Gitweb:
https://git.exim.org/exim.git/commitdiff/f94aac30115bc94f2a1c8e3536ad7d40e7e4f302
Commit: f94aac30115bc94f2a1c8e3536ad7d40e7e4f302
Parent: 625f40fc27846bbb28fdd14fdc6941b99a431180
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Tue Nov 27 20:50:28 2018 +0000
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Tue Nov 27 20:55:13 2018 +0000
Testsuite: switch ciphersuite use
This is to accomodate RHEL 7, where openssl seems to not support ECDHE Kx + CAMELIA
nor any of the CHACHA20s, but does support DHE Kx + CAMELIA.
All we really wanted was something distinguishable from default
(which is commonly ECDHE-RSA-AUE256-GCM-SHA).
---
test/confs/5841 | 2 +-
test/log/5841 | 4 ++--
test/scripts/5840-DANE-OpenSSL/5841 | 4 ++--
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/test/confs/5841 b/test/confs/5841
index 98de91d..ccecd7e 100644
--- a/test/confs/5841
+++ b/test/confs/5841
@@ -23,7 +23,7 @@ tls_certificate = ${if eq {SERVER}{server} {CDIR2/fullchain.pem}fail}
tls_privatekey = ${if eq {SERVER}{server} {CDIR2/server1.example.com.unlocked.key}fail}
# Permit two specific ciphers
-tls_require_ciphers = ECDHE-RSA-CAMELLIA256-SHA384:ECDHE-RSA-AES256-GCM-SHA384
+tls_require_ciphers = DHE-RSA-CAMELLIA256-SHA:ECDHE-RSA-AES256-GCM-SHA384
# Force TLS1.2 so that the ciphers choice works
diff --git a/test/log/5841 b/test/log/5841
index 863107c..2589379 100644
--- a/test/log/5841
+++ b/test/log/5841
@@ -8,7 +8,7 @@
1999-03-02 09:44:33 10HmbB-0005vi-00 => CALLER@??? R=client T=send_to_server H=localhost.test.ex [127.0.0.1] X=TLSv1:ke-RSA-AES256-SHA:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbC-0005vi-00"
1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for CALLER@???
-1999-03-02 09:44:33 10HmbD-0005vi-00 => CALLER@??? R=client T=send_to_server H=dane256ee.test.ex [ip4.ip4.ip4.ip4] X=TLSv1:ECDHE-RSA-CAMELLIA256-SHA384:256 CV=dane DN="/CN=server1.example.com" C="250 OK id=10HmbE-0005vi-00"
+1999-03-02 09:44:33 10HmbD-0005vi-00 => CALLER@??? R=client T=send_to_server H=dane256ee.test.ex [ip4.ip4.ip4.ip4] X=TLSv1:DHE-RSA-CAMELLIA256-SHA:256 CV=dane DN="/CN=server1.example.com" C="250 OK id=10HmbE-0005vi-00"
1999-03-02 09:44:33 10HmbD-0005vi-00 Completed
******** SERVER ********
@@ -26,6 +26,6 @@
1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: <CALLER@???> R=server
1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
1999-03-02 09:44:33 "rcpt ACL"
-1999-03-02 09:44:33 10HmbE-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:ECDHE-RSA-CAMELLIA256-SHA384:256 CV=no S=sss id=E10HmbD-0005vi-00@??? for CALLER@???
+1999-03-02 09:44:33 10HmbE-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:DHE-RSA-CAMELLIA256-SHA:256 CV=no S=sss id=E10HmbD-0005vi-00@??? for CALLER@???
1999-03-02 09:44:33 10HmbE-0005vi-00 => :blackhole: <CALLER@???> R=server
1999-03-02 09:44:33 10HmbE-0005vi-00 Completed
diff --git a/test/scripts/5840-DANE-OpenSSL/5841 b/test/scripts/5840-DANE-OpenSSL/5841
index fff416e..2dc94eb 100644
--- a/test/scripts/5840-DANE-OpenSSL/5841
+++ b/test/scripts/5840-DANE-OpenSSL/5841
@@ -15,12 +15,12 @@ Testing
#
### Dane cipher specified, dane unused
# Since dane unused, should get the same cipher as the baseline
-exim -odf -DLIST=ECDHE-RSA-CAMELLIA256-SHA384 CALLER@???
+exim -odf -DLIST=DHE-RSA-CAMELLIA256-SHA CALLER@???
Testing
****
### Dane cipher specified, dane used
# Should get the cipher specified here
-exim -odf -DLIST=ECDHE-RSA-CAMELLIA256-SHA384 CALLER@???
+exim -odf -DLIST=DHE-RSA-CAMELLIA256-SHA CALLER@???
Testing
****
#
