algorithms: eliminate the FFDHE alert desc requirement

This implements the errata for RFC 7919 eliminating the requirement to reply with an insufficient_security alert when we have negotiated an FFDHE group, but cannot find common ciphersuite: https://www.rfc-editor.org/errata/eid4908 Signed-off-by: Daiki Ueno <dueno@redhat.com>
author: Daiki Ueno <dueno@redhat.com> 2019-05-17 11:51:00 +0200
committer: Daiki Ueno <dueno@redhat.com> 2019-05-22 08:17:11 +0200
commit: 0caf5b6922bd443bcf3eb1398a16c9d381fba86f (patch)
tree: 6fe17727ff806cc23d24b857fe0f67a80f996f2d /tests/tls-neg-ext4-key.c
parent: 86d5c56950489bc8469f73602d793ef48af6419a (diff)
download: gnutls-0caf5b6922bd443bcf3eb1398a16c9d381fba86f.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/tests/tls-neg-ext4-key.c b/tests/tls-neg-ext4-key.c
index 1adc65b93a..3d9db855ba 100644
--- a/tests/tls-neg-ext4-key.c
+++ b/tests/tls-neg-ext4-key.c
@@ -451,7 +451,7 @@ static const test_st tests[] = {
 	 .key = &server_ca3_rsa_pss_key,
 	 .sig = GNUTLS_SIGN_RSA_SHA256,
 	 .exp_kx = GNUTLS_KX_ECDHE_RSA,
-	 .exp_serv_err = GNUTLS_E_INSUFFICIENT_SECURITY
+	 .exp_serv_err = GNUTLS_E_NO_CIPHER_SUITES
 	},
 	{.name = "tls1.3 rsa-pss cert, rsa-sign key, downgrade to tls1.2", /* we expect the server to downgrade to TLS 1.2 and refuse negotiating */
 	 .pk = GNUTLS_PK_RSA,
author	Daiki Ueno <dueno@redhat.com>	2019-05-17 11:51:00 +0200
committer	Daiki Ueno <dueno@redhat.com>	2019-05-22 08:17:11 +0200
commit	0caf5b6922bd443bcf3eb1398a16c9d381fba86f (patch)
tree	6fe17727ff806cc23d24b857fe0f67a80f996f2d /tests/tls-neg-ext4-key.c
parent	86d5c56950489bc8469f73602d793ef48af6419a (diff)
download	gnutls-0caf5b6922bd443bcf3eb1398a16c9d381fba86f.tar.gz