feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fix InitSuites to allow old TLS for DHE_RSA with AES 128/256 for SHA256. Reverted changes to test.conf and test-dtls.conf.

Browse Source
This commit is contained in:
David Garske
2017-04-04 16:43:00 -07:00
parent 4dcad96f97
commit b14da2622e
3 changed files with 94 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/internal.c
View File

@ -2164,14 +2164,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA,
#endif #endif
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
if (tls1_2 && haveDH && haveRSA) { if (tls && haveDH && haveRSA) {
suites->suites[idx++] = 0; suites->suites[idx++] = 0;
suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA256; suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA256;
} }
#endif #endif
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
if (tls1_2 && haveDH && haveRSA) { if (tls && haveDH && haveRSA) {
suites->suites[idx++] = 0; suites->suites[idx++] = 0;
suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256; suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256;
} }

20
tests/test-dtls.conf
View File

@ -190,6 +190,16 @@
-v 3 -v 3
-l AES256-SHA -l AES256-SHA
# server DTLSv1 AES128-SHA256
-u
-v 2
-l AES128-SHA256
# client DTLSv1 AES128-SHA256
-u
-v 2
-l AES128-SHA256
# server DTLSv1.2 AES128-SHA256 # server DTLSv1.2 AES128-SHA256
-u -u
-v 3 -v 3
@ -200,6 +210,16 @@
-v 3 -v 3
-l AES128-SHA256 -l AES128-SHA256
# server DTLSv1 AES256-SHA256
-u
-v 2
-l AES256-SHA256
# client DTLSv1 AES256-SHA256
-u
-v 2
-l AES256-SHA256
# server DTLSv1.2 AES256-SHA256 # server DTLSv1.2 AES256-SHA256
-u -u
-v 3 -v 3

72
tests/test.conf
View File

@ -162,6 +162,22 @@
-v 1 -v 1
-l AES256-SHA -l AES256-SHA
# server TLSv1 AES128-SHA256
-v 1
-l AES128-SHA256
# client TLSv1 AES128-SHA256
-v 1
-l AES128-SHA256
# server TLSv1 AES256-SHA256
-v 1
-l AES256-SHA256
# client TLSv1 AES256-SHA256
-v 1
-l AES256-SHA256
# server TLSv1.1 RC4-SHA # server TLSv1.1 RC4-SHA
-v 2 -v 2
-l RC4-SHA -l RC4-SHA
@ -202,6 +218,30 @@
-v 2 -v 2
-l AES128-SHA -l AES128-SHA
# server TLSv1.1 AES256-SHA
-v 2
-l AES256-SHA
# client TLSv1.1 AES256-SHA
-v 2
-l AES256-SHA
# server TLSv1.1 AES128-SHA256
-v 2
-l AES128-SHA256
# client TLSv1.1 AES128-SHA256
-v 2
-l AES128-SHA256
# server TLSv1.1 AES256-SHA256
-v 2
-l AES256-SHA256
# client TLSv1.1 AES256-SHA256
-v 2
-l AES256-SHA256
# server TLSv1.2 RC4-SHA # server TLSv1.2 RC4-SHA
-v 3 -v 3
-l RC4-SHA -l RC4-SHA
@ -1011,6 +1051,22 @@
-v 1 -v 1
-l DHE-RSA-AES256-SHA -l DHE-RSA-AES256-SHA
# server TLSv1 DHE AES128-SHA256
-v 1
-l DHE-RSA-AES128-SHA256
# client TLSv1 DHE AES128-SHA256
-v 1
-l DHE-RSA-AES128-SHA256
# server TLSv1 DHE AES256-SHA256
-v 1
-l DHE-RSA-AES256-SHA256
# client TLSv1 DHE AES256-SHA256
-v 1
-l DHE-RSA-AES256-SHA256
# server TLSv1.1 DHE AES128 # server TLSv1.1 DHE AES128
-v 2 -v 2
-l DHE-RSA-AES128-SHA -l DHE-RSA-AES128-SHA
@ -1027,6 +1083,22 @@
-v 2 -v 2
-l DHE-RSA-AES256-SHA -l DHE-RSA-AES256-SHA
# server TLSv1.1 DHE AES128-SHA256
-v 2
-l DHE-RSA-AES128-SHA256
# client TLSv1.1 DHE AES128-SHA256
-v 2
-l DHE-RSA-AES128-SHA256
# server TLSv1.1 DHE AES256-SHA256
-v 2
-l DHE-RSA-AES256-SHA256
# client TLSv1.1 DHE AES256-SHA256
-v 2
-l DHE-RSA-AES256-SHA256
# server TLSv1.1 DHE 3DES # server TLSv1.1 DHE 3DES
-v 2 -v 2
-l EDH-RSA-DES-CBC3-SHA -l EDH-RSA-DES-CBC3-SHA