Add missing MinProtocol/MaxProtocol

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2339)

diff --git a/test/ssl-tests/20-cert-select.conf b/test/ssl-tests/20-cert-select.conf
index 01afac393f56bd888aae4f3e4e5001d8af70ff10..72ce42574b423c6a067f5f0635e4f65254301c07 100644 (file)
--- a/test/ssl-tests/20-cert-select.conf
+++ b/test/ssl-tests/20-cert-select.conf
@@ -78,6 +78,7 @@ client = 2-ECDSA CipherString Selection, no ECDSA certificate-client
 [2-ECDSA CipherString Selection, no ECDSA certificate-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 [2-ECDSA CipherString Selection, no ECDSA certificate-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT

+MaxProtocol = TLSv1.2

 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [2-ECDSA CipherString Selection, no ECDSA certificate-client]
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [2-ECDSA CipherString Selection, no ECDSA certificate-client]


@@ -161,6 +162,7 @@ client = 5-ECDSA Signature Algorithm Selection, no ECDSA certificate-client
 [5-ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 [5-ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT

+MaxProtocol = TLSv1.2

 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [5-ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [5-ECDSA Signature Algorithm Selection, no ECDSA certificate-client]

diff --git a/test/ssl-tests/20-cert-select.conf.in b/test/ssl-tests/20-cert-select.conf.in
index 7767aca0f886a148b9573609ba5b37d7ead7144f..2036d2c9a382142fa0a2ec658bc66900b78016d9 100644 (file)
--- a/test/ssl-tests/20-cert-select.conf.in
+++ b/test/ssl-tests/20-cert-select.conf.in
@@ -44,7 +44,9 @@ our @tests = (
     },
     {
         name => "ECDSA CipherString Selection, no ECDSA certificate",
     },
     {
         name => "ECDSA CipherString Selection, no ECDSA certificate",

-        server => { },
+        server => {
+            "MaxProtocol" => "TLSv1.2"
+        },

         client => {
             "CipherString" => "aECDSA"
         },
         client => {
             "CipherString" => "aECDSA"
         },


@@ -80,7 +82,9 @@ our @tests = (
     },
     {
         name => "ECDSA Signature Algorithm Selection, no ECDSA certificate",
     },
     {
         name => "ECDSA Signature Algorithm Selection, no ECDSA certificate",

-        server => { },
+        server => {
+             "MaxProtocol" => "TLSv1.2"
+        },

         client => {
             "SignatureAlgorithms" => "ECDSA+SHA256",
         },
         client => {
             "SignatureAlgorithms" => "ECDSA+SHA256",
         },


@@ -166,7 +170,10 @@ my @tests_tls_1_3 = (
     },
     {
         name => "TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate",
     },
     {
         name => "TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate",

-        server => { },
+        server => {
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3"
+        },

         client => {
             "SignatureAlgorithms" => "ECDSA+SHA256",
         },
         client => {
             "SignatureAlgorithms" => "ECDSA+SHA256",
         },