@@ -2810,6 +2810,14 @@ def try_protocol_combo(server_protocol, client_protocol, expect_success,
28102810 % (expect_success , stats ['version' ]))
28112811
28122812
2813+ def supports_kx_alias (ctx , aliases ):
2814+ for cipher in ctx .get_ciphers ():
2815+ for alias in aliases :
2816+ if f"Kx={ alias } in cipher ['description' ]:
2817+ return True
2818+ return False
2819+
2820+
28132821class ThreadedTests (unittest .TestCase ):
28142822
28152823 @support .requires_resource ('walltime' )
@@ -4070,8 +4078,13 @@ def test_no_legacy_server_connect(self):
40704078 sni_name = hostname )
40714079
40724080 def test_dh_params (self ):
4073- # Check we can get a connection with ephemeral Diffie-Hellman
4081+ # Check we can get a connection with ephemeral finite-field
4082+ # Diffie-Hellman (if supported).
40744083 client_context , server_context , hostname = testing_context ()
4084+ dhe_aliases = {"ADH" , "EDH" , "DHE" }
4085+ if not (supports_kx_alias (client_context , dhe_aliases )
4086+ and supports_kx_alias (server_context , dhe_aliases )):
4087+ self .skipTest ("libssl doesn't support ephemeral DH" )
40754088 # test scenario needs TLS <= 1.2
40764089 client_context .maximum_version = ssl .TLSVersion .TLSv1_2
40774090 try :
@@ -4087,7 +4100,7 @@ def test_dh_params(self):
40874100 sni_name = hostname )
40884101 cipher = stats ["cipher" ][0 ]
40894102 parts = cipher .split ("-" )
4090- if "ADH" not in parts and "EDH" not in parts and "DHE" not in parts :
4103+ if not dhe_aliases . intersection ( parts ) :
40914104 self .fail ("Non-DH key exchange: " + cipher [0 ])
40924105
40934106 def test_ecdh_curve (self ):
0 commit comments