From: Frederik Wedel-Heinen Date: Fri, 29 Dec 2023 21:52:50 +0000 (+0100) Subject: Set max protocol version for dtls renegotiation tests to dtls1.2 X-Git-Tag: openssl-3.3.0-alpha1~363 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=59b59505893a51bd52541da738693e963bef171f;p=thirdparty%2Fopenssl.git Set max protocol version for dtls renegotiation tests to dtls1.2 Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/23168) --- diff --git a/test/ssl-tests/18-dtls-renegotiate.cnf b/test/ssl-tests/18-dtls-renegotiate.cnf index 0f3d1eae239..da957933272 100644 --- a/test/ssl-tests/18-dtls-renegotiate.cnf +++ b/test/ssl-tests/18-dtls-renegotiate.cnf @@ -23,6 +23,7 @@ client = 0-renegotiate-client-no-resume-client [0-renegotiate-client-no-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = DTLSv1.2 Options = NoResumptionOnRenegotiation PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem @@ -51,6 +52,7 @@ client = 1-renegotiate-client-resume-client [1-renegotiate-client-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = DTLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [1-renegotiate-client-resume-client] @@ -78,6 +80,7 @@ client = 2-renegotiate-server-resume-client [2-renegotiate-server-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = DTLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [2-renegotiate-server-resume-client] @@ -105,6 +108,7 @@ client = 3-renegotiate-client-auth-require-client [3-renegotiate-client-auth-require-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = DTLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Require @@ -136,6 +140,7 @@ client = 4-renegotiate-client-auth-once-client [4-renegotiate-client-auth-once-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = DTLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Once @@ -172,6 +177,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [5-renegotiate-aead-to-non-aead-client] CipherString = AES128-GCM-SHA256 +MaxProtocol = DTLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -204,6 +210,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [6-renegotiate-non-aead-to-aead-client] CipherString = AES128-SHA +MaxProtocol = DTLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -236,6 +243,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [7-renegotiate-non-aead-to-non-aead-client] CipherString = AES128-SHA +MaxProtocol = DTLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -268,6 +276,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [8-renegotiate-aead-to-aead-client] CipherString = AES128-GCM-SHA256 +MaxProtocol = DTLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer diff --git a/test/ssl-tests/18-dtls-renegotiate.cnf.in b/test/ssl-tests/18-dtls-renegotiate.cnf.in index dbac249f47f..e4f7174df90 100644 --- a/test/ssl-tests/18-dtls-renegotiate.cnf.in +++ b/test/ssl-tests/18-dtls-renegotiate.cnf.in @@ -29,6 +29,7 @@ foreach my $sctp ("No", "Yes") { name => "renegotiate-client-no-resume".$suffix, server => { + "MaxProtocol" => "DTLSv1.2", "CipherString" => 'DEFAULT:@SECLEVEL=0', "Options" => "NoResumptionOnRenegotiation" }, @@ -46,6 +47,7 @@ foreach my $sctp ("No", "Yes") { name => "renegotiate-client-resume".$suffix, server => { + "MaxProtocol" => "DTLSv1.2", "CipherString" => 'DEFAULT:@SECLEVEL=0' }, client => { @@ -71,6 +73,7 @@ foreach my $sctp ("No", "Yes") { name => "renegotiate-server-resume".$suffix, server => { + "MaxProtocol" => "DTLSv1.2", "CipherString" => 'DEFAULT:@SECLEVEL=0' }, client => { @@ -87,6 +90,7 @@ foreach my $sctp ("No", "Yes") { name => "renegotiate-client-auth-require".$suffix, server => { + "MaxProtocol" => "DTLSv1.2", "VerifyCAFile" => test_pem("root-cert.pem"), "VerifyMode" => "Require", "CipherString" => 'DEFAULT:@SECLEVEL=0' @@ -107,6 +111,7 @@ foreach my $sctp ("No", "Yes") { name => "renegotiate-client-auth-once".$suffix, server => { + "MaxProtocol" => "DTLSv1.2", "VerifyCAFile" => test_pem("root-cert.pem"), "VerifyMode" => "Once", "CipherString" => 'DEFAULT:@SECLEVEL=0' @@ -135,6 +140,7 @@ foreach my $sctp ("No", "Yes") "Options" => "NoResumptionOnRenegotiation" }, client => { + "MaxProtocol" => "DTLSv1.2", "CipherString" => "AES128-GCM-SHA256", extra => { "RenegotiateCiphers" => "AES128-SHA" @@ -154,6 +160,7 @@ foreach my $sctp ("No", "Yes") "Options" => "NoResumptionOnRenegotiation" }, client => { + "MaxProtocol" => "DTLSv1.2", "CipherString" => "AES128-SHA", extra => { "RenegotiateCiphers" => "AES128-GCM-SHA256" @@ -173,6 +180,7 @@ foreach my $sctp ("No", "Yes") "Options" => "NoResumptionOnRenegotiation" }, client => { + "MaxProtocol" => "DTLSv1.2", "CipherString" => "AES128-SHA", extra => { "RenegotiateCiphers" => "AES256-SHA" @@ -192,6 +200,7 @@ foreach my $sctp ("No", "Yes") "Options" => "NoResumptionOnRenegotiation" }, client => { + "MaxProtocol" => "DTLSv1.2", "CipherString" => "AES128-GCM-SHA256", extra => { "RenegotiateCiphers" => "AES256-GCM-SHA384"