Testsuite: switch ciphersuite use
authorJeremy Harris <jgh146exb@wizmail.org>
Tue, 27 Nov 2018 20:50:28 +0000 (20:50 +0000)
committerJeremy Harris <jgh146exb@wizmail.org>
Tue, 27 Nov 2018 20:55:13 +0000 (20:55 +0000)
This is to accomodate RHEL 7, where openssl seems to not support ECDHE Kx + CAMELIA
nor any of the CHACHA20s, but does support DHE Kx + CAMELIA.

All we really wanted was something distinguishable from default
(which is commonly ECDHE-RSA-AUE256-GCM-SHA).

test/confs/5841
test/log/5841
test/scripts/5840-DANE-OpenSSL/5841

index 98de91d..ccecd7e 100644 (file)
@@ -23,7 +23,7 @@ tls_certificate = ${if eq {SERVER}{server} {CDIR2/fullchain.pem}fail}
 tls_privatekey =  ${if eq {SERVER}{server} {CDIR2/server1.example.com.unlocked.key}fail}
 
 # Permit two specific ciphers
-tls_require_ciphers = ECDHE-RSA-CAMELLIA256-SHA384:ECDHE-RSA-AES256-GCM-SHA384
+tls_require_ciphers = DHE-RSA-CAMELLIA256-SHA:ECDHE-RSA-AES256-GCM-SHA384
 
 # Force TLS1.2 so that the ciphers choice works
 
index 863107c..2589379 100644 (file)
@@ -8,7 +8,7 @@
 1999-03-02 09:44:33 10HmbB-0005vi-00 => CALLER@localhost.test.ex R=client T=send_to_server H=localhost.test.ex [127.0.0.1] X=TLSv1:ke-RSA-AES256-SHA:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbC-0005vi-00"
 1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@dane256ee.test.ex
-1999-03-02 09:44:33 10HmbD-0005vi-00 => CALLER@dane256ee.test.ex R=client T=send_to_server H=dane256ee.test.ex [ip4.ip4.ip4.ip4] X=TLSv1:ECDHE-RSA-CAMELLIA256-SHA384:256 CV=dane DN="/CN=server1.example.com" C="250 OK id=10HmbE-0005vi-00"
+1999-03-02 09:44:33 10HmbD-0005vi-00 => CALLER@dane256ee.test.ex R=client T=send_to_server H=dane256ee.test.ex [ip4.ip4.ip4.ip4] X=TLSv1:DHE-RSA-CAMELLIA256-SHA:256 CV=dane DN="/CN=server1.example.com" C="250 OK id=10HmbE-0005vi-00"
 1999-03-02 09:44:33 10HmbD-0005vi-00 Completed
 
 ******** SERVER ********
@@ -26,6 +26,6 @@
 1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: <CALLER@localhost.test.ex> R=server
 1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
 1999-03-02 09:44:33 "rcpt ACL"
-1999-03-02 09:44:33 10HmbE-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:ECDHE-RSA-CAMELLIA256-SHA384:256 CV=no S=sss id=E10HmbD-0005vi-00@myhost.test.ex for CALLER@dane256ee.test.ex
+1999-03-02 09:44:33 10HmbE-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:DHE-RSA-CAMELLIA256-SHA:256 CV=no S=sss id=E10HmbD-0005vi-00@myhost.test.ex for CALLER@dane256ee.test.ex
 1999-03-02 09:44:33 10HmbE-0005vi-00 => :blackhole: <CALLER@dane256ee.test.ex> R=server
 1999-03-02 09:44:33 10HmbE-0005vi-00 Completed
index fff416e..2dc94eb 100644 (file)
@@ -15,12 +15,12 @@ Testing
 #
 ### Dane cipher specified, dane unused
 # Since dane unused, should get the same cipher as the baseline
-exim -odf -DLIST=ECDHE-RSA-CAMELLIA256-SHA384 CALLER@localhost.test.ex
+exim -odf -DLIST=DHE-RSA-CAMELLIA256-SHA CALLER@localhost.test.ex
 Testing
 ****
 ### Dane cipher specified, dane used
 # Should get the cipher specified here
-exim -odf -DLIST=ECDHE-RSA-CAMELLIA256-SHA384 CALLER@dane256ee.test.ex
+exim -odf -DLIST=DHE-RSA-CAMELLIA256-SHA CALLER@dane256ee.test.ex
 Testing
 ****
 #