diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-07-03 11:45:31 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-07-07 08:26:47 +0200 |
commit | 6ca5787e2027a163eee5f85b36e8e0fe24fd6a53 (patch) | |
tree | 2290ebf5697ffabf19a9db7805cb81c517e1d74e /tests/psk-file.c | |
parent | 8ac40fc096570da555fd7bf7e66c508be9a9e9bf (diff) | |
download | gnutls-6ca5787e2027a163eee5f85b36e8e0fe24fd6a53.tar.gz |
_gnutls_figure_common_ciphersuite: apply rfc7919 requirements only under TLS1.2
Under TLS1.3 there is no requirement to return insufficient security depending
on the FFDHE group negotiation.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'tests/psk-file.c')
-rw-r--r-- | tests/psk-file.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/tests/psk-file.c b/tests/psk-file.c index e1e058ffe9..5bd01e42ce 100644 --- a/tests/psk-file.c +++ b/tests/psk-file.c @@ -381,7 +381,7 @@ void doit(void) "NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:+PSK:+DHE-PSK:%SERVER_PRECEDENCE:-GROUP-DH-ALL", "jas", &key, 0, GNUTLS_KX_PSK, 0, 0); /* try with PRF that doesn't match binder (SHA256) */ - run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM:+PSK:+DHE-PSK", NULL, "jas", &key, 0, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_INSUFFICIENT_SECURITY); + run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM:+PSK:+DHE-PSK", NULL, "jas", &key, 0, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_NO_CIPHER_SUITES); /* try with no groups and PSK */ run_test_ok("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:-GROUP-ALL", "jas", &key, 0, 0); /* try without any groups but DHE-PSK */ |