const SSLCipherSuite standard_ciphersuites[] = {
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+ TLS_RSA_WITH_AES_256_GCM_SHA384,
+ TLS_RSA_WITH_AES_128_GCM_SHA256,
+ TLS_RSA_WITH_AES_256_CBC_SHA256,
+ TLS_RSA_WITH_AES_128_CBC_SHA256,
+ TLS_RSA_WITH_AES_256_CBC_SHA,
+ TLS_RSA_WITH_AES_128_CBC_SHA,
+};
+
+const SSLCipherSuite default_ciphersuites[] = {
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
size_t size;
int fail=1;
SSLCipherSuite *ciphers = NULL;
- OSStatus err;
require_noerr(SSLSetIOFuncs(ssl, &SocketRead, &SocketWrite), out);
require_noerr(SSLSetConnection(ssl, NULL), out);
free(ciphers);
ciphers = NULL;
- err = SSLHandshake(ssl);
- require(err == errSSLWouldBlock, out);
+ require(SSLHandshake(ssl) == errSSLWouldBlock, out);
require_noerr(SSLGetNumberEnabledCiphers(ssl, &num_ciphers), out);
require_string(num_ciphers==expected_num_ciphers, out, "wrong ciphersuites number");
/* The order of this tests does matter, be careful when adding tests */
ok(!test_GetSupportedCiphers(ssl, server), "test_default: GetSupportedCiphers test failed (%s)", server?"server":"client");
- ok(!test_GetEnabledCiphers(ssl, sizeof(standard_ciphersuites)/sizeof(SSLCipherSuite), standard_ciphersuites), "test_default: GetEnabledCiphers test failed (%s)", server?"server":"client");
+ ok(!test_GetEnabledCiphers(ssl, sizeof(default_ciphersuites)/sizeof(SSLCipherSuite), default_ciphersuites), "test_default: GetEnabledCiphers test failed (%s)", server?"server":"client");
CFRelease(ssl); ssl=NULL;
int ssl_46_SSLGetSupportedCiphers(int argc, char *const *argv)
{
- plan_tests(154);
+ plan_tests(178);
test_dhe(kSSLClientSide, true);
test_dhe(kSSLServerSide, true);
TEST_CONFIG(kSSLSessionConfig_legacy_DHE, legacy_DHE_ciphersuites);
TEST_CONFIG(kSSLSessionConfig_standard, standard_ciphersuites);
TEST_CONFIG(kSSLSessionConfig_RC4_fallback, legacy_ciphersuites);
- TEST_CONFIG(kSSLSessionConfig_TLSv1_fallback, standard_ciphersuites);
+ TEST_CONFIG(kSSLSessionConfig_TLSv1_fallback, default_ciphersuites);
TEST_CONFIG(kSSLSessionConfig_TLSv1_RC4_fallback, legacy_ciphersuites);
- TEST_CONFIG(kSSLSessionConfig_default, standard_ciphersuites);
+ TEST_CONFIG(kSSLSessionConfig_default, default_ciphersuites);
TEST_CONFIG(kSSLSessionConfig_anonymous, anonymous_ciphersuites);
+ TEST_CONFIG(kSSLSessionConfig_3DES_fallback, default_ciphersuites);
+ TEST_CONFIG(kSSLSessionConfig_TLSv1_3DES_fallback, default_ciphersuites);
return 0;
}
projects / apple / security.git / blobdiff