1 # TLS: EC curves for OpenSSL
3 # This is only checking the acceptability of option settings, not their effect
4 # See packet captures for actual effects
6 # Baseline: tls_eccurve option not present
7 exim -DSERVER=server -bd -oX PORT_D
9 exim -odf optnotpresent@test.ex
13 # Explicit tls_eccurve setting of "auto"
14 exim -DSERVER=server -DDATA=auto -bd -oX PORT_D
16 exim -odf explicitauto@test.ex
20 # Explicit tls_eccurve setting of ""
21 # - unclear this works. At least with OpenSSL 3.0.5 we still get an x25519 keyshare in the Server Hello
22 exim -DSERVER=server -DDATA= -bd -oX PORT_D
24 exim -odf explicitempty@test.ex
29 # Oddly, 3.0.5 packets show an EC-groups negotiation of C:x255519 S:secp256r1 C:secp384r1 S:secp384r1.
30 # Hoever, note that RFC 8446 (TLS1.3) does NOT include prime256v1 as one of the allowable
31 # supported groups (and it's not in the client "supported groups" extension, so what we see seems good.
32 exim -DSERVER=server -DDATA=prime256v1 -bd -oX PORT_D
34 exim -odf prime256v1@test.ex
39 # C:x25519 S:secp384r1
40 exim -DSERVER=server -DDATA=secp384r1 -bd -oX PORT_D
42 exim -odf secp384r1@test.ex
46 # "bogus". Should fail to make connection.
47 exim -DSERVER=server -DDATA=bogus -bd -oX PORT_D
49 exim -odf user_fail@test.ex