Disallow Ed448 signature malleability

[openssl.git] / test / clienthellotest.c

diff --git a/test/clienthellotest.c b/test/clienthellotest.c
index 5cff519eadb141f2488d7e8d8398c6c216def038..10e3b1b1b172408e7fffcbb893d5c4453cc3d44d 100644 (file)
--- a/test/clienthellotest.c
+++ b/test/clienthellotest.c
@@ -78,6 +78,8 @@ static int test_client_hello(int currtest)
     ctx = SSL_CTX_new(TLS_method());
     if (!TEST_ptr(ctx))
         goto end;
+    if (!TEST_true(SSL_CTX_set_max_proto_version(ctx, TLS_MAX_VERSION)))
+        goto end;
 
     switch(currtest) {
     case TEST_SET_SESSION_TICK_DATA_VER_NEG:
@@ -97,8 +99,7 @@ static int test_client_hello(int currtest)
          * ClientHello is already going to be quite long. To avoid getting one
          * that is too long for this test we use a restricted ciphersuite list
          */
-        if (!TEST_true(SSL_CTX_set_cipher_list(ctx,
-                                               "TLS13-AES-128-GCM-SHA256")))
+        if (!TEST_true(SSL_CTX_set_cipher_list(ctx, "")))
             goto end;
          /* Fall through */
     case TEST_ADD_PADDING:
@@ -121,7 +122,9 @@ static int test_client_hello(int currtest)
          * not need padding.
          */
         } else if (!TEST_true(SSL_CTX_set_cipher_list(ctx,
-                              "AES128-SHA:TLS13-AES-128-GCM-SHA256"))) {
+                              "AES128-SHA"))
+                   || !TEST_true(SSL_CTX_set_ciphersuites(ctx,
+                                 "TLS_AES_128_GCM_SHA256"))) {
             goto end;
         }
         break;