Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-13 05:15:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix for bug 332222 . Add support for mixed ECDH RSA SSL cipher suites. Patch contributed by Slavomir Katuscak . r=julien

Browse Source
This commit is contained in:
julien.pierre.bugs%sun.com 2006-09-08 21:15:41 +00:00
parent 31700bfd9f
commit e76630a134
3 changed files with 56 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
security/nss/tests/ssl/ssl.sh
View File

@ -215,6 +215,9 @@ start_selfserv()
else
ECC_OPTIONS=""
fi
if [ "$1" = "mixed" ]; then
ECC_OPTIONS="-e ${HOSTADDR}-ecmixed"
fi
echo "selfserv starting at `date`"
echo "selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \\"
echo " ${ECC_OPTIONS} -w nss ${sparam} -i ${R_SERVERPID} $verbose &"
@ -263,6 +266,8 @@ ssl_cov()
else
sparam="$CSHORT"
fi
mixed=0
start_selfserv # Launch the server
p=""
@ -282,7 +287,34 @@ ssl_cov()
TLS_FLAG=""
fi
is_selfserv_alive
# These five tests need an EC cert signed with RSA
# This requires a different certificate loaded in selfserv
# due to a (current) NSS limitation of only loaded one cert
# per type so the default selfserv setup will not work.
#:C00B TLS ECDH RSA WITH NULL SHA
#:C00C TLS ECDH RSA WITH RC4 128 SHA
#:C00D TLS ECDH RSA WITH 3DES EDE CBC SHA
#:C00E TLS ECDH RSA WITH AES 128 CBC SHA
#:C00F TLS ECDH RSA WITH AES 256 CBC SHA
if [ $mixed -eq 0 ]; then
if [ "${param}" = ":C00B" -o "${param}" = ":C00C" -o "${param}" = ":C00D" -o "${param}" = ":C00E" -o "${param}" = ":C00F" ]; then
kill_selfserv
start_selfserv mixed
mixed=1
else
is_selfserv_alive
fi
else
if [ "${param}" = ":C00B" -o "${param}" = ":C00C" -o "${param}" = ":C00D" -o "${param}" = ":C00E" -o "${param}" = ":C00F" ]; then
is_selfserv_alive
else
kill_selfserv
start_selfserv
mixed=0
fi
fi
echo "tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} ${TLS_FLAG} ${CLIENT_OPTIONS} \\"
echo " -f -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}"
@ -357,7 +389,17 @@ ssl_stress()
echo "$SCRIPTNAME: skipping $testname (ECC only)"
elif [ "$ectype" != "#" ]; then
cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$USER_NICKNAME/g" `
start_selfserv
# This tests needs the mixed cert
# Stress TLS ECDH-RSA AES 128 CBC with SHA (no reuse)
# Stress TLS ECDH-RSA AES 128 CBC with SHA (no reuse, client auth)
p=`echo "$sparam" | sed -e "s/\(.*\)\(-c_:C0..\)\(.*\)/\2/"`;
if [ "$p" = "-c_:C00E" ]; then
start_selfserv mixed
else
start_selfserv
fi
if [ "`uname -n`" = "sjsu" ] ; then
echo "debugging disapering selfserv... ps -ef | grep selfserv"
ps -ef | grep selfserv

20
security/nss/tests/ssl/sslcov.txt
View File

@ -59,11 +59,11 @@
ECC noTLS :C008 SSL3 ECDHE ECDSA WITH 3DES EDE CBC SHA
ECC noTLS :C009 SSL3 ECDHE ECDSA WITH AES 128 CBC SHA
ECC noTLS :C00A SSL3 ECDHE ECDSA WITH AES 256 CBC SHA
# ECC noTLS :C00B SSL3 ECDH RSA WITH NULL SHA
# ECC noTLS :C00C SSL3 ECDH RSA WITH RC4 128 SHA
# ECC noTLS :C00D SSL3 ECDH RSA WITH 3DES EDE CBC SHA
# ECC noTLS :C00E SSL3 ECDH RSA WITH AES 128 CBC SHA
# ECC noTLS :C00F SSL3 ECDH RSA WITH AES 256 CBC SHA
ECC noTLS :C00B SSL3 ECDH RSA WITH NULL SHA
ECC noTLS :C00C SSL3 ECDH RSA WITH RC4 128 SHA
ECC noTLS :C00D SSL3 ECDH RSA WITH 3DES EDE CBC SHA
ECC noTLS :C00E SSL3 ECDH RSA WITH AES 128 CBC SHA
ECC noTLS :C00F SSL3 ECDH RSA WITH AES 256 CBC SHA
ECC noTLS :C010 SSL3 ECDHE RSA WITH NULL SHA
ECC noTLS :C011 SSL3 ECDHE RSA WITH RC4 128 SHA
ECC noTLS :C012 SSL3 ECDHE RSA WITH 3DES EDE CBC SHA
@ -82,11 +82,11 @@
ECC TLS :C008 TLS ECDHE ECDSA WITH 3DES EDE CBC SHA
ECC TLS :C009 TLS ECDHE ECDSA WITH AES 128 CBC SHA
ECC TLS :C00A TLS ECDHE ECDSA WITH AES 256 CBC SHA
# ECC TLS :C00B TLS ECDH RSA WITH NULL SHA
# ECC TLS :C00C TLS ECDH RSA WITH RC4 128 SHA
# ECC TLS :C00D TLS ECDH RSA WITH 3DES EDE CBC SHA
# ECC TLS :C00E TLS ECDH RSA WITH AES 128 CBC SHA
# ECC TLS :C00F TLS ECDH RSA WITH AES 256 CBC SHA
ECC TLS :C00B TLS ECDH RSA WITH NULL SHA
ECC TLS :C00C TLS ECDH RSA WITH RC4 128 SHA
ECC TLS :C00D TLS ECDH RSA WITH 3DES EDE CBC SHA
ECC TLS :C00E TLS ECDH RSA WITH AES 128 CBC SHA
ECC TLS :C00F TLS ECDH RSA WITH AES 256 CBC SHA
ECC TLS :C010 TLS ECDHE RSA WITH NULL SHA
ECC TLS :C011 TLS ECDHE RSA WITH RC4 128 SHA
ECC TLS :C012 TLS ECDHE RSA WITH 3DES EDE CBC SHA

10
security/nss/tests/ssl/sslstress.txt
View File

@ -22,10 +22,7 @@
ECC 0 -c_:C009 -c_100_-C_:C009_-N_-T Stress SSL3 ECDHE-ECDSA AES 128 CBC with SHA (no reuse)
ECC 0 -c_:C013 -c_1000_-C_:C013_-T Stress SSL3 ECDHE-RSA AES 128 CBC with SHA
ECC 0 -c_:C004 -2_-c_100_-C_:C004_-N Stress TLS ECDH-ECDSA AES 128 CBC with SHA (no reuse)
#
# following line commented to woraround bug 332222
#
# ECC 0 -c_:C00E -2_-c_100_-C_:C00E_-N Stress TLS ECDH-RSA AES 128 CBC with SHA (no reuse)
ECC 0 -c_:C00E -2_-c_100_-C_:C00E_-N Stress TLS ECDH-RSA AES 128 CBC with SHA (no reuse)
ECC 0 -c_:C013 -2_-c_1000_-C_:C013 Stress TLS ECDHE-RSA AES 128 CBC with SHA
#
# add client auth versions here...
@ -33,8 +30,5 @@
ECC 0 -r_-r_-c_:C009 -c_10_-C_:C009_-N_-T_-n_TestUser-ec Stress SSL3 ECDHE-ECDSA AES 128 CBC with SHA (no reuse, client auth)
ECC 0 -r_-r_-c_:C013 -c_100_-C_:C013_-T_-n_TestUser-ec Stress SSL3 ECDHE-RSA AES 128 CBC with SHA (client auth)
ECC 0 -r_-r_-c_:C004 -c_10_-C_:C004_-N_-n_TestUser-ec Stress TLS ECDH-ECDSA AES 128 CBC with SHA (no reuse, client auth)
#
# following line commented to woraround bug 332222
#
# ECC 0 -r_-r_-c_:C00E -c_10_-C_:C00E_-N_-n_TestUser-ec Stress TLS ECDH-RSA AES 128 CBC with SHA (no reuse, client auth)
ECC 0 -r_-r_-c_:C00E -c_10_-C_:C00E_-N_-n_TestUser-ecmixed Stress TLS ECDH-RSA AES 128 CBC with SHA (no reuse, client auth)
ECC 0 -r_-r_-c_:C013 -c_100_-C_:C013_-n_TestUser-ec Stress TLS ECDHE-RSA AES 128 CBC with SHA(client auth)