compat.sh: no TLS-RSA-WITH-NULL-SHA256 with ssl3

This is officially a 1.2-only ciphersuite, but we also support it with 1.0 and 1.1. However we don't support it with SSLv3 (see definition in ssl_ciphersuites.c: mininum minor version is 1, that is TLS 1.0). Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2025-09-08 23:03:06 -04:00 · 2024-04-10 12:50:40 +02:00 · 2024-04-10 12:50:40 +02:00 · 7e5d81d431
commit 7e5d81d431
parent e86e2bc451
1 changed files with 12 additions and 8 deletions
--- a/tests/compat.sh
+++ b/tests/compat.sh
@ -655,14 +655,18 @@ add_gnutls_ciphersuites()
            ;;

        "RSA")
-            # Not actually supported with all GnuTLS versions. See
-            # GNUTLS_HAS_TLS1_RSA_NULL_SHA256= below.
-            M_CIPHERS="$M_CIPHERS                               \
-                    TLS-RSA-WITH-NULL-SHA256                    \
-                    "
-            G_CIPHERS="$G_CIPHERS                               \
-                    +RSA:+NULL:+SHA256                          \
-                    "
+            if [ `minor_ver "$MODE"` -ge 1 ]
+            then
+                # Not actually supported with all GnuTLS versions. See
+                # GNUTLS_HAS_TLS1_RSA_NULL_SHA256= below.
+                M_CIPHERS="$M_CIPHERS                               \
+                        TLS-RSA-WITH-NULL-SHA256                    \
+                        "
+                G_CIPHERS="$G_CIPHERS                               \
+                        +RSA:+NULL:+SHA256                          \
+                        "
+            fi
+
            if [ `minor_ver "$MODE"` -ge 3 ]
            then
                M_CIPHERS="$M_CIPHERS                           \