Testsuite: handle OpenSSL 1.1.1

[exim.git] / test / runtest

diff --git a/test/runtest b/test/runtest
index 7921c5beec6ce171c00f6a96507cfa77cd0c8825..d6bc7b03de2900acf2fa82c8a50a8215ce08b06c 100755 (executable)
--- a/test/runtest
+++ b/test/runtest
@@ -538,6 +538,9 @@ RESET_AFTER_EXTRA_LINE_READ:
   # Test machines might have various different TLS library versions supporting
   # different protocols; can't rely upon TLS 1.2's AES256-GCM-SHA384, so we
   # treat the standard algorithms the same.
+  #
+  # TLSversion : KeyExchange? - Authentication/Signature - C_iph_er - MAC : ???
+  #
   # So far, have seen:
   #   TLSv1:AES128-GCM-SHA256:128
   #   TLSv1:AES256-SHA:256
@@ -559,8 +562,12 @@ RESET_AFTER_EXTRA_LINE_READ:
   s/((EC)?DHE-)?(RSA|ECDSA)-AES(128|256)-(GCM-SHA(256|384)|SHA):(128|256)/ke-$3-AES256-SHA:xxx/g;
 
   # OpenSSL TLSv1.3 - unsure what to do about the authentication-variant testcases now,
-  # as it seems the protocol no longer supports a user choice.
-  s/TLS_AES(_256)_GCM_SHA384:256/TLS-AES256-SHA:xxx/g;
+  # as it seems the protocol no longer supports a user choice.  Replace the "TLS" field with "RSA".
+  # Also insert a key-exchange field for back-compat, even though 1.3 doesn't do that.
+  #
+  # TLSversion : "TLS" - C_iph_er - MAC : ???
+  #
+  s/:TLS_AES(_256)_GCM_SHA384:256/:ke-RSA-AES256-SHA:xxx/g;
 
   # LibreSSL
   # TLSv1:AES256-GCM-SHA384:256