#! /usr/bin/env perl
-# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
subtest "Testing ciphersuites" => sub {
my @exkeys = ();
- my $ciphers = "-EXP:-PSK:-SRP:-kDH:-kECDHe";
+ my $ciphers = "-PSK:-SRP";
if ($no_dh) {
note "skipping DHE tests\n";
}
my @protocols = ();
- # FIXME: I feel unsure about the following line, is that really just TLSv1.2, or is it all of the SSLv3/TLS protocols?
- push(@protocols, "TLSv1.2") unless $no_tls1_2;
- push(@protocols, "SSLv3") unless $no_ssl3;
- my $protocolciphersuitcount = 0;
- my %ciphersuites =
- map { my @c =
- map { split(/:/, $_) }
- run(app(["openssl", "ciphers", "${_}:$ciphers"]),
- capture => 1);
- map { s/\R//; } @c; # chomp @c;
- $protocolciphersuitcount += scalar @c;
- $_ => [ @c ] } @protocols;
+ # We only use the flags that ssltest_old understands
+ push @protocols, "-tls1_2" unless $no_tls1_2;
+ push @protocols, "-tls1" unless $no_tls1;
+ push @protocols, "-ssl3" unless $no_ssl3;
+ my $protocolciphersuitecount = 0;
+ my %ciphersuites = ();
+ foreach my $protocol (@protocols) {
+ $ciphersuites{$protocol} =
+ [ map { s|\R||; split(/:/, $_) }
+ run(app(["openssl", "ciphers", "-s", $protocol,
+ "ALL:$ciphers"]), capture => 1) ];
+ $protocolciphersuitecount += scalar @{$ciphersuites{$protocol}};
+ }
plan skip_all => "None of the ciphersuites to test are available in this OpenSSL build"
- if $protocolciphersuitcount + scalar(@protocols) == 0;
+ if $protocolciphersuitecount + scalar(keys %ciphersuites) == 0;
# The count of protocols is because in addition to the ciphersuits
# we got above, we're running a weak DH test for each protocol
- plan tests => $protocolciphersuitcount + scalar(@protocols);
+ plan tests => $protocolciphersuitecount + scalar(keys %ciphersuites);
- foreach my $protocol (@protocols) {
+ foreach my $protocol (sort keys %ciphersuites) {
note "Testing ciphersuites for $protocol";
+ # ssltest_old doesn't know -tls1_2, but that's fine, since that's
+ # the default choice if TLSv1.2 enabled
+ my $flag = $protocol eq "-tls1_2" ? "" : $protocol;
foreach my $cipher (@{$ciphersuites{$protocol}}) {
- ok(run(test([@ssltest, @exkeys, "-cipher", $cipher,
- $protocol eq "SSLv3" ? ("-ssl3") : ()])),
- "Testing $cipher");
+ if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) {
+ note "*****SKIPPING $protocol $cipher";
+ ok(1);
+ } else {
+ ok(run(test([@ssltest, @exkeys, "-cipher", $cipher,
+ $flag || ()])),
+ "Testing $cipher");
+ }
}
is(run(test([@ssltest,
"-s_cipher", "EDH",