From 726ffbf642476ea793f15d92f7cfbe2ef4523b2b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 2 Aug 2023 20:02:44 +0200 Subject: [PATCH] ssl-opt: don't assume TLS 1.3 usage for external tool that don't have support Signed-off-by: Valerio Setti --- tests/ssl-opt.sh | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 6113eeba9..b214c6555 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1628,13 +1628,18 @@ run_test() { requires_config_enabled MBEDTLS_SSL_PROTO_DTLS fi - # If the client or server requires certain features that can be detected - # from their command-line arguments, check that they're enabled. - TLS_VERSION=$(get_tls_version "$SRV_CMD" "$CLI_CMD") - # Check if we are trying to use an external tool wich does not support ECDH EXT_WO_ECDH=$(use_ext_tool_without_ecdh_support "$SRV_CMD" "$CLI_CMD") + # Guess the TLS version which is going to be used + if [ "$EXT_WO_ECDH" = "no" ]; then + TLS_VERSION=$(get_tls_version "$SRV_CMD" "$CLI_CMD") + else + TLS_VERSION="TLS12" + fi + + # If the client or server requires certain features that can be detected + # from their command-line arguments, check that they're enabled. detect_required_features "$SRV_CMD" "server" "$TLS_VERSION" "$EXT_WO_ECDH" "$@" detect_required_features "$CLI_CMD" "client" "$TLS_VERSION" "$EXT_WO_ECDH" "$@"