SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
+ int rc;
/* Clean up logging space */
memset(client_log_buffer, 0, LOG_BUFFER_SIZE + 1);
SSL_CTX_set_options(cctx, SSL_OP_NO_TLSv1_3);
SSL_CTX_set_options(sctx, SSL_OP_NO_TLSv1_3);
+ /* We also want to ensure that we use RSA-based key exchange. */
+ rc = SSL_CTX_set_cipher_list(cctx, "RSA");
+ if (rc == 0) {
+ printf("Unable to restrict to RSA key exchange.\n");
+ goto end;
+ }
+
if (SSL_CTX_get_keylog_callback(cctx)) {
printf("Unexpected initial value for client "
"SSL_CTX_get_keylog_callback()\n");
SSL_CTX_set_min_proto_version(cctx, TLS1_2_VERSION);
#endif
- /*
- * TODO(TLS1.3): Test temporarily disabled for TLS1.3 until we've
- * implemented session resumption.
- */
- SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION);
-
/* Set up session cache */
if (fix.use_ext_cache) {
SSL_CTX_sess_set_new_cb(cctx, new_session_cb);