diff options
| author | Dmitry Belyavskiy <beldmit@gmail.com> | 2022-05-04 18:19:02 +0200 |
|---|---|---|
| committer | Dmitry Belyavskiy <beldmit@gmail.com> | 2022-05-04 18:19:02 +0200 |
| commit | ee1986c58ccb81d1224d09a7cb56b2043fa6a2e8 (patch) | |
| tree | 040e184aa2b8a58af71177b9b5de8bf3c7632c80 /tcl_tests | |
| parent | 3dddb788511c758e2d851226e75aa01d23c14190 (diff) | |
| download | gost-engine-ee1986c58ccb81d1224d09a7cb56b2043fa6a2e8.zip gost-engine-ee1986c58ccb81d1224d09a7cb56b2043fa6a2e8.tar.gz gost-engine-ee1986c58ccb81d1224d09a7cb56b2043fa6a2e8.tar.bz2 | |
Make TLS tests on SECLEVEL 0
As https://github.com/openssl/openssl/pull/18236 is going to
ban SSL3, TLS1, TLS1.1 and DTLS1.0 at security level one and above,
we have to adjust GOST TLS tests.
Diffstat (limited to 'tcl_tests')
| -rw-r--r-- | tcl_tests/ssl.try | 28 |
1 files changed, 14 insertions, 14 deletions
diff --git a/tcl_tests/ssl.try b/tcl_tests/ssl.try index 5bc5087..1c5f9e9 100644 --- a/tcl_tests/ssl.try +++ b/tcl_tests/ssl.try @@ -43,36 +43,36 @@ if {[info exists env(ALG_LIST)]} { array set suites { rsa:1024 {ECDHE-RSA-AES256-SHA@SECLEVEL=0} -gost2001:XA {GOST2001-GOST89-GOST89@SECLEVEL=1 GOST2001-NULL-GOST94@SECLEVEL=0 LEGACY-GOST2012-GOST8912-GOST8912@SECLEVEL=1 IANA-GOST2012-GOST8912-GOST8912@SECLEVEL=1 GOST2012-NULL-GOST12@SECLEVEL=0} -gost2012_256:XA {LEGACY-GOST2012-GOST8912-GOST8912@SECLEVEL=1 GOST2012-NULL-GOST12@SECLEVEL=0} -gost2012_512:A {LEGACY-GOST2012-GOST8912-GOST8912@SECLEVEL=1 GOST2012-NULL-GOST12@SECLEVEL=0} +gost2001:XA {GOST2001-GOST89-GOST89@SECLEVEL=0 GOST2001-NULL-GOST94@SECLEVEL=0 LEGACY-GOST2012-GOST8912-GOST8912@SECLEVEL=0 IANA-GOST2012-GOST8912-GOST8912@SECLEVEL=0 GOST2012-NULL-GOST12@SECLEVEL=0} +gost2012_256:XA {LEGACY-GOST2012-GOST8912-GOST8912@SECLEVEL=0 GOST2012-NULL-GOST12@SECLEVEL=0} +gost2012_512:A {LEGACY-GOST2012-GOST8912-GOST8912@SECLEVEL=0 GOST2012-NULL-GOST12@SECLEVEL=0} } # # Incompatible cipher suites # array set badsuites { -gost2012_256:XA {GOST2001-GOST89-GOST89@SECLEVEL=1 GOST2001-NULL-GOST94@SECLEVEL=0} -gost2012_512:A {GOST2001-GOST89-GOST89@SECLEVEL=1 GOST2001-NULL-GOST94@SECLEVEL=0} +gost2012_256:XA {GOST2001-GOST89-GOST89@SECLEVEL=0 GOST2001-NULL-GOST94@SECLEVEL=0} +gost2012_512:A {GOST2001-GOST89-GOST89@SECLEVEL=0 GOST2001-NULL-GOST94@SECLEVEL=0} } # # Default cipher suite negotiated for algorithm # array set defsuite { -rsa:1024 ECDHE-RSA-AES256-SHA@SECLEVEL=1 +rsa:1024 ECDHE-RSA-AES256-SHA@SECLEVEL=0 #gost94:XA GOST94-GOST89-GOST89 -gost2001:XA GOST2012-GOST8912-GOST8912@SECLEVEL=1 -gost2012_256:XA LEGACY-GOST2012-GOST8912-GOST8912@SECLEVEL=1 -gost2012_512:A LEGACY-GOST2012-GOST8912-GOST8912@SECLEVEL=1 +gost2001:XA GOST2012-GOST8912-GOST8912@SECLEVEL=0 +gost2012_256:XA LEGACY-GOST2012-GOST8912-GOST8912@SECLEVEL=0 +gost2012_512:A LEGACY-GOST2012-GOST8912-GOST8912@SECLEVEL=0 } array set defsuite_12 { -rsa:1024 ECDHE-RSA-AES256-GCM-SHA384@SECLEVEL=1 +rsa:1024 ECDHE-RSA-AES256-GCM-SHA384@SECLEVEL=0 #gost94:XA GOST94-GOST89-GOST89 -gost2001:XA LEGACY-GOST2012-GOST8912-GOST8912@SECLEVEL=1 -gost2012_256:XA GOST2012-MAGMA-MAGMAOMAC@SECLEVEL=1 -gost2012_512:A GOST2012-MAGMA-MAGMAOMAC@SECLEVEL=1 +gost2001:XA LEGACY-GOST2012-GOST8912-GOST8912@SECLEVEL=0 +gost2012_256:XA GOST2012-MAGMA-MAGMAOMAC@SECLEVEL=0 +gost2012_512:A GOST2012-MAGMA-MAGMAOMAC@SECLEVEL=0 } set proto_list {"TLSv1" "TLSv1.1" "TLSv1.2"} @@ -180,7 +180,7 @@ foreach proto $proto_list { -verify 1 -state -cipher $suite] \ [list -www -cert localhost_$alg_fn/cert.pem \ -key localhost_$alg_fn/seckey.pem \ - -cipher DHE-RSA-AES256-SHA@SECLEVEL=1 $protos($proto)] {}] + -cipher DHE-RSA-AES256-SHA@SECLEVEL=0 $protos($proto)] {}] list [lindex $list 2] [grep ":fatal:" [lindex $list 1]] } 0 [list 1 "SSL3 alert read:fatal:handshake failure "] |