diff options
author | Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> | 2020-08-21 12:06:47 +0200 |
---|---|---|
committer | Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> | 2020-08-21 13:01:16 +0200 |
commit | 0e7bdd134070f738a0f13b83c29cbde80dcf7261 (patch) | |
tree | 240f2e0f3db7759e826e009e1929465a006df46a | |
parent | 2dcd0674e66dce9890b850837fb3b758dd094bcb (diff) | |
download | mbed-tls-0e7bdd134070f738a0f13b83c29cbde80dcf7261.tar.gz |
compat.sh: enable CBC-SHA-2 suites for GnuTLS
Recent GnuTLS packages on Ubuntu 16.04 have them disabled.
From /usr/share/doc/libgnutls30/changelog.Debian.gz:
gnutls28 (3.4.10-4ubuntu1.5) xenial-security; urgency=medium
* SECURITY UPDATE: Lucky-13 issues
[...]
- debian/patches/CVE-2018-1084x-4.patch: hmac-sha384 and sha256
ciphersuites were removed from defaults in lib/gnutls_priority.c,
tests/priorities.c.
Since we do want to test the ciphersuites, explicitly re-enable them in the
server's priority string. (This is a no-op with versions of GnuTLS where those
are already enabled by default.)
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
-rwxr-xr-x | tests/compat.sh | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/tests/compat.sh b/tests/compat.sh index e0da37396..b39a46302 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -934,7 +934,7 @@ setup_arguments() M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1" O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE -dhparam data_files/dhparams.pem" G_SERVER_ARGS="-p $PORT --http $G_MODE" - G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE" + G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+SHA256:+SHA384:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE" # with OpenSSL 1.0.1h, -www, -WWW and -HTTP break DTLS handshakes if is_dtls "$MODE"; then |