On 28/11/16 21:58, Blumenthal, Uri - 0553 - MITLL wrote: >> I can't reproduce this. But on the other hand I don't have previous > >installation on --prefix. > > But did you add “enable-tls1_3” to your config? > > >I mean I would guess this is because test > >program picks shared libraries at --prefix locations instead of just > >built ones, and those don't recognize 19-mac-then-encrypt.conf options. > >Originally shlib_wrap.sh had DYLD_INSERT_LIBRARIES to make it work, but > >it appears to be gone now... You should be able to confirm this by > >temporarily renaming --prefix location and running 'make test' or > >forcing install without testing... > > I forced the install without testing, and then re-ran the entire build and > test. I’m getting the very same problem. I must also say that I’ve been > tracking 1.1 branch for a very long time, always using this approach (without > even forcing the install – it did not seem confused regarding what libraries > to link against). > > The only thing that changed for this build now was addition of > “enable-tls1_3” config option (and of course, pulling the latest stuff from > the master). > > Removing “enable-tls1_3” and reconfiguring makes this error disappear. So I > think it’s somewhere in tls1_3 code. ;-)
The problem is in the test. Version negotiation happens before cipher selection. The test creates a connection which negotiates TLSv1.3. It then attempts to select a cipher. However no TLSv1.3 ciphers are offered by the test so the connection aborts. In truth the test is all about mac-then-encrypt which doesn't apply to TLSv1.3 anyway, so the test should just disable negotiation of that protocol version. Matt -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev