Merge pull request #5006 from JoeSubbiani/CleanCompat.sh2_dev
clean up compat.sh
diff --git a/tests/compat.sh b/tests/compat.sh
index c8a883d..d681217 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -67,17 +67,18 @@
fi
# default values for options
+# /!\ keep this synchronised with:
+# - basic-build-test.sh
+# - all.sh (multiple components)
MODES="tls12 dtls12"
VERIFIES="NO YES"
TYPES="ECDSA RSA PSK"
FILTER=""
-# exclude:
-# - NULL: excluded from our default config
-# avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL)
-# - ARIA: not in default mbedtls_config.h + requires OpenSSL >= 1.1.1
+# By default, exclude:
+# - NULL: excluded from our default config + requires OpenSSL legacy
+# - ARIA: requires OpenSSL >= 1.1.1
# - ChachaPoly: requires OpenSSL >= 1.1.0
-# - 3DES: not in default config
-EXCLUDE='NULL\|DES\|ARIA\|CHACHA20-POLY1305'
+EXCLUDE='NULL\|ARIA\|CHACHA20-POLY1305'
VERBOSE=""
MEMCHECK=0
PEERS="OpenSSL$PEER_GNUTLS mbedTLS"
@@ -245,73 +246,50 @@
case $TYPE in
"ECDSA")
- if [ `minor_ver "$MODE"` -gt 0 ]
- then
- CIPHERS="$CIPHERS \
- TLS-ECDHE-ECDSA-WITH-NULL-SHA \
- TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
- TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
- TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
- "
- fi
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- CIPHERS="$CIPHERS \
- TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
- TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
- TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
- "
- fi
+ CIPHERS="$CIPHERS \
+ TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
+ TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
+ TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
+ TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
+ TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
+ TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
+ TLS-ECDHE-ECDSA-WITH-NULL-SHA \
+ "
;;
"RSA")
CIPHERS="$CIPHERS \
TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
+ TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
+ TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
+ TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
+ TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
- TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
- TLS-RSA-WITH-AES-256-CBC-SHA \
- TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
+ TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
+ TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
+ TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
+ TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
+ TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
+ TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
+ TLS-ECDHE-RSA-WITH-NULL-SHA \
TLS-RSA-WITH-AES-128-CBC-SHA \
+ TLS-RSA-WITH-AES-128-CBC-SHA256 \
+ TLS-RSA-WITH-AES-128-GCM-SHA256 \
+ TLS-RSA-WITH-AES-256-CBC-SHA \
+ TLS-RSA-WITH-AES-256-CBC-SHA256 \
+ TLS-RSA-WITH-AES-256-GCM-SHA384 \
TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
- TLS-RSA-WITH-3DES-EDE-CBC-SHA \
+ TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
TLS-RSA-WITH-NULL-MD5 \
TLS-RSA-WITH-NULL-SHA \
+ TLS-RSA-WITH-NULL-SHA256 \
"
- if [ `minor_ver "$MODE"` -gt 0 ]
- then
- CIPHERS="$CIPHERS \
- TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
- TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
- TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
- TLS-ECDHE-RSA-WITH-NULL-SHA \
- "
- fi
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- CIPHERS="$CIPHERS \
- TLS-RSA-WITH-AES-128-CBC-SHA256 \
- TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
- TLS-RSA-WITH-AES-256-CBC-SHA256 \
- TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
- TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
- TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
- TLS-RSA-WITH-AES-128-GCM-SHA256 \
- TLS-RSA-WITH-AES-256-GCM-SHA384 \
- TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
- TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
- TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
- TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
- TLS-RSA-WITH-NULL-SHA256 \
- "
- fi
;;
"PSK")
CIPHERS="$CIPHERS \
- TLS-PSK-WITH-3DES-EDE-CBC-SHA \
TLS-PSK-WITH-AES-128-CBC-SHA \
TLS-PSK-WITH-AES-256-CBC-SHA \
"
@@ -347,62 +325,43 @@
case $TYPE in
"ECDSA")
- if [ `minor_ver "$MODE"` -gt 0 ]
- then
- CIPHERS="$CIPHERS \
- TLS-ECDH-ECDSA-WITH-NULL-SHA \
- TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA \
- TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \
- TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \
- "
- fi
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- CIPHERS="$CIPHERS \
- TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \
- TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \
- TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \
- TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \
- TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384 \
- TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256 \
- TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \
- "
- fi
+ CIPHERS="$CIPHERS \
+ TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \
+ TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \
+ TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \
+ TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \
+ TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \
+ TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \
+ TLS-ECDH-ECDSA-WITH-NULL-SHA \
+ TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256 \
+ TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384 \
+ TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \
+ "
;;
"RSA")
- CIPHERS="$CIPHERS \
- TLS-RSA-WITH-DES-CBC-SHA \
- TLS-DHE-RSA-WITH-DES-CBC-SHA \
+ CIPHERS="$CIPHERS \
+ TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256 \
+ TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384 \
+ TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \
+ TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256 \
+ TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384 \
+ TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \
+ TLS-RSA-WITH-ARIA-128-GCM-SHA256 \
+ TLS-RSA-WITH-ARIA-256-GCM-SHA384 \
"
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- CIPHERS="$CIPHERS \
- TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384 \
- TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384 \
- TLS-RSA-WITH-ARIA-256-GCM-SHA384 \
- TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256 \
- TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256 \
- TLS-RSA-WITH-ARIA-128-GCM-SHA256 \
- TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \
- TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \
- "
- fi
;;
"PSK")
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- CIPHERS="$CIPHERS \
- TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384 \
- TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 \
- TLS-PSK-WITH-ARIA-256-GCM-SHA384 \
- TLS-PSK-WITH-ARIA-128-GCM-SHA256 \
- TLS-PSK-WITH-CHACHA20-POLY1305-SHA256 \
- TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \
- TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \
- "
- fi
+ CIPHERS="$CIPHERS \
+ TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 \
+ TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384 \
+ TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \
+ TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \
+ TLS-PSK-WITH-ARIA-128-GCM-SHA256 \
+ TLS-PSK-WITH-ARIA-256-GCM-SHA384 \
+ TLS-PSK-WITH-CHACHA20-POLY1305-SHA256 \
+ "
;;
esac
@@ -424,115 +383,96 @@
case $TYPE in
"ECDSA")
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- CIPHERS="$CIPHERS \
- TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
- TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-ECDHE-ECDSA-WITH-AES-128-CCM \
- TLS-ECDHE-ECDSA-WITH-AES-256-CCM \
- TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \
- TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 \
- "
- fi
+ CIPHERS="$CIPHERS \
+ TLS-ECDHE-ECDSA-WITH-AES-128-CCM \
+ TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \
+ TLS-ECDHE-ECDSA-WITH-AES-256-CCM \
+ TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 \
+ TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
+ TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
+ TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
+ TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
+ "
;;
"RSA")
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- CIPHERS="$CIPHERS \
- TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
- TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
- TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
- TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-RSA-WITH-AES-128-CCM \
- TLS-RSA-WITH-AES-256-CCM \
- TLS-DHE-RSA-WITH-AES-128-CCM \
- TLS-DHE-RSA-WITH-AES-256-CCM \
- TLS-RSA-WITH-AES-128-CCM-8 \
- TLS-RSA-WITH-AES-256-CCM-8 \
- TLS-DHE-RSA-WITH-AES-128-CCM-8 \
- TLS-DHE-RSA-WITH-AES-256-CCM-8 \
- "
- fi
+ CIPHERS="$CIPHERS \
+ TLS-DHE-RSA-WITH-AES-128-CCM \
+ TLS-DHE-RSA-WITH-AES-128-CCM-8 \
+ TLS-DHE-RSA-WITH-AES-256-CCM \
+ TLS-DHE-RSA-WITH-AES-256-CCM-8 \
+ TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
+ TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
+ TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
+ TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
+ TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
+ TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
+ TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
+ TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
+ TLS-RSA-WITH-AES-128-CCM \
+ TLS-RSA-WITH-AES-128-CCM-8 \
+ TLS-RSA-WITH-AES-256-CCM \
+ TLS-RSA-WITH-AES-256-CCM-8 \
+ TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
+ TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
+ TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
+ TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
+ "
;;
"PSK")
- CIPHERS="$CIPHERS \
- TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \
- TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
- TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
+ CIPHERS="$CIPHERS \
+ TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
+ TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
+ TLS-DHE-PSK-WITH-AES-128-CCM \
+ TLS-DHE-PSK-WITH-AES-128-CCM-8 \
+ TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
+ TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
+ TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
+ TLS-DHE-PSK-WITH-AES-256-CCM \
+ TLS-DHE-PSK-WITH-AES-256-CCM-8 \
+ TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
+ TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
+ TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
+ TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
+ TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
+ TLS-DHE-PSK-WITH-NULL-SHA256 \
+ TLS-DHE-PSK-WITH-NULL-SHA384 \
+ TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
+ TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
+ TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \
+ TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
+ TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
+ TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
+ TLS-ECDHE-PSK-WITH-NULL-SHA256 \
+ TLS-ECDHE-PSK-WITH-NULL-SHA384 \
+ TLS-PSK-WITH-AES-128-CBC-SHA256 \
+ TLS-PSK-WITH-AES-128-CCM \
+ TLS-PSK-WITH-AES-128-CCM-8 \
+ TLS-PSK-WITH-AES-128-GCM-SHA256 \
+ TLS-PSK-WITH-AES-256-CBC-SHA384 \
+ TLS-PSK-WITH-AES-256-CCM \
+ TLS-PSK-WITH-AES-256-CCM-8 \
+ TLS-PSK-WITH-AES-256-GCM-SHA384 \
+ TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
+ TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
+ TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
+ TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
+ TLS-PSK-WITH-NULL-SHA256 \
+ TLS-PSK-WITH-NULL-SHA384 \
+ TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
+ TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
+ TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \
+ TLS-RSA-PSK-WITH-AES-256-CBC-SHA \
+ TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
+ TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \
+ TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
+ TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
+ TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
+ TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
+ TLS-RSA-PSK-WITH-NULL-SHA256 \
+ TLS-RSA-PSK-WITH-NULL-SHA384 \
"
- if [ `minor_ver "$MODE"` -gt 0 ]
- then
- CIPHERS="$CIPHERS \
- TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \
- TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
- TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA \
- TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA \
- TLS-RSA-PSK-WITH-AES-256-CBC-SHA \
- TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
- "
- fi
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- CIPHERS="$CIPHERS \
- TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
- TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
- TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
- TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-ECDHE-PSK-WITH-NULL-SHA384 \
- TLS-ECDHE-PSK-WITH-NULL-SHA256 \
- TLS-PSK-WITH-AES-128-CBC-SHA256 \
- TLS-PSK-WITH-AES-256-CBC-SHA384 \
- TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
- TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
- TLS-PSK-WITH-NULL-SHA256 \
- TLS-PSK-WITH-NULL-SHA384 \
- TLS-DHE-PSK-WITH-NULL-SHA256 \
- TLS-DHE-PSK-WITH-NULL-SHA384 \
- TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
- TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
- TLS-RSA-PSK-WITH-NULL-SHA256 \
- TLS-RSA-PSK-WITH-NULL-SHA384 \
- TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
- TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
- TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
- TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-PSK-WITH-AES-128-GCM-SHA256 \
- TLS-PSK-WITH-AES-256-GCM-SHA384 \
- TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
- TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
- TLS-PSK-WITH-AES-128-CCM \
- TLS-PSK-WITH-AES-256-CCM \
- TLS-DHE-PSK-WITH-AES-128-CCM \
- TLS-DHE-PSK-WITH-AES-256-CCM \
- TLS-PSK-WITH-AES-128-CCM-8 \
- TLS-PSK-WITH-AES-256-CCM-8 \
- TLS-DHE-PSK-WITH-AES-128-CCM-8 \
- TLS-DHE-PSK-WITH-AES-256-CCM-8 \
- TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \
- TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \
- "
- fi
;;
esac
@@ -551,71 +491,50 @@
case $TYPE in
"ECDSA")
- if [ `minor_ver "$MODE"` -gt 0 ]
- then
- M_CIPHERS="$M_CIPHERS \
- TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
- "
- fi
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- M_CIPHERS="$M_CIPHERS \
- TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 \
- TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 \
- TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384 \
- TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256 \
- TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384 \
- TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256 \
- "
- fi
+ M_CIPHERS="$M_CIPHERS \
+ TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256 \
+ TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256 \
+ TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384 \
+ TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384 \
+ TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
+ TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
+ TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
+ TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
+ TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 \
+ TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 \
+ "
;;
"RSA")
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- M_CIPHERS="$M_CIPHERS \
- TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 \
- TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 \
- TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 \
- TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 \
- TLS-RSA-WITH-ARIA-256-CBC-SHA384 \
- TLS-RSA-WITH-ARIA-128-CBC-SHA256 \
- "
- fi
+ M_CIPHERS="$M_CIPHERS \
+ TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 \
+ TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 \
+ TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 \
+ TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 \
+ TLS-RSA-WITH-ARIA-128-CBC-SHA256 \
+ TLS-RSA-WITH-ARIA-256-CBC-SHA384 \
+ "
;;
"PSK")
# *PSK-NULL-SHA suites supported by GnuTLS 3.3.5 but not 3.2.15
- M_CIPHERS="$M_CIPHERS \
- TLS-PSK-WITH-NULL-SHA \
- TLS-DHE-PSK-WITH-NULL-SHA \
+ M_CIPHERS="$M_CIPHERS \
+ TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256 \
+ TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384 \
+ TLS-DHE-PSK-WITH-NULL-SHA \
+ TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256 \
+ TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384 \
+ TLS-ECDHE-PSK-WITH-NULL-SHA \
+ TLS-PSK-WITH-ARIA-128-CBC-SHA256 \
+ TLS-PSK-WITH-ARIA-256-CBC-SHA384 \
+ TLS-PSK-WITH-NULL-SHA \
+ TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256 \
+ TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256 \
+ TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384 \
+ TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384 \
+ TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256 \
+ TLS-RSA-PSK-WITH-NULL-SHA \
"
- if [ `minor_ver "$MODE"` -gt 0 ]
- then
- M_CIPHERS="$M_CIPHERS \
- TLS-ECDHE-PSK-WITH-NULL-SHA \
- TLS-RSA-PSK-WITH-NULL-SHA \
- "
- fi
- if [ `minor_ver "$MODE"` -ge 3 ]
- then
- M_CIPHERS="$M_CIPHERS \
- TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384 \
- TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256 \
- TLS-PSK-WITH-ARIA-256-CBC-SHA384 \
- TLS-PSK-WITH-ARIA-128-CBC-SHA256 \
- TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384 \
- TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256 \
- TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384 \
- TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256 \
- TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384 \
- TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256 \
- TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256 \
- "
- fi
;;
esac
}
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 07e708b..55806fd 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1226,7 +1226,7 @@
msg "test: Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min
# Exclude some symmetric ciphers that are redundant here to gain time.
- tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA\|DES'
+ tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA'
}
component_test_everest_curve25519_only () {
@@ -1314,8 +1314,8 @@
msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s
tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private'
- msg "test: compat.sh DES, 3DES & NULL (full config)" # ~ 2 min
- env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL\|DES'
+ msg "test: compat.sh NULL (full config)" # ~ 2 min
+ env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL'
msg "test: compat.sh ARIA + ChachaPoly"
env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
@@ -1607,8 +1607,8 @@
msg "test: compat.sh default (full minus MBEDTLS_USE_PSA_CRYPTO)"
tests/compat.sh
- msg "test: compat.sh DES & NULL (full minus MBEDTLS_USE_PSA_CRYPTO)"
- env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES'
+ msg "test: compat.sh NULL (full minus MBEDTLS_USE_PSA_CRYPTO)"
+ env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -f 'NULL'
msg "test: compat.sh ARIA + ChachaPoly (full minus MBEDTLS_USE_PSA_CRYPTO)"
env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
@@ -2600,7 +2600,7 @@
msg "test: i386, Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min
# Exclude some symmetric ciphers that are redundant here to gain time.
- tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA\|DES'
+ tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA'
}
support_test_m32_everest () {
support_test_m32_o0 "$@"
diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh
index cf68b4e..31beb1c 100755
--- a/tests/scripts/basic-build-test.sh
+++ b/tests/scripts/basic-build-test.sh
@@ -121,13 +121,13 @@
echo '################ compat.sh ################'
{
echo '#### compat.sh: Default versions'
- sh compat.sh -m 'tls1_2 dtls1_2'
+ sh compat.sh
echo
- echo '#### compat.sh: legacy (null, DES)'
+ echo '#### compat.sh: legacy (null)'
OPENSSL_CMD="$OPENSSL_LEGACY" \
GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" \
- sh compat.sh -e '^$' -f 'NULL\|DES'
+ sh compat.sh -e '^$' -f 'NULL'
echo
echo '#### compat.sh: next (ARIA, ChaCha)'