- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
diff --git a/tests/compat.sh b/tests/compat.sh
new file mode 100644
index 0000000..ab84899
--- /dev/null
+++ b/tests/compat.sh
@@ -0,0 +1,136 @@
+killall -q openssl ssl_server
+
+openssl s_server -cert data_files/server2.crt -key data_files/server2.key -www -quiet -cipher NULL,ALL &
+PROCESS_ID=$!
+
+sleep 1
+
+CIPHERS=" \
+ SSL-EDH-RSA-AES-128-SHA \
+ SSL-EDH-RSA-AES-256-SHA \
+ SSL-EDH-RSA-CAMELLIA-128-SHA \
+ SSL-EDH-RSA-CAMELLIA-256-SHA \
+ SSL-EDH-RSA-DES-168-SHA \
+ SSL-RSA-AES-256-SHA \
+ SSL-RSA-CAMELLIA-256-SHA \
+ SSL-RSA-AES-128-SHA \
+ SSL-RSA-CAMELLIA-128-SHA \
+ SSL-RSA-DES-168-SHA \
+ SSL-RSA-RC4-128-SHA \
+ SSL-RSA-RC4-128-MD5 \
+ SSL-RSA-NULL-MD5 \
+ SSL-RSA-NULL-SHA \
+ SSL-RSA-DES-SHA \
+ SSL-EDH-RSA-DES-SHA \
+ "
+
+# Not supported by OpenSSL: SSL-RSA-NULL-SHA256
+for i in $CIPHERS;
+do
+ RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i )"
+ EXIT=$?
+ echo -n "OpenSSL Server - PolarSSL Client - $i : $EXIT - "
+ if [ "$EXIT" = "2" ];
+ then
+ echo Ciphersuite not supported in client
+ elif [ "$EXIT" != "0" ];
+ then
+ echo Failed
+ echo $RESULT
+ else
+ echo Success
+ fi
+done
+kill $PROCESS_ID
+
+../programs/ssl/ssl_server > /dev/null &
+PROCESS_ID=$!
+
+sleep 1
+
+CIPHERS=" \
+ DHE-RSA-AES128-SHA \
+ DHE-RSA-AES256-SHA \
+ DHE-RSA-CAMELLIA128-SHA \
+ DHE-RSA-CAMELLIA256-SHA \
+ EDH-RSA-DES-CBC3-SHA \
+ AES256-SHA \
+ CAMELLIA256-SHA \
+ AES128-SHA \
+ CAMELLIA128-SHA \
+ DES-CBC3-SHA \
+ RC4-SHA \
+ RC4-MD5 \
+ NULL-MD5 \
+ NULL-SHA \
+ DES-CBC-SHA \
+ EDH-RSA-DES-CBC-SHA \
+ "
+
+# Not supported by OpenSSL: NULL-SHA256
+for i in $CIPHERS;
+do
+ RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) | openssl s_client -cipher $i 2>&1)"
+ EXIT=$?
+ echo -n "PolarSSL Server - OpenSSL Client - $i : $EXIT - "
+
+ if [ "$EXIT" != "0" ];
+ then
+ SUPPORTED="$( echo $RESULT | grep 'Cipher is (NONE)' )"
+ if [ "X$SUPPORTED" != "X" ]
+ then
+ echo "Ciphersuite not supported in server"
+ else
+ echo Failed
+ echo $RESULT
+ fi
+ else
+ echo Success
+ fi
+done
+
+kill $PROCESS_ID
+
+../programs/ssl/ssl_server > /dev/null &
+PROCESS_ID=$!
+
+sleep 1
+
+CIPHERS=" \
+ SSL-RSA-RC4-128-SHA \
+ SSL-RSA-NULL-MD5 \
+ SSL-EDH-RSA-AES-128-SHA \
+ SSL-EDH-RSA-AES-256-SHA \
+ SSL-EDH-RSA-CAMELLIA-128-SHA \
+ SSL-EDH-RSA-CAMELLIA-256-SHA \
+ SSL-EDH-RSA-DES-168-SHA \
+ SSL-RSA-NULL-SHA \
+ SSL-RSA-AES-256-SHA \
+ SSL-RSA-CAMELLIA-256-SHA \
+ SSL-RSA-AES-128-SHA \
+ SSL-RSA-CAMELLIA-128-SHA \
+ SSL-RSA-DES-168-SHA \
+ SSL-RSA-RC4-128-MD5 \
+ SSL-RSA-DES-SHA \
+ SSL-EDH-RSA-DES-SHA \
+ SSL-RSA-NULL-SHA256 \
+ "
+
+for i in $CIPHERS;
+do
+ RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i )"
+ EXIT=$?
+ echo -n "PolarSSL Server - PolarSSL Client - $i : $EXIT - "
+ if [ "$EXIT" = "2" ];
+ then
+ echo Ciphersuite not supported in client
+ elif [ "$EXIT" != "0" ];
+ then
+ echo Failed
+ echo $RESULT
+ else
+ echo Success
+ fi
+done
+kill $PROCESS_ID
+