You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There are a few TLS 1.2 test cases where we're currently using a DHE key exchange, but we could indifferently use ECDHE. Since we are removing DHE, we need to migrate those test cases to ECDHE.
This applies to development only. But we may want to backport the new test cases as additional tests in 3.6 for a minor but very cheap coverage improvement.
To clarify the scope:
A test case that uses DHE because its objective is to test DHE is out of scope.
A test case that uses DHE, for which there is another test case that's identical except for using ECDHE, is out of scope.
A test case that uses DHE, but could do without it, and has no equivalent non-DHE test case, is in scope.
resize_buffers_renegotiate_mfl: we're testing ECDHE-RSA with GCM, and DHE-RSA with CBC. I think there's no particular reason for that and in 4.0 we should just change thee DHE test cases to ECDHE.
ssl-opt.sh
"Opaque key for server authentication: DHE-RSA, PSS instead of PKCS1"
""Opaque keys for server authentication: EC + RSA, force DHE-RSA" ? Not sure if other test cases reach the same path
There are a few TLS 1.2 test cases where we're currently using a DHE key exchange, but we could indifferently use ECDHE. Since we are removing DHE, we need to migrate those test cases to ECDHE.
This applies to
development
only. But we may want to backport the new test cases as additional tests in 3.6 for a minor but very cheap coverage improvement.To clarify the scope:
The affected test cases, analyzed on 467edcd:
test_suite_ssl
resize_buffers_renegotiate_mfl
: we're testing ECDHE-RSA with GCM, and DHE-RSA with CBC. I think there's no particular reason for that and in 4.0 we should just change thee DHE test cases to ECDHE.ssl-opt.sh
The text was updated successfully, but these errors were encountered: