Add script for running TLS fuzzer

Fix a few minor issues found thereby
author: Jack Lloyd <[email protected]> 2019-05-24 07:06:07 -0400
committer: Jack Lloyd <[email protected]> 2019-05-24 07:06:07 -0400
commit: d3706175d560ed8fbf3f4d3961cae910be1c77e0 (patch)
tree: a791958ae6eeefef5f10a72213a69553dabb707f /src/tests/data
parent: 78dff743222447cd626c6a7a1d94c5ccd46de02b (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/src/tests/data/tls-policy/compat.txt b/src/tests/data/tls-policy/compat.txt
index 2fb831f44..4de9a60a6 100644
--- a/src/tests/data/tls-policy/compat.txt
+++ b/src/tests/data/tls-policy/compat.txt
@@ -2,7 +2,8 @@
 # for interop testing and fuzz testing
 
 # It is based on the default policy, but allows 3DES, SHA-1 signatures,
-# static RSA, and reduces the ephemeral key sizes
+# static RSA, reduces the ephemeral key sizes, and removes some
+# non-standard ciphersuites
 
 allow_tls10 = true
 allow_tls11 = true
@@ -13,8 +14,8 @@ ciphers = ChaCha20Poly1305 AES-256/GCM AES-128/GCM AES-256 AES-128 3DES
 macs = AEAD SHA-256 SHA-384 SHA-1
 signature_hashes = SHA-512 SHA-384 SHA-256 SHA-1
 signature_methods = ECDSA RSA IMPLICIT
-key_exchange_methods = CECPQ1 ECDH DH RSA
-key_exchange_groups = x25519 secp256r1 secp521r1 secp384r1 brainpool256r1 brainpool384r1 brainpool512r1 ffdhe/ietf/2048
+key_exchange_methods = ECDH DH RSA
+key_exchange_groups = x25519 secp256r1 secp521r1 secp384r1 brainpool256r1 brainpool384r1 brainpool512r1 ffdhe/ietf/2048 ffdhe/ietf/3072 ffdhe/ietf/4096 ffdhe/ietf/6144 ffdhe/ietf/8192
 allow_insecure_renegotiation = false
 include_time_in_hello_random = true
 allow_client_initiated_renegotiation = true
author	Jack Lloyd <[email protected]>	2019-05-24 07:06:07 -0400
committer	Jack Lloyd <[email protected]>	2019-05-24 07:06:07 -0400
commit	d3706175d560ed8fbf3f4d3961cae910be1c77e0 (patch)
tree	a791958ae6eeefef5f10a72213a69553dabb707f /src/tests/data
parent	78dff743222447cd626c6a7a1d94c5ccd46de02b (diff)