extern int tls1_1_ok;
extern int tls1_2_ok;
extern int ssl3_ok;
+extern const char *ext_text;
static void tls_log_func(int level, const char *str)
{
"failed",
"SSL 3.0"},
{"for TLS 1.2 support", test_tls1_2, "yes", "no", "dunno"},
+ {"fallback from TLS 1.6 to", test_tls1_6_fallback, NULL,
+ "failed", "dunno"},
/* The following tests will disable TLS 1.x if the server is
* buggy */
{"whether we need to disable TLS 1.2", test_tls_disable2, "no",
ret = tls_tests[i].func(state);
- if (ret == TEST_SUCCEED)
- printf(" %s\n", tls_tests[i].suc_str);
- else if (ret == TEST_FAILED)
+ if (ret == TEST_SUCCEED) {
+ if (tls_tests[i].suc_str == NULL)
+ printf(" %s\n", ext_text);
+ else
+ printf(" %s\n", tls_tests[i].suc_str);
+ } else if (ret == TEST_FAILED)
printf(" %s\n", tls_tests[i].fail_str);
else if (ret == TEST_UNSURE)
printf(" %s\n", tls_tests[i].unsure_str);
#include <common.h>
#include <tests.h>
+void _gnutls_record_set_default_version(gnutls_session_t session,
+ unsigned char major,
+ unsigned char minor);
+
+void _gnutls_hello_set_default_version(gnutls_session_t session,
+ unsigned char major,
+ unsigned char minor);
+
+
extern gnutls_srp_client_credentials_t srp_cred;
extern gnutls_anon_client_credentials_t anon_cred;
extern gnutls_certificate_credentials_t xcred;
extern unsigned int verbose;
+const char *ext_text = "";
int tls1_ok = 0;
int ssl3_ok = 0;
int tls1_1_ok = 0;
}
+test_code_t test_tls1_6_fallback(gnutls_session_t session)
+{
+ int ret;
+
+ sprintf(prio_str,
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
+ ":+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:" ALL_MACS ":"
+ ALL_KX ":%s", rest);
+ _gnutls_priority_set_direct(session, prio_str);
+
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+ _gnutls_hello_set_default_version(session, 3, 7);
+
+ ret = do_handshake(session);
+ if (ret != TEST_SUCCEED)
+ return TEST_FAILED;
+
+ ext_text = gnutls_protocol_get_name(gnutls_protocol_get_version(session));
+ return TEST_SUCCEED;
+}
+
/* Advertize both TLS 1.0 and SSL 3.0. If the connection fails,
* but the previous SSL 3.0 test succeeded then disable TLS 1.0.
*/
return ret;
}
-void _gnutls_record_set_default_version(gnutls_session_t session,
- unsigned char major,
- unsigned char minor);
-
test_code_t test_version_rollback(gnutls_session_t session)
{
int ret;
test_code_t test_tls1_1(gnutls_session_t state);
test_code_t test_tls1_2(gnutls_session_t state);
test_code_t test_tls1_1_fallback(gnutls_session_t state);
+test_code_t test_tls1_6_fallback(gnutls_session_t state);
test_code_t test_tls_disable0(gnutls_session_t state);
test_code_t test_tls_disable1(gnutls_session_t state);
test_code_t test_tls_disable2(gnutls_session_t state);