rpms / nss

Clone
Source Code
GIT

Files

  1.   c460de4d23b0209b67709679e378d270eb485661
  2.   tests-data-adjust-for-policy.patch
Blob Blame History Raw 
diff -up ./tests/ssl/sslauth.txt.expected_result ./tests/ssl/sslauth.txt
--- ./tests/ssl/sslauth.txt.expected_result	2016-05-17 00:58:45.000000000 -0700
+++ ./tests/ssl/sslauth.txt	2016-05-28 15:21:11.800761721 -0700
@@ -14,12 +14,12 @@
   noECC    254      -r_-r        -w_nss_-n_none           TLS Require client auth (client does not provide auth)
   noECC    254      -r_-r        -w_bogus_-n_TestUser     TLS Require client auth (bad password)
   noECC     0       -r_-r        -w_nss_-n_TestUser_      TLS Require client auth (client auth)
-  noECC     0       -r           -V_:ssl3_-w_nss_-n_none        SSL3 Request don't require client auth (client does not provide auth)
-  noECC     0       -r           -V_:ssl3_-n_TestUser_-w_bogus  SSL3 Request don't require client auth (bad password)
-  noECC     0       -r           -V_:ssl3_-n_TestUser_-w_nss    SSL3 Request don't require client auth (client auth)
+  noECC    254      -r           -V_:ssl3_-w_nss_-n_none        SSL3 Request don't require client auth (client does not provide auth)
+  noECC    254      -r           -V_:ssl3_-n_TestUser_-w_bogus  SSL3 Request don't require client auth (bad password)
+  noECC    254      -r           -V_:ssl3_-n_TestUser_-w_nss    SSL3 Request don't require client auth (client auth)
   noECC    254      -r_-r        -V_:ssl3_-w_nss_-n_none        SSL3 Require client auth (client does not provide auth)
   noECC    254      -r_-r        -V_:ssl3_-n_TestUser_-w_bogus  SSL3 Require client auth (bad password)
-  noECC     0       -r_-r        -V_:ssl3_-n_TestUser_-w_nss    SSL3 Require client auth (client auth)
+  noECC    254      -r_-r        -V_:ssl3_-n_TestUser_-w_nss    SSL3 Require client auth (client auth)
   noECC     0       -r_-r_-r     -V_ssl3:_-w_nss_-n_none        TLS Request don't require client auth on 2nd hs (client does not provide auth)
   noECC     0       -r_-r_-r     -V_ssl3:_-w_bogus_-n_TestUser  TLS Request don't require client auth on 2nd hs (bad password)
   noECC     0       -r_-r_-r     -V_ssl3:_-w_nss_-n_TestUser    TLS Request don't require client auth on 2nd hs (client auth)
@@ -32,9 +32,9 @@
   noECC     1       -r_-r_-r_-r  -V_ssl3:tls1.0_-w_nss_-n_none        TLS 1.0 Require client auth on 2nd hs (client does not provide auth)
   noECC     1       -r_-r_-r_-r  -V_ssl3:tls1.0_-w_bogus_-n_TestUser  TLS 1.0 Require client auth on 2nd hs (bad password)
   noECC     0       -r_-r_-r_-r  -V_ssl3:tls1.0_-w_nss_-n_TestUser    TLS 1.0 Require client auth on 2nd hs (client auth)
-  noECC     0       -r_-r_-r     -V_ssl3:ssl3_-w_nss_-n_none     SSL3 Request don't require client auth on 2nd hs (client does not provide auth)
-  noECC     0       -r_-r_-r     -V_ssl3:ssl3_-n_TestUser_-w_bogus SSL3 Request don't require client auth on 2nd hs (bad password)
-  noECC     0       -r_-r_-r     -V_ssl3:ssl3_-n_TestUser_-w_nss SSL3 Request don't require client auth on 2nd hs (client auth)
+  noECC    254      -r_-r_-r     -V_ssl3:ssl3_-w_nss_-n_none     SSL3 Request don't require client auth on 2nd hs (client does not provide auth)
+  noECC    254      -r_-r_-r     -V_ssl3:ssl3_-n_TestUser_-w_bogus SSL3 Request don't require client auth on 2nd hs (bad password)
+  noECC    254      -r_-r_-r     -V_ssl3:ssl3_-n_TestUser_-w_nss SSL3 Request don't require client auth on 2nd hs (client auth)
   noECC     1       -r_-r_-r_-r  -V_ssl3:ssl3_-w_nss_-n_none     SSL3 Require client auth on 2nd hs (client does not provide auth)
   noECC     1       -r_-r_-r_-r  -V_ssl3:ssl3_-n_TestUser_-w_bogus SSL3 Require client auth on 2nd hs (bad password)
   noECC     0       -r_-r_-r_-r  -V_ssl3:ssl3_-n_TestUser_-w_nss SSL3 Require client auth on 2nd hs (client auth)
@@ -57,17 +57,17 @@
    ECC      0       -r_-r_-r     -V_ssl3:tls1.0_-w_nss_-n_TestUser-ec    TLS 1.0 Request don't require client auth on 2nd hs (EC) (client auth)
    ECC      1       -r_-r_-r_-r  -V_ssl3:tls1.0_-w_bogus_-n_TestUser-ec  TLS 1.0 Require client auth on 2nd hs (EC) (bad password)
    ECC      0       -r_-r_-r_-r  -V_ssl3:tls1.0_-w_nss_-n_TestUser-ec_   TLS 1.0 Require client auth on 2nd hs (EC) (client auth)
-   ECC      0       -r_-r_-r     -V_ssl3:ssl3_-n_TestUser-ec_-w_bogus SSL3 Request don't require client auth on 2nd hs (EC) (bad password)
-   ECC      0       -r_-r_-r     -V_ssl3:ssl3_-n_TestUser-ec_-w_nss SSL3 Request don't require client auth on 2nd hs (EC) (client auth)
+   ECC     254      -r_-r_-r     -V_ssl3:ssl3_-n_TestUser-ec_-w_bogus SSL3 Request don't require client auth on 2nd hs (EC) (bad password)
+   ECC     254      -r_-r_-r     -V_ssl3:ssl3_-n_TestUser-ec_-w_nss SSL3 Request don't require client auth on 2nd hs (EC) (client auth)
    ECC      1       -r_-r_-r_-r  -V_ssl3:ssl3_-n_TestUser-ec_-w_bogus SSL3 Require client auth on 2nd hs (EC) (bad password)
-   ECC      0       -r_-r_-r_-r  -V_ssl3:ssl3_-n_TestUser-ec_-w_nss SSL3 Require client auth on 2nd hs (EC) (client auth)
+   ECC     254      -r_-r_-r_-r  -V_ssl3:ssl3_-n_TestUser-ec_-w_nss SSL3 Require client auth on 2nd hs (EC) (client auth)
 #
 # SNI Tests
 #
   SNI     0       -r_-a_Host-sni.Dom       -V_ssl3:_-w_nss_-n_TestUser                     TLS Server hello response without SNI
   SNI     0       -r_-a_Host-sni.Dom       -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom     TLS Server hello response with SNI
   SNI     1       -r_-a_Host-sni.Dom       -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni1.Dom    TLS Server response with alert
-  SNI     0       -r_-a_Host-sni.Dom       -V_ssl3:ssl3_-w_nss_-n_TestUser                  SSL3 Server hello response without SNI
+  SNI    254      -r_-a_Host-sni.Dom       -V_ssl3:ssl3_-w_nss_-n_TestUser                  SSL3 Server hello response without SNI
   SNI     1       -r_-a_Host-sni.Dom       -V_ssl3:ssl3_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom  SSL3 Server hello response with SNI: SSL don't have SH extensions
   SNI     0       -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser                     TLS Server hello response without SNI
   SNI     0       -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom     TLS Server hello response with SNI
diff -up ./tests/ssl/sslpolicy.txt.expected_result ./tests/ssl/sslpolicy.txt
--- ./tests/ssl/sslpolicy.txt.expected_result	2016-05-17 00:58:45.000000000 -0700
+++ ./tests/ssl/sslpolicy.txt	2016-05-28 15:21:11.800761721 -0700
@@ -148,26 +148,26 @@
 # Exp Enable Enable Cipher Config Policy      Test Name
 # Ret  EC     TLS
 # turn on single cipher 
-  0 noECC  SSL3   d    disallow=all_allow=hmac-sha1:sha256:rsa:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Allowed by Narrow Policy
-  0 noECC  SSL3   d    disallow=all_allow=hmac-sha1/ssl,ssl-key-exchange:sha256/cert-signature:rsa/ssl-key-exchange:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Allowed by Strict Policy
-  0 noECC  SSL3   d    disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Allow All Explicitly
-  1 noECC  SSL3   d    disallow=all Disallow All Explicitly.
+#  0 noECC  SSL3   d    disallow=all_allow=hmac-sha1:sha256:rsa:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Allowed by Narrow Policy
+#  0 noECC  SSL3   d    disallow=all_allow=hmac-sha1/ssl,ssl-key-exchange:sha256/cert-signature:rsa/ssl-key-exchange:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Allowed by Strict Policy
+#  0 noECC  SSL3   d    disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Allow All Explicitly
+#  1 noECC  SSL3   d    disallow=all Disallow All Explicitly.
 # turn off signature only
-  1 noECC  SSL3   d    disallow=sha256 Disallow SHA256 Signatures Explicitly.
-  1 noECC  SSL3   d    disallow=all_allow=hmac-sha1:rsa/ssl-key-exchange:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow SHA256 Signatures Implicitly Narrow.
-  1 noECC  SSL3   d    disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow SHA256 Signatures Implicitly.
+#  1 noECC  SSL3   d    disallow=sha256 Disallow SHA256 Signatures Explicitly.
+#  1 noECC  SSL3   d    disallow=all_allow=hmac-sha1:rsa/ssl-key-exchange:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow SHA256 Signatures Implicitly Narrow.
+#  1 noECC  SSL3   d    disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow SHA256 Signatures Implicitly.
 # turn off single cipher 
-  1 noECC  SSL3   d    disallow=des-ede3-cbc Disallow Cipher Explicitly
-  1 noECC  SSL3   d    disallow=all_allow=hmac-sha1:sha256:rsa:des-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow Cipher Implicitly Narrow.
-  1 noECC  SSL3   d    disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-verion-max=tls1.2 Disallow Cipher Implicitly.
+#  1 noECC  SSL3   d    disallow=des-ede3-cbc Disallow Cipher Explicitly
+#  1 noECC  SSL3   d    disallow=all_allow=hmac-sha1:sha256:rsa:des-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow Cipher Implicitly Narrow.
+#  1 noECC  SSL3   d    disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-verion-max=tls1.2 Disallow Cipher Implicitly.
 # turn off H-Mac
-  1 noECC  SSL3   d    disallow=hmac-sha1 Disallow HMAC Explicitly
-  1 noECC  SSL3   d    disallow=all_allow=md5:sha256:rsa:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow HMAC Implicitly Narrow.
-  1 noECC  SSL3   d    disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow HMAC Signatures Implicitly.
+#  1 noECC  SSL3   d    disallow=hmac-sha1 Disallow HMAC Explicitly
+#  1 noECC  SSL3   d    disallow=all_allow=md5:sha256:rsa:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow HMAC Implicitly Narrow.
+#  1 noECC  SSL3   d    disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow HMAC Signatures Implicitly.
 # turn off key exchange 
-  1 noECC  SSL3   d    disallow=rsa/ssl-key-exchange Disallow Key Exchange Explicitly.
-  1 noECC  SSL3   d    disallow=all_allow=hmac-sha1:sha256:dh-dss:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow Key Exchange Implicitly Narrow.
-  1 noECC  SSL3   d    disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow Key Exchnage Signatures Implicitly.
+#  1 noECC  SSL3   d    disallow=rsa/ssl-key-exchange Disallow Key Exchange Explicitly.
+#  1 noECC  SSL3   d    disallow=all_allow=hmac-sha1:sha256:dh-dss:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow Key Exchange Implicitly Narrow.
+#  1 noECC  SSL3   d    disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow Key Exchnage Signatures Implicitly.
 # turn off  version
   1 noECC  SSL3   d    allow=tls-version-min=tls1.0:tls-version-max=tls1.2 Disallow Version Exlicitly
   1 noECC  SSL3   d    disallow=all_allow=hmac-sha1:sha256:rsa:des-ede3-cbc:tls-version-min=tls1.0:tls-version-max=tls1.2 Disallow Version Implicitly Narrow.
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.