- my @protocols = ();
- # We only use the flags that ssltest_old understands
- push @protocols, "-tls1_3" unless $no_tls1_3;
- push @protocols, "-tls1_2" unless $no_tls1_2;
- push @protocols, "-tls1" unless $no_tls1 || $provider eq "fips";
- push @protocols, "-ssl3" unless $no_ssl3 || $provider eq "fips";
- my $protocolciphersuitecount = 0;
- my %ciphersuites = ();
- my %ciphersstatus = ();
- foreach my $protocol (@protocols) {
- my $ciphersstatus = undef;
- my @ciphers = run(app(["openssl", "ciphers", "-s", $protocol,
- "ALL:$ciphers"]),
- capture => 1, statusvar => \$ciphersstatus);
- @ciphers = grep {!/CAMELLIA|ARIA|CHACHA/} @ciphers;
- $ciphersstatus{$protocol} = $ciphersstatus;
- if ($ciphersstatus) {
- $ciphersuites{$protocol} = [ map { s|\R||; split(/:/, $_) }
- @ciphers ];
- $protocolciphersuitecount += scalar @{$ciphersuites{$protocol}};
- }
- }
+ my @protocols = ();
+ # We only use the flags that ssltest_old understands
+ push @protocols, "-tls1_3" unless $no_tls1_3;
+ push @protocols, "-tls1_2" unless $no_tls1_2;
+ push @protocols, "-tls1" unless $no_tls1 || $provider eq "fips";
+ push @protocols, "-ssl3" unless $no_ssl3 || $provider eq "fips";
+ my $protocolciphersuitecount = 0;
+ my %ciphersuites = ();
+ my %ciphersstatus = ();
+ #There's no "-config" option to the ciphers command so we set the
+ #environment variable instead
+ my $opensslconf = $ENV{OPENSSL_CONF};
+ $ENV{OPENSSL_CONF} = $configfile;
+ foreach my $protocol (@protocols) {
+ my $ciphersstatus = undef;
+ my @ciphers = run(app(["openssl", "ciphers", "-s", $protocol,
+ @providerflags,
+ "ALL:$ciphers"]),
+ capture => 1, statusvar => \$ciphersstatus);
+ $ciphersstatus{$protocol} = $ciphersstatus;
+ if ($ciphersstatus) {
+ $ciphersuites{$protocol} = [ map { s|\R||; split(/:/, $_) }
+ @ciphers ];
+ $protocolciphersuitecount += scalar @{$ciphersuites{$protocol}};
+ }
+ }
+ $ENV{OPENSSL_CONF} = $opensslconf;