From 6195767554da332e9f81e6510b07f7565ff8a538 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 18 Jun 2015 17:54:58 +0200 Subject: [PATCH] Fix default of openssl s_server openssl s_server up to 1.0.2.a included uses a 512-bit prime for DH by default. Since we now require 1024 bit at least, make s_server use decent params. (1.0.2b and up use acceptable params by default.) --- tests/compat.sh | 2 +- tests/ssl-opt.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index eac189110..3b19e8575 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -749,7 +749,7 @@ setup_arguments() esac P_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1" - O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE" + O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE -dhparam data_files/dhparams.pem" G_SERVER_ARGS="-p $PORT --http $G_MODE" G_SERVER_PRIO="NORMAL:+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE" diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 934f77214..6b0df5653 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -517,7 +517,7 @@ unset PORT_BASE P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT" P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT" P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT" -O_SRV="$O_SRV -accept $SRV_PORT" +O_SRV="$O_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem" O_CLI="$O_CLI -connect localhost:+SRV_PORT" G_SRV="$G_SRV -p $SRV_PORT" G_CLI="$G_CLI -p +SRV_PORT localhost"