On Thu, Jul 16, 2015 at 5:38 PM, Michael Felt <mamf...@gmail.com> wrote: > > btw - I am much more interested in the ssl tests and whether it is a failed > test (going back to MC4 128-bit) when the initial connection was much > better. I assume this is not logjam (or some other horrible recent OpenSSL > TLS renegotiate CVE) - but it is something we want to prevent (as far as I > know LibreSSL has no support for RC4 as it is too weak - hence these will > fail by definition if the test (client) is forcing a renegotiate to that > level of cryptography (key exchange?).
The test framework does indeed use RC4-MD5 (vs RC4-SHA) on location /require-md5-cgi (resp. /require-sha-cgi) for renegotiations based on cipher change. I have replace it with AES128 vs AES256 (-SHA) in r1691419, these should be available with both libs. Could you svn up your framework and check if it works now?