diff options
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | regress/integrity.sh | 5 |
2 files changed, 10 insertions, 0 deletions
@@ -44,6 +44,11 @@ add tests for RekeyLimit parsing - (dtucker) [regress/bsd.regress.mk] Remove unused file. We've never used it in portable and it's long gone in openbsd. + - (dtucker) [regress/integrity.sh]. Force fixed Diffie-Hellman key exchange + methods. When the openssl version doesn't support ECDH then next one on + the list is DH group exchange, but that causes a bit more traffic which can + mean that the tests flip bits in the initial exchange rather than the MACed + traffic and we get different errors to what the tests look for. 20130516 - (djm) [contrib/ssh-copy-id] Fix bug that could cause "rm *" to be diff --git a/regress/integrity.sh b/regress/integrity.sh index 3950b7d1f..2621a0025 100644 --- a/regress/integrity.sh +++ b/regress/integrity.sh @@ -21,6 +21,11 @@ config_defined HAVE_EVP_SHA256 && config_defined OPENSSL_HAVE_EVPGCM && \ macs="$macs aes128-gcm@openssh.com aes256-gcm@openssh.com" +# avoid DH group exchange as the extra traffic makes it harder to get the +# offset into the stream right. +echo "KexAlgorithms diffie-hellman-group14-sha1,diffie-hellman-group1-sha1" \ + >> $OBJ/ssh_proxy + # sshd-command for proxy (see test-exec.sh) cmd="$SUDO sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSHD_LOGFILE} -i -f $OBJ/sshd_proxy" |