]> git.ipfire.org Git - thirdparty/curl.git/commitdiff
projects / thirdparty / curl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 754acd1)
tests/http: configure test httpd to honor client cipher order
authorStefan Eissing <stefan@eissing.org>
Thu, 1 Aug 2024 14:16:55 +0000 (16:16 +0200)
committerDaniel Stenberg <daniel@haxx.se>
Fri, 2 Aug 2024 06:32:34 +0000 (08:32 +0200)
Let the client, e.g. curl, influence the cipher selected in a TLS
handshake. TLS backends have different preferences and honor that
in httpd the same as Caddy does.

Also makes for a more fair compare of different TLS backends.

Closes #14338

tests/http/test_17_ssl_use.py patch | blob | blame | history
tests/http/testenv/httpd.py patch | blob | blame | history

diff --git a/tests/http/test_17_ssl_use.py b/tests/http/test_17_ssl_use.py
index 813bcffd4247ca6e7d5cb9f721096f3658fbb14d..7ba5b29e41c761bae649e921aef6551087c03bfa 100644 (file)
--- a/tests/http/test_17_ssl_use.py
+++ b/tests/http/test_17_ssl_use.py
@@ -176,11 +176,11 @@ class TestSSLUse:
     # test setting cipher suites, the AES 256 ciphers are disabled in the test server
     @pytest.mark.parametrize("ciphers, succeed", [
         [[0x1301], True],
-        [[0x1302], False],
+        [[0x1302], True],
         [[0x1303], True],
         [[0x1302, 0x1303], True],
         [[0xC02B, 0xC02F], True],
-        [[0xC02C, 0xC030], False],
+        [[0xC02C, 0xC030], True],
         [[0xCCA9, 0xCCA8], True],
         [[0xC02C, 0xC030, 0xCCA9, 0xCCA8], True],
     ])
diff --git a/tests/http/testenv/httpd.py b/tests/http/testenv/httpd.py
index 4771ea36069c65b05d4dc4161610c81e3b8f4d1f..c8331c8e6d47c777fb6895461d7835e0169467a0 100644 (file)
--- a/tests/http/testenv/httpd.py
+++ b/tests/http/testenv/httpd.py
@@ -257,13 +257,7 @@ class Httpd:
                 f'Listen {self.env.proxys_port}',
                 f'TypesConfig "{self._conf_dir}/mime.types',
                 f'SSLSessionCache "shmcb:ssl_gcache_data(32000)"',
-                (f'SSLCipherSuite SSL'
-                 f' ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256'
-                 f':ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305'
-                ),
-                (f'SSLCipherSuite TLSv1.3'
-                 f' TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256'
-                ),
+                f'SSLHonorCipherOrder on',
             ]
             if 'base' in self._extra_configs:
                 conf.extend(self._extra_configs['base'])
Mirror of https://github.com/curl/curl.git