From 98f348a2c52c9b88f1258ab4e8413c9d26176e19 Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Thu, 30 Jan 2025 12:10:28 +0100
Subject: [PATCH] ssl-opt.sh|compat.sh: remove references to DHE-RSA
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
tests/compat.sh | 21 ---------------------
tests/ssl-opt.sh | 8 +++-----
2 files changed, 3 insertions(+), 26 deletions(-)
diff --git a/tests/compat.sh b/tests/compat.sh
index 656b29d06f..de8c1bb18a 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -320,14 +320,6 @@ add_common_ciphersuites()
"RSA")
CIPHERS="$CIPHERS \
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA \
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 \
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 \
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA \
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 \
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 \
- TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA \
- TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA \
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA \
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 \
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 \
@@ -393,9 +385,6 @@ add_openssl_ciphersuites()
"RSA")
CIPHERS="$CIPHERS \
- TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 \
- TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 \
- TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \
TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 \
TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 \
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \
@@ -444,14 +433,6 @@ add_gnutls_ciphersuites()
"RSA")
CIPHERS="$CIPHERS \
- TLS_DHE_RSA_WITH_AES_128_CCM \
- TLS_DHE_RSA_WITH_AES_128_CCM_8 \
- TLS_DHE_RSA_WITH_AES_256_CCM \
- TLS_DHE_RSA_WITH_AES_256_CCM_8 \
- TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 \
- TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 \
- TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 \
- TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 \
TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 \
TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 \
TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 \
@@ -523,8 +504,6 @@ add_mbedtls_ciphersuites()
"RSA")
M_CIPHERS="$M_CIPHERS \
- TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 \
- TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 \
TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 \
TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 \
TLS_RSA_WITH_ARIA_128_CBC_SHA256 \
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index b1a4b92cc8..23b692c723 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -310,7 +310,6 @@ requires_any_configs_disabled() {
}
TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \
- MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED \
MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \
MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED \
@@ -320,7 +319,6 @@ TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED"
TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \
- MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED \
MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED"
@@ -7732,12 +7730,12 @@ run_test "ALPN: both, no common" \
# In 4.0 this will probably go away as all TLS 1.2 key exchanges will use
# signatures too, following the removal of RSA #8170 and static ECDH #9201.
-run_test "keyUsage srv 1.2: RSA, digitalSignature -> (EC)DHE-RSA" \
+run_test "keyUsage srv 1.2: RSA, digitalSignature -> ECDHE-RSA" \
"$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \
crt_file=$DATA_FILES_PATH/server2.ku-ds.crt" \
"$P_CLI" \
0 \
- -c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-"
+ -c "Ciphersuite is TLS-ECDHE-RSA-WITH-"
run_test "keyUsage srv 1.2: RSA, keyEncipherment -> RSA" \
"$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \
@@ -8940,7 +8938,7 @@ requires_config_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
requires_gnutls
run_test "ClientHello without extensions: PSK" \
"$P_SRV force_version=tls12 debug_level=3 psk=73776f726466697368" \
- "$G_CLI --priority=NORMAL:+PSK:-RSA:-DHE-RSA:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION --pskusername=Client_identity --pskkey=73776f726466697368 localhost" \
+ "$G_CLI --priority=NORMAL:+PSK:-RSA:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION --pskusername=Client_identity --pskkey=73776f726466697368 localhost" \
0 \
-s "Ciphersuite is .*-PSK-.*" \
-S "Ciphersuite is .*-EC.*" \