Restore the NULL-SHA ciphersuite. (Alas.) Change-Id: Ia5398f3b86a13fb20dba053f730b51a0e57b9aa4 Reviewed-on: https://boringssl-review.googlesource.com/5791 Reviewed-by: Adam Langley <agl@google.com>

commit: af096751e8d1cae9a570990b49b12527317c0003 [log] [tgz]
author: Matt Braithwaite <mab@google.com> Wed Sep 02 19:48:16 2015 -0700
committer: Adam Langley <agl@google.com> Fri Sep 11 22:18:08 2015 +0000
tree: 3ba157d8840cef2c5921420ae63fc7272babd998
parent: 4fac72e638c896c9fa30f5c6cd2fd7246f28f49e [diff] [blame]
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 5259dae..1875a26 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go

@@ -773,6 +773,7 @@
 	{"PSK-RC4-SHA", TLS_PSK_WITH_RC4_128_SHA},
 	{"RC4-MD5", TLS_RSA_WITH_RC4_128_MD5},
 	{"RC4-SHA", TLS_RSA_WITH_RC4_128_SHA},
+	{"NULL-SHA", TLS_RSA_WITH_NULL_SHA},
 }
 
 func hasComponent(suiteName, component string) bool {
@@ -787,7 +788,7 @@
 }
 
 func isDTLSCipher(suiteName string) bool {
-	return !hasComponent(suiteName, "RC4")
+	return !hasComponent(suiteName, "RC4") && !hasComponent(suiteName, "NULL")
 }
 
 func bigFromHex(hex string) *big.Int {
@@ -1968,6 +1969,10 @@
 				"-psk", psk,
 				"-psk-identity", pskIdentity)
 		}
+		if hasComponent(suite.name, "NULL") {
+			// NULL ciphers must be explicitly enabled.
+			flags = append(flags, "-cipher", "DEFAULT:NULL-SHA")
+		}
 
 		for _, ver := range tlsVersions {
 			if ver.version < VersionTLS12 && isTLS12Only(suite.name) {
commit	af096751e8d1cae9a570990b49b12527317c0003	[log] [tgz]
author	Matt Braithwaite <mab@google.com>	Wed Sep 02 19:48:16 2015 -0700
committer	Adam Langley <agl@google.com>	Fri Sep 11 22:18:08 2015 +0000
tree	3ba157d8840cef2c5921420ae63fc7272babd998
parent	4fac72e638c896c9fa30f5c6cd2fd7246f28f49e [diff] [blame]