 (false start) @@ -21,7 +20,6 @@ # # add client auth versions here... # - noECC 0 -r_-r -c_100_-C_A_-N_-n_TestUser Stress SSL2 RC4 128 with MD5 (no reuse, client auth) noECC 0 -r_-r -c_100_-C_c_-V_:ssl3_-N_-n_TestUser Stress SSL3 RC4 128 with MD5 (no reuse, client auth) noECC 0 -r_-r -c_100_-C_c_-N_-n_TestUser Stress TLS RC4 128 with MD5 (no reuse, client auth) noECC 0 -r_-r_-u -V_ssl3:_-c_100_-C_c_-n_TestUser_-u Stress TLS RC4 128 with MD5 (session ticket, client auth) |