Testsuite: GnuTLS version variances
authorJeremy Harris <jgh146exb@wizmail.org>
Fri, 26 Apr 2019 10:16:47 +0000 (11:16 +0100)
committerHeiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
Mon, 2 Sep 2019 22:17:46 +0000 (00:17 +0200)
(cherry picked from commit e20c4072da517616060d7a6e899b42f65ded4fb0)
(cherry picked from commit 4a7269057fc3bfcb5b19376725431610407e67bc)
(cherry picked from commit d1e5e96dd46f68ee04eb27995c026d5f9ae226f6)

test/confs/5652
test/log/2007.FOO [deleted file]
test/runtest

index 28d3a95bb8448a1e3b7de3f9fa0ca7d1c1cf7035..5b29f5b689db77394b9e2a0d60cd27967ec3dd2b 100644 (file)
@@ -29,7 +29,7 @@ tls_ocsp_file =   DRSA/server1.example.com/server1.example.com.ocsp.good.resp \
              : DECDSA/server1.example_ec.com/server1.example_ec.com.ocsp.good.resp
 
 
              : DECDSA/server1.example_ec.com/server1.example_ec.com.ocsp.good.resp
 
 
-tls_require_ciphers = NORMAL:!VERS-TLS1.3
+tls_require_ciphers = NORMAL:!VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.0
 
 # ------ ACL ------
 
 
 # ------ ACL ------
 
diff --git a/test/log/2007.FOO b/test/log/2007.FOO
deleted file mode 100644 (file)
index 483b703..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 Start queue run: pid=pppp -qf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmaY-0005vi-00"
-1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 End queue run: pid=pppp -qf
-
-******** SERVER ********
-1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
-1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex
index ed930e4e3d6192bb060f07fe70f1c0ca815b5aa8..62b24290376f3964a189ebf973841bd77fe7a822 100755 (executable)
@@ -606,6 +606,7 @@ RESET_AFTER_EXTRA_LINE_READ:
   #   TLS1.2:ECDHE_SECP256R1__RSA_SHA256__AES_256_GCM:256
   #   TLS1.2:ECDHE_SECP256R1__RSA_SHA256__AES_128_CBC__SHA256:128
   #   TLS1.2:ECDHE_SECP256R1__ECDSA_SHA512__AES_256_GCM:256
   #   TLS1.2:ECDHE_SECP256R1__RSA_SHA256__AES_256_GCM:256
   #   TLS1.2:ECDHE_SECP256R1__RSA_SHA256__AES_128_CBC__SHA256:128
   #   TLS1.2:ECDHE_SECP256R1__ECDSA_SHA512__AES_256_GCM:256
+  #   TLS1.2:ECDHE_RSA_SECP256R1__AES_256_GCM:256 (! 3.5.18 !)
   #   TLS1.2:RSA__CAMELLIA_256_GCM:256 (leave the cipher name)
   #
   #   X=TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256
   #   TLS1.2:RSA__CAMELLIA_256_GCM:256 (leave the cipher name)
   #
   #   X=TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256
@@ -618,12 +619,12 @@ RESET_AFTER_EXTRA_LINE_READ:
   #   DHE-RSA-AES256-SHA
   # picking latter as canonical simply because regex easier that way.
   s/\bDHE_RSA_AES_128_CBC_SHA1:128/RSA-AES256-SHA1:256/g;
   #   DHE-RSA-AES256-SHA
   # picking latter as canonical simply because regex easier that way.
   s/\bDHE_RSA_AES_128_CBC_SHA1:128/RSA-AES256-SHA1:256/g;
-  s/TLS1.[0123]:                                               # TLS version
-       ((EC)?DHE(_((?<psk>PSK)_)?(SECP256R1|X25519))?__?)?     # key-exchange
-       ((?<auth>RSA|ECDSA)((_PSS_RSAE)?_SHA(512|256))?__?)?    # authentication
-       AES_(256|128)_(CBC|GCM)                                 # cipher
-       (__?SHA(1|256|384))?:                                   # PRF
-       (256|128)                                               # cipher strength
+  s/TLS1.[0123]:                                                               # TLS version
+    ((EC)?DHE(_((?<psk>PSK)_)?((?<auth>RSA|ECDSA)_)?(SECP256R1|X25519))?__?)?  # key-exchange
+    ((?<auth>RSA|ECDSA)((_PSS_RSAE)?_SHA(512|256))?__?)?                       # authentication
+    AES_(256|128)_(CBC|GCM)                                                    # cipher
+    (__?SHA(1|256|384))?:                                                      # PRF
+    (256|128)                                                                  # cipher strength
     /"TLS1.x:ke-"
        . (defined($+{psk}) ? $+{psk} : "")
        . (defined($+{auth}) ? $+{auth} : "")
     /"TLS1.x:ke-"
        . (defined($+{psk}) ? $+{psk} : "")
        . (defined($+{auth}) ? $+{auth} : "")