088dfa1335
Add SSL_OP64_NO_EXTENDED_MASTER_SECRET, that can be set on either an SSL or an SSL_CTX. When processing a ClientHello, if this flag is set, do not indicate that the EMS TLS extension was received in either the ssl3 object or the SSL_SESSION. Retain most of the sanity checks between the previous and current session during session resumption, but weaken the check when the current SSL object is configured to not use EMS. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3910)
122 lines
3.1 KiB
Perl
122 lines
3.1 KiB
Perl
# -*- mode: perl; -*-
|
|
# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
|
|
#
|
|
# Licensed under the OpenSSL license (the "License"). You may not use
|
|
# this file except in compliance with the License. You can obtain a copy
|
|
# in the file LICENSE in the source distribution or at
|
|
# https://www.openssl.org/source/license.html
|
|
|
|
|
|
## SSL test configurations
|
|
|
|
package ssltests;
|
|
|
|
use OpenSSL::Test::Utils;
|
|
|
|
our @tests = ();
|
|
|
|
my @tests_tls1_2 = (
|
|
{
|
|
name => "disable-extended-master-secret-server-sha",
|
|
server => {
|
|
"Options" => "-ExtendedMasterSecret",
|
|
},
|
|
client => {
|
|
"CipherString" => "AES128-SHA",
|
|
"MaxProtocol" => "TLSv1.2"
|
|
},
|
|
test => {
|
|
"ExpectedResult" => "Success",
|
|
},
|
|
},
|
|
{
|
|
name => "disable-extended-master-secret-client-sha",
|
|
server => {
|
|
},
|
|
client => {
|
|
"CipherString" => "AES128-SHA",
|
|
"Options" => "-ExtendedMasterSecret",
|
|
"MaxProtocol" => "TLSv1.2"
|
|
},
|
|
test => {
|
|
"ExpectedResult" => "Success",
|
|
},
|
|
},
|
|
{
|
|
name => "disable-extended-master-secret-both-sha",
|
|
server => {
|
|
"Options" => "-ExtendedMasterSecret",
|
|
},
|
|
client => {
|
|
"CipherString" => "AES128-SHA",
|
|
"Options" => "-ExtendedMasterSecret",
|
|
"MaxProtocol" => "TLSv1.2"
|
|
},
|
|
test => {
|
|
"ExpectedResult" => "Success",
|
|
},
|
|
},
|
|
{
|
|
name => "disable-extended-master-secret-both-resume",
|
|
server => {
|
|
"Options" => "-ExtendedMasterSecret",
|
|
},
|
|
resume_server => {
|
|
},
|
|
client => {
|
|
"CipherString" => "AES128-SHA",
|
|
"Options" => "-ExtendedMasterSecret",
|
|
"MaxProtocol" => "TLSv1.2"
|
|
},
|
|
resume_client => {
|
|
"CipherString" => "AES128-SHA",
|
|
"MaxProtocol" => "TLSv1.2"
|
|
},
|
|
test => {
|
|
"HandshakeMode" => "Resume",
|
|
"ExpectedResult" => "Success",
|
|
},
|
|
},
|
|
{
|
|
name => "disable-extended-master-secret-server-sha2",
|
|
server => {
|
|
"Options" => "-ExtendedMasterSecret",
|
|
},
|
|
client => {
|
|
"CipherString" => "AES128-SHA256",
|
|
"MaxProtocol" => "TLSv1.2"
|
|
},
|
|
test => {
|
|
"ExpectedResult" => "Success",
|
|
},
|
|
},
|
|
{
|
|
name => "disable-extended-master-secret-client-sha2",
|
|
server => {
|
|
},
|
|
client => {
|
|
"CipherString" => "AES128-SHA256",
|
|
"Options" => "-ExtendedMasterSecret",
|
|
"MaxProtocol" => "TLSv1.2"
|
|
},
|
|
test => {
|
|
"ExpectedResult" => "Success",
|
|
},
|
|
},
|
|
{
|
|
name => "disable-extended-master-secret-both-sha2",
|
|
server => {
|
|
"Options" => "-ExtendedMasterSecret",
|
|
},
|
|
client => {
|
|
"CipherString" => "AES128-SHA256",
|
|
"Options" => "-ExtendedMasterSecret",
|
|
"MaxProtocol" => "TLSv1.2"
|
|
},
|
|
test => {
|
|
"ExpectedResult" => "Success",
|
|
},
|
|
},
|
|
);
|
|
|
|
push @tests, @tests_tls1_2 unless disabled("tls1_2");
|