diff options
author | Emilia Kasper <emilia@openssl.org> | 2015-05-22 18:35:50 +0200 |
---|---|---|
committer | Emilia Kasper <emilia@openssl.org> | 2015-05-26 12:42:40 +0200 |
commit | b6f33dce3b1ee563c0866654a9b5c44adc7b79b8 (patch) | |
tree | 43d02ca55159dbd2a6009a5291f33179be6f506b /ssl | |
parent | cdc47dcf195b309f48abf11a81b957cf697da162 (diff) | |
download | openssl-new-b6f33dce3b1ee563c0866654a9b5c44adc7b79b8.tar.gz |
Fix ssltest to use 1024-bit DHE parameters
Also add more ciphersuite test coverage, and a negative test for
512-bit DHE.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 1ee85aab75d7c9f20058f781bfe9222323df08eb)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssltest.c | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 805da4c1db..6737adf239 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -692,7 +692,9 @@ static void sv_usage(void) " -bytes <val> - number of bytes to swap between client/server\n"); #ifndef OPENSSL_NO_DH fprintf(stderr, - " -dhe1024 - use 1024 bit key (safe prime) for DHE\n"); + " -dhe512 - use 512 bit key for DHE (to test failure)\n"); + fprintf(stderr, + " -dhe1024 - use 1024 bit key (safe prime) for DHE (default, no-op)\n"); fprintf(stderr, " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); fprintf(stderr, " -no_dhe - disable DHE\n"); @@ -901,7 +903,7 @@ int main(int argc, char *argv[]) long bytes = 256L; #ifndef OPENSSL_NO_DH DH *dh; - int dhe1024 = 0, dhe1024dsa = 0; + int dhe512 = 0, dhe1024dsa = 0; #endif #ifndef OPENSSL_NO_ECDH EC_KEY *ecdh = NULL; @@ -981,19 +983,19 @@ int main(int argc, char *argv[]) debug = 1; else if (strcmp(*argv, "-reuse") == 0) reuse = 1; - else if (strcmp(*argv, "-dhe1024") == 0) { + else if (strcmp(*argv, "-dhe512") == 0) { #ifndef OPENSSL_NO_DH - dhe1024 = 1; + dhe512 = 1; #else fprintf(stderr, - "ignoring -dhe1024, since I'm compiled without DH\n"); + "ignoring -dhe512, since I'm compiled without DH\n"); #endif } else if (strcmp(*argv, "-dhe1024dsa") == 0) { #ifndef OPENSSL_NO_DH dhe1024dsa = 1; #else fprintf(stderr, - "ignoring -dhe1024, since I'm compiled without DH\n"); + "ignoring -dhe1024dsa, since I'm compiled without DH\n"); #endif } else if (strcmp(*argv, "-no_dhe") == 0) no_dhe = 1; @@ -1318,10 +1320,10 @@ int main(int argc, char *argv[]) */ SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE); dh = get_dh1024dsa(); - } else if (dhe1024) - dh = get_dh1024(); - else + } else if (dhe512) dh = get_dh512(); + else + dh = get_dh1024(); SSL_CTX_set_tmp_dh(s_ctx, dh); DH_free(dh); } |