diff options
author | Rob Crittenden <rcritten@redhat.com> | 2016-02-29 14:45:44 -0500 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2016-02-29 16:09:17 -0500 |
commit | ae8c616ade2199ca26bd39374707d44a04be7db3 (patch) | |
tree | f7c308f5b24549a5c3f1d42547f5823a8b47caf7 | |
parent | 5b93aa509881c307050de41e88000c33e13080be (diff) | |
download | mod_nss-ae8c616ade2199ca26bd39374707d44a04be7db3.tar.gz mod_nss-ae8c616ade2199ca26bd39374707d44a04be7db3.tar.xz mod_nss-ae8c616ade2199ca26bd39374707d44a04be7db3.zip |
Fix test for DH cipher directive
Since we don't support ADH ciphers can just ignore DH-*
Note that OpenSSL defines the DH- ciphers but does not implement
them so the DH string support is there only for compatibility.
-rw-r--r-- | nss_engine_cipher.c | 9 | ||||
-rw-r--r-- | test/test_cipher.py | 2 |
2 files changed, 11 insertions, 0 deletions
diff --git a/nss_engine_cipher.c b/nss_engine_cipher.c index ffa537e..4b059b0 100644 --- a/nss_engine_cipher.c +++ b/nss_engine_cipher.c @@ -307,6 +307,15 @@ static int parse_openssl_ciphers(server_rec *s, char *ciphers, PRBool cipher_lis } else if (!strcmp(cipher, "aRSA")) { mask |= SSL_aRSA; } else if (!strcmp(cipher, "EDH")) { + /* Normally this is kEDH:-ADH but since we don't + * support ADH this is sufficient. + */ + mask |= SSL_kEDH; + } else if (!strcmp(cipher, "DH")) { + /* non-ephemeral DH. The ciphers are defined + * but not implemented in OpenSSL so manage + * this here. + */ mask |= SSL_kEDH; #if 0 } else if (!strcmp(cipher, "ADH")) { diff --git a/test/test_cipher.py b/test/test_cipher.py index 4e69fc6..f1d39df 100644 --- a/test/test_cipher.py +++ b/test/test_cipher.py @@ -53,6 +53,8 @@ def assert_equal_openssl(ciphers): continue if not ENABLE_GCM and 'GCM' in o: continue + if o.startswith('DH-'): + continue if o in CIPHERS_NOT_IN_NSS: continue t.append(o) |