From 65f90297411d79a8ab1dabc6b48c985cf0146212 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 13 Mar 2023 17:38:12 +0100 Subject: [PATCH] ssl-opt.sh: Remove unnecessary TLS 1.3 forcing on client side Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2c7c2efa1c..eaee66aba7 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -11926,7 +11926,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \ + "$P_CLI debug_level=4 crt_file=data_files/cert_sha256.crt \ key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384" \ 0 \ -c "got a certificate request" \ @@ -11943,7 +11943,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \ + "$P_CLI debug_level=3 crt_file=data_files/server2-sha256.crt \ key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384" \ 0 \ -c "got a certificate request" \ @@ -11959,7 +11959,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \ + "$P_CLI debug_level=4 crt_file=data_files/cert_sha256.crt \ key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512" \ 0 \ -c "got a certificate request" \ @@ -11976,7 +11976,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \ + "$P_CLI debug_level=3 crt_file=data_files/server2-sha256.crt \ key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512" \ 0 \ -c "got a certificate request" \ @@ -12194,7 +12194,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \ + "$P_CLI debug_level=4 crt_file=data_files/cert_sha256.crt \ key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384 key_opaque=1" \ 0 \ -c "got a certificate request" \ @@ -12212,7 +12212,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \ + "$P_CLI debug_level=3 crt_file=data_files/server2-sha256.crt \ key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384 key_opaque=1" \ 0 \ -c "got a certificate request" \ @@ -12229,7 +12229,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ - "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \ + "$P_CLI debug_level=4 crt_file=data_files/cert_sha256.crt \ key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512 key_opaque=1" \ 0 \ -c "got a certificate request" \ @@ -12247,7 +12247,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ - "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \ + "$P_CLI debug_level=3 crt_file=data_files/server2-sha256.crt \ key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512 key_opaque=1" \ 0 \ -c "got a certificate request" \ @@ -12436,7 +12436,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Server side check - mbedtls" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ - "$P_CLI debug_level=4 force_version=tls13" \ + "$P_CLI debug_level=4" \ 0 \ -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ @@ -12455,7 +12455,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Server side check - mbedtls with client authentication" \ "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ - "$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13" \ + "$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key" \ 0 \ -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ @@ -12472,7 +12472,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Server side check - mbedtls with client empty certificate" \ "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ - "$P_CLI debug_level=4 crt_file=none key_file=none force_version=tls13" \ + "$P_CLI debug_level=4 crt_file=none key_file=none" \ 1 \ -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ @@ -12490,7 +12490,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Server side check - mbedtls with optional client authentication" \ "$P_SRV debug_level=4 auth_mode=optional crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ - "$P_CLI debug_level=4 force_version=tls13 crt_file=none key_file=none" \ + "$P_CLI debug_level=4 crt_file=none key_file=none" \ 0 \ -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ @@ -12507,7 +12507,7 @@ requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: server: HRR check - mbedtls" \ "$P_SRV debug_level=4 force_version=tls13 curves=secp384r1" \ - "$P_CLI debug_level=4 force_version=tls13 curves=secp256r1,secp384r1" \ + "$P_CLI debug_level=4 curves=secp256r1,secp384r1" \ 0 \ -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ @@ -12524,7 +12524,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Server side check, no server certificate available" \ "$P_SRV debug_level=4 crt_file=none key_file=none force_version=tls13" \ - "$P_CLI debug_level=4 force_version=tls13" \ + "$P_CLI debug_level=4" \ 1 \ -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ -s "No certificate available." @@ -12563,8 +12563,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ run_test "TLS 1.3: Server side check - mbedtls with sni" \ "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0 \ sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ - "$P_CLI debug_level=4 server_name=localhost crt_file=data_files/server5.crt key_file=data_files/server5.key \ - force_version=tls13" \ + "$P_CLI debug_level=4 server_name=localhost crt_file=data_files/server5.crt key_file=data_files/server5.key" \ 0 \ -s "parse ServerName extension" \ -s "HTTP/1.0 200 OK"