test suite: supply our own OpenSSL configuration file with MinProtocol=None.

So we can test TLSv1 as well, not just TLSv1.2 and later. Also, explicitly set ssl_min_protocol=TLSv1 in the Dovecot configuration file (the default as of 2.3.11.3), hence running TLS tests now require Dovecot 2.3 or later.
author: Guilhem Moulin <guilhem@fripost.org> 2020-12-11 18:28:32 +0100
committer: Guilhem Moulin <guilhem@fripost.org> 2020-12-11 18:44:13 +0100
commit: ed263d4a380036b654525ee268db615c17d0d216 (patch)
tree: 5c85ed20e3405a994293d4e0b8cc688b7fd2c3ee /tests/config
parent: b99cd2fd12bc3a2c6b858e65182a47a4ef27dba2 (diff)
2 files changed, 15 insertions, 0 deletions
diff --git a/tests/config/dovecot/ssl.conf b/tests/config/dovecot/ssl.conf
index 2d68c80..3fd99d5 100644
--- a/tests/config/dovecot/ssl.conf
+++ b/tests/config/dovecot/ssl.conf
@@ -2,3 +2,4 @@ ssl = required
 ssl_cert = <dovecot.rsa.crt
 ssl_key = <dovecot.rsa.key
 ssl_dh = <dhparams.pem
+ssl_min_protocol = TLSv1
diff --git a/tests/config/openssl.cnf b/tests/config/openssl.cnf
new file mode 100644
index 0000000..980097d
--- /dev/null
+++ b/tests/config/openssl.cnf
@@ -0,0 +1,14 @@
+# as we want to test TLSv1 we need to set MinProtocol=None, see
+# see /usr/share/doc/libssl1.1/NEWS.Debian.gz
+
+openssl_conf = default_conf
+
+[default_conf]
+ssl_conf = ssl_sect
+
+[ssl_sect]
+system_default = system_default_sect
+
+[system_default_sect]
+MinProtocol = None
+CipherString = DEFAULT
author	Guilhem Moulin <guilhem@fripost.org>	2020-12-11 18:28:32 +0100
committer	Guilhem Moulin <guilhem@fripost.org>	2020-12-11 18:44:13 +0100
commit	ed263d4a380036b654525ee268db615c17d0d216 (patch)
tree	5c85ed20e3405a994293d4e0b8cc688b7fd2c3ee /tests/config
parent	b99cd2fd12bc3a2c6b858e65182a47a4ef27dba2 (diff)