priorities: disable any key exchange methods if there is no TLS1.2 or earlier

That is, because TLS1.2 has specific requirements in the ordering of curves/groups if certain ciphersuites (ECDHE/DHE) are present, and by being able to eliminate them early we simplify the negotiation for TLS1.3-only clients/servers. Relates #378 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2018-03-12 17:10:42 +0100
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2018-03-23 20:51:34 +0100
commit: 95d31cea2897eafc14a4b7dc87269ef4c6c70fed (patch)
tree: 891be1c710f3f79d12d5d5a300de5ab489c31b11 /tests/tls13-cipher-neg.c
parent: 3495f992b8b4cd50f1136edcc2f66b53e701980d (diff)
download: gnutls-95d31cea2897eafc14a4b7dc87269ef4c6c70fed.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/tests/tls13-cipher-neg.c b/tests/tls13-cipher-neg.c
index ea9df13142..b2d402cb85 100644
--- a/tests/tls13-cipher-neg.c
+++ b/tests/tls13-cipher-neg.c
@@ -40,8 +40,8 @@
 /* We remove the ECDHE and DHE key exchanges as they impose additional
  * rules in the sorting of groups.
  */
-#define SPRIO "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3:-ECDHE-RSA:-ECDHE-ECDSA:-DHE-RSA:-RSA:-DHE-DSS"
-#define CPRIO "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:-ECDHE-RSA:-ECDHE-ECDSA:-DHE-RSA:-RSA:-DHE-DSS"
+#define SPRIO "NORMAL:-VERS-ALL:+VERS-TLS1.3"
+#define CPRIO "NORMAL:-VERS-ALL:+VERS-TLS1.3"
 
 test_case_st tests[] = {
 	{
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-03-12 17:10:42 +0100
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-03-23 20:51:34 +0100
commit	95d31cea2897eafc14a4b7dc87269ef4c6c70fed (patch)
tree	891be1c710f3f79d12d5d5a300de5ab489c31b11 /tests/tls13-cipher-neg.c
parent	3495f992b8b4cd50f1136edcc2f66b53e701980d (diff)
download	gnutls-95d31cea2897eafc14a4b7dc87269ef4c6c70fed.tar.gz