diff options
author | Pauli <pauli@openssl.org> | 2022-05-04 13:01:35 +1000 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2022-05-08 16:58:00 +1000 |
commit | 7bf2e4d7f0c7ae19b7a8c416910886a7171e9820 (patch) | |
tree | 0a1e1a9b8a7603bf2d4f2fef7a805a80feb6e29e /test/ssl-tests | |
parent | ac23650c1e53658227436aecc8de03a7ac3d1b9a (diff) | |
download | openssl-new-7bf2e4d7f0c7ae19b7a8c416910886a7171e9820.tar.gz |
tls: ban SSL3, TLS1, TLS1.1 and DTLS1.0 at security level one and above
This is in line with the NEWS entry (erroneously) announcing such for 3.0.
Fixes #18194
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18236)
Diffstat (limited to 'test/ssl-tests')
-rw-r--r-- | test/ssl-tests/20-cert-select.cnf | 4 | ||||
-rw-r--r-- | test/ssl-tests/20-cert-select.cnf.in | 7 |
2 files changed, 8 insertions, 3 deletions
diff --git a/test/ssl-tests/20-cert-select.cnf b/test/ssl-tests/20-cert-select.cnf index 853deff1d4..5cb7aca3ea 100644 --- a/test/ssl-tests/20-cert-select.cnf +++ b/test/ssl-tests/20-cert-select.cnf @@ -1119,11 +1119,11 @@ client = 34-Only RSA-PSS Certificate, TLS v1.1-client [34-Only RSA-PSS Certificate, TLS v1.1-server] Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem -CipherString = DEFAULT +CipherString = DEFAULT:@SECLEVEL=0 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem [34-Only RSA-PSS Certificate, TLS v1.1-client] -CipherString = DEFAULT +CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer diff --git a/test/ssl-tests/20-cert-select.cnf.in b/test/ssl-tests/20-cert-select.cnf.in index 26c7318974..d0cc5cfd5c 100644 --- a/test/ssl-tests/20-cert-select.cnf.in +++ b/test/ssl-tests/20-cert-select.cnf.in @@ -585,9 +585,14 @@ my @tests_pss = ( my @tests_tls_1_1 = ( { name => "Only RSA-PSS Certificate, TLS v1.1", - server => $server_pss_only, + server => { + "CipherString" => "DEFAULT:\@SECLEVEL=0", + "Certificate" => test_pem("server-pss-cert.pem"), + "PrivateKey" => test_pem("server-pss-key.pem"), + }, client => { "MaxProtocol" => "TLSv1.1", + "CipherString" => "DEFAULT:\@SECLEVEL=0", }, test => { "ExpectedResult" => "ServerFail" |