Enable 3DES with GnuTLS

With GnuTLS servers, 3DES-CBC cipher suites are enabled by default under our GNUTLS_LEGACY (3.3.8), but disabled by default under more recent versions including the one we use by default on the CI (3.4.6). Even modern versions (I checked 3.7.2) support 3DES if explicitly enabled. So unconditionally enable 3DES-CBC for GnuTLS. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-09-18 11:37:34 -04:00 · 2024-05-30 15:14:40 +02:00 · 2024-05-30 15:14:40 +02:00 · 2ca5a68ad3
commit 2ca5a68ad3
parent d2c418932a
1 changed files with 1 additions and 1 deletions
--- a/tests/compat.sh
+++ b/tests/compat.sh
@ -1023,7 +1023,7 @@ setup_arguments()
    M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1"
    O_SERVER_ARGS="-accept $PORT -cipher ALL,COMPLEMENTOFALL -$O_MODE"
    G_SERVER_ARGS="-p $PORT --http $G_MODE"
-    G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+SHA256:+SHA384:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
+    G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+ARCFOUR-128:+3DES-CBC:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+SHA256:+SHA384:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"

    # The default prime for `openssl s_server` depends on the version:
    # * OpenSSL <= 1.0.2a: 512-bit