From b88e56ca032c6078a729b6c6bc409535b9baf748 Mon Sep 17 00:00:00 2001 From: Lindsay Stewart Date: Mon, 9 Dec 2024 15:57:40 -0800 Subject: [PATCH] more comments --- tests/integrationv2/common.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/integrationv2/common.py b/tests/integrationv2/common.py index 31b6c197774..35ba091cd79 100644 --- a/tests/integrationv2/common.py +++ b/tests/integrationv2/common.py @@ -113,11 +113,15 @@ def __init__(self, name, prefix, location=TEST_CERT_DIRECTORY): def compatible_with_cipher(self, cipher): if self.algorithm == cipher.algorithm: return True + # TLS1.3 cipher suites do not specify auth method, so allow any auth method if cipher.algorithm == 'ANY': return True if self.algorithm == 'RSAPSS': + # RSA-PSS certs can only be used by ciphers with RSA auth if cipher.algorithm != 'RSA': return False + # RSA-PSS certs do not support RSA key exchange, only RSA auth + # "DHE" here is intended to capture both "DHE" and "ECDHE" if 'DHE' in cipher.name: return True return False