diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index c35d5da694..8f6a1129af 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2877,7 +2877,7 @@ run_test "Session resume using tickets: session copy" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using tickets: openssl server" \ - "$O_SRV" \ + "$O_SRV -tls1_2" \ "$P_CLI debug_level=3 tickets=1 reconnect=1" \ 0 \ -c "client hello, adding session ticket extension" \ @@ -3318,7 +3318,7 @@ run_test "Session resume using cache: openssl client" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Session resume using cache: openssl server" \ - "$O_SRV" \ + "$O_SRV -tls1_2" \ "$P_CLI debug_level=3 tickets=0 reconnect=1" \ 0 \ -C "found session_ticket extension" \ @@ -3752,7 +3752,7 @@ requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Max fragment length: gnutls server" \ - "$G_SRV" \ + "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \ "$P_CLI debug_level=3 max_frag_len=4096" \ 0 \ -c "Maximum incoming record payload length is 4096" \ @@ -4151,7 +4151,7 @@ run_test "Renegotiation: nbio, server-initiated" \ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: openssl server, client-initiated" \ - "$O_SRV -www" \ + "$O_SRV -www -tls1_2" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ 0 \ -c "client hello, adding renegotiation extension" \ @@ -4165,7 +4165,7 @@ requires_gnutls requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: gnutls server strict, client-initiated" \ - "$G_SRV --priority=NORMAL:%SAFE_RENEGOTIATION" \ + "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ 0 \ -c "client hello, adding renegotiation extension" \ @@ -4179,7 +4179,7 @@ requires_gnutls requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: gnutls server unsafe, client-initiated default" \ - "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \ + "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ 1 \ -c "client hello, adding renegotiation extension" \ @@ -4193,7 +4193,7 @@ requires_gnutls requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: gnutls server unsafe, client-inititated no legacy" \ - "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \ + "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \ allow_legacy=0" \ 1 \ @@ -4208,7 +4208,7 @@ requires_gnutls requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renegotiation: gnutls server unsafe, client-inititated legacy" \ - "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \ + "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \ allow_legacy=1" \ 0 \ @@ -4284,7 +4284,7 @@ run_test "Renegotiation: DTLS, gnutls server, client-initiated" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renego ext: gnutls server strict, client default" \ - "$G_SRV --priority=NORMAL:%SAFE_RENEGOTIATION" \ + "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3" \ 0 \ -c "found renegotiation extension" \ @@ -4294,7 +4294,7 @@ run_test "Renego ext: gnutls server strict, client default" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renego ext: gnutls server unsafe, client default" \ - "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \ + "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3" \ 0 \ -C "found renegotiation extension" \ @@ -4304,7 +4304,7 @@ run_test "Renego ext: gnutls server unsafe, client default" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renego ext: gnutls server unsafe, client break legacy" \ - "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \ + "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3 allow_legacy=-1" \ 1 \ -C "found renegotiation extension" \ @@ -4650,7 +4650,7 @@ run_test "Authentication: openssl client no cert, server optional" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication: client no cert, openssl server optional" \ - "$O_SRV -verify 10" \ + "$O_SRV -verify 10 -tls1_2" \ "$P_CLI debug_level=3 crt_file=none key_file=none" \ 0 \ -C "skip parse certificate request" \ @@ -4661,7 +4661,7 @@ run_test "Authentication: client no cert, openssl server optional" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication: client no cert, openssl server required" \ - "$O_SRV -Verify 10" \ + "$O_SRV -Verify 10 -tls1_2" \ "$P_CLI debug_level=3 crt_file=none key_file=none" \ 1 \ -C "skip parse certificate request" \ @@ -5723,7 +5723,7 @@ run_test "keyUsage srv: ECDSA, keyEncipherment -> fail" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli: DigitalSignature+KeyEncipherment, RSA: OK" \ - "$O_SRV -key data_files/server2.key \ + "$O_SRV -tls1_2 -key data_files/server2.key \ -cert data_files/server2.ku-ds_ke.crt" \ "$P_CLI debug_level=1 \ force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ @@ -5734,7 +5734,7 @@ run_test "keyUsage cli: DigitalSignature+KeyEncipherment, RSA: OK" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \ - "$O_SRV -key data_files/server2.key \ + "$O_SRV -tls1_2 -key data_files/server2.key \ -cert data_files/server2.ku-ds_ke.crt" \ "$P_CLI debug_level=1 \ force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ @@ -5745,7 +5745,7 @@ run_test "keyUsage cli: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli: KeyEncipherment, RSA: OK" \ - "$O_SRV -key data_files/server2.key \ + "$O_SRV -tls1_2 -key data_files/server2.key \ -cert data_files/server2.ku-ke.crt" \ "$P_CLI debug_level=1 \ force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ @@ -5756,7 +5756,7 @@ run_test "keyUsage cli: KeyEncipherment, RSA: OK" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail" \ - "$O_SRV -key data_files/server2.key \ + "$O_SRV -tls1_2 -key data_files/server2.key \ -cert data_files/server2.ku-ke.crt" \ "$P_CLI debug_level=1 \ force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ @@ -5767,7 +5767,7 @@ run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail, soft" \ - "$O_SRV -key data_files/server2.key \ + "$O_SRV -tls1_2 -key data_files/server2.key \ -cert data_files/server2.ku-ke.crt" \ "$P_CLI debug_level=1 auth_mode=optional \ force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ @@ -5779,7 +5779,7 @@ run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail, soft" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli: DigitalSignature, DHE-RSA: OK" \ - "$O_SRV -key data_files/server2.key \ + "$O_SRV -tls1_2 -key data_files/server2.key \ -cert data_files/server2.ku-ds.crt" \ "$P_CLI debug_level=1 \ force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ @@ -5790,7 +5790,7 @@ run_test "keyUsage cli: DigitalSignature, DHE-RSA: OK" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli: DigitalSignature, RSA: fail" \ - "$O_SRV -key data_files/server2.key \ + "$O_SRV -tls1_2 -key data_files/server2.key \ -cert data_files/server2.ku-ds.crt" \ "$P_CLI debug_level=1 \ force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ @@ -5801,7 +5801,7 @@ run_test "keyUsage cli: DigitalSignature, RSA: fail" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli: DigitalSignature, RSA: fail, soft" \ - "$O_SRV -key data_files/server2.key \ + "$O_SRV -tls1_2 -key data_files/server2.key \ -cert data_files/server2.ku-ds.crt" \ "$P_CLI debug_level=1 auth_mode=optional \ force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ @@ -5893,7 +5893,7 @@ run_test "extKeyUsage srv: codeSign -> fail" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage cli: serverAuth -> OK" \ - "$O_SRV -key data_files/server5.key \ + "$O_SRV -tls1_2 -key data_files/server5.key \ -cert data_files/server5.eku-srv.crt" \ "$P_CLI debug_level=1" \ 0 \ @@ -5903,7 +5903,7 @@ run_test "extKeyUsage cli: serverAuth -> OK" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage cli: serverAuth,clientAuth -> OK" \ - "$O_SRV -key data_files/server5.key \ + "$O_SRV -tls1_2 -key data_files/server5.key \ -cert data_files/server5.eku-srv_cli.crt" \ "$P_CLI debug_level=1" \ 0 \ @@ -5913,7 +5913,7 @@ run_test "extKeyUsage cli: serverAuth,clientAuth -> OK" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage cli: codeSign,anyEKU -> OK" \ - "$O_SRV -key data_files/server5.key \ + "$O_SRV -tls1_2 -key data_files/server5.key \ -cert data_files/server5.eku-cs_any.crt" \ "$P_CLI debug_level=1" \ 0 \ @@ -5923,7 +5923,7 @@ run_test "extKeyUsage cli: codeSign,anyEKU -> OK" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage cli: codeSign -> fail" \ - "$O_SRV -key data_files/server5.key \ + "$O_SRV -tls1_2 -key data_files/server5.key \ -cert data_files/server5.eku-cs.crt" \ "$P_CLI debug_level=1" \ 1 \