Merge branch 'maint-0.2.9'

2 files changed, 8 insertions, 4 deletions

diff --git a/changes/20460 b/changes/20460
new file mode 100644
index 0000000000..d51ec3ad96
--- /dev/null
+++ b/changes/20460
@@ -0,0 +1,4 @@
+  o Minor bugfixes (testing)
+    - Use ECDHE ciphers instead of ECDH in tortls tests. LibreSSL has
+      removed the ECDH ciphers which caused the tests to fail on
+      platforms which use it. Closes ticket 20460.
diff --git a/src/test/test_tortls.c b/src/test/test_tortls.c
index 44961c88e7..e2fee813bf 100644
--- a/src/test/test_tortls.c
+++ b/src/test/test_tortls.c
@@ -834,9 +834,9 @@ test_tortls_classify_client_ciphers(void *ignored)
 
   sk_SSL_CIPHER_zero(ciphers);
 
-  one = get_cipher_by_name("ECDH-RSA-AES256-GCM-SHA384");
+  one = get_cipher_by_name("ECDHE-RSA-AES256-GCM-SHA384");
   one->id = 0x00ff;
-  two = get_cipher_by_name("ECDH-RSA-AES128-GCM-SHA256");
+  two = get_cipher_by_name("ECDHE-RSA-AES128-GCM-SHA256");
   two->id = 0x0000;
   sk_SSL_CIPHER_push(ciphers, one);
   tls->client_cipher_list_type = 0;
@@ -906,7 +906,7 @@ test_tortls_client_is_using_v2_ciphers(void *ignored)
   tt_int_op(ret, OP_EQ, 0);
 
   ciphers = sk_SSL_CIPHER_new_null();
-  SSL_CIPHER *one = get_cipher_by_name("ECDH-RSA-AES256-GCM-SHA384");
+  SSL_CIPHER *one = get_cipher_by_name("ECDHE-RSA-AES256-GCM-SHA384");
   one->id = 0x00ff;
   sk_SSL_CIPHER_push(ciphers, one);
   sess->ciphers = ciphers;
@@ -1551,7 +1551,7 @@ test_tortls_session_secret_cb(void *ignored)
   tor_tls_session_secret_cb(tls->ssl, NULL, NULL, NULL, NULL, NULL);
   tt_assert(!tls->ssl->tls_session_secret_cb);
 
-  one = get_cipher_by_name("ECDH-RSA-AES256-GCM-SHA384");
+  one = get_cipher_by_name("ECDHE-RSA-AES256-GCM-SHA384");
   one->id = 0x00ff;
   ciphers = sk_SSL_CIPHER_new_null();
   sk_SSL_CIPHER_push(ciphers, one);