Extend SSL_get_negotiated_group() tests for TLS 1.2
We don't implement RFC 7919 named groups for TLS 1.2, so we can only test the ECDHE case for non-TLS-1.3. Interestingly, though the test_key_exchange() routine claimed to be exercising ffdhe2048 with TLS 1.2, the configured ciphers were incompatible with DHE key exchange, so we ended up just using RSA key transport and not doing an ephemeral key exchange at all. Reconfigure the tests to actually exercise ephemeral key exchange for both the EC and FF cases (even though we don't use the named group information for the finite-field case). Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14750)
Showing
想要评论请 注册 或 登录