commit 7e5d81d4317cb22be6f36b0daaedf4a5ed8a9fa5
author Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Wed Apr 10 12:50:40 2024 +0200
committer Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Wed Apr 10 22:19:01 2024 +0200
tree 20b824a376511930ef3b0a643f21c43d4c187bbd
parent e86e2bc451eb3fc43346be4f1d8913e49f0c1c94

compat.sh: no TLS-RSA-WITH-NULL-SHA256 with ssl3

This is officially a 1.2-only ciphersuite, but we also support it with
1.0 and 1.1. However we don't support it with SSLv3 (see definition in
ssl_ciphersuites.c: mininum minor version is 1, that is TLS 1.0).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

tests/compat.sh

diff --git a/tests/compat.sh b/tests/compat.sh
index 43c6cfa..6a43e25 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -655,14 +655,18 @@
             ;;
 
         "RSA")
-            # Not actually supported with all GnuTLS versions. See
-            # GNUTLS_HAS_TLS1_RSA_NULL_SHA256= below.
-            M_CIPHERS="$M_CIPHERS                               \
-                    TLS-RSA-WITH-NULL-SHA256                    \
-                    "
-            G_CIPHERS="$G_CIPHERS                               \
-                    +RSA:+NULL:+SHA256                          \
-                    "
+            if [ `minor_ver "$MODE"` -ge 1 ]
+            then
+                # Not actually supported with all GnuTLS versions. See
+                # GNUTLS_HAS_TLS1_RSA_NULL_SHA256= below.
+                M_CIPHERS="$M_CIPHERS                               \
+                        TLS-RSA-WITH-NULL-SHA256                    \
+                        "
+                G_CIPHERS="$G_CIPHERS                               \
+                        +RSA:+NULL:+SHA256                          \
+                        "
+            fi
+
             if [ `minor_ver "$MODE"` -ge 3 ]
             then
                 M_CIPHERS="$M_CIPHERS                           \