diff options
author | Emilia Kasper <emilia@openssl.org> | 2015-05-22 18:35:50 +0200 |
---|---|---|
committer | Emilia Kasper <emilia@openssl.org> | 2015-05-26 12:49:26 +0200 |
commit | e8356e32aed70d139eae2d05aeaeb160509262aa (patch) | |
tree | 8b6177c042b6014563988141bc3763f1d822acb4 /test/testssl | |
parent | 9c89d290834f3ed9146eeb8b64fe5de817679a0b (diff) | |
download | openssl-e8356e32aed70d139eae2d05aeaeb160509262aa.tar.gz |
Fix ssltest to use 1024-bit DHE parameters
Also add more ciphersuite test coverage, and a negative test for
512-bit DHE.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 1ee85aab75d7c9f20058f781bfe9222323df08eb)
Diffstat (limited to 'test/testssl')
-rw-r--r-- | test/testssl | 38 |
1 files changed, 34 insertions, 4 deletions
diff --git a/test/testssl b/test/testssl index 367807b47b..2998b7321e 100644 --- a/test/testssl +++ b/test/testssl @@ -118,10 +118,9 @@ $ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1 echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1 -echo "Testing ciphersuites" -for protocol in TLSv1.2 SSLv3; do - echo "Testing ciphersuites for $protocol" - for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do +test_cipher() { + local cipher=$1 + local protocol=$2 echo "Testing $cipher" prot="" if [ $protocol = "SSLv3" ] ; then @@ -132,7 +131,38 @@ for protocol in TLSv1.2 SSLv3; do echo "Failed $cipher" exit 1 fi +} + +echo "Testing ciphersuites" +for protocol in TLSv1.2 SSLv3; do + echo "Testing ciphersuites for $protocol" + for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do + test_cipher $cipher $protocol done + if ../util/shlib_wrap.sh ../apps/openssl no-dh; then + echo "skipping RSA+DHE tests" + else + for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "EDH+aRSA+$protocol:-EXP" | tr ':' ' '`; do + test_cipher $cipher $protocol + done + echo "testing connection with weak DH, expecting failure" + if [ $protocol = "SSLv3" ] ; then + $ssltest -cipher EDH -dhe512 -ssl3 + else + $ssltest -cipher EDH -dhe512 + fi + if [ $? -eq 0 ]; then + echo "FAIL: connection with weak DH succeeded" + exit 1 + fi + fi + if ../util/shlib_wrap.sh ../apps/openssl no-ec; then + echo "skipping RSA+ECDHE tests" + else + for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "EECDH+aRSA+$protocol:-EXP" | tr ':' ' '`; do + test_cipher $cipher $protocol + done + fi done ############################################################################# |