@@ -2782,6 +2782,14 @@ def try_protocol_combo(server_protocol, client_protocol, expect_success,
27822782 % (expect_success , stats ['version' ]))
27832783
27842784
2785+ def supports_kx_alias (ctx , aliases ):
2786+ for cipher in ctx .get_ciphers ():
2787+ for alias in aliases :
2788+ if f"Kx={ alias } in cipher ['description' ]:
2789+ return True
2790+ return False
2791+
2792+
27852793class ThreadedTests (unittest .TestCase ):
27862794
27872795 @support .requires_resource ('walltime' )
@@ -3970,8 +3978,13 @@ def test_no_legacy_server_connect(self):
39703978 sni_name = hostname )
39713979
39723980 def test_dh_params (self ):
3973- # Check we can get a connection with ephemeral Diffie-Hellman
3981+ # Check we can get a connection with ephemeral finite-field
3982+ # Diffie-Hellman (if supported).
39743983 client_context , server_context , hostname = testing_context ()
3984+ dhe_aliases = {"ADH" , "EDH" , "DHE" }
3985+ if not (supports_kx_alias (client_context , dhe_aliases )
3986+ and supports_kx_alias (server_context , dhe_aliases )):
3987+ self .skipTest ("libssl doesn't support ephemeral DH" )
39753988 # test scenario needs TLS <= 1.2
39763989 client_context .maximum_version = ssl .TLSVersion .TLSv1_2
39773990 try :
@@ -3987,7 +4000,7 @@ def test_dh_params(self):
39874000 sni_name = hostname )
39884001 cipher = stats ["cipher" ][0 ]
39894002 parts = cipher .split ("-" )
3990- if "ADH" not in parts and "EDH" not in parts and "DHE" not in parts :
4003+ if not dhe_aliases . intersection ( parts ) :
39914004 self .fail ("Non-DH key exchange: " + cipher [0 ])
39924005
39934006 def test_ecdh_curve (self ):
0 commit comments