extern int tls1_ok;
extern int tls1_1_ok;
extern int tls1_2_ok;
+extern int tls1_3_ok;
extern int ssl3_ok;
extern const char *ext_text;
"failed",
"SSL 3.0"},
{"for TLS 1.2 (RFC5246) support", test_tls1_2, "yes", "no", "dunno"},
- {"fallback from TLS 1.6 to", test_tls1_6_fallback, NULL,
+ {"for TLS 1.3 (draft-ietf-tls-tls13-28) support", test_tls1_3, "yes", "no", "dunno"},
+ {"TLS1.2 neg fallback from TLS 1.6 to", test_tls1_6_fallback, NULL,
"failed (server requires fallback dance)", "dunno"},
{"for inappropriate fallback (RFC7507) support", test_rfc7507, "yes", "no", "dunno"},
{"for HTTPS server name", test_server, NULL, "failed", "not checked", 1},
{"for curve SECP256r1 (RFC4492)", test_ecdhe_secp256r1, "yes", "no", "dunno"},
{"for curve SECP384r1 (RFC4492)", test_ecdhe_secp384r1, "yes", "no", "dunno"},
{"for curve SECP521r1 (RFC4492)", test_ecdhe_secp521r1, "yes", "no", "dunno"},
- {"for curve X25519 (draft-ietf-tls-rfc4492bis-07)", test_ecdhe_x25519, "yes", "no", "dunno"},
+ {"for curve X25519 (draft-ietf-tls-rfc4492bis-17)", test_ecdhe_x25519, "yes", "no", "dunno"},
{"for AES-128-GCM cipher (RFC5288) support", test_aes_gcm, "yes", "no",
"dunno"},
{"for AES-128-CCM cipher (RFC6655) support", test_aes_ccm, "yes", "no",
/* if neither of SSL3 and TLSv1 are supported, exit
*/
- if (i > 10 && tls1_2_ok == 0 && tls1_1_ok == 0 && tls1_ok == 0
- && ssl3_ok == 0) {
+ if (i > 11 && tls1_2_ok == 0 && tls1_1_ok == 0 && tls1_ok == 0
+ && ssl3_ok == 0 && tls1_3_ok == 0) {
fprintf(stderr,
- "\nServer does not support any of SSL 3.0, TLS 1.0 and TLS 1.1 and TLS 1.2\n");
+ "\nServer does not support any of SSL 3.0, TLS 1.0, 1.1, 1.2 and 1.3\n");
break;
}
int ssl3_ok = 0;
int tls1_1_ok = 0;
int tls1_2_ok = 0;
+int tls1_3_ok = 0;
/* keep session info */
static char *session_data = NULL;
if (ret == TEST_SUCCEED) {
tls1_ok = 1;
} else {
- strcat(rest, ":%COMPAT");
+ sprintf(prio_str,
+ INIT_STR BLOCK_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
+ ":+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:-VERS-SSL3.0:" ALL_MACS ":" ALL_KX ":%%COMPAT:%s", rest);
+ _gnutls_priority_set_direct(session, prio_str);
+
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+ ret = do_handshake(session);
+ if (ret == TEST_SUCCEED) {
+ tls1_ok = 1;
+ strcat(rest, ":%COMPAT");
+ }
}
return ret;
if (ret == TEST_SUCCEED) {
tls_ext_ok = 1;
} else {
- tls_ext_ok = 0;
- strcat(rest, ":%NO_EXTENSIONS");
+ sprintf(prio_str,
+ INIT_STR BLOCK_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
+ ":+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:-VERS-SSL3.0:" ALL_MACS ":" ALL_KX ":%%NO_EXTENSIONS:%s", rest);
+ _gnutls_priority_set_direct(session, prio_str);
+
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+ ret = do_handshake(session);
+ if (ret == TEST_SUCCEED) {
+ tls_ext_ok = 0;
+ strcat(rest, ":%NO_EXTENSIONS");
+ }
}
return ret;
}
+test_code_t test_tls1_3(gnutls_session_t session)
+{
+ int ret;
+
+ sprintf(prio_str,
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
+ ":+VERS-TLS1.3:" ALL_MACS ":" ALL_KX ":%s", rest);
+ _gnutls_priority_set_direct(session, prio_str);
+
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+
+ ret = do_handshake(session);
+ if (ret == TEST_SUCCEED)
+ tls1_3_ok = 1;
+
+ return ret;
+
+}
+
test_code_t test_tls1_1(gnutls_session_t session)
{
int ret;
projects / thirdparty / gnutls.git / commitdiff
