From f94aac30115bc94f2a1c8e3536ad7d40e7e4f302 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Tue, 27 Nov 2018 20:50:28 +0000 Subject: [PATCH] Testsuite: switch ciphersuite use This is to accomodate RHEL 7, where openssl seems to not support ECDHE Kx + CAMELIA nor any of the CHACHA20s, but does support DHE Kx + CAMELIA. All we really wanted was something distinguishable from default (which is commonly ECDHE-RSA-AUE256-GCM-SHA). --- test/confs/5841 | 2 +- test/log/5841 | 4 ++-- test/scripts/5840-DANE-OpenSSL/5841 | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/test/confs/5841 b/test/confs/5841 index 98de91d76..ccecd7e1f 100644 --- a/test/confs/5841 +++ b/test/confs/5841 @@ -23,7 +23,7 @@ tls_certificate = ${if eq {SERVER}{server} {CDIR2/fullchain.pem}fail} tls_privatekey = ${if eq {SERVER}{server} {CDIR2/server1.example.com.unlocked.key}fail} # Permit two specific ciphers -tls_require_ciphers = ECDHE-RSA-CAMELLIA256-SHA384:ECDHE-RSA-AES256-GCM-SHA384 +tls_require_ciphers = DHE-RSA-CAMELLIA256-SHA:ECDHE-RSA-AES256-GCM-SHA384 # Force TLS1.2 so that the ciphers choice works diff --git a/test/log/5841 b/test/log/5841 index 863107c2e..2589379fa 100644 --- a/test/log/5841 +++ b/test/log/5841 @@ -8,7 +8,7 @@ 1999-03-02 09:44:33 10HmbB-0005vi-00 => CALLER@localhost.test.ex R=client T=send_to_server H=localhost.test.ex [127.0.0.1] X=TLSv1:ke-RSA-AES256-SHA:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbC-0005vi-00" 1999-03-02 09:44:33 10HmbB-0005vi-00 Completed 1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@dane256ee.test.ex -1999-03-02 09:44:33 10HmbD-0005vi-00 => CALLER@dane256ee.test.ex R=client T=send_to_server H=dane256ee.test.ex [ip4.ip4.ip4.ip4] X=TLSv1:ECDHE-RSA-CAMELLIA256-SHA384:256 CV=dane DN="/CN=server1.example.com" C="250 OK id=10HmbE-0005vi-00" +1999-03-02 09:44:33 10HmbD-0005vi-00 => CALLER@dane256ee.test.ex R=client T=send_to_server H=dane256ee.test.ex [ip4.ip4.ip4.ip4] X=TLSv1:DHE-RSA-CAMELLIA256-SHA:256 CV=dane DN="/CN=server1.example.com" C="250 OK id=10HmbE-0005vi-00" 1999-03-02 09:44:33 10HmbD-0005vi-00 Completed ******** SERVER ******** @@ -26,6 +26,6 @@ 1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: R=server 1999-03-02 09:44:33 10HmbC-0005vi-00 Completed 1999-03-02 09:44:33 "rcpt ACL" -1999-03-02 09:44:33 10HmbE-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:ECDHE-RSA-CAMELLIA256-SHA384:256 CV=no S=sss id=E10HmbD-0005vi-00@myhost.test.ex for CALLER@dane256ee.test.ex +1999-03-02 09:44:33 10HmbE-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:DHE-RSA-CAMELLIA256-SHA:256 CV=no S=sss id=E10HmbD-0005vi-00@myhost.test.ex for CALLER@dane256ee.test.ex 1999-03-02 09:44:33 10HmbE-0005vi-00 => :blackhole: R=server 1999-03-02 09:44:33 10HmbE-0005vi-00 Completed diff --git a/test/scripts/5840-DANE-OpenSSL/5841 b/test/scripts/5840-DANE-OpenSSL/5841 index fff416e2a..2dc94ebe0 100644 --- a/test/scripts/5840-DANE-OpenSSL/5841 +++ b/test/scripts/5840-DANE-OpenSSL/5841 @@ -15,12 +15,12 @@ Testing # ### Dane cipher specified, dane unused # Since dane unused, should get the same cipher as the baseline -exim -odf -DLIST=ECDHE-RSA-CAMELLIA256-SHA384 CALLER@localhost.test.ex +exim -odf -DLIST=DHE-RSA-CAMELLIA256-SHA CALLER@localhost.test.ex Testing **** ### Dane cipher specified, dane used # Should get the cipher specified here -exim -odf -DLIST=ECDHE-RSA-CAMELLIA256-SHA384 CALLER@dane256ee.test.ex +exim -odf -DLIST=DHE-RSA-CAMELLIA256-SHA CALLER@dane256ee.test.ex Testing **** # -- 2.25.1