From 7e5d81d4317cb22be6f36b0daaedf4a5ed8a9fa5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 10 Apr 2024 12:50:40 +0200 Subject: [PATCH] compat.sh: no TLS-RSA-WITH-NULL-SHA256 with ssl3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is officially a 1.2-only ciphersuite, but we also support it with 1.0 and 1.1. However we don't support it with SSLv3 (see definition in ssl_ciphersuites.c: mininum minor version is 1, that is TLS 1.0). Signed-off-by: Manuel Pégourié-Gonnard --- tests/compat.sh | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index 43c6cfa41..6a43e25c0 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -655,14 +655,18 @@ add_gnutls_ciphersuites() ;; "RSA") - # Not actually supported with all GnuTLS versions. See - # GNUTLS_HAS_TLS1_RSA_NULL_SHA256= below. - M_CIPHERS="$M_CIPHERS \ - TLS-RSA-WITH-NULL-SHA256 \ - " - G_CIPHERS="$G_CIPHERS \ - +RSA:+NULL:+SHA256 \ - " + if [ `minor_ver "$MODE"` -ge 1 ] + then + # Not actually supported with all GnuTLS versions. See + # GNUTLS_HAS_TLS1_RSA_NULL_SHA256= below. + M_CIPHERS="$M_CIPHERS \ + TLS-RSA-WITH-NULL-SHA256 \ + " + G_CIPHERS="$G_CIPHERS \ + +RSA:+NULL:+SHA256 \ + " + fi + if [ `minor_ver "$MODE"` -ge 3 ] then M_CIPHERS="$M_CIPHERS \