Don't expect a POLY1305 ciphersuite when using no-poly1305
authorMatt Caswell <matt@openssl.org>
Sun, 10 Dec 2017 11:05:19 +0000 (11:05 +0000)
committerMatt Caswell <matt@openssl.org>
Mon, 11 Dec 2017 09:41:59 +0000 (09:41 +0000)
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4891)

test/recipes/80-test_ssl_new.t
test/ssl-tests/25-cipher.conf
test/ssl-tests/25-cipher.conf.in

index c5472ebf0f96b5d616296be3566d474136e0b6f0..415c5c3bb8b3909cca0a7f548950167c637aaf63 100644 (file)
@@ -66,6 +66,7 @@ my %conf_dependent_tests = (
   "19-mac-then-encrypt.conf" => !$is_default_tls,
   "20-cert-select.conf" => !$is_default_tls || $no_dh || $no_dsa,
   "22-compression.conf" => !$is_default_tls,
+  "25-cipher.conf" => disabled("poly1305"),
 );
 
 # Add your test here if it should be skipped for some compile-time
index 101ee7c517802c506f15d519d571f365b0f89e55..a28c1f7bed295be254a5d43b5aca1cde85ffbbfd 100644 (file)
@@ -207,13 +207,13 @@ Options = ServerPreference,PrioritizeChaCha
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [7-cipher-server-pref-mobile-client]
-CipherString = ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384
+CipherString = ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305
 MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-7]
-ExpectedCipher = ECDHE-RSA-CHACHA20-POLY1305
+ExpectedCipher = ECDHE-RSA-AES256-SHA384
 
 
 # ===========================================================
@@ -233,12 +233,12 @@ Options = ServerPreference,PrioritizeChaCha
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [8-cipher-server-pref-mobile2-client]
-CipherString = ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305
+CipherString = ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384
 MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-8]
-ExpectedCipher = ECDHE-RSA-AES256-SHA384
+ExpectedCipher = ECDHE-RSA-CHACHA20-POLY1305
 
 
index b82f77ccd9738529345f4424be32d812bb4083b4..d75e2741209084e1ba4b5792233afabe75d9a840 100644 (file)
@@ -13,7 +13,7 @@ use strict;
 use warnings;
 
 package ssltests;
-
+use OpenSSL::Test::Utils;
 
 our @tests = (
     {
@@ -127,12 +127,15 @@ our @tests = (
         },
         client => {
             "MaxProtocol" => "TLSv1.2",
-            "CipherString" => "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384",
+            "CipherString" => "ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305",
         },
         test => {
-            "ExpectedCipher" => "ECDHE-RSA-CHACHA20-POLY1305",
+            "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384",
         },
     },
+);
+
+my @tests_poly1305 = (
     {
         name => "cipher-server-pref-mobile2",
         server => {
@@ -142,10 +145,12 @@ our @tests = (
         },
         client => {
             "MaxProtocol" => "TLSv1.2",
-            "CipherString" => "ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305",
+            "CipherString" => "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384",
         },
         test => {
-            "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384",
+            "ExpectedCipher" => "ECDHE-RSA-CHACHA20-POLY1305",
         },
     },
 );
+
+push @tests, @tests_poly1305 unless disabled("poly1305");