Overview
Comment: | Updated protocol negotiation test to use newer versions of TLS since SSLv3 is becoming less supported |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
2de09464e04ff5b0379f7a0a8fdaa1a2 |
User & Date: | rkeene on 2016-12-08 08:35:00 |
Other Links: | manifest | tags |
Context
2016-12-08
| ||
08:36 | Moved BIO_ wrappers into the BIO source and added more debugging output check-in: 333d833f31 user: rkeene tags: trunk | |
08:35 | Updated protocol negotiation test to use newer versions of TLS since SSLv3 is becoming less supported check-in: 2de09464e0 user: rkeene tags: trunk | |
07:37 | Integrated OpenSSL 1.1 patches check-in: a23ed6f309 user: rkeene tags: trunk | |
Changes
Modified tests/tlsIO.test
from [f978f73887]
to [956043a072].
︙ | ︙ | |||
2037 2038 2039 2040 2041 2042 2043 | set ::done HAND catch {tls::handshake $sock} msg set ::done $msg } # NOTE: when doing an in-process client/server test, both sides need # to be non-blocking for the TLS handshake | | | | | | 2037 2038 2039 2040 2041 2042 2043 2044 2045 2046 2047 2048 2049 2050 2051 2052 2053 2054 2055 2056 2057 2058 2059 | set ::done HAND catch {tls::handshake $sock} msg set ::done $msg } # NOTE: when doing an in-process client/server test, both sides need # to be non-blocking for the TLS handshake # Server - Only accept TLS 1.2 set s [tls::socket \ -certfile $serverCert -cafile $caCert -keyfile $serverKey \ -request 0 -require 0 -ssl2 0 -ssl3 0 -tls1 0 -tls1.1 0 -tls1.2 1 \ -server Accept 8831] # Client - Only propose TLS1.0 set c [tls::socket -async \ -cafile $caCert \ -request 0 -require 0 -ssl2 0 -ssl3 0 -tls1 1 -tls1.1 0 -tls1.2 0 \ [info hostname] 8831] fconfigure $c -blocking 0 puts $c a ; flush $c after 5000 [list set ::done timeout] vwait ::done set ::done } {handshake failed: wrong version number} |
︙ | ︙ |