libinterimap: new option SSL_ciphersuites to set the TLSv1.3 ciphersuites.

Also, clarify that SSL_cipherlist only applies to TLSv1.2 and below. See SSL_CTX_set_cipher_list(3ssl).
author: Guilhem Moulin <guilhem@fripost.org> 2020-12-17 17:38:17 +0100
committer: Guilhem Moulin <guilhem@fripost.org> 2020-12-17 17:41:30 +0100
commit: 57988c83bb4b3f1780f045880ac4a8f36a51c55c (patch)
tree: d456a8526a72381f320864df6009cdaed07951fc /tests/tls-rsa+ecdsa
parent: 1a19feb7a4b3d70f44e4e1fb0f9920b063842422 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/tests/tls-rsa+ecdsa/t b/tests/tls-rsa+ecdsa/t
index 8b811fd..c9f5b96 100644
--- a/tests/tls-rsa+ecdsa/t
+++ b/tests/tls-rsa+ecdsa/t
@@ -36,7 +36,9 @@ grep -Fx -e "remote: Peer certificate matches pinned SPKI digest sha256\$$PKEY_S
          -e "remote: Peer certificate matches pinned SPKI digest sha256\$$PKEY_ALT_SHA256" \
          <"$STDERR" || error
 
-# force RSA (XXX do we really have to force TLSv1.2 here?)
+# force RSA
+# XXX we also have to force TLS <=1.2 here as the TLSv1.3 ciphersuites
+# don't specify the certificate type (nor key exchange)
 cat >>"$XDG_CONFIG_HOME/interimap/config" <<-EOF
 	SSL_protocol_max = TLSv1.2
 	SSL_cipherlist = EECDH+AESGCM+aRSA
author	Guilhem Moulin <guilhem@fripost.org>	2020-12-17 17:38:17 +0100
committer	Guilhem Moulin <guilhem@fripost.org>	2020-12-17 17:41:30 +0100
commit	57988c83bb4b3f1780f045880ac4a8f36a51c55c (patch)
tree	d456a8526a72381f320864df6009cdaed07951fc /tests/tls-rsa+ecdsa
parent	1a19feb7a4b3d70f44e4e1fb0f9920b063842422 (diff)