On Thu, Jul 16, 2015 at 5:38 PM, Michael Felt <mamf...@gmail.com> wrote:
> btw - I am much more interested in the ssl tests and whether it is a failed
> test (going back to MC4 128-bit) when the initial connection was much
> better. I assume this is not logjam (or some other horrible recent OpenSSL
> TLS renegotiate CVE) - but it is something we want to prevent (as far as I
> know LibreSSL has no support for RC4 as it is too weak - hence these will
> fail by definition if the test (client) is forcing a renegotiate to that
> level of cryptography (key exchange?).

The test framework does indeed use RC4-MD5 (vs RC4-SHA) on location
/require-md5-cgi (resp. /require-sha-cgi) for renegotiations based on
cipher change.

I have replace it with AES128 vs AES256 (-SHA) in r1691419, these
should be available with both libs.
Could you svn up your framework and check if it works now?

Reply via email to