ssl-opt.sh|compat.sh: remove references to DHE-RSA

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti 2025-01-30 12:10:28 +01:00
parent 0baf3611e6
commit 98f348a2c5
2 changed files with 3 additions and 26 deletions

View File

@ -320,14 +320,6 @@ add_common_ciphersuites()
"RSA")
CIPHERS="$CIPHERS \
TLS_DHE_RSA_WITH_AES_128_CBC_SHA \
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 \
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 \
TLS_DHE_RSA_WITH_AES_256_CBC_SHA \
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 \
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 \
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA \
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA \
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA \
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 \
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 \
@ -393,9 +385,6 @@ add_openssl_ciphersuites()
"RSA")
CIPHERS="$CIPHERS \
TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 \
TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 \
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \
TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 \
TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 \
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \
@ -444,14 +433,6 @@ add_gnutls_ciphersuites()
"RSA")
CIPHERS="$CIPHERS \
TLS_DHE_RSA_WITH_AES_128_CCM \
TLS_DHE_RSA_WITH_AES_128_CCM_8 \
TLS_DHE_RSA_WITH_AES_256_CCM \
TLS_DHE_RSA_WITH_AES_256_CCM_8 \
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 \
TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 \
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 \
TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 \
TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 \
TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 \
TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 \
@ -523,8 +504,6 @@ add_mbedtls_ciphersuites()
"RSA")
M_CIPHERS="$M_CIPHERS \
TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 \
TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 \
TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 \
TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 \
TLS_RSA_WITH_ARIA_128_CBC_SHA256 \

View File

@ -310,7 +310,6 @@ requires_any_configs_disabled() {
}
TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \
MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED \
MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \
MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED \
@ -320,7 +319,6 @@ TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED"
TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \
MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED \
MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED"
@ -7732,12 +7730,12 @@ run_test "ALPN: both, no common" \
# In 4.0 this will probably go away as all TLS 1.2 key exchanges will use
# signatures too, following the removal of RSA #8170 and static ECDH #9201.
run_test "keyUsage srv 1.2: RSA, digitalSignature -> (EC)DHE-RSA" \
run_test "keyUsage srv 1.2: RSA, digitalSignature -> ECDHE-RSA" \
"$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \
crt_file=$DATA_FILES_PATH/server2.ku-ds.crt" \
"$P_CLI" \
0 \
-c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-"
-c "Ciphersuite is TLS-ECDHE-RSA-WITH-"
run_test "keyUsage srv 1.2: RSA, keyEncipherment -> RSA" \
"$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \
@ -8940,7 +8938,7 @@ requires_config_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
requires_gnutls
run_test "ClientHello without extensions: PSK" \
"$P_SRV force_version=tls12 debug_level=3 psk=73776f726466697368" \
"$G_CLI --priority=NORMAL:+PSK:-RSA:-DHE-RSA:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION --pskusername=Client_identity --pskkey=73776f726466697368 localhost" \
"$G_CLI --priority=NORMAL:+PSK:-RSA:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION --pskusername=Client_identity --pskkey=73776f726466697368 localhost" \
0 \
-s "Ciphersuite is .*-PSK-.*" \
-S "Ciphersuite is .*-EC.*" \