From 59aa52855d0ba68fefe6aad525da9ec82a77d5e5 Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Thu, 7 Jul 2022 13:20:12 +0000
Subject: [PATCH] Use the security level knob in the test script.

from beck
---
 regress/lib/libssl/ssl/testssl | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/regress/lib/libssl/ssl/testssl b/regress/lib/libssl/ssl/testssl
index fe633e87975..43efaa6460a 100644
--- a/regress/lib/libssl/ssl/testssl
+++ b/regress/lib/libssl/ssl/testssl
@@ -66,17 +66,29 @@ for protocol in SSLv3 TLSv1.2; do
   done
 done
 for protocol in TLSv1.3; do
-  echo "Testing ciphersuites for $protocol"
+  echo "Testing ciphersuites for $protocol at security level 2"
   for cipher in `$openssl ciphers -v "$protocol" |
     awk "/ $protocol / { print \\$1 }"`; do
     echo "Testing $cipher"
-    $ssltest -cipher $cipher
+    $ssltest -cipher $cipher -seclevel 2
     if [ $? -ne 0 ] ; then
       echo "Failed $cipher"
       exit 1
     fi
   done
 done
+for protocol in TLSv1.3; do
+  echo "Testing ciphersuites for $protocol at security level 3"
+  for cipher in `$openssl ciphers -v "$protocol" |
+    awk "/ $protocol / { print \\$1 }"`; do
+    echo "Testing $cipher"
+    $ssltest -cipher $cipher -seclevel 3
+    if [ $? -eq 0 ] ; then
+      echo "Failed $cipher should not have succeeded"
+      exit 1
+    fi
+  done
+done
 
 #############################################################################
 
-- 
2.20.1