Add missing MinProtocol/MaxProtocol
authorDr. Stephen Henson <steve@openssl.org>
Thu, 2 Feb 2017 12:34:22 +0000 (12:34 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 2 Feb 2017 14:45:11 +0000 (14:45 +0000)
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2339)

test/ssl-tests/20-cert-select.conf
test/ssl-tests/20-cert-select.conf.in

index 01afac393f56bd888aae4f3e4e5001d8af70ff10..72ce42574b423c6a067f5f0635e4f65254301c07 100644 (file)
@@ -78,6 +78,7 @@ client = 2-ECDSA CipherString Selection, no ECDSA certificate-client
 [2-ECDSA CipherString Selection, no ECDSA certificate-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [2-ECDSA CipherString Selection, no ECDSA certificate-client]
@@ -161,6 +162,7 @@ client = 5-ECDSA Signature Algorithm Selection, no ECDSA certificate-client
 [5-ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [5-ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
index 7767aca0f886a148b9573609ba5b37d7ead7144f..2036d2c9a382142fa0a2ec658bc66900b78016d9 100644 (file)
@@ -44,7 +44,9 @@ our @tests = (
     },
     {
         name => "ECDSA CipherString Selection, no ECDSA certificate",
-        server => { },
+        server => {
+            "MaxProtocol" => "TLSv1.2"
+        },
         client => {
             "CipherString" => "aECDSA"
         },
@@ -80,7 +82,9 @@ our @tests = (
     },
     {
         name => "ECDSA Signature Algorithm Selection, no ECDSA certificate",
-        server => { },
+        server => {
+             "MaxProtocol" => "TLSv1.2"
+        },
         client => {
             "SignatureAlgorithms" => "ECDSA+SHA256",
         },
@@ -166,7 +170,10 @@ my @tests_tls_1_3 = (
     },
     {
         name => "TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate",
-        server => { },
+        server => {
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3"
+        },
         client => {
             "SignatureAlgorithms" => "ECDSA+SHA256",
         },