mirror of
https://github.com/ARMmbed/mbedtls.git
synced 2025-10-24 11:43:21 +08:00
Merge pull request #4289 from gilles-peskine-arm/openssl-dhparam-robustness-development
Backport 2.x: Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman
This commit is contained in:
@@ -905,10 +905,23 @@ setup_arguments()
|
||||
fi
|
||||
|
||||
M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1"
|
||||
O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE -dhparam data_files/dhparams.pem"
|
||||
O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE"
|
||||
G_SERVER_ARGS="-p $PORT --http $G_MODE"
|
||||
G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+SHA256:+SHA384:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
|
||||
|
||||
# The default prime for `openssl s_server` depends on the version:
|
||||
# * OpenSSL <= 1.0.2a: 512-bit
|
||||
# * OpenSSL 1.0.2b to 1.1.1b: 1024-bit
|
||||
# * OpenSSL >= 1.1.1c: 2048-bit
|
||||
# Mbed TLS wants >=1024, so force that for older versions. Don't force
|
||||
# it for newer versions, which reject a 1024-bit prime. Indifferently
|
||||
# force it or not for intermediate versions.
|
||||
case $($OPENSSL_CMD version) in
|
||||
"OpenSSL 1.0"*)
|
||||
O_SERVER_ARGS="$O_SERVER_ARGS -dhparam data_files/dhparams.pem"
|
||||
;;
|
||||
esac
|
||||
|
||||
# with OpenSSL 1.0.1h, -www, -WWW and -HTTP break DTLS handshakes
|
||||
if is_dtls "$MODE"; then
|
||||
O_SERVER_ARGS="$O_SERVER_ARGS"
|
||||
|
@@ -1197,7 +1197,7 @@ SRV_DELAY_SECONDS=0
|
||||
P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT"
|
||||
P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT"
|
||||
P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}"
|
||||
O_SRV="$O_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem"
|
||||
O_SRV="$O_SRV -accept $SRV_PORT"
|
||||
O_CLI="$O_CLI -connect localhost:+SRV_PORT"
|
||||
G_SRV="$G_SRV -p $SRV_PORT"
|
||||
G_CLI="$G_CLI -p +SRV_PORT"
|
||||
|
Reference in New Issue
Block a user