# Test machines might have various different TLS library versions supporting
# different protocols; can't rely upon TLS 1.2's AES256-GCM-SHA384, so we
# treat the standard algorithms the same.
+ #
+ # TLSversion : KeyExchange? - Authentication/Signature - C_iph_er - MAC : ???
+ #
# So far, have seen:
# TLSv1:AES128-GCM-SHA256:128
# TLSv1:AES256-SHA:256
s/((EC)?DHE-)?(RSA|ECDSA)-AES(128|256)-(GCM-SHA(256|384)|SHA):(128|256)/ke-$3-AES256-SHA:xxx/g;
# OpenSSL TLSv1.3 - unsure what to do about the authentication-variant testcases now,
- # as it seems the protocol no longer supports a user choice.
- s/TLS_AES(_256)_GCM_SHA384:256/TLS-AES256-SHA:xxx/g;
+ # as it seems the protocol no longer supports a user choice. Replace the "TLS" field with "RSA".
+ # Also insert a key-exchange field for back-compat, even though 1.3 doesn't do that.
+ #
+ # TLSversion : "TLS" - C_iph_er - MAC : ???
+ #
+ s/:TLS_AES(_256)_GCM_SHA384:256/:ke-RSA-AES256-SHA:xxx/g;
# LibreSSL
# TLSv1:AES256-GCM-SHA384:256