- (dtucker) [regress/integrity.sh]. Force fixed Diffie-Hellman key exchange methods. When the openssl version doesn't support ECDH then next one on the list is DH group exchange, but that causes a bit more traffic which can mean that the tests flip bits in the initial exchange rather than the MACed traffic and we get different errors to what the tests look for.

commit: 91af05c5167fe0aa5bd41d2e4a83757d9f627c18 [log] [tgz]
author: Darren Tucker <dtucker@zip.com.au> Fri May 17 13:16:59 2013 +1000
committer: Darren Tucker <dtucker@zip.com.au> Fri May 17 13:16:59 2013 +1000
tree: 27e573e42f677c35febb064932d97df2918d103b
parent: 6e1e60c3c2e16c32bb7ca0876caaa6182a4e4b2c [diff] [blame]
diff --git a/regress/integrity.sh b/regress/integrity.sh
index 3950b7d..2621a00 100644
--- a/regress/integrity.sh
+++ b/regress/integrity.sh

@@ -21,6 +21,11 @@
 config_defined OPENSSL_HAVE_EVPGCM && \
 	macs="$macs aes128-gcm@openssh.com aes256-gcm@openssh.com"
 
+# avoid DH group exchange as the extra traffic makes it harder to get the
+# offset into the stream right.
+echo "KexAlgorithms diffie-hellman-group14-sha1,diffie-hellman-group1-sha1" \
+	>> $OBJ/ssh_proxy
+
 # sshd-command for proxy (see test-exec.sh)
 cmd="$SUDO sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSHD_LOGFILE} -i -f $OBJ/sshd_proxy"
commit	91af05c5167fe0aa5bd41d2e4a83757d9f627c18	[log] [tgz]
author	Darren Tucker <dtucker@zip.com.au>	Fri May 17 13:16:59 2013 +1000
committer	Darren Tucker <dtucker@zip.com.au>	Fri May 17 13:16:59 2013 +1000
tree	27e573e42f677c35febb064932d97df2918d103b
parent	6e1e60c3c2e16c32bb7ca0876caaa6182a4e4b2c [diff] [blame]