From e3b95b0da424e55682c8c7b025d9d272a4a35ffe Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Fri, 11 Dec 2020 15:09:15 +0100 Subject: libinterimap: remove default SSL_protocols value. Namely, use the system default instead of "!SSLv2 !SSLv3 !TLSv1 !TLSv1.1". As of Debian Buster (OpenSSL 1.1.1) this does not make a difference, however using the system default provides better compatibility with future libssl versions. --- tests/tls/t | 1 - 1 file changed, 1 deletion(-) (limited to 'tests/tls/t') diff --git a/tests/tls/t b/tests/tls/t index 9fdd399..76f7c14 100644 --- a/tests/tls/t +++ b/tests/tls/t @@ -8,7 +8,6 @@ for ((i = 0; i < 32; i++)); do done interimap --debug || error -grep -Fx "remote: Disabling SSL protocols: SSLv3, TLSv1, TLSv1.1" <"$STDERR" || error grep -Fx "remote: Peer certificate fingerprint: sha256\$$X509_SHA256" <"$STDERR" || error grep "^remote: SSL protocol: TLSv1\.[23] " <"$STDERR" || error grep "^remote: SSL cipher: " <"$STDERR" || error -- cgit v1.2.3 From ed263d4a380036b654525ee268db615c17d0d216 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Fri, 11 Dec 2020 18:28:32 +0100 Subject: test suite: supply our own OpenSSL configuration file with MinProtocol=None. So we can test TLSv1 as well, not just TLSv1.2 and later. Also, explicitly set ssl_min_protocol=TLSv1 in the Dovecot configuration file (the default as of 2.3.11.3), hence running TLS tests now require Dovecot 2.3 or later. --- tests/tls/t | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests/tls/t') diff --git a/tests/tls/t b/tests/tls/t index 76f7c14..a674b28 100644 --- a/tests/tls/t +++ b/tests/tls/t @@ -9,7 +9,7 @@ done interimap --debug || error grep -Fx "remote: Peer certificate fingerprint: sha256\$$X509_SHA256" <"$STDERR" || error -grep "^remote: SSL protocol: TLSv1\.[23] " <"$STDERR" || error +grep "^remote: SSL protocol: TLSv" <"$STDERR" || error grep "^remote: SSL cipher: " <"$STDERR" || error check_mailbox_status "INBOX" -- cgit v1.2.3