diff --git a/lib/priority.c b/lib/priority.c
index 53c0d552d..6a4ccc2f4 100644
--- a/lib/priority.c
+++ b/lib/priority.c
@@ -179,7 +179,9 @@ static const int _supported_groups_secure192[] = {
static const int* supported_groups_secure192 = _supported_groups_secure192;
static const int protocol_priority[] = {
+#ifdef ENABLE_TLS13
GNUTLS_TLS1_3,
+#endif
GNUTLS_TLS1_2,
GNUTLS_TLS1_1,
GNUTLS_TLS1_0,
diff --git a/tests/mini-x509.c b/tests/mini-x509.c
index 52c650aa7..9b6bbcc00 100644
--- a/tests/mini-x509.c
+++ b/tests/mini-x509.c
@@ -258,5 +258,9 @@ void doit(void)
{
start("NORMAL:-VERS-ALL:+VERS-TLS1.2", 0);
start("NORMAL:-VERS-ALL:+VERS-TLS1.3", 0);
+#ifndef ENABLE_TLS13
+ start("NORMAL", 0);
+#else
start("NORMAL", 1);
+#endif
}
diff --git a/tests/priorities.c b/tests/priorities.c
index 6daef59ab..c5d44ea33 100644
--- a/tests/priorities.c
+++ b/tests/priorities.c
@@ -114,19 +114,27 @@ try_prio_err(const char *prio, int err)
void doit(void)
{
const int null = 3;
+#ifdef ENABLE_TLS13
int sec128_cs = 29;
int sec256_cs = 12;
int normal_cs = 29;
int pfs_cs = 23;
int null_normal_cs = 28; /* disables TLS1.3 CS */
+#else
+ int sec128_cs = 25;
+ int sec256_cs = 10;
+ int pfs_cs = 19;
+ int normal_cs = 25;
+ int null_normal_cs = normal_cs + null;
+#endif
int normal_ciphers = 7;
if (gnutls_fips140_mode_enabled()) {
- normal_cs = 25;
+ normal_cs = 22;
normal_ciphers = 6;
- pfs_cs = 25;
- sec256_cs = 8;
- sec128_cs = 25;
+ pfs_cs = 22;
+ sec256_cs = 7;
+ sec128_cs = 22;
}
try_prio("NORMAL", normal_cs, normal_ciphers, __LINE__);
diff --git a/tests/psk-file.c b/tests/psk-file.c
index 2512086e0..28d45560b 100644
--- a/tests/psk-file.c
+++ b/tests/psk-file.c
@@ -377,8 +377,13 @@ void doit(void)
run_test_ok("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+PSK", "jas", &key, 1, 0);
run_test_ok("NORMAL:-KX-ALL:+PSK", "jas", &key, 0, 0);
+#ifdef ENABLE_TLS13
run_test2("NORMAL:+PSK", NULL, "unknown", &key, 1, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
run_test2("NORMAL:+PSK", NULL, "jas", &wrong_key, 1, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+#else
+ run_test2("NORMAL:+PSK", NULL, "unknown", &key, 1, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_DECRYPTION_FAILED);
+ run_test2("NORMAL:+PSK", NULL, "jas", &wrong_key, 1, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_DECRYPTION_FAILED);
+#endif
run_test2("NORMAL:-KX-ALL:+PSK", NULL, "non-hex", &key, 1, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_KEYFILE_ERROR);
run_dhtest_ok("NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:-GROUP-EC-ALL", "jas", &key, 0, 0);
diff --git a/tests/pskself.c b/tests/pskself.c
index f3cc88217..65aceb252 100644
--- a/tests/pskself.c
+++ b/tests/pskself.c
@@ -326,9 +326,15 @@ void doit(void)
/* the following should work once we support PSK without DH */
run_test("NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+PSK", 0);
+#ifdef ENABLE_TLS13
run_test("NORMAL:-KX-ALL:+PSK", 0);
run_test("NORMAL:-KX-ALL:+ECDHE-PSK", 0);
run_test("NORMAL:-KX-ALL:+DHE-PSK", 0);
+#else
+ run_test("NORMAL:-KX-ALL:+PSK", 1);
+ run_test("NORMAL:-KX-ALL:+ECDHE-PSK", 1);
+ run_test("NORMAL:-KX-ALL:+DHE-PSK", 1);
+#endif
gnutls_dh_params_deinit(dh_params);
}
diff --git a/tests/session-tickets-missing.c b/tests/session-tickets-missing.c
index 35c9045b4..69f16cf64 100644
--- a/tests/session-tickets-missing.c
+++ b/tests/session-tickets-missing.c
@@ -316,7 +316,11 @@ void doit(void)
start("NORMAL:-VERS-ALL:+VERS-TLS1.3", GNUTLS_NO_TICKETS);
/* ...or there is no overlap between PSK key exchange modes */
start2("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:-DHE-PSK", "NORMAL:-VERS-ALL:+VERS-TLS1.3", 0, 0);
+#ifdef ENABLE_TLS13
start("NORMAL", GNUTLS_NO_TICKETS);
+#else
+ start("NORMAL", 0);
+#endif
}
#endif /* _WIN32 */