Since OpenSSL 3.2, CCM8 is only allowed in security level 0. This
tweaks test scripts to explicitly enable this level but only enable
TLS 1.3 to exclude any TLS 1.2 ciphersuites.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
eval "${GETPORT}"
-launch_bare_server "$OPENSSL" s_server -ciphersuites ${OCIPHERSUITES} -groups 'X25519:P-256:X448:P-521:P-384' -quiet -www -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -CAfile "${CA_CERT}"
+launch_bare_server "$OPENSSL" s_server -cipher ALL:@SECLEVEL=0 -min_protocol TLSv1.3 -ciphersuites ${OCIPHERSUITES} -groups 'X25519:P-256:X448:P-521:P-384' -quiet -www -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -CAfile "${CA_CERT}"
PID=$!
wait_server ${PID}
-#AES-128-CCM
for i in AES-128-GCM AES-256-GCM CHACHA20-POLY1305 AES-128-CCM AES-128-CCM-8;do
echo_cmd "${PREFIX}Checking TLS 1.3 with ${i}..."
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+${i}${ADD}" --insecure </dev/null >>${OUTPUT} || \
PREFIX="$(echo $ADD|sed 's/://g'): "
fi
-#AES-128-CCM
for i in AES-128-GCM AES-256-GCM CHACHA20-POLY1305 AES-128-CCM AES-128-CCM-8;do
echo_cmd "${PREFIX}Checking TLS 1.3 with cipher ${i}..."
PID=$!
wait_server ${PID}
- ${OPENSSL} s_client -ciphersuites ${OCIPHERSUITES} -host localhost -port "${PORT}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ ${OPENSSL} s_client -cipher ALL:@SECLEVEL=0 -min_protocol TLSv1.3 -ciphersuites ${OCIPHERSUITES} -host localhost -port "${PORT}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
fail ${PID} "Failed"
kill ${PID}
projects / thirdparty / gnutls.git / commitdiff
