Check-in [2de09464e0]
Overview
Comment:Updated protocol negotiation test to use newer versions of TLS since SSLv3 is becoming less supported
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 2de09464e04ff5b0379f7a0a8fdaa1a29f0d895a
User & Date: rkeene on 2016-12-08 08:35:00
Other Links: manifest | tags
Context
2016-12-08
08:36
Moved BIO_ wrappers into the BIO source and added more debugging output check-in: 333d833f31 user: rkeene tags: trunk
08:35
Updated protocol negotiation test to use newer versions of TLS since SSLv3 is becoming less supported check-in: 2de09464e0 user: rkeene tags: trunk
07:37
Integrated OpenSSL 1.1 patches check-in: a23ed6f309 user: rkeene tags: trunk
Changes
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
        set ::done HAND
        catch {tls::handshake $sock} msg
        set ::done $msg
    } 
    # NOTE: when doing an in-process client/server test, both sides need
    # to be non-blocking for the TLS handshake

    # Server - Only accept TLS 1 or higher
    set s [tls::socket \
               -certfile $serverCert -cafile $caCert -keyfile $serverKey \
               -request 0 -require 0 -ssl2 0 -ssl3 0 -tls1 1 -tls1.1 1 -tls1.2 1 \
               -server Accept 8831]
    # Client - Only propose SSL3
    set c [tls::socket -async \
               -cafile $caCert \
               -request 0 -require 0 -ssl2 0 -ssl3 1 -tls1 0 -tls1.1 0 -tls1.2 0 \
               [info hostname] 8831]
    fconfigure $c -blocking 0
    puts $c a ; flush $c
    after 5000 [list set ::done timeout]
    vwait ::done
    set ::done
} {handshake failed: wrong version number}







|


|

|


|







2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
        set ::done HAND
        catch {tls::handshake $sock} msg
        set ::done $msg
    } 
    # NOTE: when doing an in-process client/server test, both sides need
    # to be non-blocking for the TLS handshake

    # Server - Only accept TLS 1.2
    set s [tls::socket \
               -certfile $serverCert -cafile $caCert -keyfile $serverKey \
               -request 0 -require 0 -ssl2 0 -ssl3 0 -tls1 0 -tls1.1 0 -tls1.2 1 \
               -server Accept 8831]
    # Client - Only propose TLS1.0
    set c [tls::socket -async \
               -cafile $caCert \
               -request 0 -require 0 -ssl2 0 -ssl3 0 -tls1 1 -tls1.1 0 -tls1.2 0 \
               [info hostname] 8831]
    fconfigure $c -blocking 0
    puts $c a ; flush $c
    after 5000 [list set ::done timeout]
    vwait ::done
    set ::done
} {handshake failed: wrong version number}