Make truncated hmac a runtime option server-side
Reading the documentation of ssl_set_truncated_hmac() may give the impression
I changed the default for clients but I didn't, the old documentation was
wrong.
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 1349737..e4dc7ea 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -428,16 +428,43 @@
# Tests for Truncated HMAC extension
-run_test "Truncated HMAC: reference" \
+run_test "Truncated HMAC: client default, server default" \
"$P_SRV debug_level=4" \
- "$P_CLI trunc_hmac=0 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
+ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
0 \
- -s "dumping 'computed mac' (20 bytes)"
+ -s "dumping 'computed mac' (20 bytes)" \
+ -S "dumping 'computed mac' (10 bytes)"
-run_test "Truncated HMAC: actual test" \
+run_test "Truncated HMAC: client disabled, server default" \
"$P_SRV debug_level=4" \
- "$P_CLI trunc_hmac=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
+ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
+ trunc_hmac=0" \
0 \
+ -s "dumping 'computed mac' (20 bytes)" \
+ -S "dumping 'computed mac' (10 bytes)"
+
+run_test "Truncated HMAC: client enabled, server default" \
+ "$P_SRV debug_level=4" \
+ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
+ trunc_hmac=1" \
+ 0 \
+ -S "dumping 'computed mac' (20 bytes)" \
+ -s "dumping 'computed mac' (10 bytes)"
+
+run_test "Truncated HMAC: client enabled, server disabled" \
+ "$P_SRV debug_level=4 trunc_hmac=0" \
+ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
+ trunc_hmac=1" \
+ 0 \
+ -s "dumping 'computed mac' (20 bytes)" \
+ -S "dumping 'computed mac' (10 bytes)"
+
+run_test "Truncated HMAC: client enabled, server enabled" \
+ "$P_SRV debug_level=4 trunc_hmac=1" \
+ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
+ trunc_hmac=1" \
+ 0 \
+ -S "dumping 'computed mac' (20 bytes)" \
-s "dumping 'computed mac' (10 bytes)"
# Tests for Encrypt-then-MAC extension