Don't negotiate TLSv1.3 with the ossl_shim

The ossl_shim doesn't know about TLSv1.3 so we should disable that protocol version for all tests for now. This fixes the current Travis failures. [extended tests] Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5593)

Don't negotiate TLSv1.3 with the ossl_shim
The ossl_shim doesn't know about TLSv1.3 so we should disable that protocol version for all tests for now. This fixes the current Travis failures. [extended tests] Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5593)
aaaa6ac1 · Matt Caswell · df0fed9a · aaaa6ac1
隐藏空白更改
内联并排

Showing with 6 addition and 0 deletion

test/ossl_shim/ossl_shim.cc test/ossl_shim/ossl_shim.cc +6 -0

未找到文件。
--- a/test/ossl_shim/ossl_shim.cc
+++ b/test/ossl_shim/ossl_shim.cc
@@ -533,6 +533,12 @@ static bssl::UniquePtr<SSL_CTX> SetupCtx(const TestConfig *config) {
      !SSL_CTX_set_max_proto_version(ssl_ctx.get(), TLS1_3_VERSION)) {
    return nullptr;
  }
+#else
+  /* Ensure we don't negotiate TLSv1.3 until we can handle it */
+  if (!config->is_dtls &&
+      !SSL_CTX_set_max_proto_version(ssl_ctx.get(), TLS1_2_VERSION)) {
+    return nullptr;
+  }
 #endif
  std::string cipher_list = "ALL";