Commit aaaa6ac1 authored by Matt Caswell's avatar Matt Caswell
Browse files

Don't negotiate TLSv1.3 with the ossl_shim 



The ossl_shim doesn't know about TLSv1.3 so we should disable that
protocol version for all tests for now.

This fixes the current Travis failures.

[extended tests]

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5593)
parent df0fed9a

test/ossl_shim/ossl_shim.cc

+6 −0
Original line number Diff line number Diff line
@@ -533,6 +533,12 @@ static bssl::UniquePtr<SSL_CTX> SetupCtx(const TestConfig *config) { 
      !SSL_CTX_set_max_proto_version(ssl_ctx.get(), TLS1_3_VERSION)) {

    return nullptr;

  }

#else

  /* Ensure we don't negotiate TLSv1.3 until we can handle it */

  if (!config->is_dtls &&

      !SSL_CTX_set_max_proto_version(ssl_ctx.get(), TLS1_2_VERSION)) {

    return nullptr;

  }

#endif



  std::string cipher_list = "ALL";