# negotiating TLS 1.2 instead of 1.0.
# Mail headers (...), log-lines X=..., client-ssl output ...
# (and \b doesn't match between ' ' and '(' )
+ #
+ # Retain the authentication algorith field as we want to test that.
s/( (?: (?:\b|\s) [\(=] ) | \s )TLSv1\.[12]:/$1TLSv1:/xg;
- s/\bAES128-GCM-SHA256:128\b/AES256-SHA:256/g;
- s/\bAES128-GCM-SHA256\b/AES256-SHA/g;
- s/\bAES256-GCM-SHA384\b/AES256-SHA/g;
- s/\bDHE-RSA-AES256-SHA\b/AES256-SHA/g;
+ s/((EC)?DHE-)?(RSA|ECDSA)-AES(128|256)-(GCM-SHA(256|384)|SHA)(?-:)/ke-$3-AES256-SHAxxx/g;
+ s/((EC)?DHE-)?(RSA|ECDSA)-AES(128|256)-(GCM-SHA(256|384)|SHA):(128|256)/ke-$3-AES256-SHAxxx/g;
# LibreSSL
# TLSv1:ECDHE-RSA-CHACHA20-POLY1305:256
- s/\bECDHE-RSA-CHACHA20-POLY1305\b/AES256-SHA/g;
+ s/((EC)?DHE-)?(RSA|ECDSA)-CHACHA20-POLY1305\b/ke-$3-AES256-SHAxxx/g;
# GnuTLS have seen:
# TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256
git://git.exim.org / exim.git / blobdiff