From 57988c83bb4b3f1780f045880ac4a8f36a51c55c Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Thu, 17 Dec 2020 17:38:17 +0100
Subject: libinterimap: new option SSL_ciphersuites to set the TLSv1.3
 ciphersuites.

Also, clarify that SSL_cipherlist only applies to TLSv1.2 and below.
See SSL_CTX_set_cipher_list(3ssl).
---
 tests/tls-rsa+ecdsa/t | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'tests/tls-rsa+ecdsa')

diff --git a/tests/tls-rsa+ecdsa/t b/tests/tls-rsa+ecdsa/t
index 8b811fd..c9f5b96 100644
--- a/tests/tls-rsa+ecdsa/t
+++ b/tests/tls-rsa+ecdsa/t
@@ -36,7 +36,9 @@ grep -Fx -e "remote: Peer certificate matches pinned SPKI digest sha256\$$PKEY_S
          -e "remote: Peer certificate matches pinned SPKI digest sha256\$$PKEY_ALT_SHA256" \
          <"$STDERR" || error
 
-# force RSA (XXX do we really have to force TLSv1.2 here?)
+# force RSA
+# XXX we also have to force TLS <=1.2 here as the TLSv1.3 ciphersuites
+# don't specify the certificate type (nor key exchange)
 cat >>"$XDG_CONFIG_HOME/interimap/config" <<-EOF
 	SSL_protocol_max = TLSv1.2
 	SSL_cipherlist = EECDH+AESGCM+aRSA
-- 
cgit v1.2.3