aboutsummaryrefslogtreecommitdiffstats
path: root/tests/tls-rsa+ecdsa
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2020-12-17 17:38:17 +0100
committerGuilhem Moulin <guilhem@fripost.org>2020-12-17 17:41:30 +0100
commit57988c83bb4b3f1780f045880ac4a8f36a51c55c (patch)
treed456a8526a72381f320864df6009cdaed07951fc /tests/tls-rsa+ecdsa
parent1a19feb7a4b3d70f44e4e1fb0f9920b063842422 (diff)
libinterimap: new option SSL_ciphersuites to set the TLSv1.3 ciphersuites.
Also, clarify that SSL_cipherlist only applies to TLSv1.2 and below. See SSL_CTX_set_cipher_list(3ssl).
Diffstat (limited to 'tests/tls-rsa+ecdsa')
-rw-r--r--tests/tls-rsa+ecdsa/t4
1 files changed, 3 insertions, 1 deletions
diff --git a/tests/tls-rsa+ecdsa/t b/tests/tls-rsa+ecdsa/t
index 8b811fd..c9f5b96 100644
--- a/tests/tls-rsa+ecdsa/t
+++ b/tests/tls-rsa+ecdsa/t
@@ -36,7 +36,9 @@ grep -Fx -e "remote: Peer certificate matches pinned SPKI digest sha256\$$PKEY_S
-e "remote: Peer certificate matches pinned SPKI digest sha256\$$PKEY_ALT_SHA256" \
<"$STDERR" || error
-# force RSA (XXX do we really have to force TLSv1.2 here?)
+# force RSA
+# XXX we also have to force TLS <=1.2 here as the TLSv1.3 ciphersuites
+# don't specify the certificate type (nor key exchange)
cat >>"$XDG_CONFIG_HOME/interimap/config" <<-EOF
SSL_protocol_max = TLSv1.2
SSL_cipherlist = EECDH+AESGCM+aRSA