diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2020-12-17 17:38:17 +0100 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2020-12-17 17:41:30 +0100 |
commit | 57988c83bb4b3f1780f045880ac4a8f36a51c55c (patch) | |
tree | d456a8526a72381f320864df6009cdaed07951fc /tests/tls-rsa+ecdsa/t | |
parent | 1a19feb7a4b3d70f44e4e1fb0f9920b063842422 (diff) |
libinterimap: new option SSL_ciphersuites to set the TLSv1.3 ciphersuites.
Also, clarify that SSL_cipherlist only applies to TLSv1.2 and below.
See SSL_CTX_set_cipher_list(3ssl).
Diffstat (limited to 'tests/tls-rsa+ecdsa/t')
-rw-r--r-- | tests/tls-rsa+ecdsa/t | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/tests/tls-rsa+ecdsa/t b/tests/tls-rsa+ecdsa/t index 8b811fd..c9f5b96 100644 --- a/tests/tls-rsa+ecdsa/t +++ b/tests/tls-rsa+ecdsa/t @@ -36,7 +36,9 @@ grep -Fx -e "remote: Peer certificate matches pinned SPKI digest sha256\$$PKEY_S -e "remote: Peer certificate matches pinned SPKI digest sha256\$$PKEY_ALT_SHA256" \ <"$STDERR" || error -# force RSA (XXX do we really have to force TLSv1.2 here?) +# force RSA +# XXX we also have to force TLS <=1.2 here as the TLSv1.3 ciphersuites +# don't specify the certificate type (nor key exchange) cat >>"$XDG_CONFIG_HOME/interimap/config" <<-EOF SSL_protocol_max = TLSv1.2 SSL_cipherlist = EECDH+AESGCM+aRSA |