mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-14 16:20:51 +00:00
ssl-opt.sh|compat.sh: remove references to DHE-RSA
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
parent
0baf3611e6
commit
98f348a2c5
@ -320,14 +320,6 @@ add_common_ciphersuites()
|
||||
|
||||
"RSA")
|
||||
CIPHERS="$CIPHERS \
|
||||
TLS_DHE_RSA_WITH_AES_128_CBC_SHA \
|
||||
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 \
|
||||
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 \
|
||||
TLS_DHE_RSA_WITH_AES_256_CBC_SHA \
|
||||
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 \
|
||||
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 \
|
||||
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA \
|
||||
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA \
|
||||
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA \
|
||||
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 \
|
||||
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 \
|
||||
@ -393,9 +385,6 @@ add_openssl_ciphersuites()
|
||||
|
||||
"RSA")
|
||||
CIPHERS="$CIPHERS \
|
||||
TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 \
|
||||
TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 \
|
||||
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \
|
||||
TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 \
|
||||
TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 \
|
||||
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \
|
||||
@ -444,14 +433,6 @@ add_gnutls_ciphersuites()
|
||||
|
||||
"RSA")
|
||||
CIPHERS="$CIPHERS \
|
||||
TLS_DHE_RSA_WITH_AES_128_CCM \
|
||||
TLS_DHE_RSA_WITH_AES_128_CCM_8 \
|
||||
TLS_DHE_RSA_WITH_AES_256_CCM \
|
||||
TLS_DHE_RSA_WITH_AES_256_CCM_8 \
|
||||
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 \
|
||||
TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 \
|
||||
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 \
|
||||
TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 \
|
||||
TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 \
|
||||
TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 \
|
||||
TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 \
|
||||
@ -523,8 +504,6 @@ add_mbedtls_ciphersuites()
|
||||
|
||||
"RSA")
|
||||
M_CIPHERS="$M_CIPHERS \
|
||||
TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 \
|
||||
TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 \
|
||||
TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 \
|
||||
TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 \
|
||||
TLS_RSA_WITH_ARIA_128_CBC_SHA256 \
|
||||
|
@ -310,7 +310,6 @@ requires_any_configs_disabled() {
|
||||
}
|
||||
|
||||
TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \
|
||||
MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED \
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \
|
||||
MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED \
|
||||
@ -320,7 +319,6 @@ TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \
|
||||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED"
|
||||
|
||||
TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \
|
||||
MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED \
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED"
|
||||
|
||||
@ -7732,12 +7730,12 @@ run_test "ALPN: both, no common" \
|
||||
# In 4.0 this will probably go away as all TLS 1.2 key exchanges will use
|
||||
# signatures too, following the removal of RSA #8170 and static ECDH #9201.
|
||||
|
||||
run_test "keyUsage srv 1.2: RSA, digitalSignature -> (EC)DHE-RSA" \
|
||||
run_test "keyUsage srv 1.2: RSA, digitalSignature -> ECDHE-RSA" \
|
||||
"$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \
|
||||
crt_file=$DATA_FILES_PATH/server2.ku-ds.crt" \
|
||||
"$P_CLI" \
|
||||
0 \
|
||||
-c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-"
|
||||
-c "Ciphersuite is TLS-ECDHE-RSA-WITH-"
|
||||
|
||||
run_test "keyUsage srv 1.2: RSA, keyEncipherment -> RSA" \
|
||||
"$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \
|
||||
@ -8940,7 +8938,7 @@ requires_config_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
|
||||
requires_gnutls
|
||||
run_test "ClientHello without extensions: PSK" \
|
||||
"$P_SRV force_version=tls12 debug_level=3 psk=73776f726466697368" \
|
||||
"$G_CLI --priority=NORMAL:+PSK:-RSA:-DHE-RSA:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION --pskusername=Client_identity --pskkey=73776f726466697368 localhost" \
|
||||
"$G_CLI --priority=NORMAL:+PSK:-RSA:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION --pskusername=Client_identity --pskkey=73776f726466697368 localhost" \
|
||||
0 \
|
||||
-s "Ciphersuite is .*-PSK-.*" \
|
||||
-S "Ciphersuite is .*-EC.*" \
|
||||
|
Loading…
x
Reference in New Issue
Block a user