From 6bf887340626e35e0497deaf246a9f034d8fe8ee Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Mon, 23 May 2016 17:21:11 -0400 Subject: [PATCH] Add back export and low-security ciphers These are disabled in OpenSSL 1.02g but are still enabled in the version in RHEL 7. --- test/test_cipher.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/test/test_cipher.py b/test/test_cipher.py index 1cce9e4..8b12f26 100644 --- a/test/test_cipher.py +++ b/test/test_cipher.py @@ -40,7 +40,7 @@ if ENABLE_SERVER_DHE == 0: OPENSSL_CIPHERS_IGNORE += ':-DH' def assert_equal_openssl(ciphers): - nss_ciphers = ciphers + ":-EXP:-LOW" + nss_ciphers = ciphers ossl_ciphers = ciphers + OPENSSL_CIPHERS_IGNORE (nss, err, rc) = run([exe, "--o", nss_ciphers]) assert rc == 0 @@ -270,8 +270,7 @@ class test_ciphers(object): assert_no_NULL("DEFAULT:aRSA") def test_SYSTEM_DEFAULT(self): - # I've added in !DHE here which differs from F-23 default - assert_equal_openssl("!SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES:!DHE") + assert_equal_openssl("!SSLv2:kEECDH:kRSA:kEDH:kPSK:DH:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES") def test_cipher_reorder(self): # re-ordering now allowed but shouldn't blow up either -- 2.5.5