if $protocolciphersuitecount + scalar(keys %ciphersuites) == 0;
# The count of protocols is because in addition to the ciphersuites
- # we got above, we're running a weak DH test for each protocol
- plan tests => scalar(@protocols) + $protocolciphersuitecount
- + scalar(keys %ciphersuites);
+ # we got above, we're running a weak DH test for each protocol (except
+ # TLSv1.3)
+ my $testcount = scalar(@protocols) + $protocolciphersuitecount
+ + scalar(keys %ciphersuites);
+ $testcount-- unless $no_tls1_3;
+ plan tests => $testcount;
foreach my $protocol (@protocols) {
ok($ciphersstatus{$protocol}, "Getting ciphers for $protocol");
# ssltest_old doesn't know -tls1_3, but that's fine, since that's
# the default choice if TLSv1.3 enabled
my $flag = $protocol eq "-tls1_3" ? "" : $protocol;
+ my $ciphersuites = "";
foreach my $cipher (@{$ciphersuites{$protocol}}) {
if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) {
note "*****SKIPPING $protocol $cipher";
ok(1);
} else {
+ if ($protocol eq "-tls1_3") {
+ $ciphersuites = $cipher;
+ $cipher = "";
+ }
ok(run(test([@ssltest, @exkeys, "-cipher", $cipher,
- $flag || ()])),
- "Testing $cipher");
+ "-ciphersuites", $ciphersuites, $flag || ()])),
+ "Testing $cipher");
}
}
+ next if $protocol eq "-tls1_3";
is(run(test([@ssltest,
"-s_cipher", "EDH",
"-c_cipher", 'EDH:@SECLEVEL=1',
"-dhe512",
- $protocol eq "SSLv3" ? ("-ssl3") : ()])), 0,
+ $protocol])), 0,
"testing connection with weak DH, expecting failure");
}
};