From 433deaffce45d58efd6bb014672f7fb95062d458 Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Tue, 25 Feb 2020 13:25:13 -0500 Subject: Use .cnf for config files, not .conf The default is openssl.cnf The project seems to prefer xxx.conf these days, but we should use the default convention. Rename all foo.conf (except for Configurations) to foo.cnf Fixes #11174 Reviewed-by: Paul Yang Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11176) --- test/CAss.cnf | 4 - test/P1ss.cnf | 4 - test/P2ss.cnf | 4 - test/README.ssltest.md | 32 +- test/Uss.cnf | 4 - test/build.info | 4 +- test/ct/log_list.cnf | 38 + test/ct/log_list.conf | 38 - test/default-and-fips.cnf | 2 +- test/fips.cnf | 2 +- test/provider_internal_test.cnf.in | 13 + test/provider_internal_test.conf.in | 13 - test/recipes/02-test_internal_provider.t | 2 +- test/recipes/03-test_fipsinstall.t | 26 +- test/recipes/04-test_conf.t | 4 +- test/recipes/04-test_conf_data/dollarid_off.cnf | 5 + test/recipes/04-test_conf_data/dollarid_off.conf | 5 - test/recipes/04-test_conf_data/dollarid_on.cnf | 5 + test/recipes/04-test_conf_data/dollarid_on.conf | 5 - test/recipes/30-test_evp.t | 2 +- test/recipes/30-test_evp_fetch_prov.t | 2 +- test/recipes/70-test_comp.t | 2 +- test/recipes/70-test_sslmessages.t | 2 +- test/recipes/70-test_sslversions.t | 2 +- test/recipes/70-test_tls13kexmodes.t | 2 +- test/recipes/70-test_tls13messages.t | 2 +- test/recipes/70-test_tls13psk.t | 2 +- test/recipes/80-test_ct.t | 2 +- test/recipes/80-test_ssl_new.t | 80 +- test/recipes/80-test_ssl_old.t | 2 +- test/recipes/80-test_ssl_test_ctx.t | 4 +- test/recipes/90-test_gost.t | 2 +- test/recipes/90-test_gost_data/gost.cnf | 13 + test/recipes/90-test_gost_data/gost.conf | 13 - .../recipes/90-test_includes_data/vms-includes.cnf | 2 +- test/ssl-tests/01-simple.cnf | 78 + test/ssl-tests/01-simple.cnf.in | 42 + test/ssl-tests/01-simple.conf | 78 - test/ssl-tests/01-simple.conf.in | 42 - test/ssl-tests/02-protocol-version.cnf | 18822 +++++++++++++++++++ test/ssl-tests/02-protocol-version.cnf.in | 19 + test/ssl-tests/02-protocol-version.conf | 18822 ------------------- test/ssl-tests/02-protocol-version.conf.in | 19 - test/ssl-tests/03-custom_verify.cnf | 238 + test/ssl-tests/03-custom_verify.cnf.in | 145 + test/ssl-tests/03-custom_verify.conf | 238 - test/ssl-tests/03-custom_verify.conf.in | 145 - test/ssl-tests/04-client_auth.cnf | 1132 ++ test/ssl-tests/04-client_auth.cnf.in | 196 + test/ssl-tests/04-client_auth.conf | 1132 -- test/ssl-tests/04-client_auth.conf.in | 196 - test/ssl-tests/05-sni.cnf | 308 + test/ssl-tests/05-sni.cnf.in | 169 + test/ssl-tests/05-sni.conf | 308 - test/ssl-tests/05-sni.conf.in | 169 - test/ssl-tests/06-sni-ticket.cnf | 767 + test/ssl-tests/06-sni-ticket.cnf.in | 101 + test/ssl-tests/06-sni-ticket.conf | 767 - test/ssl-tests/06-sni-ticket.conf.in | 101 - test/ssl-tests/07-dtls-protocol-version.cnf | 1820 ++ test/ssl-tests/07-dtls-protocol-version.cnf.in | 19 + test/ssl-tests/07-dtls-protocol-version.conf | 1820 -- test/ssl-tests/07-dtls-protocol-version.conf.in | 19 - test/ssl-tests/08-npn.cnf | 816 + test/ssl-tests/08-npn.cnf.in | 443 + test/ssl-tests/08-npn.conf | 816 - test/ssl-tests/08-npn.conf.in | 443 - test/ssl-tests/09-alpn.cnf | 619 + test/ssl-tests/09-alpn.cnf.in | 325 + test/ssl-tests/09-alpn.conf | 619 - test/ssl-tests/09-alpn.conf.in | 325 - test/ssl-tests/10-resumption.cnf | 2439 +++ test/ssl-tests/10-resumption.cnf.in | 19 + test/ssl-tests/10-resumption.conf | 2439 --- test/ssl-tests/10-resumption.conf.in | 19 - test/ssl-tests/11-dtls_resumption.cnf | 620 + test/ssl-tests/11-dtls_resumption.cnf.in | 19 + test/ssl-tests/11-dtls_resumption.conf | 620 - test/ssl-tests/11-dtls_resumption.conf.in | 19 - test/ssl-tests/12-ct.cnf | 191 + test/ssl-tests/12-ct.cnf.in | 119 + test/ssl-tests/12-ct.conf | 191 - test/ssl-tests/12-ct.conf.in | 119 - test/ssl-tests/13-fragmentation.cnf | 577 + test/ssl-tests/13-fragmentation.cnf.in | 268 + test/ssl-tests/13-fragmentation.conf | 577 - test/ssl-tests/13-fragmentation.conf.in | 268 - test/ssl-tests/14-curves.cnf | 874 + test/ssl-tests/14-curves.cnf.in | 47 + test/ssl-tests/14-curves.conf | 874 - test/ssl-tests/14-curves.conf.in | 47 - test/ssl-tests/15-certstatus.cnf | 62 + test/ssl-tests/15-certstatus.cnf.in | 45 + test/ssl-tests/15-certstatus.conf | 62 - test/ssl-tests/15-certstatus.conf.in | 45 - test/ssl-tests/16-dtls-certstatus.cnf | 62 + test/ssl-tests/16-dtls-certstatus.cnf.in | 78 + test/ssl-tests/16-dtls-certstatus.conf | 62 - test/ssl-tests/16-dtls-certstatus.conf.in | 78 - test/ssl-tests/17-renegotiate.cnf | 432 + test/ssl-tests/17-renegotiate.cnf.in | 249 + test/ssl-tests/17-renegotiate.conf | 432 - test/ssl-tests/17-renegotiate.conf.in | 249 - test/ssl-tests/18-dtls-renegotiate.cnf | 285 + test/ssl-tests/18-dtls-renegotiate.cnf.in | 192 + test/ssl-tests/18-dtls-renegotiate.conf | 285 - test/ssl-tests/18-dtls-renegotiate.conf.in | 192 - test/ssl-tests/19-mac-then-encrypt.cnf | 162 + test/ssl-tests/19-mac-then-encrypt.cnf.in | 102 + test/ssl-tests/19-mac-then-encrypt.conf | 162 - test/ssl-tests/19-mac-then-encrypt.conf.in | 102 - test/ssl-tests/20-cert-select.cnf | 1816 ++ test/ssl-tests/20-cert-select.cnf.in | 933 + test/ssl-tests/20-cert-select.conf | 1816 -- test/ssl-tests/20-cert-select.conf.in | 933 - test/ssl-tests/21-key-update.cnf | 112 + test/ssl-tests/21-key-update.cnf.in | 62 + test/ssl-tests/21-key-update.conf | 112 - test/ssl-tests/21-key-update.conf.in | 62 - test/ssl-tests/22-compression.cnf | 216 + test/ssl-tests/22-compression.cnf.in | 127 + test/ssl-tests/22-compression.conf | 216 - test/ssl-tests/22-compression.conf.in | 127 - test/ssl-tests/23-srp.cnf | 148 + test/ssl-tests/23-srp.cnf.in | 107 + test/ssl-tests/23-srp.conf | 148 - test/ssl-tests/23-srp.conf.in | 107 - test/ssl-tests/24-padding.cnf | 34 + test/ssl-tests/24-padding.cnf.in | 25 + test/ssl-tests/24-padding.conf | 34 - test/ssl-tests/24-padding.conf.in | 25 - test/ssl-tests/25-cipher.cnf | 244 + test/ssl-tests/25-cipher.cnf.in | 156 + test/ssl-tests/25-cipher.conf | 244 - test/ssl-tests/25-cipher.conf.in | 156 - test/ssl-tests/26-tls13_client_auth.cnf | 488 + test/ssl-tests/26-tls13_client_auth.cnf.in | 302 + test/ssl-tests/26-tls13_client_auth.conf | 488 - test/ssl-tests/26-tls13_client_auth.conf.in | 302 - test/ssl-tests/27-ticket-appdata.cnf | 146 + test/ssl-tests/27-ticket-appdata.cnf.in | 99 + test/ssl-tests/27-ticket-appdata.conf | 146 - test/ssl-tests/27-ticket-appdata.conf.in | 99 - test/ssl-tests/28-seclevel.cnf | 150 + test/ssl-tests/28-seclevel.cnf.in | 83 + test/ssl-tests/28-seclevel.conf | 150 - test/ssl-tests/28-seclevel.conf.in | 83 - test/ssl-tests/29-dtls-sctp-label-bug.cnf | 116 + test/ssl-tests/29-dtls-sctp-label-bug.cnf.in | 67 + test/ssl-tests/29-dtls-sctp-label-bug.conf | 116 - test/ssl-tests/29-dtls-sctp-label-bug.conf.in | 67 - test/ssl-tests/30-extended-master-secret.cnf | 203 + test/ssl-tests/30-extended-master-secret.cnf.in | 122 + test/ssl-tests/30-extended-master-secret.conf | 203 - test/ssl-tests/30-extended-master-secret.conf.in | 122 - test/ssl_test_ctx_test.c | 2 +- test/ssl_test_ctx_test.cnf | 97 + test/ssl_test_ctx_test.conf | 97 - 158 files changed, 38919 insertions(+), 38935 deletions(-) create mode 100644 test/ct/log_list.cnf delete mode 100644 test/ct/log_list.conf create mode 100644 test/provider_internal_test.cnf.in delete mode 100644 test/provider_internal_test.conf.in create mode 100644 test/recipes/04-test_conf_data/dollarid_off.cnf delete mode 100644 test/recipes/04-test_conf_data/dollarid_off.conf create mode 100644 test/recipes/04-test_conf_data/dollarid_on.cnf delete mode 100644 test/recipes/04-test_conf_data/dollarid_on.conf create mode 100644 test/recipes/90-test_gost_data/gost.cnf delete mode 100644 test/recipes/90-test_gost_data/gost.conf create mode 100644 test/ssl-tests/01-simple.cnf create mode 100644 test/ssl-tests/01-simple.cnf.in delete mode 100644 test/ssl-tests/01-simple.conf delete mode 100644 test/ssl-tests/01-simple.conf.in create mode 100644 test/ssl-tests/02-protocol-version.cnf create mode 100644 test/ssl-tests/02-protocol-version.cnf.in delete mode 100644 test/ssl-tests/02-protocol-version.conf delete mode 100644 test/ssl-tests/02-protocol-version.conf.in create mode 100644 test/ssl-tests/03-custom_verify.cnf create mode 100644 test/ssl-tests/03-custom_verify.cnf.in delete mode 100644 test/ssl-tests/03-custom_verify.conf delete mode 100644 test/ssl-tests/03-custom_verify.conf.in create mode 100644 test/ssl-tests/04-client_auth.cnf create mode 100644 test/ssl-tests/04-client_auth.cnf.in delete mode 100644 test/ssl-tests/04-client_auth.conf delete mode 100644 test/ssl-tests/04-client_auth.conf.in create mode 100644 test/ssl-tests/05-sni.cnf create mode 100644 test/ssl-tests/05-sni.cnf.in delete mode 100644 test/ssl-tests/05-sni.conf delete mode 100644 test/ssl-tests/05-sni.conf.in create mode 100644 test/ssl-tests/06-sni-ticket.cnf create mode 100644 test/ssl-tests/06-sni-ticket.cnf.in delete mode 100644 test/ssl-tests/06-sni-ticket.conf delete mode 100644 test/ssl-tests/06-sni-ticket.conf.in create mode 100644 test/ssl-tests/07-dtls-protocol-version.cnf create mode 100644 test/ssl-tests/07-dtls-protocol-version.cnf.in delete mode 100644 test/ssl-tests/07-dtls-protocol-version.conf delete mode 100644 test/ssl-tests/07-dtls-protocol-version.conf.in create mode 100644 test/ssl-tests/08-npn.cnf create mode 100644 test/ssl-tests/08-npn.cnf.in delete mode 100644 test/ssl-tests/08-npn.conf delete mode 100644 test/ssl-tests/08-npn.conf.in create mode 100644 test/ssl-tests/09-alpn.cnf create mode 100644 test/ssl-tests/09-alpn.cnf.in delete mode 100644 test/ssl-tests/09-alpn.conf delete mode 100644 test/ssl-tests/09-alpn.conf.in create mode 100644 test/ssl-tests/10-resumption.cnf create mode 100644 test/ssl-tests/10-resumption.cnf.in delete mode 100644 test/ssl-tests/10-resumption.conf delete mode 100644 test/ssl-tests/10-resumption.conf.in create mode 100644 test/ssl-tests/11-dtls_resumption.cnf create mode 100644 test/ssl-tests/11-dtls_resumption.cnf.in delete mode 100644 test/ssl-tests/11-dtls_resumption.conf delete mode 100644 test/ssl-tests/11-dtls_resumption.conf.in create mode 100644 test/ssl-tests/12-ct.cnf create mode 100644 test/ssl-tests/12-ct.cnf.in delete mode 100644 test/ssl-tests/12-ct.conf delete mode 100644 test/ssl-tests/12-ct.conf.in create mode 100644 test/ssl-tests/13-fragmentation.cnf create mode 100644 test/ssl-tests/13-fragmentation.cnf.in delete mode 100644 test/ssl-tests/13-fragmentation.conf delete mode 100644 test/ssl-tests/13-fragmentation.conf.in create mode 100644 test/ssl-tests/14-curves.cnf create mode 100644 test/ssl-tests/14-curves.cnf.in delete mode 100644 test/ssl-tests/14-curves.conf delete mode 100644 test/ssl-tests/14-curves.conf.in create mode 100644 test/ssl-tests/15-certstatus.cnf create mode 100644 test/ssl-tests/15-certstatus.cnf.in delete mode 100644 test/ssl-tests/15-certstatus.conf delete mode 100644 test/ssl-tests/15-certstatus.conf.in create mode 100644 test/ssl-tests/16-dtls-certstatus.cnf create mode 100644 test/ssl-tests/16-dtls-certstatus.cnf.in delete mode 100644 test/ssl-tests/16-dtls-certstatus.conf delete mode 100644 test/ssl-tests/16-dtls-certstatus.conf.in create mode 100644 test/ssl-tests/17-renegotiate.cnf create mode 100644 test/ssl-tests/17-renegotiate.cnf.in delete mode 100644 test/ssl-tests/17-renegotiate.conf delete mode 100644 test/ssl-tests/17-renegotiate.conf.in create mode 100644 test/ssl-tests/18-dtls-renegotiate.cnf create mode 100644 test/ssl-tests/18-dtls-renegotiate.cnf.in delete mode 100644 test/ssl-tests/18-dtls-renegotiate.conf delete mode 100644 test/ssl-tests/18-dtls-renegotiate.conf.in create mode 100644 test/ssl-tests/19-mac-then-encrypt.cnf create mode 100644 test/ssl-tests/19-mac-then-encrypt.cnf.in delete mode 100644 test/ssl-tests/19-mac-then-encrypt.conf delete mode 100644 test/ssl-tests/19-mac-then-encrypt.conf.in create mode 100644 test/ssl-tests/20-cert-select.cnf create mode 100644 test/ssl-tests/20-cert-select.cnf.in delete mode 100644 test/ssl-tests/20-cert-select.conf delete mode 100644 test/ssl-tests/20-cert-select.conf.in create mode 100644 test/ssl-tests/21-key-update.cnf create mode 100644 test/ssl-tests/21-key-update.cnf.in delete mode 100644 test/ssl-tests/21-key-update.conf delete mode 100644 test/ssl-tests/21-key-update.conf.in create mode 100644 test/ssl-tests/22-compression.cnf create mode 100644 test/ssl-tests/22-compression.cnf.in delete mode 100644 test/ssl-tests/22-compression.conf delete mode 100644 test/ssl-tests/22-compression.conf.in create mode 100644 test/ssl-tests/23-srp.cnf create mode 100644 test/ssl-tests/23-srp.cnf.in delete mode 100644 test/ssl-tests/23-srp.conf delete mode 100644 test/ssl-tests/23-srp.conf.in create mode 100644 test/ssl-tests/24-padding.cnf create mode 100644 test/ssl-tests/24-padding.cnf.in delete mode 100644 test/ssl-tests/24-padding.conf delete mode 100644 test/ssl-tests/24-padding.conf.in create mode 100644 test/ssl-tests/25-cipher.cnf create mode 100644 test/ssl-tests/25-cipher.cnf.in delete mode 100644 test/ssl-tests/25-cipher.conf delete mode 100644 test/ssl-tests/25-cipher.conf.in create mode 100644 test/ssl-tests/26-tls13_client_auth.cnf create mode 100644 test/ssl-tests/26-tls13_client_auth.cnf.in delete mode 100644 test/ssl-tests/26-tls13_client_auth.conf delete mode 100644 test/ssl-tests/26-tls13_client_auth.conf.in create mode 100644 test/ssl-tests/27-ticket-appdata.cnf create mode 100644 test/ssl-tests/27-ticket-appdata.cnf.in delete mode 100644 test/ssl-tests/27-ticket-appdata.conf delete mode 100644 test/ssl-tests/27-ticket-appdata.conf.in create mode 100644 test/ssl-tests/28-seclevel.cnf create mode 100644 test/ssl-tests/28-seclevel.cnf.in delete mode 100644 test/ssl-tests/28-seclevel.conf delete mode 100644 test/ssl-tests/28-seclevel.conf.in create mode 100644 test/ssl-tests/29-dtls-sctp-label-bug.cnf create mode 100644 test/ssl-tests/29-dtls-sctp-label-bug.cnf.in delete mode 100644 test/ssl-tests/29-dtls-sctp-label-bug.conf delete mode 100644 test/ssl-tests/29-dtls-sctp-label-bug.conf.in create mode 100644 test/ssl-tests/30-extended-master-secret.cnf create mode 100644 test/ssl-tests/30-extended-master-secret.cnf.in delete mode 100644 test/ssl-tests/30-extended-master-secret.conf delete mode 100644 test/ssl-tests/30-extended-master-secret.conf.in create mode 100644 test/ssl_test_ctx_test.cnf delete mode 100644 test/ssl_test_ctx_test.conf (limited to 'test') diff --git a/test/CAss.cnf b/test/CAss.cnf index 8ca62b5cf7..d63f85628b 100644 --- a/test/CAss.cnf +++ b/test/CAss.cnf @@ -1,7 +1,3 @@ -# -# SSLeay example configuration file. -# This is mostly being used for generation of certificate requests. -# #################################################################### [ req ] diff --git a/test/P1ss.cnf b/test/P1ss.cnf index 03f3cdb1ad..69baaaf849 100644 --- a/test/P1ss.cnf +++ b/test/P1ss.cnf @@ -1,7 +1,3 @@ -# -# SSLeay example configuration file. -# This is mostly being used for generation of certificate requests. -# #################################################################### [ req ] diff --git a/test/P2ss.cnf b/test/P2ss.cnf index 5adaecc7d5..8d4f3c8a68 100644 --- a/test/P2ss.cnf +++ b/test/P2ss.cnf @@ -1,7 +1,3 @@ -# -# SSLeay example configuration file. -# This is mostly being used for generation of certificate requests. -# #################################################################### [ req ] diff --git a/test/README.ssltest.md b/test/README.ssltest.md index 30360f7652..6fc7301500 100644 --- a/test/README.ssltest.md +++ b/test/README.ssltest.md @@ -2,7 +2,7 @@ SSL testcases are configured in the `ssl-tests` directory. -Each `ssl_*.conf.in` file contains a number of test configurations. These files +Each `ssl_*.cnf.in` file contains a number of test configurations. These files are used to generate testcases in the OpenSSL CONF format. The precise test output can be dependent on the library configuration. The test @@ -10,9 +10,9 @@ harness generates the output files on the fly. However, for verification, we also include checked-in configuration outputs corresponding to the default configuration. These testcases live in -`test/ssl-tests/*.conf` files. +`test/ssl-tests/*.cnf` files. -For more details, see `ssl-tests/01-simple.conf.in` for an example. +For more details, see `ssl-tests/01-simple.cnf.in` for an example. ## Configuring the test @@ -219,24 +219,24 @@ client => { ## Adding a test to the test harness 1. Add a new test configuration to `test/ssl-tests`, following the examples of - existing `*.conf.in` files (for example, `01-simple.conf.in`). + existing `*.cnf.in` files (for example, `01-simple.cnf.in`). -2. Generate the generated `*.conf` test input file. You can do so by running +2. Generate the generated `*.cnf` test input file. You can do so by running `generate_ssl_tests.pl`: ``` $ ./config $ cd test -$ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl ssl-tests/my.conf.in \ - > ssl-tests/my.conf +$ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl ssl-tests/my.cnf.in \ + > ssl-tests/my.cnf ``` -where `my.conf.in` is your test input file. +where `my.cnf.in` is your test input file. -For example, to generate the test cases in `ssl-tests/01-simple.conf.in`, do +For example, to generate the test cases in `ssl-tests/01-simple.cnf.in`, do ``` -$ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl ssl-tests/01-simple.conf.in > ssl-tests/01-simple.conf +$ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl ssl-tests/01-simple.cnf.in > ssl-tests/01-simple.cnf ``` Alternatively (hackish but simple), you can comment out @@ -273,15 +273,15 @@ environment variable to point to the location of the certs. E.g., from the root OpenSSL directory, do ``` -$ CTLOG_FILE=test/ct/log_list.conf TEST_CERTS_DIR=test/certs test/ssl_test \ - test/ssl-tests/01-simple.conf +$ CTLOG_FILE=test/ct/log_list.cnf TEST_CERTS_DIR=test/certs test/ssl_test \ + test/ssl-tests/01-simple.cnf ``` or for shared builds ``` -$ CTLOG_FILE=test/ct/log_list.conf TEST_CERTS_DIR=test/certs \ - util/wrap.pl test/ssl_test test/ssl-tests/01-simple.conf +$ CTLOG_FILE=test/ct/log_list.cnf TEST_CERTS_DIR=test/certs \ + util/wrap.pl test/ssl_test test/ssl-tests/01-simple.cnf ``` Note that the test expectations sometimes depend on the Configure settings. For @@ -293,7 +293,7 @@ The Perl test harness automatically generates expected outputs, so users who just run `make test` do not need any extra steps. However, when running a test manually, keep in mind that the repository version -of the generated `test/ssl-tests/*.conf` correspond to expected outputs in with +of the generated `test/ssl-tests/*.cnf` correspond to expected outputs in with the default Configure options. To run `ssl_test` manually from the command line in a build with a different configuration, you may need to generate the right -`*.conf` file from the `*.conf.in` input first. +`*.cnf` file from the `*.cnf.in` input first. diff --git a/test/Uss.cnf b/test/Uss.cnf index 27517bd106..95ffb67deb 100644 --- a/test/Uss.cnf +++ b/test/Uss.cnf @@ -1,7 +1,3 @@ -# -# SSLeay example configuration file. -# This is mostly being used for generation of certificate requests. -# CN2 = Brother 2 diff --git a/test/build.info b/test/build.info index ea350e5d6a..1573087c28 100644 --- a/test/build.info +++ b/test/build.info @@ -716,8 +716,8 @@ IF[{- !$disabled{tests} -}] DEFINE[provider_test]=NO_PROVIDER_MODULE DEFINE[provider_internal_test]=NO_PROVIDER_MODULE ENDIF - DEPEND[]=provider_internal_test.conf - GENERATE[provider_internal_test.conf]=provider_internal_test.conf.in + DEPEND[]=provider_internal_test.cnf + GENERATE[provider_internal_test.cnf]=provider_internal_test.cnf.in PROGRAMS{noinst}=params_test SOURCE[params_test]=params_test.c diff --git a/test/ct/log_list.cnf b/test/ct/log_list.cnf new file mode 100644 index 0000000000..4b68e53558 --- /dev/null +++ b/test/ct/log_list.cnf @@ -0,0 +1,38 @@ +enabled_logs=test,pilot,aviator,rocketeer,digicert,certly,izempe,symantec,venafi + +[test] +description = https://github.com/google/certificate-transparency/tree/99218b6445906a81f219d84e9c6d2683e13e4e58/test/testdata +key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmXg8sUUzwBYaWrRb+V0IopzQ6o3UyEJ04r5ZrRXGdpYM8K+hB0pXrGRLI0eeWz+3skXrS0IO83AhA3GpRL6s6w== + +[pilot] +description = Google Pilot Log +key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfahLEimAoz2t01p3uMziiLOl/fHTDM0YDOhBRuiBARsV4UvxG2LdNgoIGLrtCzWE0J5APC2em4JlvR8EEEFMoA== + +[aviator] +description = Google Aviator log +key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1/TMabLkDpCjiupacAlP7xNi0I1JYP8bQFAHDG1xhtolSY1l4QgNRzRrvSe8liE+NPWHdjGxfx3JhTsN9x8/6Q== + +[rocketeer] +description = Google Rocketeer log +key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIFsYyDzBi7MxCAC/oJBXK7dHjG+1aLCOkHjpoHPqTyghLpzA9BYbqvnV16mAw04vUjyYASVGJCUoI3ctBcJAeg== + +[digicert] +description = DigiCert Log Server +key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAkbFvhu7gkAW6MHSrBlpE1n4+HCFRkC5OLAjgqhkTH+/uzSfSl8ois8ZxAD2NgaTZe1M9akhYlrYkes4JECs6A== + +[certly] +description = Certly.IO log +key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECyPLhWKYYUgEc+tUXfPQB4wtGS2MNvXrjwFCCnyYJifBtd2Sk7Cu+Js9DNhMTh35FftHaHu6ZrclnNBKwmbbSA== + +[izempe] +description = Izempe log +key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJ2Q5DC3cUBj4IQCiDu0s6j51up+TZAkAEcQRF6tczw90rLWXkJMAW7jr9yc92bIKgV8vDXU4lDeZHvYHduDuvg== + +[symantec] +description = Symantec log +key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEluqsHEYMG1XcDfy1lCdGV0JwOmkY4r87xNuroPS2bMBTP01CEDPwWJePa75y9CrsHEKqAy8afig1dpkIPSEUhg== + +[venafi] +description = Venafi log +key = MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolpIHxdSlTXLo1s6H1OCdpSj/4DyHDc8wLG9wVmLqy1lk9fz4ATVmm+/1iN2Nk8jmctUKK2MFUtlWXZBSpym97M7frGlSaQXUWyA3CqQUEuIJOmlEjKTBEiQAvpfDjCHjlV2Be4qTM6jamkJbiWtgnYPhJL6ONaGTiSPm7Byy57iaz/hbckldSOIoRhYBiMzeNoA0DiRZ9KmfSeXZ1rB8y8X5urSW+iBzf2SaOfzBvDpcoTuAaWx2DPazoOl28fP1hZ+kHUYvxbcMjttjauCFx+JII0dmuZNIwjfeG/GBb9frpSX219k1O4Wi6OEbHEr8at/XQ0y7gTikOxBn/s5wQIDAQAB + diff --git a/test/ct/log_list.conf b/test/ct/log_list.conf deleted file mode 100644 index 4b68e53558..0000000000 --- a/test/ct/log_list.conf +++ /dev/null @@ -1,38 +0,0 @@ -enabled_logs=test,pilot,aviator,rocketeer,digicert,certly,izempe,symantec,venafi - -[test] -description = https://github.com/google/certificate-transparency/tree/99218b6445906a81f219d84e9c6d2683e13e4e58/test/testdata -key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmXg8sUUzwBYaWrRb+V0IopzQ6o3UyEJ04r5ZrRXGdpYM8K+hB0pXrGRLI0eeWz+3skXrS0IO83AhA3GpRL6s6w== - -[pilot] -description = Google Pilot Log -key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfahLEimAoz2t01p3uMziiLOl/fHTDM0YDOhBRuiBARsV4UvxG2LdNgoIGLrtCzWE0J5APC2em4JlvR8EEEFMoA== - -[aviator] -description = Google Aviator log -key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1/TMabLkDpCjiupacAlP7xNi0I1JYP8bQFAHDG1xhtolSY1l4QgNRzRrvSe8liE+NPWHdjGxfx3JhTsN9x8/6Q== - -[rocketeer] -description = Google Rocketeer log -key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIFsYyDzBi7MxCAC/oJBXK7dHjG+1aLCOkHjpoHPqTyghLpzA9BYbqvnV16mAw04vUjyYASVGJCUoI3ctBcJAeg== - -[digicert] -description = DigiCert Log Server -key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAkbFvhu7gkAW6MHSrBlpE1n4+HCFRkC5OLAjgqhkTH+/uzSfSl8ois8ZxAD2NgaTZe1M9akhYlrYkes4JECs6A== - -[certly] -description = Certly.IO log -key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECyPLhWKYYUgEc+tUXfPQB4wtGS2MNvXrjwFCCnyYJifBtd2Sk7Cu+Js9DNhMTh35FftHaHu6ZrclnNBKwmbbSA== - -[izempe] -description = Izempe log -key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJ2Q5DC3cUBj4IQCiDu0s6j51up+TZAkAEcQRF6tczw90rLWXkJMAW7jr9yc92bIKgV8vDXU4lDeZHvYHduDuvg== - -[symantec] -description = Symantec log -key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEluqsHEYMG1XcDfy1lCdGV0JwOmkY4r87xNuroPS2bMBTP01CEDPwWJePa75y9CrsHEKqAy8afig1dpkIPSEUhg== - -[venafi] -description = Venafi log -key = MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolpIHxdSlTXLo1s6H1OCdpSj/4DyHDc8wLG9wVmLqy1lk9fz4ATVmm+/1iN2Nk8jmctUKK2MFUtlWXZBSpym97M7frGlSaQXUWyA3CqQUEuIJOmlEjKTBEiQAvpfDjCHjlV2Be4qTM6jamkJbiWtgnYPhJL6ONaGTiSPm7Byy57iaz/hbckldSOIoRhYBiMzeNoA0DiRZ9KmfSeXZ1rB8y8X5urSW+iBzf2SaOfzBvDpcoTuAaWx2DPazoOl28fP1hZ+kHUYvxbcMjttjauCFx+JII0dmuZNIwjfeG/GBb9frpSX219k1O4Wi6OEbHEr8at/XQ0y7gTikOxBn/s5wQIDAQAB - diff --git a/test/default-and-fips.cnf b/test/default-and-fips.cnf index 6db1a940ee..03f5a83183 100644 --- a/test/default-and-fips.cnf +++ b/test/default-and-fips.cnf @@ -1,6 +1,6 @@ openssl_conf = openssl_init -.include fipsinstall.conf +.include fipsinstall.cnf [openssl_init] providers = provider_sect diff --git a/test/fips.cnf b/test/fips.cnf index d77d35b99f..32c18be671 100644 --- a/test/fips.cnf +++ b/test/fips.cnf @@ -1,6 +1,6 @@ openssl_conf = openssl_init -.include fipsinstall.conf +.include fipsinstall.cnf [openssl_init] providers = provider_sect diff --git a/test/provider_internal_test.cnf.in b/test/provider_internal_test.cnf.in new file mode 100644 index 0000000000..12c292437e --- /dev/null +++ b/test/provider_internal_test.cnf.in @@ -0,0 +1,13 @@ +{- use platform -} +openssl_conf = openssl_init + +[openssl_init] +providers = providers + +[providers] +p_test_configured = p_test_configured + +[p_test_configured] +module = {- platform->dso('p_test') -} +activate = 1 +greeting = Hello OpenSSL, greetings from Test Provider diff --git a/test/provider_internal_test.conf.in b/test/provider_internal_test.conf.in deleted file mode 100644 index 12c292437e..0000000000 --- a/test/provider_internal_test.conf.in +++ /dev/null @@ -1,13 +0,0 @@ -{- use platform -} -openssl_conf = openssl_init - -[openssl_init] -providers = providers - -[providers] -p_test_configured = p_test_configured - -[p_test_configured] -module = {- platform->dso('p_test') -} -activate = 1 -greeting = Hello OpenSSL, greetings from Test Provider diff --git a/test/recipes/02-test_internal_provider.t b/test/recipes/02-test_internal_provider.t index 615d17a8d9..2b77d4b5f3 100644 --- a/test/recipes/02-test_internal_provider.t +++ b/test/recipes/02-test_internal_provider.t @@ -14,6 +14,6 @@ use OpenSSL::Test::Utils; setup("test_internal_provider"); $ENV{OPENSSL_MODULES} = bldtop_dir("test"); -$ENV{OPENSSL_CONF} = bldtop_file("test", "provider_internal_test.conf"); +$ENV{OPENSSL_CONF} = bldtop_file("test", "provider_internal_test.cnf"); simple_test("test_internal_provider", "provider_internal_test"); diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t index 71e8db10e4..3be6346ab9 100644 --- a/test/recipes/03-test_fipsinstall.t +++ b/test/recipes/03-test_fipsinstall.t @@ -30,7 +30,7 @@ my $infile = bldtop_file('providers', platform->dso('fips')); $ENV{OPENSSL_MODULES} = bldtop_dir("providers"); # fail if no module name -ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', +ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', '-provider_name', 'fips', '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', '-section_name', 'fips_install'])), @@ -44,57 +44,57 @@ ok(!run(app(['openssl', 'fipsinstall', '-in', 'dummy.tmp', '-module', $infile, "fipsinstall verify fail"); -# output a fips.conf file containing mac data -ok(run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile, +# output a fips.cnf file containing mac data +ok(run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, '-provider_name', 'fips', '-mac_name', 'HMAC', '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', '-section_name', 'fips_install'])), "fipsinstall"); -# verify the fips.conf file -ok(run(app(['openssl', 'fipsinstall', '-in', 'fips.conf', '-module', $infile, +# verify the fips.cnf file +ok(run(app(['openssl', 'fipsinstall', '-in', 'fips.cnf', '-module', $infile, '-provider_name', 'fips', '-mac_name', 'HMAC', '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', '-section_name', 'fips_install', '-verify'])), "fipsinstall verify"); -# fail to verify the fips.conf file if a different key is used -ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.conf', '-module', $infile, +# fail to verify the fips.cnf file if a different key is used +ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.cnf', '-module', $infile, '-provider_name', 'fips', '-mac_name', 'HMAC', '-macopt', 'digest:SHA256', '-macopt', 'hexkey:01', '-section_name', 'fips_install', '-verify'])), "fipsinstall verify fail bad key"); -# fail to verify the fips.conf file if a different mac digest is used -ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.conf', '-module', $infile, +# fail to verify the fips.cnf file if a different mac digest is used +ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.cnf', '-module', $infile, '-provider_name', 'fips', '-mac_name', 'HMAC', '-macopt', 'digest:SHA512', '-macopt', 'hexkey:00', '-section_name', 'fips_install', '-verify'])), "fipsinstall verify fail incorrect digest"); # corrupt the module hmac -ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile, +ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, '-provider_name', 'fips', '-mac_name', 'HMAC', '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', '-section_name', 'fips_install', '-corrupt_desc', 'HMAC'])), "fipsinstall fails when the module integrity is corrupted"); # corrupt the first digest -ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile, +ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, '-provider_name', 'fips', '-mac_name', 'HMAC', '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', '-section_name', 'fips_install', '-corrupt_desc', 'SHA1'])), "fipsinstall fails when the digest result is corrupted"); # corrupt another digest -ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile, +ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, '-provider_name', 'fips', '-mac_name', 'HMAC', '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', '-section_name', 'fips_install', '-corrupt_desc', 'SHA3'])), "fipsinstall fails when the digest result is corrupted"); # corrupt DRBG -ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile, +ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, '-provider_name', 'fips', '-mac_name', 'HMAC', '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', '-section_name', 'fips_install', '-corrupt_desc', 'CTR'])), diff --git a/test/recipes/04-test_conf.t b/test/recipes/04-test_conf.t index 9103cbc8eb..92a570c546 100644 --- a/test/recipes/04-test_conf.t +++ b/test/recipes/04-test_conf.t @@ -16,8 +16,8 @@ use File::Compare qw(compare_text); setup('test_conf'); my %input_result = ( - 'dollarid_on.conf' => 'dollarid_on.txt', - 'dollarid_off.conf' => 'dollarid_off.txt', + 'dollarid_on.cnf' => 'dollarid_on.txt', + 'dollarid_off.cnf' => 'dollarid_off.txt', ); plan skip_all => 'This is unsupported for cross compiled configurations' diff --git a/test/recipes/04-test_conf_data/dollarid_off.cnf b/test/recipes/04-test_conf_data/dollarid_off.cnf new file mode 100644 index 0000000000..96482ff2cd --- /dev/null +++ b/test/recipes/04-test_conf_data/dollarid_off.cnf @@ -0,0 +1,5 @@ +.pragma dollarid:off + +bar = 0 +foo = $bar +cookie = ${foo} diff --git a/test/recipes/04-test_conf_data/dollarid_off.conf b/test/recipes/04-test_conf_data/dollarid_off.conf deleted file mode 100644 index 96482ff2cd..0000000000 --- a/test/recipes/04-test_conf_data/dollarid_off.conf +++ /dev/null @@ -1,5 +0,0 @@ -.pragma dollarid:off - -bar = 0 -foo = $bar -cookie = ${foo} diff --git a/test/recipes/04-test_conf_data/dollarid_on.cnf b/test/recipes/04-test_conf_data/dollarid_on.cnf new file mode 100644 index 0000000000..1b12e2fdc6 --- /dev/null +++ b/test/recipes/04-test_conf_data/dollarid_on.cnf @@ -0,0 +1,5 @@ +.pragma dollarid:on + +bar = 0 +foo$bar = 1 +cookie = ${foo$bar} diff --git a/test/recipes/04-test_conf_data/dollarid_on.conf b/test/recipes/04-test_conf_data/dollarid_on.conf deleted file mode 100644 index 1b12e2fdc6..0000000000 --- a/test/recipes/04-test_conf_data/dollarid_on.conf +++ /dev/null @@ -1,5 +0,0 @@ -.pragma dollarid:on - -bar = 0 -foo$bar = 1 -cookie = ${foo$bar} diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t index 575a471d2f..9b940aa5ec 100644 --- a/test/recipes/30-test_evp.t +++ b/test/recipes/30-test_evp.t @@ -84,7 +84,7 @@ unless ($no_fips) { $ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers"); ok(run(app(['openssl', 'fipsinstall', - '-out', bldtop_file('providers', 'fipsinstall.conf'), + '-out', bldtop_file('providers', 'fipsinstall.cnf'), '-module', $infile, '-provider_name', 'fips', '-mac_name', 'HMAC', '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', diff --git a/test/recipes/30-test_evp_fetch_prov.t b/test/recipes/30-test_evp_fetch_prov.t index ce7c834039..8ffd2a50d8 100644 --- a/test/recipes/30-test_evp_fetch_prov.t +++ b/test/recipes/30-test_evp_fetch_prov.t @@ -48,7 +48,7 @@ my @testdata = ( unless ($no_fips) { push @setups, { cmd => app(['openssl', 'fipsinstall', - '-out', bldtop_file('providers', 'fipsinstall.conf'), + '-out', bldtop_file('providers', 'fipsinstall.cnf'), '-module', bldtop_file('providers', platform->dso('fips')), '-provider_name', 'fips', '-mac_name', 'HMAC', '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', diff --git a/test/recipes/70-test_comp.t b/test/recipes/70-test_comp.t index 9c5e16ed2d..9dc0cbb94c 100644 --- a/test/recipes/70-test_comp.t +++ b/test/recipes/70-test_comp.t @@ -28,7 +28,7 @@ plan skip_all => "$test_name needs TLSv1.3 or TLSv1.2 enabled" if disabled("tls1_3") && disabled("tls1_2"); $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); +$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); use constant { MULTIPLE_COMPRESSIONS => 0, diff --git a/test/recipes/70-test_sslmessages.t b/test/recipes/70-test_sslmessages.t index 9f8c3226e6..95c4cbe553 100644 --- a/test/recipes/70-test_sslmessages.t +++ b/test/recipes/70-test_sslmessages.t @@ -30,7 +30,7 @@ plan skip_all => "$test_name needs TLS enabled" || (!disabled("tls1_3") && disabled("tls1_2")); $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); +$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); my $proxy = TLSProxy::Proxy->new( undef, diff --git a/test/recipes/70-test_sslversions.t b/test/recipes/70-test_sslversions.t index 45ecf5c581..636d2e79fb 100644 --- a/test/recipes/70-test_sslversions.t +++ b/test/recipes/70-test_sslversions.t @@ -49,7 +49,7 @@ my $proxy = TLSProxy::Proxy->new( ); #We're just testing various negative and unusual scenarios here. ssltest with -#02-protocol-version.conf should check all the various combinations of normal +#02-protocol-version.cnf should check all the various combinations of normal #version neg #Test 1: An empty supported_versions extension should not succeed diff --git a/test/recipes/70-test_tls13kexmodes.t b/test/recipes/70-test_tls13kexmodes.t index ad10eddeb7..27cec7adf1 100644 --- a/test/recipes/70-test_tls13kexmodes.t +++ b/test/recipes/70-test_tls13kexmodes.t @@ -32,7 +32,7 @@ plan skip_all => "$test_name needs EC enabled" if disabled("ec"); $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); +$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); @handmessages = ( diff --git a/test/recipes/70-test_tls13messages.t b/test/recipes/70-test_tls13messages.t index 02afbdc4ff..d9ea211844 100644 --- a/test/recipes/70-test_tls13messages.t +++ b/test/recipes/70-test_tls13messages.t @@ -32,7 +32,7 @@ plan skip_all => "$test_name needs EC enabled" if disabled("ec"); $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); +$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); @handmessages = ( diff --git a/test/recipes/70-test_tls13psk.t b/test/recipes/70-test_tls13psk.t index 11031f3f44..ea48599d13 100644 --- a/test/recipes/70-test_tls13psk.t +++ b/test/recipes/70-test_tls13psk.t @@ -28,7 +28,7 @@ plan skip_all => "$test_name needs TLSv1.3 enabled" if disabled("tls1_3"); $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); +$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); my $proxy = TLSProxy::Proxy->new( undef, diff --git a/test/recipes/80-test_ct.t b/test/recipes/80-test_ct.t index 87705cf664..0017cfdc39 100644 --- a/test/recipes/80-test_ct.t +++ b/test/recipes/80-test_ct.t @@ -11,7 +11,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir/; use OpenSSL::Test::Simple; setup("test_ct"); -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); +$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); $ENV{CT_DIR} = srctop_dir("test", "ct"); $ENV{CERTS_DIR} = srctop_dir("test", "certs"); simple_test("test_ct", "ct_test", "ct", "ec"); diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t index 01a49173d6..3b1857cc79 100644 --- a/test/recipes/80-test_ssl_new.t +++ b/test/recipes/80-test_ssl_new.t @@ -19,9 +19,9 @@ use OpenSSL::Test::Utils qw/disabled alldisabled available_protocols/; setup("test_ssl_new"); $ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs"); -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); +$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); -my @conf_srcs = glob(srctop_file("test", "ssl-tests", "*.conf.in")); +my @conf_srcs = glob(srctop_file("test", "ssl-tests", "*.cnf.in")); map { s/;.*// } @conf_srcs if $^O eq "VMS"; my @conf_files = map { basename($_, ".in") } @conf_srcs; map { s/\^// } @conf_files if $^O eq "VMS"; @@ -54,56 +54,56 @@ my $no_ocsp = disabled("ocsp"); # Add your test here if the test conf.in generates test cases and/or # expectations dynamically based on the OpenSSL compile-time config. my %conf_dependent_tests = ( - "02-protocol-version.conf" => !$is_default_tls, - "04-client_auth.conf" => !$is_default_tls || !$is_default_dtls + "02-protocol-version.cnf" => !$is_default_tls, + "04-client_auth.cnf" => !$is_default_tls || !$is_default_dtls || !disabled("sctp"), - "05-sni.conf" => disabled("tls1_1"), - "07-dtls-protocol-version.conf" => !$is_default_dtls || !disabled("sctp"), - "10-resumption.conf" => !$is_default_tls || $no_ec, - "11-dtls_resumption.conf" => !$is_default_dtls || !disabled("sctp"), - "16-dtls-certstatus.conf" => !$is_default_dtls || !disabled("sctp"), - "17-renegotiate.conf" => disabled("tls1_2"), - "18-dtls-renegotiate.conf" => disabled("dtls1_2") || !disabled("sctp"), - "19-mac-then-encrypt.conf" => !$is_default_tls, - "20-cert-select.conf" => !$is_default_tls || $no_dh || $no_dsa, - "22-compression.conf" => !$is_default_tls, - "25-cipher.conf" => disabled("poly1305") || disabled("chacha"), - "27-ticket-appdata.conf" => !$is_default_tls, - "28-seclevel.conf" => disabled("tls1_2") || $no_ec, - "30-extended-master-secret.conf" => disabled("tls1_2"), + "05-sni.cnf" => disabled("tls1_1"), + "07-dtls-protocol-version.cnf" => !$is_default_dtls || !disabled("sctp"), + "10-resumption.cnf" => !$is_default_tls || $no_ec, + "11-dtls_resumption.cnf" => !$is_default_dtls || !disabled("sctp"), + "16-dtls-certstatus.cnf" => !$is_default_dtls || !disabled("sctp"), + "17-renegotiate.cnf" => disabled("tls1_2"), + "18-dtls-renegotiate.cnf" => disabled("dtls1_2") || !disabled("sctp"), + "19-mac-then-encrypt.cnf" => !$is_default_tls, + "20-cert-select.cnf" => !$is_default_tls || $no_dh || $no_dsa, + "22-compression.cnf" => !$is_default_tls, + "25-cipher.cnf" => disabled("poly1305") || disabled("chacha"), + "27-ticket-appdata.cnf" => !$is_default_tls, + "28-seclevel.cnf" => disabled("tls1_2") || $no_ec, + "30-extended-master-secret.cnf" => disabled("tls1_2"), ); # Add your test here if it should be skipped for some compile-time # configurations. Default is $no_tls but some tests have different skip # conditions. my %skip = ( - "06-sni-ticket.conf" => $no_tls_below1_3, - "07-dtls-protocol-version.conf" => $no_dtls, - "08-npn.conf" => (disabled("tls1") && disabled("tls1_1") + "06-sni-ticket.cnf" => $no_tls_below1_3, + "07-dtls-protocol-version.cnf" => $no_dtls, + "08-npn.cnf" => (disabled("tls1") && disabled("tls1_1") && disabled("tls1_2")) || $no_npn, - "10-resumption.conf" => disabled("tls1_1") || disabled("tls1_2"), - "11-dtls_resumption.conf" => disabled("dtls1") || disabled("dtls1_2"), - "12-ct.conf" => $no_tls || $no_ct || $no_ec, + "10-resumption.cnf" => disabled("tls1_1") || disabled("tls1_2"), + "11-dtls_resumption.cnf" => disabled("dtls1") || disabled("dtls1_2"), + "12-ct.cnf" => $no_tls || $no_ct || $no_ec, # We could run some of these tests without TLS 1.2 if we had a per-test # disable instruction but that's a bizarre configuration not worth # special-casing for. # TODO(TLS 1.3): We should review this once we have TLS 1.3. - "13-fragmentation.conf" => disabled("tls1_2"), - "14-curves.conf" => disabled("tls1_2") || $no_ec || $no_ec2m, - "15-certstatus.conf" => $no_tls || $no_ocsp, - "16-dtls-certstatus.conf" => $no_dtls || $no_ocsp, - "17-renegotiate.conf" => $no_tls_below1_3, - "18-dtls-renegotiate.conf" => $no_dtls, - "19-mac-then-encrypt.conf" => $no_pre_tls1_3, - "20-cert-select.conf" => disabled("tls1_2") || $no_ec, - "21-key-update.conf" => disabled("tls1_3"), - "22-compression.conf" => disabled("zlib") || $no_tls, - "23-srp.conf" => (disabled("tls1") && disabled ("tls1_1") + "13-fragmentation.cnf" => disabled("tls1_2"), + "14-curves.cnf" => disabled("tls1_2") || $no_ec || $no_ec2m, + "15-certstatus.cnf" => $no_tls || $no_ocsp, + "16-dtls-certstatus.cnf" => $no_dtls || $no_ocsp, + "17-renegotiate.cnf" => $no_tls_below1_3, + "18-dtls-renegotiate.cnf" => $no_dtls, + "19-mac-then-encrypt.cnf" => $no_pre_tls1_3, + "20-cert-select.cnf" => disabled("tls1_2") || $no_ec, + "21-key-update.cnf" => disabled("tls1_3"), + "22-compression.cnf" => disabled("zlib") || $no_tls, + "23-srp.cnf" => (disabled("tls1") && disabled ("tls1_1") && disabled("tls1_2")) || disabled("srp"), - "24-padding.conf" => disabled("tls1_3"), - "25-cipher.conf" => disabled("ec") || disabled("tls1_2"), - "26-tls13_client_auth.conf" => disabled("tls1_3"), - "29-dtls-sctp-label-bug.conf" => disabled("sctp") || disabled("sock"), + "24-padding.cnf" => disabled("tls1_3"), + "25-cipher.cnf" => disabled("ec") || disabled("tls1_2"), + "26-tls13_client_auth.cnf" => disabled("tls1_3"), + "29-dtls-sctp-label-bug.cnf" => disabled("sctp") || disabled("sock"), ); foreach my $conf (@conf_files) { @@ -133,7 +133,7 @@ sub test_conf { "Getting output from generate_ssl_tests.pl."); SKIP: { - # Test 2. Compare against existing output in test/ssl_tests.conf. + # Test 2. Compare against existing output in test/ssl_tests.cnf. skip "Skipping generated source test for $conf", 1 if !$check_source; diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t index 76e0758adb..a4bdb6ddbb 100644 --- a/test/recipes/80-test_ssl_old.t +++ b/test/recipes/80-test_ssl_old.t @@ -18,7 +18,7 @@ use OpenSSL::Test::Utils; setup("test_ssl"); -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); +$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); my ($no_rsa, $no_dsa, $no_dh, $no_ec, $no_psk, $no_ssl3, $no_tls1, $no_tls1_1, $no_tls1_2, $no_tls1_3, diff --git a/test/recipes/80-test_ssl_test_ctx.t b/test/recipes/80-test_ssl_test_ctx.t index 5548f46d49..7775bd9351 100644 --- a/test/recipes/80-test_ssl_test_ctx.t +++ b/test/recipes/80-test_ssl_test_ctx.t @@ -15,5 +15,5 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; setup("test_ssl_test_ctx"); plan tests => 1; -ok(run(test(["ssl_test_ctx_test", srctop_file("test", "ssl_test_ctx_test.conf")])), - "running ssl_test_ctx_test ssl_test_ctx_test.conf"); +ok(run(test(["ssl_test_ctx_test", srctop_file("test", "ssl_test_ctx_test.cnf")])), + "running ssl_test_ctx_test ssl_test_ctx_test.cnf"); diff --git a/test/recipes/90-test_gost.t b/test/recipes/90-test_gost.t index b01243fa62..f2010967a2 100644 --- a/test/recipes/90-test_gost.t +++ b/test/recipes/90-test_gost.t @@ -31,7 +31,7 @@ plan skip_all => "No test GOST engine found" plan tests => 1; $ENV{OPENSSL_CONF} = srctop_file("test", "recipes", "90-test_gost_data", - "gost.conf"); + "gost.cnf"); ok(run(test(["gosttest", srctop_file("test", "recipes", "90-test_gost_data", diff --git a/test/recipes/90-test_gost_data/gost.cnf b/test/recipes/90-test_gost_data/gost.cnf new file mode 100644 index 0000000000..1f42b9d87f --- /dev/null +++ b/test/recipes/90-test_gost_data/gost.cnf @@ -0,0 +1,13 @@ +openssl_conf = openssl_def +[openssl_def] +engines = engine_section + +[engine_section] +gost = gost_section + +[gost_section] +engine_id = gost +dynamic_path = $ENV::OPENSSL_GOST_ENGINE_SO +default_algorithms = ALL +CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet + diff --git a/test/recipes/90-test_gost_data/gost.conf b/test/recipes/90-test_gost_data/gost.conf deleted file mode 100644 index 1f42b9d87f..0000000000 --- a/test/recipes/90-test_gost_data/gost.conf +++ /dev/null @@ -1,13 +0,0 @@ -openssl_conf = openssl_def -[openssl_def] -engines = engine_section - -[engine_section] -gost = gost_section - -[gost_section] -engine_id = gost -dynamic_path = $ENV::OPENSSL_GOST_ENGINE_SO -default_algorithms = ALL -CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet - diff --git a/test/recipes/90-test_includes_data/vms-includes.cnf b/test/recipes/90-test_includes_data/vms-includes.cnf index ed4367bcf0..30fc4ef8e1 100644 --- a/test/recipes/90-test_includes_data/vms-includes.cnf +++ b/test/recipes/90-test_includes_data/vms-includes.cnf @@ -2,4 +2,4 @@ # Example configuration file using includes. # -.include [.conf-includes] +.include [.cnf-includes] diff --git a/test/ssl-tests/01-simple.cnf b/test/ssl-tests/01-simple.cnf new file mode 100644 index 0000000000..7fc23f0b69 --- /dev/null +++ b/test/ssl-tests/01-simple.cnf @@ -0,0 +1,78 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 3 + +test-0 = 0-default +test-1 = 1-Server signature algorithms bug +test-2 = 2-verify-cert +# =========================================================== + +[0-default] +ssl_conf = 0-default-ssl + +[0-default-ssl] +server = 0-default-server +client = 0-default-client + +[0-default-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-default-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success + + +# =========================================================== + +[1-Server signature algorithms bug] +ssl_conf = 1-Server signature algorithms bug-ssl + +[1-Server signature algorithms bug-ssl] +server = 1-Server signature algorithms bug-server +client = 1-Server signature algorithms bug-client + +[1-Server signature algorithms bug-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientSignatureAlgorithms = PSS+SHA512:RSA+SHA512 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-Server signature algorithms bug-client] +CipherString = DEFAULT +SignatureAlgorithms = PSS+SHA256:RSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success + + +# =========================================================== + +[2-verify-cert] +ssl_conf = 2-verify-cert-ssl + +[2-verify-cert-ssl] +server = 2-verify-cert-server +client = 2-verify-cert-client + +[2-verify-cert-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-verify-cert-client] +CipherString = DEFAULT +VerifyMode = Peer + +[test-2] +ExpectedClientAlert = UnknownCA +ExpectedResult = ClientFail + + diff --git a/test/ssl-tests/01-simple.cnf.in b/test/ssl-tests/01-simple.cnf.in new file mode 100644 index 0000000000..ccc751a6b2 --- /dev/null +++ b/test/ssl-tests/01-simple.cnf.in @@ -0,0 +1,42 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## SSL test configurations + +package ssltests; + +our @tests = ( + { + name => "default", + server => { }, + client => { }, + test => { "ExpectedResult" => "Success" }, + }, + + { + name => "Server signature algorithms bug", + # Should have no effect as we aren't doing client auth + server => { "ClientSignatureAlgorithms" => "PSS+SHA512:RSA+SHA512" }, + client => { "SignatureAlgorithms" => "PSS+SHA256:RSA+SHA256" }, + test => { "ExpectedResult" => "Success" }, + }, + + { + name => "verify-cert", + server => { }, + client => { + # Don't set up the client root file. + "VerifyCAFile" => undef, + }, + test => { + "ExpectedResult" => "ClientFail", + "ExpectedClientAlert" => "UnknownCA", + }, + }, +); diff --git a/test/ssl-tests/01-simple.conf b/test/ssl-tests/01-simple.conf deleted file mode 100644 index 7fc23f0b69..0000000000 --- a/test/ssl-tests/01-simple.conf +++ /dev/null @@ -1,78 +0,0 @@ -# Generated with generate_ssl_tests.pl - -num_tests = 3 - -test-0 = 0-default -test-1 = 1-Server signature algorithms bug -test-2 = 2-verify-cert -# =========================================================== - -[0-default] -ssl_conf = 0-default-ssl - -[0-default-ssl] -server = 0-default-server -client = 0-default-client - -[0-default-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[0-default-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-0] -ExpectedResult = Success - - -# =========================================================== - -[1-Server signature algorithms bug] -ssl_conf = 1-Server signature algorithms bug-ssl - -[1-Server signature algorithms bug-ssl] -server = 1-Server signature algorithms bug-server -client = 1-Server signature algorithms bug-client - -[1-Server signature algorithms bug-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ClientSignatureAlgorithms = PSS+SHA512:RSA+SHA512 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[1-Server signature algorithms bug-client] -CipherString = DEFAULT -SignatureAlgorithms = PSS+SHA256:RSA+SHA256 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-1] -ExpectedResult = Success - - -# =========================================================== - -[2-verify-cert] -ssl_conf = 2-verify-cert-ssl - -[2-verify-cert-ssl] -server = 2-verify-cert-server -client = 2-verify-cert-client - -[2-verify-cert-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[2-verify-cert-client] -CipherString = DEFAULT -VerifyMode = Peer - -[test-2] -ExpectedClientAlert = UnknownCA -ExpectedResult = ClientFail - - diff --git a/test/ssl-tests/01-simple.conf.in b/test/ssl-tests/01-simple.conf.in deleted file mode 100644 index ccc751a6b2..0000000000 --- a/test/ssl-tests/01-simple.conf.in +++ /dev/null @@ -1,42 +0,0 @@ -# -*- mode: perl; -*- -# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -## SSL test configurations - -package ssltests; - -our @tests = ( - { - name => "default", - server => { }, - client => { }, - test => { "ExpectedResult" => "Success" }, - }, - - { - name => "Server signature algorithms bug", - # Should have no effect as we aren't doing client auth - server => { "ClientSignatureAlgorithms" => "PSS+SHA512:RSA+SHA512" }, - client => { "SignatureAlgorithms" => "PSS+SHA256:RSA+SHA256" }, - test => { "ExpectedResult" => "Success" }, - }, - - { - name => "verify-cert", - server => { }, - client => { - # Don't set up the client root file. - "VerifyCAFile" => undef, - }, - test => { - "ExpectedResult" => "ClientFail", - "ExpectedClientAlert" => "UnknownCA", - }, - }, -); diff --git a/test/ssl-tests/02-protocol-version.cnf b/test/ssl-tests/02-protocol-version.cnf new file mode 100644 index 0000000000..4b7d7df218 --- /dev/null +++ b/test/ssl-tests/02-protocol-version.cnf @@ -0,0 +1,18822 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 678 + +test-0 = 0-version-negotiation +test-1 = 1-version-negotiation +test-2 = 2-version-negotiation +test-3 = 3-version-negotiation +test-4 = 4-version-negotiation +test-5 = 5-version-negotiation +test-6 = 6-version-negotiation +test-7 = 7-version-negotiation +test-8 = 8-version-negotiation +test-9 = 9-version-negotiation +test-10 = 10-version-negotiation +test-11 = 11-version-negotiation +test-12 = 12-version-negotiation +test-13 = 13-version-negotiation +test-14 = 14-version-negotiation +test-15 = 15-version-negotiation +test-16 = 16-version-negotiation +test-17 = 17-version-negotiation +test-18 = 18-version-negotiation +test-19 = 19-version-negotiation +test-20 = 20-version-negotiation +test-21 = 21-version-negotiation +test-22 = 22-version-negotiation +test-23 = 23-version-negotiation +test-24 = 24-version-negotiation +test-25 = 25-version-negotiation +test-26 = 26-version-negotiation +test-27 = 27-version-negotiation +test-28 = 28-version-negotiation +test-29 = 29-version-negotiation +test-30 = 30-version-negotiation +test-31 = 31-version-negotiation +test-32 = 32-version-negotiation +test-33 = 33-version-negotiation +test-34 = 34-version-negotiation +test-35 = 35-version-negotiation +test-36 = 36-version-negotiation +test-37 = 37-version-negotiation +test-38 = 38-version-negotiation +test-39 = 39-version-negotiation +test-40 = 40-version-negotiation +test-41 = 41-version-negotiation +test-42 = 42-version-negotiation +test-43 = 43-version-negotiation +test-44 = 44-version-negotiation +test-45 = 45-version-negotiation +test-46 = 46-version-negotiation +test-47 = 47-version-negotiation +test-48 = 48-version-negotiation +test-49 = 49-version-negotiation +test-50 = 50-version-negotiation +test-51 = 51-version-negotiation +test-52 = 52-version-negotiation +test-53 = 53-version-negotiation +test-54 = 54-version-negotiation +test-55 = 55-version-negotiation +test-56 = 56-version-negotiation +test-57 = 57-version-negotiation +test-58 = 58-version-negotiation +test-59 = 59-version-negotiation +test-60 = 60-version-negotiation +test-61 = 61-version-negotiation +test-62 = 62-version-negotiation +test-63 = 63-version-negotiation +test-64 = 64-version-negotiation +test-65 = 65-version-negotiation +test-66 = 66-version-negotiation +test-67 = 67-version-negotiation +test-68 = 68-version-negotiation +test-69 = 69-version-negotiation +test-70 = 70-version-negotiation +test-71 = 71-version-negotiation +test-72 = 72-version-negotiation +test-73 = 73-version-negotiation +test-74 = 74-version-negotiation +test-75 = 75-version-negotiation +test-76 = 76-version-negotiation +test-77 = 77-version-negotiation +test-78 = 78-version-negotiation +test-79 = 79-version-negotiation +test-80 = 80-version-negotiation +test-81 = 81-version-negotiation +test-82 = 82-version-negotiation +test-83 = 83-version-negotiation +test-84 = 84-version-negotiation +test-85 = 85-version-negotiation +test-86 = 86-version-negotiation +test-87 = 87-version-negotiation +test-88 = 88-version-negotiation +test-89 = 89-version-negotiation +test-90 = 90-version-negotiation +test-91 = 91-version-negotiation +test-92 = 92-version-negotiation +test-93 = 93-version-negotiation +test-94 = 94-version-negotiation +test-95 = 95-version-negotiation +test-96 = 96-version-negotiation +test-97 = 97-version-negotiation +test-98 = 98-version-negotiation +test-99 = 99-version-negotiation +test-100 = 100-version-negotiation +test-101 = 101-version-negotiation +test-102 = 102-version-negotiation +test-103 = 103-version-negotiation +test-104 = 104-version-negotiation +test-105 = 105-version-negotiation +test-106 = 106-version-negotiation +test-107 = 107-version-negotiation +test-108 = 108-version-negotiation +test-109 = 109-version-negotiation +test-110 = 110-version-negotiation +test-111 = 111-version-negotiation +test-112 = 112-version-negotiation +test-113 = 113-version-negotiation +test-114 = 114-version-negotiation +test-115 = 115-version-negotiation +test-116 = 116-version-negotiation +test-117 = 117-version-negotiation +test-118 = 118-version-negotiation +test-119 = 119-version-negotiation +test-120 = 120-version-negotiation +test-121 = 121-version-negotiation +test-122 = 122-version-negotiation +test-123 = 123-version-negotiation +test-124 = 124-version-negotiation +test-125 = 125-version-negotiation +test-126 = 126-version-negotiation +test-127 = 127-version-negotiation +test-128 = 128-version-negotiation +test-129 = 129-version-negotiation +test-130 = 130-version-negotiation +test-131 = 131-version-negotiation +test-132 = 132-version-negotiation +test-133 = 133-version-negotiation +test-134 = 134-version-negotiation +test-135 = 135-version-negotiation +test-136 = 136-version-negotiation +test-137 = 137-version-negotiation +test-138 = 138-version-negotiation +test-139 = 139-version-negotiation +test-140 = 140-version-negotiation +test-141 = 141-version-negotiation +test-142 = 142-version-negotiation +test-143 = 143-version-negotiation +test-144 = 144-version-negotiation +test-145 = 145-version-negotiation +test-146 = 146-version-negotiation +test-147 = 147-version-negotiation +test-148 = 148-version-negotiation +test-149 = 149-version-negotiation +test-150 = 150-version-negotiation +test-151 = 151-version-negotiation +test-152 = 152-version-negotiation +test-153 = 153-version-negotiation +test-154 = 154-version-negotiation +test-155 = 155-version-negotiation +test-156 = 156-version-negotiation +test-157 = 157-version-negotiation +test-158 = 158-version-negotiation +test-159 = 159-version-negotiation +test-160 = 160-version-negotiation +test-161 = 161-version-negotiation +test-162 = 162-version-negotiation +test-163 = 163-version-negotiation +test-164 = 164-version-negotiation +test-165 = 165-version-negotiation +test-166 = 166-version-negotiation +test-167 = 167-version-negotiation +test-168 = 168-version-negotiation +test-169 = 169-version-negotiation +test-170 = 170-version-negotiation +test-171 = 171-version-negotiation +test-172 = 172-version-negotiation +test-173 = 173-version-negotiation +test-174 = 174-version-negotiation +test-175 = 175-version-negotiation +test-176 = 176-version-negotiation +test-177 = 177-version-negotiation +test-178 = 178-version-negotiation +test-179 = 179-version-negotiation +test-180 = 180-version-negotiation +test-181 = 181-version-negotiation +test-182 = 182-version-negotiation +test-183 = 183-version-negotiation +test-184 = 184-version-negotiation +test-185 = 185-version-negotiation +test-186 = 186-version-negotiation +test-187 = 187-version-negotiation +test-188 = 188-version-negotiation +test-189 = 189-version-negotiation +test-190 = 190-version-negotiation +test-191 = 191-version-negotiation +test-192 = 192-version-negotiation +test-193 = 193-version-negotiation +test-194 = 194-version-negotiation +test-195 = 195-version-negotiation +test-196 = 196-version-negotiation +test-197 = 197-version-negotiation +test-198 = 198-version-negotiation +test-199 = 199-version-negotiation +test-200 = 200-version-negotiation +test-201 = 201-version-negotiation +test-202 = 202-version-negotiation +test-203 = 203-version-negotiation +test-204 = 204-version-negotiation +test-205 = 205-version-negotiation +test-206 = 206-version-negotiation +test-207 = 207-version-negotiation +test-208 = 208-version-negotiation +test-209 = 209-version-negotiation +test-210 = 210-version-negotiation +test-211 = 211-version-negotiation +test-212 = 212-version-negotiation +test-213 = 213-version-negotiation +test-214 = 214-version-negotiation +test-215 = 215-version-negotiation +test-216 = 216-version-negotiation +test-217 = 217-version-negotiation +test-218 = 218-version-negotiation +test-219 = 219-version-negotiation +test-220 = 220-version-negotiation +test-221 = 221-version-negotiation +test-222 = 222-version-negotiation +test-223 = 223-version-negotiation +test-224 = 224-version-negotiation +test-225 = 225-version-negotiation +test-226 = 226-version-negotiation +test-227 = 227-version-negotiation +test-228 = 228-version-negotiation +test-229 = 229-version-negotiation +test-230 = 230-version-negotiation +test-231 = 231-version-negotiation +test-232 = 232-version-negotiation +test-233 = 233-version-negotiation +test-234 = 234-version-negotiation +test-235 = 235-version-negotiation +test-236 = 236-version-negotiation +test-237 = 237-version-negotiation +test-238 = 238-version-negotiation +test-239 = 239-version-negotiation +test-240 = 240-version-negotiation +test-241 = 241-version-negotiation +test-242 = 242-version-negotiation +test-243 = 243-version-negotiation +test-244 = 244-version-negotiation +test-245 = 245-version-negotiation +test-246 = 246-version-negotiation +test-247 = 247-version-negotiation +test-248 = 248-version-negotiation +test-249 = 249-version-negotiation +test-250 = 250-version-negotiation +test-251 = 251-version-negotiation +test-252 = 252-version-negotiation +test-253 = 253-version-negotiation +test-254 = 254-version-negotiation +test-255 = 255-version-negotiation +test-256 = 256-version-negotiation +test-257 = 257-version-negotiation +test-258 = 258-version-negotiation +test-259 = 259-version-negotiation +test-260 = 260-version-negotiation +test-261 = 261-version-negotiation +test-262 = 262-version-negotiation +test-263 = 263-version-negotiation +test-264 = 264-version-negotiation +test-265 = 265-version-negotiation +test-266 = 266-version-negotiation +test-267 = 267-version-negotiation +test-268 = 268-version-negotiation +test-269 = 269-version-negotiation +test-270 = 270-version-negotiation +test-271 = 271-version-negotiation +test-272 = 272-version-negotiation +test-273 = 273-version-negotiation +test-274 = 274-version-negotiation +test-275 = 275-version-negotiation +test-276 = 276-version-negotiation +test-277 = 277-version-negotiation +test-278 = 278-version-negotiation +test-279 = 279-version-negotiation +test-280 = 280-version-negotiation +test-281 = 281-version-negotiation +test-282 = 282-version-negotiation +test-283 = 283-version-negotiation +test-284 = 284-version-negotiation +test-285 = 285-version-negotiation +test-286 = 286-version-negotiation +test-287 = 287-version-negotiation +test-288 = 288-version-negotiation +test-289 = 289-version-negotiation +test-290 = 290-version-negotiation +test-291 = 291-version-negotiation +test-292 = 292-version-negotiation +test-293 = 293-version-negotiation +test-294 = 294-version-negotiation +test-295 = 295-version-negotiation +test-296 = 296-version-negotiation +test-297 = 297-version-negotiation +test-298 = 298-version-negotiation +test-299 = 299-version-negotiation +test-300 = 300-version-negotiation +test-301 = 301-version-negotiation +test-302 = 302-version-negotiation +test-303 = 303-version-negotiation +test-304 = 304-version-negotiation +test-305 = 305-version-negotiation +test-306 = 306-version-negotiation +test-307 = 307-version-negotiation +test-308 = 308-version-negotiation +test-309 = 309-version-negotiation +test-310 = 310-version-negotiation +test-311 = 311-version-negotiation +test-312 = 312-version-negotiation +test-313 = 313-version-negotiation +test-314 = 314-version-negotiation +test-315 = 315-version-negotiation +test-316 = 316-version-negotiation +test-317 = 317-version-negotiation +test-318 = 318-version-negotiation +test-319 = 319-version-negotiation +test-320 = 320-version-negotiation +test-321 = 321-version-negotiation +test-322 = 322-version-negotiation +test-323 = 323-version-negotiation +test-324 = 324-version-negotiation +test-325 = 325-version-negotiation +test-326 = 326-version-negotiation +test-327 = 327-version-negotiation +test-328 = 328-version-negotiation +test-329 = 329-version-negotiation +test-330 = 330-version-negotiation +test-331 = 331-version-negotiation +test-332 = 332-version-negotiation +test-333 = 333-version-negotiation +test-334 = 334-version-negotiation +test-335 = 335-version-negotiation +test-336 = 336-version-negotiation +test-337 = 337-version-negotiation +test-338 = 338-version-negotiation +test-339 = 339-version-negotiation +test-340 = 340-version-negotiation +test-341 = 341-version-negotiation +test-342 = 342-version-negotiation +test-343 = 343-version-negotiation +test-344 = 344-version-negotiation +test-345 = 345-version-negotiation +test-346 = 346-version-negotiation +test-347 = 347-version-negotiation +test-348 = 348-version-negotiation +test-349 = 349-version-negotiation +test-350 = 350-version-negotiation +test-351 = 351-version-negotiation +test-352 = 352-version-negotiation +test-353 = 353-version-negotiation +test-354 = 354-version-negotiation +test-355 = 355-version-negotiation +test-356 = 356-version-negotiation +test-357 = 357-version-negotiation +test-358 = 358-version-negotiation +test-359 = 359-version-negotiation +test-360 = 360-version-negotiation +test-361 = 361-version-negotiation +test-362 = 362-version-negotiation +test-363 = 363-version-negotiation +test-364 = 364-version-negotiation +test-365 = 365-version-negotiation +test-366 = 366-version-negotiation +test-367 = 367-version-negotiation +test-368 = 368-version-negotiation +test-369 = 369-version-negotiation +test-370 = 370-version-negotiation +test-371 = 371-version-negotiation +test-372 = 372-version-negotiation +test-373 = 373-version-negotiation +test-374 = 374-version-negotiation +test-375 = 375-version-negotiation +test-376 = 376-version-negotiation +test-377 = 377-version-negotiation +test-378 = 378-version-negotiation +test-379 = 379-version-negotiation +test-380 = 380-version-negotiation +test-381 = 381-version-negotiation +test-382 = 382-version-negotiation +test-383 = 383-version-negotiation +test-384 = 384-version-negotiation +test-385 = 385-version-negotiation +test-386 = 386-version-negotiation +test-387 = 387-version-negotiation +test-388 = 388-version-negotiation +test-389 = 389-version-negotiation +test-390 = 390-version-negotiation +test-391 = 391-version-negotiation +test-392 = 392-version-negotiation +test-393 = 393-version-negotiation +test-394 = 394-version-negotiation +test-395 = 395-version-negotiation +test-396 = 396-version-negotiation +test-397 = 397-version-negotiation +test-398 = 398-version-negotiation +test-399 = 399-version-negotiation +test-400 = 400-version-negotiation +test-401 = 401-version-negotiation +test-402 = 402-version-negotiation +test-403 = 403-version-negotiation +test-404 = 404-version-negotiation +test-405 = 405-version-negotiation +test-406 = 406-version-negotiation +test-407 = 407-version-negotiation +test-408 = 408-version-negotiation +test-409 = 409-version-negotiation +test-410 = 410-version-negotiation +test-411 = 411-version-negotiation +test-412 = 412-version-negotiation +test-413 = 413-version-negotiation +test-414 = 414-version-negotiation +test-415 = 415-version-negotiation +test-416 = 416-version-negotiation +test-417 = 417-version-negotiation +test-418 = 418-version-negotiation +test-419 = 419-version-negotiation +test-420 = 420-version-negotiation +test-421 = 421-version-negotiation +test-422 = 422-version-negotiation +test-423 = 423-version-negotiation +test-424 = 424-version-negotiation +test-425 = 425-version-negotiation +test-426 = 426-version-negotiation +test-427 = 427-version-negotiation +test-428 = 428-version-negotiation +test-429 = 429-version-negotiation +test-430 = 430-version-negotiation +test-431 = 431-version-negotiation +test-432 = 432-version-negotiation +test-433 = 433-version-negotiation +test-434 = 434-version-negotiation +test-435 = 435-version-negotiation +test-436 = 436-version-negotiation +test-437 = 437-version-negotiation +test-438 = 438-version-negotiation +test-439 = 439-version-negotiation +test-440 = 440-version-negotiation +test-441 = 441-version-negotiation +test-442 = 442-version-negotiation +test-443 = 443-version-negotiation +test-444 = 444-version-negotiation +test-445 = 445-version-negotiation +test-446 = 446-version-negotiation +test-447 = 447-version-negotiation +test-448 = 448-version-negotiation +test-449 = 449-version-negotiation +test-450 = 450-version-negotiation +test-451 = 451-version-negotiation +test-452 = 452-version-negotiation +test-453 = 453-version-negotiation +test-454 = 454-version-negotiation +test-455 = 455-version-negotiation +test-456 = 456-version-negotiation +test-457 = 457-version-negotiation +test-458 = 458-version-negotiation +test-459 = 459-version-negotiation +test-460 = 460-version-negotiation +test-461 = 461-version-negotiation +test-462 = 462-version-negotiation +test-463 = 463-version-negotiation +test-464 = 464-version-negotiation +test-465 = 465-version-negotiation +test-466 = 466-version-negotiation +test-467 = 467-version-negotiation +test-468 = 468-version-negotiation +test-469 = 469-version-negotiation +test-470 = 470-version-negotiation +test-471 = 471-version-negotiation +test-472 = 472-version-negotiation +test-473 = 473-version-negotiation +test-474 = 474-version-negotiation +test-475 = 475-version-negotiation +test-476 = 476-version-negotiation +test-477 = 477-version-negotiation +test-478 = 478-version-negotiation +test-479 = 479-version-negotiation +test-480 = 480-version-negotiation +test-481 = 481-version-negotiation +test-482 = 482-version-negotiation +test-483 = 483-version-negotiation +test-484 = 484-version-negotiation +test-485 = 485-version-negotiation +test-486 = 486-version-negotiation +test-487 = 487-version-negotiation +test-488 = 488-version-negotiation +test-489 = 489-version-negotiation +test-490 = 490-version-negotiation +test-491 = 491-version-negotiation +test-492 = 492-version-negotiation +test-493 = 493-version-negotiation +test-494 = 494-version-negotiation +test-495 = 495-version-negotiation +test-496 = 496-version-negotiation +test-497 = 497-version-negotiation +test-498 = 498-version-negotiation +test-499 = 499-version-negotiation +test-500 = 500-version-negotiation +test-501 = 501-version-negotiation +test-502 = 502-version-negotiation +test-503 = 503-version-negotiation +test-504 = 504-version-negotiation +test-505 = 505-version-negotiation +test-506 = 506-version-negotiation +test-507 = 507-version-negotiation +test-508 = 508-version-negotiation +test-509 = 509-version-negotiation +test-510 = 510-version-negotiation +test-511 = 511-version-negotiation +test-512 = 512-version-negotiation +test-513 = 513-version-negotiation +test-514 = 514-version-negotiation +test-515 = 515-version-negotiation +test-516 = 516-version-negotiation +test-517 = 517-version-negotiation +test-518 = 518-version-negotiation +test-519 = 519-version-negotiation +test-520 = 520-version-negotiation +test-521 = 521-version-negotiation +test-522 = 522-version-negotiation +test-523 = 523-version-negotiation +test-524 = 524-version-negotiation +test-525 = 525-version-negotiation +test-526 = 526-version-negotiation +test-527 = 527-version-negotiation +test-528 = 528-version-negotiation +test-529 = 529-version-negotiation +test-530 = 530-version-negotiation +test-531 = 531-version-negotiation +test-532 = 532-version-negotiation +test-533 = 533-version-negotiation +test-534 = 534-version-negotiation +test-535 = 535-version-negotiation +test-536 = 536-version-negotiation +test-537 = 537-version-negotiation +test-538 = 538-version-negotiation +test-539 = 539-version-negotiation +test-540 = 540-version-negotiation +test-541 = 541-version-negotiation +test-542 = 542-version-negotiation +test-543 = 543-version-negotiation +test-544 = 544-version-negotiation +test-545 = 545-version-negotiation +test-546 = 546-version-negotiation +test-547 = 547-version-negotiation +test-548 = 548-version-negotiation +test-549 = 549-version-negotiation +test-550 = 550-version-negotiation +test-551 = 551-version-negotiation +test-552 = 552-version-negotiation +test-553 = 553-version-negotiation +test-554 = 554-version-negotiation +test-555 = 555-version-negotiation +test-556 = 556-version-negotiation +test-557 = 557-version-negotiation +test-558 = 558-version-negotiation +test-559 = 559-version-negotiation +test-560 = 560-version-negotiation +test-561 = 561-version-negotiation +test-562 = 562-version-negotiation +test-563 = 563-version-negotiation +test-564 = 564-version-negotiation +test-565 = 565-version-negotiation +test-566 = 566-version-negotiation +test-567 = 567-version-negotiation +test-568 = 568-version-negotiation +test-569 = 569-version-negotiation +test-570 = 570-version-negotiation +test-571 = 571-version-negotiation +test-572 = 572-version-negotiation +test-573 = 573-version-negotiation +test-574 = 574-version-negotiation +test-575 = 575-version-negotiation +test-576 = 576-version-negotiation +test-577 = 577-version-negotiation +test-578 = 578-version-negotiation +test-579 = 579-version-negotiation +test-580 = 580-version-negotiation +test-581 = 581-version-negotiation +test-582 = 582-version-negotiation +test-583 = 583-version-negotiation +test-584 = 584-version-negotiation +test-585 = 585-version-negotiation +test-586 = 586-version-negotiation +test-587 = 587-version-negotiation +test-588 = 588-version-negotiation +test-589 = 589-version-negotiation +test-590 = 590-version-negotiation +test-591 = 591-version-negotiation +test-592 = 592-version-negotiation +test-593 = 593-version-negotiation +test-594 = 594-version-negotiation +test-595 = 595-version-negotiation +test-596 = 596-version-negotiation +test-597 = 597-version-negotiation +test-598 = 598-version-negotiation +test-599 = 599-version-negotiation +test-600 = 600-version-negotiation +test-601 = 601-version-negotiation +test-602 = 602-version-negotiation +test-603 = 603-version-negotiation +test-604 = 604-version-negotiation +test-605 = 605-version-negotiation +test-606 = 606-version-negotiation +test-607 = 607-version-negotiation +test-608 = 608-version-negotiation +test-609 = 609-version-negotiation +test-610 = 610-version-negotiation +test-611 = 611-version-negotiation +test-612 = 612-version-negotiation +test-613 = 613-version-negotiation +test-614 = 614-version-negotiation +test-615 = 615-version-negotiation +test-616 = 616-version-negotiation +test-617 = 617-version-negotiation +test-618 = 618-version-negotiation +test-619 = 619-version-negotiation +test-620 = 620-version-negotiation +test-621 = 621-version-negotiation +test-622 = 622-version-negotiation +test-623 = 623-version-negotiation +test-624 = 624-version-negotiation +test-625 = 625-version-negotiation +test-626 = 626-version-negotiation +test-627 = 627-version-negotiation +test-628 = 628-version-negotiation +test-629 = 629-version-negotiation +test-630 = 630-version-negotiation +test-631 = 631-version-negotiation +test-632 = 632-version-negotiation +test-633 = 633-version-negotiation +test-634 = 634-version-negotiation +test-635 = 635-version-negotiation +test-636 = 636-version-negotiation +test-637 = 637-version-negotiation +test-638 = 638-version-negotiation +test-639 = 639-version-negotiation +test-640 = 640-version-negotiation +test-641 = 641-version-negotiation +test-642 = 642-version-negotiation +test-643 = 643-version-negotiation +test-644 = 644-version-negotiation +test-645 = 645-version-negotiation +test-646 = 646-version-negotiation +test-647 = 647-version-negotiation +test-648 = 648-version-negotiation +test-649 = 649-version-negotiation +test-650 = 650-version-negotiation +test-651 = 651-version-negotiation +test-652 = 652-version-negotiation +test-653 = 653-version-negotiation +test-654 = 654-version-negotiation +test-655 = 655-version-negotiation +test-656 = 656-version-negotiation +test-657 = 657-version-negotiation +test-658 = 658-version-negotiation +test-659 = 659-version-negotiation +test-660 = 660-version-negotiation +test-661 = 661-version-negotiation +test-662 = 662-version-negotiation +test-663 = 663-version-negotiation +test-664 = 664-version-negotiation +test-665 = 665-version-negotiation +test-666 = 666-version-negotiation +test-667 = 667-version-negotiation +test-668 = 668-version-negotiation +test-669 = 669-version-negotiation +test-670 = 670-version-negotiation +test-671 = 671-version-negotiation +test-672 = 672-version-negotiation +test-673 = 673-version-negotiation +test-674 = 674-version-negotiation +test-675 = 675-version-negotiation +test-676 = 676-ciphersuite-sanity-check-client +test-677 = 677-ciphersuite-sanity-check-server +# =========================================================== + +[0-version-negotiation] +ssl_conf = 0-version-negotiation-ssl + +[0-version-negotiation-ssl] +server = 0-version-negotiation-server +client = 0-version-negotiation-client + +[0-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = ClientFail + + +# =========================================================== + +[1-version-negotiation] +ssl_conf = 1-version-negotiation-ssl + +[1-version-negotiation-ssl] +server = 1-version-negotiation-server +client = 1-version-negotiation-client + +[1-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = ClientFail + + +# =========================================================== + +[2-version-negotiation] +ssl_conf = 2-version-negotiation-ssl + +[2-version-negotiation-ssl] +server = 2-version-negotiation-server +client = 2-version-negotiation-client + +[2-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = ClientFail + + +# =========================================================== + +[3-version-negotiation] +ssl_conf = 3-version-negotiation-ssl + +[3-version-negotiation-ssl] +server = 3-version-negotiation-server +client = 3-version-negotiation-client + +[3-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = ClientFail + + +# =========================================================== + +[4-version-negotiation] +ssl_conf = 4-version-negotiation-ssl + +[4-version-negotiation-ssl] +server = 4-version-negotiation-server +client = 4-version-negotiation-client + +[4-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = ClientFail + + +# =========================================================== + +[5-version-negotiation] +ssl_conf = 5-version-negotiation-ssl + +[5-version-negotiation-ssl] +server = 5-version-negotiation-server +client = 5-version-negotiation-client + +[5-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = ClientFail + + +# =========================================================== + +[6-version-negotiation] +ssl_conf = 6-version-negotiation-ssl + +[6-version-negotiation-ssl] +server = 6-version-negotiation-server +client = 6-version-negotiation-client + +[6-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = ClientFail + + +# =========================================================== + +[7-version-negotiation] +ssl_conf = 7-version-negotiation-ssl + +[7-version-negotiation-ssl] +server = 7-version-negotiation-server +client = 7-version-negotiation-client + +[7-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = ClientFail + + +# =========================================================== + +[8-version-negotiation] +ssl_conf = 8-version-negotiation-ssl + +[8-version-negotiation-ssl] +server = 8-version-negotiation-server +client = 8-version-negotiation-client + +[8-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedResult = ClientFail + + +# =========================================================== + +[9-version-negotiation] +ssl_conf = 9-version-negotiation-ssl + +[9-version-negotiation-ssl] +server = 9-version-negotiation-server +client = 9-version-negotiation-client + +[9-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedResult = ClientFail + + +# =========================================================== + +[10-version-negotiation] +ssl_conf = 10-version-negotiation-ssl + +[10-version-negotiation-ssl] +server = 10-version-negotiation-server +client = 10-version-negotiation-client + +[10-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedResult = ClientFail + + +# =========================================================== + +[11-version-negotiation] +ssl_conf = 11-version-negotiation-ssl + +[11-version-negotiation-ssl] +server = 11-version-negotiation-server +client = 11-version-negotiation-client + +[11-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedResult = ClientFail + + +# =========================================================== + +[12-version-negotiation] +ssl_conf = 12-version-negotiation-ssl + +[12-version-negotiation-ssl] +server = 12-version-negotiation-server +client = 12-version-negotiation-client + +[12-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedResult = ClientFail + + +# =========================================================== + +[13-version-negotiation] +ssl_conf = 13-version-negotiation-ssl + +[13-version-negotiation-ssl] +server = 13-version-negotiation-server +client = 13-version-negotiation-client + +[13-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedResult = ClientFail + + +# =========================================================== + +[14-version-negotiation] +ssl_conf = 14-version-negotiation-ssl + +[14-version-negotiation-ssl] +server = 14-version-negotiation-server +client = 14-version-negotiation-client + +[14-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedResult = ClientFail + + +# =========================================================== + +[15-version-negotiation] +ssl_conf = 15-version-negotiation-ssl + +[15-version-negotiation-ssl] +server = 15-version-negotiation-server +client = 15-version-negotiation-client + +[15-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedResult = ClientFail + + +# =========================================================== + +[16-version-negotiation] +ssl_conf = 16-version-negotiation-ssl + +[16-version-negotiation-ssl] +server = 16-version-negotiation-server +client = 16-version-negotiation-client + +[16-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +ExpectedResult = ClientFail + + +# =========================================================== + +[17-version-negotiation] +ssl_conf = 17-version-negotiation-ssl + +[17-version-negotiation-ssl] +server = 17-version-negotiation-server +client = 17-version-negotiation-client + +[17-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[17-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-17] +ExpectedResult = ClientFail + + +# =========================================================== + +[18-version-negotiation] +ssl_conf = 18-version-negotiation-ssl + +[18-version-negotiation-ssl] +server = 18-version-negotiation-server +client = 18-version-negotiation-client + +[18-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-18] +ExpectedResult = ClientFail + + +# =========================================================== + +[19-version-negotiation] +ssl_conf = 19-version-negotiation-ssl + +[19-version-negotiation-ssl] +server = 19-version-negotiation-server +client = 19-version-negotiation-client + +[19-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-19] +ExpectedResult = ClientFail + + +# =========================================================== + +[20-version-negotiation] +ssl_conf = 20-version-negotiation-ssl + +[20-version-negotiation-ssl] +server = 20-version-negotiation-server +client = 20-version-negotiation-client + +[20-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[20-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-20] +ExpectedResult = ClientFail + + +# =========================================================== + +[21-version-negotiation] +ssl_conf = 21-version-negotiation-ssl + +[21-version-negotiation-ssl] +server = 21-version-negotiation-server +client = 21-version-negotiation-client + +[21-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[21-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-21] +ExpectedResult = ClientFail + + +# =========================================================== + +[22-version-negotiation] +ssl_conf = 22-version-negotiation-ssl + +[22-version-negotiation-ssl] +server = 22-version-negotiation-server +client = 22-version-negotiation-client + +[22-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[22-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-22] +ExpectedResult = ClientFail + + +# =========================================================== + +[23-version-negotiation] +ssl_conf = 23-version-negotiation-ssl + +[23-version-negotiation-ssl] +server = 23-version-negotiation-server +client = 23-version-negotiation-client + +[23-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[23-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-23] +ExpectedResult = ClientFail + + +# =========================================================== + +[24-version-negotiation] +ssl_conf = 24-version-negotiation-ssl + +[24-version-negotiation-ssl] +server = 24-version-negotiation-server +client = 24-version-negotiation-client + +[24-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[24-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-24] +ExpectedResult = ClientFail + + +# =========================================================== + +[25-version-negotiation] +ssl_conf = 25-version-negotiation-ssl + +[25-version-negotiation-ssl] +server = 25-version-negotiation-server +client = 25-version-negotiation-client + +[25-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[25-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-25] +ExpectedResult = ClientFail + + +# =========================================================== + +[26-version-negotiation] +ssl_conf = 26-version-negotiation-ssl + +[26-version-negotiation-ssl] +server = 26-version-negotiation-server +client = 26-version-negotiation-client + +[26-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[26-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-26] +ExpectedResult = ServerFail + + +# =========================================================== + +[27-version-negotiation] +ssl_conf = 27-version-negotiation-ssl + +[27-version-negotiation-ssl] +server = 27-version-negotiation-server +client = 27-version-negotiation-client + +[27-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[27-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-27] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[28-version-negotiation] +ssl_conf = 28-version-negotiation-ssl + +[28-version-negotiation-ssl] +server = 28-version-negotiation-server +client = 28-version-negotiation-client + +[28-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[28-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-28] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[29-version-negotiation] +ssl_conf = 29-version-negotiation-ssl + +[29-version-negotiation-ssl] +server = 29-version-negotiation-server +client = 29-version-negotiation-client + +[29-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[29-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-29] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[30-version-negotiation] +ssl_conf = 30-version-negotiation-ssl + +[30-version-negotiation-ssl] +server = 30-version-negotiation-server +client = 30-version-negotiation-client + +[30-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[30-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-30] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[31-version-negotiation] +ssl_conf = 31-version-negotiation-ssl + +[31-version-negotiation-ssl] +server = 31-version-negotiation-server +client = 31-version-negotiation-client + +[31-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[31-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-31] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[32-version-negotiation] +ssl_conf = 32-version-negotiation-ssl + +[32-version-negotiation-ssl] +server = 32-version-negotiation-server +client = 32-version-negotiation-client + +[32-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[32-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-32] +ExpectedResult = ServerFail + + +# =========================================================== + +[33-version-negotiation] +ssl_conf = 33-version-negotiation-ssl + +[33-version-negotiation-ssl] +server = 33-version-negotiation-server +client = 33-version-negotiation-client + +[33-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[33-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-33] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[34-version-negotiation] +ssl_conf = 34-version-negotiation-ssl + +[34-version-negotiation-ssl] +server = 34-version-negotiation-server +client = 34-version-negotiation-client + +[34-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[34-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-34] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[35-version-negotiation] +ssl_conf = 35-version-negotiation-ssl + +[35-version-negotiation-ssl] +server = 35-version-negotiation-server +client = 35-version-negotiation-client + +[35-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[35-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-35] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[36-version-negotiation] +ssl_conf = 36-version-negotiation-ssl + +[36-version-negotiation-ssl] +server = 36-version-negotiation-server +client = 36-version-negotiation-client + +[36-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[36-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-36] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[37-version-negotiation] +ssl_conf = 37-version-negotiation-ssl + +[37-version-negotiation-ssl] +server = 37-version-negotiation-server +client = 37-version-negotiation-client + +[37-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[37-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-37] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[38-version-negotiation] +ssl_conf = 38-version-negotiation-ssl + +[38-version-negotiation-ssl] +server = 38-version-negotiation-server +client = 38-version-negotiation-client + +[38-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[38-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-38] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[39-version-negotiation] +ssl_conf = 39-version-negotiation-ssl + +[39-version-negotiation-ssl] +server = 39-version-negotiation-server +client = 39-version-negotiation-client + +[39-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[39-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-39] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[40-version-negotiation] +ssl_conf = 40-version-negotiation-ssl + +[40-version-negotiation-ssl] +server = 40-version-negotiation-server +client = 40-version-negotiation-client + +[40-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[40-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-40] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[41-version-negotiation] +ssl_conf = 41-version-negotiation-ssl + +[41-version-negotiation-ssl] +server = 41-version-negotiation-server +client = 41-version-negotiation-client + +[41-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[41-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-41] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[42-version-negotiation] +ssl_conf = 42-version-negotiation-ssl + +[42-version-negotiation-ssl] +server = 42-version-negotiation-server +client = 42-version-negotiation-client + +[42-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[42-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-42] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[43-version-negotiation] +ssl_conf = 43-version-negotiation-ssl + +[43-version-negotiation-ssl] +server = 43-version-negotiation-server +client = 43-version-negotiation-client + +[43-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[43-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-43] +ExpectedResult = ServerFail + + +# =========================================================== + +[44-version-negotiation] +ssl_conf = 44-version-negotiation-ssl + +[44-version-negotiation-ssl] +server = 44-version-negotiation-server +client = 44-version-negotiation-client + +[44-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[44-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-44] +ExpectedResult = ServerFail + + +# =========================================================== + +[45-version-negotiation] +ssl_conf = 45-version-negotiation-ssl + +[45-version-negotiation-ssl] +server = 45-version-negotiation-server +client = 45-version-negotiation-client + +[45-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[45-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-45] +ExpectedResult = ServerFail + + +# =========================================================== + +[46-version-negotiation] +ssl_conf = 46-version-negotiation-ssl + +[46-version-negotiation-ssl] +server = 46-version-negotiation-server +client = 46-version-negotiation-client + +[46-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[46-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-46] +ExpectedResult = ServerFail + + +# =========================================================== + +[47-version-negotiation] +ssl_conf = 47-version-negotiation-ssl + +[47-version-negotiation-ssl] +server = 47-version-negotiation-server +client = 47-version-negotiation-client + +[47-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[47-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-47] +ExpectedResult = ServerFail + + +# =========================================================== + +[48-version-negotiation] +ssl_conf = 48-version-negotiation-ssl + +[48-version-negotiation-ssl] +server = 48-version-negotiation-server +client = 48-version-negotiation-client + +[48-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[48-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-48] +ExpectedResult = ServerFail + + +# =========================================================== + +[49-version-negotiation] +ssl_conf = 49-version-negotiation-ssl + +[49-version-negotiation-ssl] +server = 49-version-negotiation-server +client = 49-version-negotiation-client + +[49-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[49-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-49] +ExpectedResult = ServerFail + + +# =========================================================== + +[50-version-negotiation] +ssl_conf = 50-version-negotiation-ssl + +[50-version-negotiation-ssl] +server = 50-version-negotiation-server +client = 50-version-negotiation-client + +[50-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[50-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-50] +ExpectedResult = ServerFail + + +# =========================================================== + +[51-version-negotiation] +ssl_conf = 51-version-negotiation-ssl + +[51-version-negotiation-ssl] +server = 51-version-negotiation-server +client = 51-version-negotiation-client + +[51-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[51-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-51] +ExpectedResult = ServerFail + + +# =========================================================== + +[52-version-negotiation] +ssl_conf = 52-version-negotiation-ssl + +[52-version-negotiation-ssl] +server = 52-version-negotiation-server +client = 52-version-negotiation-client + +[52-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[52-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-52] +ExpectedResult = ServerFail + + +# =========================================================== + +[53-version-negotiation] +ssl_conf = 53-version-negotiation-ssl + +[53-version-negotiation-ssl] +server = 53-version-negotiation-server +client = 53-version-negotiation-client + +[53-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[53-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-53] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[54-version-negotiation] +ssl_conf = 54-version-negotiation-ssl + +[54-version-negotiation-ssl] +server = 54-version-negotiation-server +client = 54-version-negotiation-client + +[54-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[54-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-54] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[55-version-negotiation] +ssl_conf = 55-version-negotiation-ssl + +[55-version-negotiation-ssl] +server = 55-version-negotiation-server +client = 55-version-negotiation-client + +[55-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[55-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-55] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[56-version-negotiation] +ssl_conf = 56-version-negotiation-ssl + +[56-version-negotiation-ssl] +server = 56-version-negotiation-server +client = 56-version-negotiation-client + +[56-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[56-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-56] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[57-version-negotiation] +ssl_conf = 57-version-negotiation-ssl + +[57-version-negotiation-ssl] +server = 57-version-negotiation-server +client = 57-version-negotiation-client + +[57-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[57-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-57] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[58-version-negotiation] +ssl_conf = 58-version-negotiation-ssl + +[58-version-negotiation-ssl] +server = 58-version-negotiation-server +client = 58-version-negotiation-client + +[58-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[58-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-58] +ExpectedResult = ServerFail + + +# =========================================================== + +[59-version-negotiation] +ssl_conf = 59-version-negotiation-ssl + +[59-version-negotiation-ssl] +server = 59-version-negotiation-server +client = 59-version-negotiation-client + +[59-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[59-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-59] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[60-version-negotiation] +ssl_conf = 60-version-negotiation-ssl + +[60-version-negotiation-ssl] +server = 60-version-negotiation-server +client = 60-version-negotiation-client + +[60-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[60-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-60] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[61-version-negotiation] +ssl_conf = 61-version-negotiation-ssl + +[61-version-negotiation-ssl] +server = 61-version-negotiation-server +client = 61-version-negotiation-client + +[61-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[61-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-61] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[62-version-negotiation] +ssl_conf = 62-version-negotiation-ssl + +[62-version-negotiation-ssl] +server = 62-version-negotiation-server +client = 62-version-negotiation-client + +[62-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[62-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-62] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[63-version-negotiation] +ssl_conf = 63-version-negotiation-ssl + +[63-version-negotiation-ssl] +server = 63-version-negotiation-server +client = 63-version-negotiation-client + +[63-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[63-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-63] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[64-version-negotiation] +ssl_conf = 64-version-negotiation-ssl + +[64-version-negotiation-ssl] +server = 64-version-negotiation-server +client = 64-version-negotiation-client + +[64-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[64-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-64] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[65-version-negotiation] +ssl_conf = 65-version-negotiation-ssl + +[65-version-negotiation-ssl] +server = 65-version-negotiation-server +client = 65-version-negotiation-client + +[65-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[65-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-65] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[66-version-negotiation] +ssl_conf = 66-version-negotiation-ssl + +[66-version-negotiation-ssl] +server = 66-version-negotiation-server +client = 66-version-negotiation-client + +[66-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[66-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-66] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[67-version-negotiation] +ssl_conf = 67-version-negotiation-ssl + +[67-version-negotiation-ssl] +server = 67-version-negotiation-server +client = 67-version-negotiation-client + +[67-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[67-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-67] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[68-version-negotiation] +ssl_conf = 68-version-negotiation-ssl + +[68-version-negotiation-ssl] +server = 68-version-negotiation-server +client = 68-version-negotiation-client + +[68-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[68-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-68] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[69-version-negotiation] +ssl_conf = 69-version-negotiation-ssl + +[69-version-negotiation-ssl] +server = 69-version-negotiation-server +client = 69-version-negotiation-client + +[69-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[69-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-69] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[70-version-negotiation] +ssl_conf = 70-version-negotiation-ssl + +[70-version-negotiation-ssl] +server = 70-version-negotiation-server +client = 70-version-negotiation-client + +[70-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[70-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-70] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[71-version-negotiation] +ssl_conf = 71-version-negotiation-ssl + +[71-version-negotiation-ssl] +server = 71-version-negotiation-server +client = 71-version-negotiation-client + +[71-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[71-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-71] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[72-version-negotiation] +ssl_conf = 72-version-negotiation-ssl + +[72-version-negotiation-ssl] +server = 72-version-negotiation-server +client = 72-version-negotiation-client + +[72-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[72-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-72] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[73-version-negotiation] +ssl_conf = 73-version-negotiation-ssl + +[73-version-negotiation-ssl] +server = 73-version-negotiation-server +client = 73-version-negotiation-client + +[73-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[73-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-73] +ExpectedResult = ServerFail + + +# =========================================================== + +[74-version-negotiation] +ssl_conf = 74-version-negotiation-ssl + +[74-version-negotiation-ssl] +server = 74-version-negotiation-server +client = 74-version-negotiation-client + +[74-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[74-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-74] +ExpectedResult = ServerFail + + +# =========================================================== + +[75-version-negotiation] +ssl_conf = 75-version-negotiation-ssl + +[75-version-negotiation-ssl] +server = 75-version-negotiation-server +client = 75-version-negotiation-client + +[75-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[75-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-75] +ExpectedResult = ServerFail + + +# =========================================================== + +[76-version-negotiation] +ssl_conf = 76-version-negotiation-ssl + +[76-version-negotiation-ssl] +server = 76-version-negotiation-server +client = 76-version-negotiation-client + +[76-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[76-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-76] +ExpectedResult = ServerFail + + +# =========================================================== + +[77-version-negotiation] +ssl_conf = 77-version-negotiation-ssl + +[77-version-negotiation-ssl] +server = 77-version-negotiation-server +client = 77-version-negotiation-client + +[77-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[77-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-77] +ExpectedResult = ServerFail + + +# =========================================================== + +[78-version-negotiation] +ssl_conf = 78-version-negotiation-ssl + +[78-version-negotiation-ssl] +server = 78-version-negotiation-server +client = 78-version-negotiation-client + +[78-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[78-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-78] +ExpectedResult = ServerFail + + +# =========================================================== + +[79-version-negotiation] +ssl_conf = 79-version-negotiation-ssl + +[79-version-negotiation-ssl] +server = 79-version-negotiation-server +client = 79-version-negotiation-client + +[79-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[79-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-79] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[80-version-negotiation] +ssl_conf = 80-version-negotiation-ssl + +[80-version-negotiation-ssl] +server = 80-version-negotiation-server +client = 80-version-negotiation-client + +[80-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[80-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-80] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[81-version-negotiation] +ssl_conf = 81-version-negotiation-ssl + +[81-version-negotiation-ssl] +server = 81-version-negotiation-server +client = 81-version-negotiation-client + +[81-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[81-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-81] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[82-version-negotiation] +ssl_conf = 82-version-negotiation-ssl + +[82-version-negotiation-ssl] +server = 82-version-negotiation-server +client = 82-version-negotiation-client + +[82-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[82-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-82] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[83-version-negotiation] +ssl_conf = 83-version-negotiation-ssl + +[83-version-negotiation-ssl] +server = 83-version-negotiation-server +client = 83-version-negotiation-client + +[83-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[83-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-83] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[84-version-negotiation] +ssl_conf = 84-version-negotiation-ssl + +[84-version-negotiation-ssl] +server = 84-version-negotiation-server +client = 84-version-negotiation-client + +[84-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[84-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-84] +ExpectedResult = ServerFail + + +# =========================================================== + +[85-version-negotiation] +ssl_conf = 85-version-negotiation-ssl + +[85-version-negotiation-ssl] +server = 85-version-negotiation-server +client = 85-version-negotiation-client + +[85-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[85-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-85] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[86-version-negotiation] +ssl_conf = 86-version-negotiation-ssl + +[86-version-negotiation-ssl] +server = 86-version-negotiation-server +client = 86-version-negotiation-client + +[86-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[86-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-86] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[87-version-negotiation] +ssl_conf = 87-version-negotiation-ssl + +[87-version-negotiation-ssl] +server = 87-version-negotiation-server +client = 87-version-negotiation-client + +[87-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[87-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-87] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[88-version-negotiation] +ssl_conf = 88-version-negotiation-ssl + +[88-version-negotiation-ssl] +server = 88-version-negotiation-server +client = 88-version-negotiation-client + +[88-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[88-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-88] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[89-version-negotiation] +ssl_conf = 89-version-negotiation-ssl + +[89-version-negotiation-ssl] +server = 89-version-negotiation-server +client = 89-version-negotiation-client + +[89-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[89-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-89] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[90-version-negotiation] +ssl_conf = 90-version-negotiation-ssl + +[90-version-negotiation-ssl] +server = 90-version-negotiation-server +client = 90-version-negotiation-client + +[90-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[90-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-90] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[91-version-negotiation] +ssl_conf = 91-version-negotiation-ssl + +[91-version-negotiation-ssl] +server = 91-version-negotiation-server +client = 91-version-negotiation-client + +[91-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[91-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-91] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[92-version-negotiation] +ssl_conf = 92-version-negotiation-ssl + +[92-version-negotiation-ssl] +server = 92-version-negotiation-server +client = 92-version-negotiation-client + +[92-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[92-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-92] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[93-version-negotiation] +ssl_conf = 93-version-negotiation-ssl + +[93-version-negotiation-ssl] +server = 93-version-negotiation-server +client = 93-version-negotiation-client + +[93-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[93-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-93] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[94-version-negotiation] +ssl_conf = 94-version-negotiation-ssl + +[94-version-negotiation-ssl] +server = 94-version-negotiation-server +client = 94-version-negotiation-client + +[94-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[94-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-94] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[95-version-negotiation] +ssl_conf = 95-version-negotiation-ssl + +[95-version-negotiation-ssl] +server = 95-version-negotiation-server +client = 95-version-negotiation-client + +[95-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[95-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-95] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[96-version-negotiation] +ssl_conf = 96-version-negotiation-ssl + +[96-version-negotiation-ssl] +server = 96-version-negotiation-server +client = 96-version-negotiation-client + +[96-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[96-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-96] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[97-version-negotiation] +ssl_conf = 97-version-negotiation-ssl + +[97-version-negotiation-ssl] +server = 97-version-negotiation-server +client = 97-version-negotiation-client + +[97-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[97-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-97] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[98-version-negotiation] +ssl_conf = 98-version-negotiation-ssl + +[98-version-negotiation-ssl] +server = 98-version-negotiation-server +client = 98-version-negotiation-client + +[98-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[98-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-98] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[99-version-negotiation] +ssl_conf = 99-version-negotiation-ssl + +[99-version-negotiation-ssl] +server = 99-version-negotiation-server +client = 99-version-negotiation-client + +[99-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[99-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-99] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[100-version-negotiation] +ssl_conf = 100-version-negotiation-ssl + +[100-version-negotiation-ssl] +server = 100-version-negotiation-server +client = 100-version-negotiation-client + +[100-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[100-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-100] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[101-version-negotiation] +ssl_conf = 101-version-negotiation-ssl + +[101-version-negotiation-ssl] +server = 101-version-negotiation-server +client = 101-version-negotiation-client + +[101-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[101-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-101] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[102-version-negotiation] +ssl_conf = 102-version-negotiation-ssl + +[102-version-negotiation-ssl] +server = 102-version-negotiation-server +client = 102-version-negotiation-client + +[102-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[102-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-102] +ExpectedResult = ServerFail + + +# =========================================================== + +[103-version-negotiation] +ssl_conf = 103-version-negotiation-ssl + +[103-version-negotiation-ssl] +server = 103-version-negotiation-server +client = 103-version-negotiation-client + +[103-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[103-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-103] +ExpectedResult = ServerFail + + +# =========================================================== + +[104-version-negotiation] +ssl_conf = 104-version-negotiation-ssl + +[104-version-negotiation-ssl] +server = 104-version-negotiation-server +client = 104-version-negotiation-client + +[104-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[104-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-104] +ExpectedResult = ServerFail + + +# =========================================================== + +[105-version-negotiation] +ssl_conf = 105-version-negotiation-ssl + +[105-version-negotiation-ssl] +server = 105-version-negotiation-server +client = 105-version-negotiation-client + +[105-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[105-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-105] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[106-version-negotiation] +ssl_conf = 106-version-negotiation-ssl + +[106-version-negotiation-ssl] +server = 106-version-negotiation-server +client = 106-version-negotiation-client + +[106-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[106-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-106] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[107-version-negotiation] +ssl_conf = 107-version-negotiation-ssl + +[107-version-negotiation-ssl] +server = 107-version-negotiation-server +client = 107-version-negotiation-client + +[107-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[107-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-107] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[108-version-negotiation] +ssl_conf = 108-version-negotiation-ssl + +[108-version-negotiation-ssl] +server = 108-version-negotiation-server +client = 108-version-negotiation-client + +[108-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[108-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-108] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[109-version-negotiation] +ssl_conf = 109-version-negotiation-ssl + +[109-version-negotiation-ssl] +server = 109-version-negotiation-server +client = 109-version-negotiation-client + +[109-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[109-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-109] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[110-version-negotiation] +ssl_conf = 110-version-negotiation-ssl + +[110-version-negotiation-ssl] +server = 110-version-negotiation-server +client = 110-version-negotiation-client + +[110-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[110-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-110] +ExpectedResult = ServerFail + + +# =========================================================== + +[111-version-negotiation] +ssl_conf = 111-version-negotiation-ssl + +[111-version-negotiation-ssl] +server = 111-version-negotiation-server +client = 111-version-negotiation-client + +[111-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[111-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-111] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[112-version-negotiation] +ssl_conf = 112-version-negotiation-ssl + +[112-version-negotiation-ssl] +server = 112-version-negotiation-server +client = 112-version-negotiation-client + +[112-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[112-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-112] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[113-version-negotiation] +ssl_conf = 113-version-negotiation-ssl + +[113-version-negotiation-ssl] +server = 113-version-negotiation-server +client = 113-version-negotiation-client + +[113-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[113-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-113] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[114-version-negotiation] +ssl_conf = 114-version-negotiation-ssl + +[114-version-negotiation-ssl] +server = 114-version-negotiation-server +client = 114-version-negotiation-client + +[114-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[114-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-114] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[115-version-negotiation] +ssl_conf = 115-version-negotiation-ssl + +[115-version-negotiation-ssl] +server = 115-version-negotiation-server +client = 115-version-negotiation-client + +[115-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[115-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-115] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[116-version-negotiation] +ssl_conf = 116-version-negotiation-ssl + +[116-version-negotiation-ssl] +server = 116-version-negotiation-server +client = 116-version-negotiation-client + +[116-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[116-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-116] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[117-version-negotiation] +ssl_conf = 117-version-negotiation-ssl + +[117-version-negotiation-ssl] +server = 117-version-negotiation-server +client = 117-version-negotiation-client + +[117-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[117-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-117] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[118-version-negotiation] +ssl_conf = 118-version-negotiation-ssl + +[118-version-negotiation-ssl] +server = 118-version-negotiation-server +client = 118-version-negotiation-client + +[118-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[118-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-118] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[119-version-negotiation] +ssl_conf = 119-version-negotiation-ssl + +[119-version-negotiation-ssl] +server = 119-version-negotiation-server +client = 119-version-negotiation-client + +[119-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[119-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-119] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[120-version-negotiation] +ssl_conf = 120-version-negotiation-ssl + +[120-version-negotiation-ssl] +server = 120-version-negotiation-server +client = 120-version-negotiation-client + +[120-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[120-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-120] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[121-version-negotiation] +ssl_conf = 121-version-negotiation-ssl + +[121-version-negotiation-ssl] +server = 121-version-negotiation-server +client = 121-version-negotiation-client + +[121-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[121-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-121] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[122-version-negotiation] +ssl_conf = 122-version-negotiation-ssl + +[122-version-negotiation-ssl] +server = 122-version-negotiation-server +client = 122-version-negotiation-client + +[122-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[122-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-122] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[123-version-negotiation] +ssl_conf = 123-version-negotiation-ssl + +[123-version-negotiation-ssl] +server = 123-version-negotiation-server +client = 123-version-negotiation-client + +[123-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[123-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-123] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[124-version-negotiation] +ssl_conf = 124-version-negotiation-ssl + +[124-version-negotiation-ssl] +server = 124-version-negotiation-server +client = 124-version-negotiation-client + +[124-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[124-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-124] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[125-version-negotiation] +ssl_conf = 125-version-negotiation-ssl + +[125-version-negotiation-ssl] +server = 125-version-negotiation-server +client = 125-version-negotiation-client + +[125-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[125-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-125] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[126-version-negotiation] +ssl_conf = 126-version-negotiation-ssl + +[126-version-negotiation-ssl] +server = 126-version-negotiation-server +client = 126-version-negotiation-client + +[126-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[126-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-126] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[127-version-negotiation] +ssl_conf = 127-version-negotiation-ssl + +[127-version-negotiation-ssl] +server = 127-version-negotiation-server +client = 127-version-negotiation-client + +[127-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[127-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-127] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[128-version-negotiation] +ssl_conf = 128-version-negotiation-ssl + +[128-version-negotiation-ssl] +server = 128-version-negotiation-server +client = 128-version-negotiation-client + +[128-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[128-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-128] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[129-version-negotiation] +ssl_conf = 129-version-negotiation-ssl + +[129-version-negotiation-ssl] +server = 129-version-negotiation-server +client = 129-version-negotiation-client + +[129-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[129-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-129] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[130-version-negotiation] +ssl_conf = 130-version-negotiation-ssl + +[130-version-negotiation-ssl] +server = 130-version-negotiation-server +client = 130-version-negotiation-client + +[130-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[130-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-130] +ExpectedResult = ServerFail + + +# =========================================================== + +[131-version-negotiation] +ssl_conf = 131-version-negotiation-ssl + +[131-version-negotiation-ssl] +server = 131-version-negotiation-server +client = 131-version-negotiation-client + +[131-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[131-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-131] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[132-version-negotiation] +ssl_conf = 132-version-negotiation-ssl + +[132-version-negotiation-ssl] +server = 132-version-negotiation-server +client = 132-version-negotiation-client + +[132-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[132-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-132] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[133-version-negotiation] +ssl_conf = 133-version-negotiation-ssl + +[133-version-negotiation-ssl] +server = 133-version-negotiation-server +client = 133-version-negotiation-client + +[133-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[133-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-133] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[134-version-negotiation] +ssl_conf = 134-version-negotiation-ssl + +[134-version-negotiation-ssl] +server = 134-version-negotiation-server +client = 134-version-negotiation-client + +[134-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[134-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-134] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[135-version-negotiation] +ssl_conf = 135-version-negotiation-ssl + +[135-version-negotiation-ssl] +server = 135-version-negotiation-server +client = 135-version-negotiation-client + +[135-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[135-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-135] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[136-version-negotiation] +ssl_conf = 136-version-negotiation-ssl + +[136-version-negotiation-ssl] +server = 136-version-negotiation-server +client = 136-version-negotiation-client + +[136-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[136-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-136] +ExpectedResult = ServerFail + + +# =========================================================== + +[137-version-negotiation] +ssl_conf = 137-version-negotiation-ssl + +[137-version-negotiation-ssl] +server = 137-version-negotiation-server +client = 137-version-negotiation-client + +[137-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[137-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-137] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[138-version-negotiation] +ssl_conf = 138-version-negotiation-ssl + +[138-version-negotiation-ssl] +server = 138-version-negotiation-server +client = 138-version-negotiation-client + +[138-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[138-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-138] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[139-version-negotiation] +ssl_conf = 139-version-negotiation-ssl + +[139-version-negotiation-ssl] +server = 139-version-negotiation-server +client = 139-version-negotiation-client + +[139-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[139-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-139] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[140-version-negotiation] +ssl_conf = 140-version-negotiation-ssl + +[140-version-negotiation-ssl] +server = 140-version-negotiation-server +client = 140-version-negotiation-client + +[140-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[140-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-140] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[141-version-negotiation] +ssl_conf = 141-version-negotiation-ssl + +[141-version-negotiation-ssl] +server = 141-version-negotiation-server +client = 141-version-negotiation-client + +[141-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[141-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-141] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[142-version-negotiation] +ssl_conf = 142-version-negotiation-ssl + +[142-version-negotiation-ssl] +server = 142-version-negotiation-server +client = 142-version-negotiation-client + +[142-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[142-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-142] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[143-version-negotiation] +ssl_conf = 143-version-negotiation-ssl + +[143-version-negotiation-ssl] +server = 143-version-negotiation-server +client = 143-version-negotiation-client + +[143-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[143-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-143] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[144-version-negotiation] +ssl_conf = 144-version-negotiation-ssl + +[144-version-negotiation-ssl] +server = 144-version-negotiation-server +client = 144-version-negotiation-client + +[144-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[144-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-144] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[145-version-negotiation] +ssl_conf = 145-version-negotiation-ssl + +[145-version-negotiation-ssl] +server = 145-version-negotiation-server +client = 145-version-negotiation-client + +[145-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[145-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-145] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[146-version-negotiation] +ssl_conf = 146-version-negotiation-ssl + +[146-version-negotiation-ssl] +server = 146-version-negotiation-server +client = 146-version-negotiation-client + +[146-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[146-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-146] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[147-version-negotiation] +ssl_conf = 147-version-negotiation-ssl + +[147-version-negotiation-ssl] +server = 147-version-negotiation-server +client = 147-version-negotiation-client + +[147-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[147-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-147] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[148-version-negotiation] +ssl_conf = 148-version-negotiation-ssl + +[148-version-negotiation-ssl] +server = 148-version-negotiation-server +client = 148-version-negotiation-client + +[148-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[148-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-148] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[149-version-negotiation] +ssl_conf = 149-version-negotiation-ssl + +[149-version-negotiation-ssl] +server = 149-version-negotiation-server +client = 149-version-negotiation-client + +[149-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[149-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-149] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[150-version-negotiation] +ssl_conf = 150-version-negotiation-ssl + +[150-version-negotiation-ssl] +server = 150-version-negotiation-server +client = 150-version-negotiation-client + +[150-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[150-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-150] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[151-version-negotiation] +ssl_conf = 151-version-negotiation-ssl + +[151-version-negotiation-ssl] +server = 151-version-negotiation-server +client = 151-version-negotiation-client + +[151-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[151-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-151] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[152-version-negotiation] +ssl_conf = 152-version-negotiation-ssl + +[152-version-negotiation-ssl] +server = 152-version-negotiation-server +client = 152-version-negotiation-client + +[152-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[152-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-152] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[153-version-negotiation] +ssl_conf = 153-version-negotiation-ssl + +[153-version-negotiation-ssl] +server = 153-version-negotiation-server +client = 153-version-negotiation-client + +[153-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[153-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-153] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[154-version-negotiation] +ssl_conf = 154-version-negotiation-ssl + +[154-version-negotiation-ssl] +server = 154-version-negotiation-server +client = 154-version-negotiation-client + +[154-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[154-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-154] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[155-version-negotiation] +ssl_conf = 155-version-negotiation-ssl + +[155-version-negotiation-ssl] +server = 155-version-negotiation-server +client = 155-version-negotiation-client + +[155-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[155-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-155] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[156-version-negotiation] +ssl_conf = 156-version-negotiation-ssl + +[156-version-negotiation-ssl] +server = 156-version-negotiation-server +client = 156-version-negotiation-client + +[156-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[156-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-156] +ExpectedResult = ClientFail + + +# =========================================================== + +[157-version-negotiation] +ssl_conf = 157-version-negotiation-ssl + +[157-version-negotiation-ssl] +server = 157-version-negotiation-server +client = 157-version-negotiation-client + +[157-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[157-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-157] +ExpectedResult = ClientFail + + +# =========================================================== + +[158-version-negotiation] +ssl_conf = 158-version-negotiation-ssl + +[158-version-negotiation-ssl] +server = 158-version-negotiation-server +client = 158-version-negotiation-client + +[158-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[158-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-158] +ExpectedResult = ClientFail + + +# =========================================================== + +[159-version-negotiation] +ssl_conf = 159-version-negotiation-ssl + +[159-version-negotiation-ssl] +server = 159-version-negotiation-server +client = 159-version-negotiation-client + +[159-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[159-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-159] +ExpectedResult = ClientFail + + +# =========================================================== + +[160-version-negotiation] +ssl_conf = 160-version-negotiation-ssl + +[160-version-negotiation-ssl] +server = 160-version-negotiation-server +client = 160-version-negotiation-client + +[160-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[160-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-160] +ExpectedResult = ClientFail + + +# =========================================================== + +[161-version-negotiation] +ssl_conf = 161-version-negotiation-ssl + +[161-version-negotiation-ssl] +server = 161-version-negotiation-server +client = 161-version-negotiation-client + +[161-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[161-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-161] +ExpectedResult = ClientFail + + +# =========================================================== + +[162-version-negotiation] +ssl_conf = 162-version-negotiation-ssl + +[162-version-negotiation-ssl] +server = 162-version-negotiation-server +client = 162-version-negotiation-client + +[162-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[162-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-162] +ExpectedResult = ClientFail + + +# =========================================================== + +[163-version-negotiation] +ssl_conf = 163-version-negotiation-ssl + +[163-version-negotiation-ssl] +server = 163-version-negotiation-server +client = 163-version-negotiation-client + +[163-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[163-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-163] +ExpectedResult = ClientFail + + +# =========================================================== + +[164-version-negotiation] +ssl_conf = 164-version-negotiation-ssl + +[164-version-negotiation-ssl] +server = 164-version-negotiation-server +client = 164-version-negotiation-client + +[164-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[164-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-164] +ExpectedResult = ClientFail + + +# =========================================================== + +[165-version-negotiation] +ssl_conf = 165-version-negotiation-ssl + +[165-version-negotiation-ssl] +server = 165-version-negotiation-server +client = 165-version-negotiation-client + +[165-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[165-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-165] +ExpectedResult = ClientFail + + +# =========================================================== + +[166-version-negotiation] +ssl_conf = 166-version-negotiation-ssl + +[166-version-negotiation-ssl] +server = 166-version-negotiation-server +client = 166-version-negotiation-client + +[166-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[166-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-166] +ExpectedResult = ClientFail + + +# =========================================================== + +[167-version-negotiation] +ssl_conf = 167-version-negotiation-ssl + +[167-version-negotiation-ssl] +server = 167-version-negotiation-server +client = 167-version-negotiation-client + +[167-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[167-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-167] +ExpectedResult = ClientFail + + +# =========================================================== + +[168-version-negotiation] +ssl_conf = 168-version-negotiation-ssl + +[168-version-negotiation-ssl] +server = 168-version-negotiation-server +client = 168-version-negotiation-client + +[168-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[168-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-168] +ExpectedResult = ClientFail + + +# =========================================================== + +[169-version-negotiation] +ssl_conf = 169-version-negotiation-ssl + +[169-version-negotiation-ssl] +server = 169-version-negotiation-server +client = 169-version-negotiation-client + +[169-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[169-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-169] +ExpectedResult = ClientFail + + +# =========================================================== + +[170-version-negotiation] +ssl_conf = 170-version-negotiation-ssl + +[170-version-negotiation-ssl] +server = 170-version-negotiation-server +client = 170-version-negotiation-client + +[170-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[170-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-170] +ExpectedResult = ClientFail + + +# =========================================================== + +[171-version-negotiation] +ssl_conf = 171-version-negotiation-ssl + +[171-version-negotiation-ssl] +server = 171-version-negotiation-server +client = 171-version-negotiation-client + +[171-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[171-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-171] +ExpectedResult = ClientFail + + +# =========================================================== + +[172-version-negotiation] +ssl_conf = 172-version-negotiation-ssl + +[172-version-negotiation-ssl] +server = 172-version-negotiation-server +client = 172-version-negotiation-client + +[172-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[172-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-172] +ExpectedResult = ClientFail + + +# =========================================================== + +[173-version-negotiation] +ssl_conf = 173-version-negotiation-ssl + +[173-version-negotiation-ssl] +server = 173-version-negotiation-server +client = 173-version-negotiation-client + +[173-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[173-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-173] +ExpectedResult = ClientFail + + +# =========================================================== + +[174-version-negotiation] +ssl_conf = 174-version-negotiation-ssl + +[174-version-negotiation-ssl] +server = 174-version-negotiation-server +client = 174-version-negotiation-client + +[174-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[174-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-174] +ExpectedResult = ClientFail + + +# =========================================================== + +[175-version-negotiation] +ssl_conf = 175-version-negotiation-ssl + +[175-version-negotiation-ssl] +server = 175-version-negotiation-server +client = 175-version-negotiation-client + +[175-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[175-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-175] +ExpectedResult = ClientFail + + +# =========================================================== + +[176-version-negotiation] +ssl_conf = 176-version-negotiation-ssl + +[176-version-negotiation-ssl] +server = 176-version-negotiation-server +client = 176-version-negotiation-client + +[176-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[176-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-176] +ExpectedResult = ClientFail + + +# =========================================================== + +[177-version-negotiation] +ssl_conf = 177-version-negotiation-ssl + +[177-version-negotiation-ssl] +server = 177-version-negotiation-server +client = 177-version-negotiation-client + +[177-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[177-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-177] +ExpectedResult = ClientFail + + +# =========================================================== + +[178-version-negotiation] +ssl_conf = 178-version-negotiation-ssl + +[178-version-negotiation-ssl] +server = 178-version-negotiation-server +client = 178-version-negotiation-client + +[178-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[178-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-178] +ExpectedResult = ClientFail + + +# =========================================================== + +[179-version-negotiation] +ssl_conf = 179-version-negotiation-ssl + +[179-version-negotiation-ssl] +server = 179-version-negotiation-server +client = 179-version-negotiation-client + +[179-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[179-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-179] +ExpectedResult = ClientFail + + +# =========================================================== + +[180-version-negotiation] +ssl_conf = 180-version-negotiation-ssl + +[180-version-negotiation-ssl] +server = 180-version-negotiation-server +client = 180-version-negotiation-client + +[180-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[180-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-180] +ExpectedResult = ClientFail + + +# =========================================================== + +[181-version-negotiation] +ssl_conf = 181-version-negotiation-ssl + +[181-version-negotiation-ssl] +server = 181-version-negotiation-server +client = 181-version-negotiation-client + +[181-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[181-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-181] +ExpectedResult = ClientFail + + +# =========================================================== + +[182-version-negotiation] +ssl_conf = 182-version-negotiation-ssl + +[182-version-negotiation-ssl] +server = 182-version-negotiation-server +client = 182-version-negotiation-client + +[182-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[182-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-182] +ExpectedResult = ServerFail + + +# =========================================================== + +[183-version-negotiation] +ssl_conf = 183-version-negotiation-ssl + +[183-version-negotiation-ssl] +server = 183-version-negotiation-server +client = 183-version-negotiation-client + +[183-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[183-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-183] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[184-version-negotiation] +ssl_conf = 184-version-negotiation-ssl + +[184-version-negotiation-ssl] +server = 184-version-negotiation-server +client = 184-version-negotiation-client + +[184-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[184-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-184] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[185-version-negotiation] +ssl_conf = 185-version-negotiation-ssl + +[185-version-negotiation-ssl] +server = 185-version-negotiation-server +client = 185-version-negotiation-client + +[185-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[185-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-185] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[186-version-negotiation] +ssl_conf = 186-version-negotiation-ssl + +[186-version-negotiation-ssl] +server = 186-version-negotiation-server +client = 186-version-negotiation-client + +[186-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[186-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-186] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[187-version-negotiation] +ssl_conf = 187-version-negotiation-ssl + +[187-version-negotiation-ssl] +server = 187-version-negotiation-server +client = 187-version-negotiation-client + +[187-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[187-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-187] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[188-version-negotiation] +ssl_conf = 188-version-negotiation-ssl + +[188-version-negotiation-ssl] +server = 188-version-negotiation-server +client = 188-version-negotiation-client + +[188-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[188-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-188] +ExpectedResult = ServerFail + + +# =========================================================== + +[189-version-negotiation] +ssl_conf = 189-version-negotiation-ssl + +[189-version-negotiation-ssl] +server = 189-version-negotiation-server +client = 189-version-negotiation-client + +[189-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[189-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-189] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[190-version-negotiation] +ssl_conf = 190-version-negotiation-ssl + +[190-version-negotiation-ssl] +server = 190-version-negotiation-server +client = 190-version-negotiation-client + +[190-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[190-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-190] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[191-version-negotiation] +ssl_conf = 191-version-negotiation-ssl + +[191-version-negotiation-ssl] +server = 191-version-negotiation-server +client = 191-version-negotiation-client + +[191-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[191-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-191] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[192-version-negotiation] +ssl_conf = 192-version-negotiation-ssl + +[192-version-negotiation-ssl] +server = 192-version-negotiation-server +client = 192-version-negotiation-client + +[192-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[192-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-192] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[193-version-negotiation] +ssl_conf = 193-version-negotiation-ssl + +[193-version-negotiation-ssl] +server = 193-version-negotiation-server +client = 193-version-negotiation-client + +[193-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[193-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-193] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[194-version-negotiation] +ssl_conf = 194-version-negotiation-ssl + +[194-version-negotiation-ssl] +server = 194-version-negotiation-server +client = 194-version-negotiation-client + +[194-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[194-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-194] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[195-version-negotiation] +ssl_conf = 195-version-negotiation-ssl + +[195-version-negotiation-ssl] +server = 195-version-negotiation-server +client = 195-version-negotiation-client + +[195-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[195-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-195] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[196-version-negotiation] +ssl_conf = 196-version-negotiation-ssl + +[196-version-negotiation-ssl] +server = 196-version-negotiation-server +client = 196-version-negotiation-client + +[196-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[196-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-196] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[197-version-negotiation] +ssl_conf = 197-version-negotiation-ssl + +[197-version-negotiation-ssl] +server = 197-version-negotiation-server +client = 197-version-negotiation-client + +[197-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[197-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-197] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[198-version-negotiation] +ssl_conf = 198-version-negotiation-ssl + +[198-version-negotiation-ssl] +server = 198-version-negotiation-server +client = 198-version-negotiation-client + +[198-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[198-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-198] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[199-version-negotiation] +ssl_conf = 199-version-negotiation-ssl + +[199-version-negotiation-ssl] +server = 199-version-negotiation-server +client = 199-version-negotiation-client + +[199-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[199-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-199] +ExpectedResult = ServerFail + + +# =========================================================== + +[200-version-negotiation] +ssl_conf = 200-version-negotiation-ssl + +[200-version-negotiation-ssl] +server = 200-version-negotiation-server +client = 200-version-negotiation-client + +[200-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[200-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-200] +ExpectedResult = ServerFail + + +# =========================================================== + +[201-version-negotiation] +ssl_conf = 201-version-negotiation-ssl + +[201-version-negotiation-ssl] +server = 201-version-negotiation-server +client = 201-version-negotiation-client + +[201-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[201-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-201] +ExpectedResult = ServerFail + + +# =========================================================== + +[202-version-negotiation] +ssl_conf = 202-version-negotiation-ssl + +[202-version-negotiation-ssl] +server = 202-version-negotiation-server +client = 202-version-negotiation-client + +[202-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[202-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-202] +ExpectedResult = ServerFail + + +# =========================================================== + +[203-version-negotiation] +ssl_conf = 203-version-negotiation-ssl + +[203-version-negotiation-ssl] +server = 203-version-negotiation-server +client = 203-version-negotiation-client + +[203-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[203-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-203] +ExpectedResult = ServerFail + + +# =========================================================== + +[204-version-negotiation] +ssl_conf = 204-version-negotiation-ssl + +[204-version-negotiation-ssl] +server = 204-version-negotiation-server +client = 204-version-negotiation-client + +[204-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[204-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-204] +ExpectedResult = ServerFail + + +# =========================================================== + +[205-version-negotiation] +ssl_conf = 205-version-negotiation-ssl + +[205-version-negotiation-ssl] +server = 205-version-negotiation-server +client = 205-version-negotiation-client + +[205-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[205-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-205] +ExpectedResult = ServerFail + + +# =========================================================== + +[206-version-negotiation] +ssl_conf = 206-version-negotiation-ssl + +[206-version-negotiation-ssl] +server = 206-version-negotiation-server +client = 206-version-negotiation-client + +[206-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[206-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-206] +ExpectedResult = ServerFail + + +# =========================================================== + +[207-version-negotiation] +ssl_conf = 207-version-negotiation-ssl + +[207-version-negotiation-ssl] +server = 207-version-negotiation-server +client = 207-version-negotiation-client + +[207-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[207-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-207] +ExpectedResult = ServerFail + + +# =========================================================== + +[208-version-negotiation] +ssl_conf = 208-version-negotiation-ssl + +[208-version-negotiation-ssl] +server = 208-version-negotiation-server +client = 208-version-negotiation-client + +[208-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[208-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-208] +ExpectedResult = ServerFail + + +# =========================================================== + +[209-version-negotiation] +ssl_conf = 209-version-negotiation-ssl + +[209-version-negotiation-ssl] +server = 209-version-negotiation-server +client = 209-version-negotiation-client + +[209-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[209-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-209] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[210-version-negotiation] +ssl_conf = 210-version-negotiation-ssl + +[210-version-negotiation-ssl] +server = 210-version-negotiation-server +client = 210-version-negotiation-client + +[210-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[210-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-210] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[211-version-negotiation] +ssl_conf = 211-version-negotiation-ssl + +[211-version-negotiation-ssl] +server = 211-version-negotiation-server +client = 211-version-negotiation-client + +[211-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[211-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-211] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[212-version-negotiation] +ssl_conf = 212-version-negotiation-ssl + +[212-version-negotiation-ssl] +server = 212-version-negotiation-server +client = 212-version-negotiation-client + +[212-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[212-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-212] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[213-version-negotiation] +ssl_conf = 213-version-negotiation-ssl + +[213-version-negotiation-ssl] +server = 213-version-negotiation-server +client = 213-version-negotiation-client + +[213-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[213-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-213] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[214-version-negotiation] +ssl_conf = 214-version-negotiation-ssl + +[214-version-negotiation-ssl] +server = 214-version-negotiation-server +client = 214-version-negotiation-client + +[214-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[214-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-214] +ExpectedResult = ServerFail + + +# =========================================================== + +[215-version-negotiation] +ssl_conf = 215-version-negotiation-ssl + +[215-version-negotiation-ssl] +server = 215-version-negotiation-server +client = 215-version-negotiation-client + +[215-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[215-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-215] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[216-version-negotiation] +ssl_conf = 216-version-negotiation-ssl + +[216-version-negotiation-ssl] +server = 216-version-negotiation-server +client = 216-version-negotiation-client + +[216-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[216-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-216] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[217-version-negotiation] +ssl_conf = 217-version-negotiation-ssl + +[217-version-negotiation-ssl] +server = 217-version-negotiation-server +client = 217-version-negotiation-client + +[217-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[217-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-217] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[218-version-negotiation] +ssl_conf = 218-version-negotiation-ssl + +[218-version-negotiation-ssl] +server = 218-version-negotiation-server +client = 218-version-negotiation-client + +[218-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[218-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-218] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[219-version-negotiation] +ssl_conf = 219-version-negotiation-ssl + +[219-version-negotiation-ssl] +server = 219-version-negotiation-server +client = 219-version-negotiation-client + +[219-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[219-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-219] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[220-version-negotiation] +ssl_conf = 220-version-negotiation-ssl + +[220-version-negotiation-ssl] +server = 220-version-negotiation-server +client = 220-version-negotiation-client + +[220-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[220-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-220] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[221-version-negotiation] +ssl_conf = 221-version-negotiation-ssl + +[221-version-negotiation-ssl] +server = 221-version-negotiation-server +client = 221-version-negotiation-client + +[221-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[221-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-221] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[222-version-negotiation] +ssl_conf = 222-version-negotiation-ssl + +[222-version-negotiation-ssl] +server = 222-version-negotiation-server +client = 222-version-negotiation-client + +[222-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[222-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-222] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[223-version-negotiation] +ssl_conf = 223-version-negotiation-ssl + +[223-version-negotiation-ssl] +server = 223-version-negotiation-server +client = 223-version-negotiation-client + +[223-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[223-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-223] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[224-version-negotiation] +ssl_conf = 224-version-negotiation-ssl + +[224-version-negotiation-ssl] +server = 224-version-negotiation-server +client = 224-version-negotiation-client + +[224-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[224-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-224] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[225-version-negotiation] +ssl_conf = 225-version-negotiation-ssl + +[225-version-negotiation-ssl] +server = 225-version-negotiation-server +client = 225-version-negotiation-client + +[225-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[225-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-225] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[226-version-negotiation] +ssl_conf = 226-version-negotiation-ssl + +[226-version-negotiation-ssl] +server = 226-version-negotiation-server +client = 226-version-negotiation-client + +[226-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[226-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-226] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[227-version-negotiation] +ssl_conf = 227-version-negotiation-ssl + +[227-version-negotiation-ssl] +server = 227-version-negotiation-server +client = 227-version-negotiation-client + +[227-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[227-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-227] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[228-version-negotiation] +ssl_conf = 228-version-negotiation-ssl + +[228-version-negotiation-ssl] +server = 228-version-negotiation-server +client = 228-version-negotiation-client + +[228-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[228-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-228] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[229-version-negotiation] +ssl_conf = 229-version-negotiation-ssl + +[229-version-negotiation-ssl] +server = 229-version-negotiation-server +client = 229-version-negotiation-client + +[229-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[229-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-229] +ExpectedResult = ServerFail + + +# =========================================================== + +[230-version-negotiation] +ssl_conf = 230-version-negotiation-ssl + +[230-version-negotiation-ssl] +server = 230-version-negotiation-server +client = 230-version-negotiation-client + +[230-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[230-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-230] +ExpectedResult = ServerFail + + +# =========================================================== + +[231-version-negotiation] +ssl_conf = 231-version-negotiation-ssl + +[231-version-negotiation-ssl] +server = 231-version-negotiation-server +client = 231-version-negotiation-client + +[231-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[231-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-231] +ExpectedResult = ServerFail + + +# =========================================================== + +[232-version-negotiation] +ssl_conf = 232-version-negotiation-ssl + +[232-version-negotiation-ssl] +server = 232-version-negotiation-server +client = 232-version-negotiation-client + +[232-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[232-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-232] +ExpectedResult = ServerFail + + +# =========================================================== + +[233-version-negotiation] +ssl_conf = 233-version-negotiation-ssl + +[233-version-negotiation-ssl] +server = 233-version-negotiation-server +client = 233-version-negotiation-client + +[233-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[233-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-233] +ExpectedResult = ServerFail + + +# =========================================================== + +[234-version-negotiation] +ssl_conf = 234-version-negotiation-ssl + +[234-version-negotiation-ssl] +server = 234-version-negotiation-server +client = 234-version-negotiation-client + +[234-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[234-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-234] +ExpectedResult = ServerFail + + +# =========================================================== + +[235-version-negotiation] +ssl_conf = 235-version-negotiation-ssl + +[235-version-negotiation-ssl] +server = 235-version-negotiation-server +client = 235-version-negotiation-client + +[235-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[235-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-235] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[236-version-negotiation] +ssl_conf = 236-version-negotiation-ssl + +[236-version-negotiation-ssl] +server = 236-version-negotiation-server +client = 236-version-negotiation-client + +[236-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[236-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-236] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[237-version-negotiation] +ssl_conf = 237-version-negotiation-ssl + +[237-version-negotiation-ssl] +server = 237-version-negotiation-server +client = 237-version-negotiation-client + +[237-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[237-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-237] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[238-version-negotiation] +ssl_conf = 238-version-negotiation-ssl + +[238-version-negotiation-ssl] +server = 238-version-negotiation-server +client = 238-version-negotiation-client + +[238-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[238-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-238] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[239-version-negotiation] +ssl_conf = 239-version-negotiation-ssl + +[239-version-negotiation-ssl] +server = 239-version-negotiation-server +client = 239-version-negotiation-client + +[239-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[239-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-239] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[240-version-negotiation] +ssl_conf = 240-version-negotiation-ssl + +[240-version-negotiation-ssl] +server = 240-version-negotiation-server +client = 240-version-negotiation-client + +[240-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[240-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-240] +ExpectedResult = ServerFail + + +# =========================================================== + +[241-version-negotiation] +ssl_conf = 241-version-negotiation-ssl + +[241-version-negotiation-ssl] +server = 241-version-negotiation-server +client = 241-version-negotiation-client + +[241-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[241-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-241] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[242-version-negotiation] +ssl_conf = 242-version-negotiation-ssl + +[242-version-negotiation-ssl] +server = 242-version-negotiation-server +client = 242-version-negotiation-client + +[242-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[242-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-242] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[243-version-negotiation] +ssl_conf = 243-version-negotiation-ssl + +[243-version-negotiation-ssl] +server = 243-version-negotiation-server +client = 243-version-negotiation-client + +[243-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[243-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-243] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[244-version-negotiation] +ssl_conf = 244-version-negotiation-ssl + +[244-version-negotiation-ssl] +server = 244-version-negotiation-server +client = 244-version-negotiation-client + +[244-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[244-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-244] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[245-version-negotiation] +ssl_conf = 245-version-negotiation-ssl + +[245-version-negotiation-ssl] +server = 245-version-negotiation-server +client = 245-version-negotiation-client + +[245-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[245-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-245] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[246-version-negotiation] +ssl_conf = 246-version-negotiation-ssl + +[246-version-negotiation-ssl] +server = 246-version-negotiation-server +client = 246-version-negotiation-client + +[246-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[246-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-246] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[247-version-negotiation] +ssl_conf = 247-version-negotiation-ssl + +[247-version-negotiation-ssl] +server = 247-version-negotiation-server +client = 247-version-negotiation-client + +[247-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[247-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-247] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[248-version-negotiation] +ssl_conf = 248-version-negotiation-ssl + +[248-version-negotiation-ssl] +server = 248-version-negotiation-server +client = 248-version-negotiation-client + +[248-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[248-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-248] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[249-version-negotiation] +ssl_conf = 249-version-negotiation-ssl + +[249-version-negotiation-ssl] +server = 249-version-negotiation-server +client = 249-version-negotiation-client + +[249-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[249-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-249] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[250-version-negotiation] +ssl_conf = 250-version-negotiation-ssl + +[250-version-negotiation-ssl] +server = 250-version-negotiation-server +client = 250-version-negotiation-client + +[250-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[250-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-250] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[251-version-negotiation] +ssl_conf = 251-version-negotiation-ssl + +[251-version-negotiation-ssl] +server = 251-version-negotiation-server +client = 251-version-negotiation-client + +[251-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[251-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-251] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[252-version-negotiation] +ssl_conf = 252-version-negotiation-ssl + +[252-version-negotiation-ssl] +server = 252-version-negotiation-server +client = 252-version-negotiation-client + +[252-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[252-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-252] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[253-version-negotiation] +ssl_conf = 253-version-negotiation-ssl + +[253-version-negotiation-ssl] +server = 253-version-negotiation-server +client = 253-version-negotiation-client + +[253-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[253-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-253] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[254-version-negotiation] +ssl_conf = 254-version-negotiation-ssl + +[254-version-negotiation-ssl] +server = 254-version-negotiation-server +client = 254-version-negotiation-client + +[254-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[254-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-254] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[255-version-negotiation] +ssl_conf = 255-version-negotiation-ssl + +[255-version-negotiation-ssl] +server = 255-version-negotiation-server +client = 255-version-negotiation-client + +[255-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[255-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-255] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[256-version-negotiation] +ssl_conf = 256-version-negotiation-ssl + +[256-version-negotiation-ssl] +server = 256-version-negotiation-server +client = 256-version-negotiation-client + +[256-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[256-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-256] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[257-version-negotiation] +ssl_conf = 257-version-negotiation-ssl + +[257-version-negotiation-ssl] +server = 257-version-negotiation-server +client = 257-version-negotiation-client + +[257-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[257-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-257] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[258-version-negotiation] +ssl_conf = 258-version-negotiation-ssl + +[258-version-negotiation-ssl] +server = 258-version-negotiation-server +client = 258-version-negotiation-client + +[258-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[258-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-258] +ExpectedResult = ServerFail + + +# =========================================================== + +[259-version-negotiation] +ssl_conf = 259-version-negotiation-ssl + +[259-version-negotiation-ssl] +server = 259-version-negotiation-server +client = 259-version-negotiation-client + +[259-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[259-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-259] +ExpectedResult = ServerFail + + +# =========================================================== + +[260-version-negotiation] +ssl_conf = 260-version-negotiation-ssl + +[260-version-negotiation-ssl] +server = 260-version-negotiation-server +client = 260-version-negotiation-client + +[260-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[260-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-260] +ExpectedResult = ServerFail + + +# =========================================================== + +[261-version-negotiation] +ssl_conf = 261-version-negotiation-ssl + +[261-version-negotiation-ssl] +server = 261-version-negotiation-server +client = 261-version-negotiation-client + +[261-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[261-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-261] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[262-version-negotiation] +ssl_conf = 262-version-negotiation-ssl + +[262-version-negotiation-ssl] +server = 262-version-negotiation-server +client = 262-version-negotiation-client + +[262-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[262-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-262] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[263-version-negotiation] +ssl_conf = 263-version-negotiation-ssl + +[263-version-negotiation-ssl] +server = 263-version-negotiation-server +client = 263-version-negotiation-client + +[263-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[263-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-263] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[264-version-negotiation] +ssl_conf = 264-version-negotiation-ssl + +[264-version-negotiation-ssl] +server = 264-version-negotiation-server +client = 264-version-negotiation-client + +[264-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[264-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-264] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[265-version-negotiation] +ssl_conf = 265-version-negotiation-ssl + +[265-version-negotiation-ssl] +server = 265-version-negotiation-server +client = 265-version-negotiation-client + +[265-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[265-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-265] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[266-version-negotiation] +ssl_conf = 266-version-negotiation-ssl + +[266-version-negotiation-ssl] +server = 266-version-negotiation-server +client = 266-version-negotiation-client + +[266-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[266-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-266] +ExpectedResult = ServerFail + + +# =========================================================== + +[267-version-negotiation] +ssl_conf = 267-version-negotiation-ssl + +[267-version-negotiation-ssl] +server = 267-version-negotiation-server +client = 267-version-negotiation-client + +[267-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[267-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-267] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[268-version-negotiation] +ssl_conf = 268-version-negotiation-ssl + +[268-version-negotiation-ssl] +server = 268-version-negotiation-server +client = 268-version-negotiation-client + +[268-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[268-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-268] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[269-version-negotiation] +ssl_conf = 269-version-negotiation-ssl + +[269-version-negotiation-ssl] +server = 269-version-negotiation-server +client = 269-version-negotiation-client + +[269-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[269-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-269] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[270-version-negotiation] +ssl_conf = 270-version-negotiation-ssl + +[270-version-negotiation-ssl] +server = 270-version-negotiation-server +client = 270-version-negotiation-client + +[270-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[270-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-270] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[271-version-negotiation] +ssl_conf = 271-version-negotiation-ssl + +[271-version-negotiation-ssl] +server = 271-version-negotiation-server +client = 271-version-negotiation-client + +[271-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[271-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-271] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[272-version-negotiation] +ssl_conf = 272-version-negotiation-ssl + +[272-version-negotiation-ssl] +server = 272-version-negotiation-server +client = 272-version-negotiation-client + +[272-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[272-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-272] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[273-version-negotiation] +ssl_conf = 273-version-negotiation-ssl + +[273-version-negotiation-ssl] +server = 273-version-negotiation-server +client = 273-version-negotiation-client + +[273-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[273-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-273] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[274-version-negotiation] +ssl_conf = 274-version-negotiation-ssl + +[274-version-negotiation-ssl] +server = 274-version-negotiation-server +client = 274-version-negotiation-client + +[274-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[274-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-274] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[275-version-negotiation] +ssl_conf = 275-version-negotiation-ssl + +[275-version-negotiation-ssl] +server = 275-version-negotiation-server +client = 275-version-negotiation-client + +[275-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[275-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-275] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[276-version-negotiation] +ssl_conf = 276-version-negotiation-ssl + +[276-version-negotiation-ssl] +server = 276-version-negotiation-server +client = 276-version-negotiation-client + +[276-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[276-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-276] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[277-version-negotiation] +ssl_conf = 277-version-negotiation-ssl + +[277-version-negotiation-ssl] +server = 277-version-negotiation-server +client = 277-version-negotiation-client + +[277-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[277-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-277] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[278-version-negotiation] +ssl_conf = 278-version-negotiation-ssl + +[278-version-negotiation-ssl] +server = 278-version-negotiation-server +client = 278-version-negotiation-client + +[278-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[278-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-278] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[279-version-negotiation] +ssl_conf = 279-version-negotiation-ssl + +[279-version-negotiation-ssl] +server = 279-version-negotiation-server +client = 279-version-negotiation-client + +[279-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[279-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-279] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[280-version-negotiation] +ssl_conf = 280-version-negotiation-ssl + +[280-version-negotiation-ssl] +server = 280-version-negotiation-server +client = 280-version-negotiation-client + +[280-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[280-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-280] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[281-version-negotiation] +ssl_conf = 281-version-negotiation-ssl + +[281-version-negotiation-ssl] +server = 281-version-negotiation-server +client = 281-version-negotiation-client + +[281-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[281-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-281] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[282-version-negotiation] +ssl_conf = 282-version-negotiation-ssl + +[282-version-negotiation-ssl] +server = 282-version-negotiation-server +client = 282-version-negotiation-client + +[282-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[282-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-282] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[283-version-negotiation] +ssl_conf = 283-version-negotiation-ssl + +[283-version-negotiation-ssl] +server = 283-version-negotiation-server +client = 283-version-negotiation-client + +[283-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[283-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-283] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[284-version-negotiation] +ssl_conf = 284-version-negotiation-ssl + +[284-version-negotiation-ssl] +server = 284-version-negotiation-server +client = 284-version-negotiation-client + +[284-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[284-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-284] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[285-version-negotiation] +ssl_conf = 285-version-negotiation-ssl + +[285-version-negotiation-ssl] +server = 285-version-negotiation-server +client = 285-version-negotiation-client + +[285-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[285-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-285] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[286-version-negotiation] +ssl_conf = 286-version-negotiation-ssl + +[286-version-negotiation-ssl] +server = 286-version-negotiation-server +client = 286-version-negotiation-client + +[286-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[286-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-286] +ExpectedResult = ServerFail + + +# =========================================================== + +[287-version-negotiation] +ssl_conf = 287-version-negotiation-ssl + +[287-version-negotiation-ssl] +server = 287-version-negotiation-server +client = 287-version-negotiation-client + +[287-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[287-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-287] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[288-version-negotiation] +ssl_conf = 288-version-negotiation-ssl + +[288-version-negotiation-ssl] +server = 288-version-negotiation-server +client = 288-version-negotiation-client + +[288-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[288-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-288] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[289-version-negotiation] +ssl_conf = 289-version-negotiation-ssl + +[289-version-negotiation-ssl] +server = 289-version-negotiation-server +client = 289-version-negotiation-client + +[289-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[289-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-289] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[290-version-negotiation] +ssl_conf = 290-version-negotiation-ssl + +[290-version-negotiation-ssl] +server = 290-version-negotiation-server +client = 290-version-negotiation-client + +[290-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[290-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-290] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[291-version-negotiation] +ssl_conf = 291-version-negotiation-ssl + +[291-version-negotiation-ssl] +server = 291-version-negotiation-server +client = 291-version-negotiation-client + +[291-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[291-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-291] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[292-version-negotiation] +ssl_conf = 292-version-negotiation-ssl + +[292-version-negotiation-ssl] +server = 292-version-negotiation-server +client = 292-version-negotiation-client + +[292-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[292-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-292] +ExpectedResult = ServerFail + + +# =========================================================== + +[293-version-negotiation] +ssl_conf = 293-version-negotiation-ssl + +[293-version-negotiation-ssl] +server = 293-version-negotiation-server +client = 293-version-negotiation-client + +[293-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[293-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-293] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[294-version-negotiation] +ssl_conf = 294-version-negotiation-ssl + +[294-version-negotiation-ssl] +server = 294-version-negotiation-server +client = 294-version-negotiation-client + +[294-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[294-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-294] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[295-version-negotiation] +ssl_conf = 295-version-negotiation-ssl + +[295-version-negotiation-ssl] +server = 295-version-negotiation-server +client = 295-version-negotiation-client + +[295-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[295-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-295] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[296-version-negotiation] +ssl_conf = 296-version-negotiation-ssl + +[296-version-negotiation-ssl] +server = 296-version-negotiation-server +client = 296-version-negotiation-client + +[296-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[296-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-296] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[297-version-negotiation] +ssl_conf = 297-version-negotiation-ssl + +[297-version-negotiation-ssl] +server = 297-version-negotiation-server +client = 297-version-negotiation-client + +[297-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[297-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-297] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[298-version-negotiation] +ssl_conf = 298-version-negotiation-ssl + +[298-version-negotiation-ssl] +server = 298-version-negotiation-server +client = 298-version-negotiation-client + +[298-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[298-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-298] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[299-version-negotiation] +ssl_conf = 299-version-negotiation-ssl + +[299-version-negotiation-ssl] +server = 299-version-negotiation-server +client = 299-version-negotiation-client + +[299-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[299-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-299] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[300-version-negotiation] +ssl_conf = 300-version-negotiation-ssl + +[300-version-negotiation-ssl] +server = 300-version-negotiation-server +client = 300-version-negotiation-client + +[300-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[300-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-300] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[301-version-negotiation] +ssl_conf = 301-version-negotiation-ssl + +[301-version-negotiation-ssl] +server = 301-version-negotiation-server +client = 301-version-negotiation-client + +[301-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[301-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-301] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[302-version-negotiation] +ssl_conf = 302-version-negotiation-ssl + +[302-version-negotiation-ssl] +server = 302-version-negotiation-server +client = 302-version-negotiation-client + +[302-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[302-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-302] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[303-version-negotiation] +ssl_conf = 303-version-negotiation-ssl + +[303-version-negotiation-ssl] +server = 303-version-negotiation-server +client = 303-version-negotiation-client + +[303-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[303-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-303] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[304-version-negotiation] +ssl_conf = 304-version-negotiation-ssl + +[304-version-negotiation-ssl] +server = 304-version-negotiation-server +client = 304-version-negotiation-client + +[304-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[304-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-304] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[305-version-negotiation] +ssl_conf = 305-version-negotiation-ssl + +[305-version-negotiation-ssl] +server = 305-version-negotiation-server +client = 305-version-negotiation-client + +[305-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[305-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-305] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[306-version-negotiation] +ssl_conf = 306-version-negotiation-ssl + +[306-version-negotiation-ssl] +server = 306-version-negotiation-server +client = 306-version-negotiation-client + +[306-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[306-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-306] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[307-version-negotiation] +ssl_conf = 307-version-negotiation-ssl + +[307-version-negotiation-ssl] +server = 307-version-negotiation-server +client = 307-version-negotiation-client + +[307-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[307-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-307] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[308-version-negotiation] +ssl_conf = 308-version-negotiation-ssl + +[308-version-negotiation-ssl] +server = 308-version-negotiation-server +client = 308-version-negotiation-client + +[308-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[308-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-308] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[309-version-negotiation] +ssl_conf = 309-version-negotiation-ssl + +[309-version-negotiation-ssl] +server = 309-version-negotiation-server +client = 309-version-negotiation-client + +[309-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[309-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-309] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[310-version-negotiation] +ssl_conf = 310-version-negotiation-ssl + +[310-version-negotiation-ssl] +server = 310-version-negotiation-server +client = 310-version-negotiation-client + +[310-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[310-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-310] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[311-version-negotiation] +ssl_conf = 311-version-negotiation-ssl + +[311-version-negotiation-ssl] +server = 311-version-negotiation-server +client = 311-version-negotiation-client + +[311-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[311-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-311] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[312-version-negotiation] +ssl_conf = 312-version-negotiation-ssl + +[312-version-negotiation-ssl] +server = 312-version-negotiation-server +client = 312-version-negotiation-client + +[312-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[312-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-312] +ExpectedResult = ServerFail + + +# =========================================================== + +[313-version-negotiation] +ssl_conf = 313-version-negotiation-ssl + +[313-version-negotiation-ssl] +server = 313-version-negotiation-server +client = 313-version-negotiation-client + +[313-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[313-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-313] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[314-version-negotiation] +ssl_conf = 314-version-negotiation-ssl + +[314-version-negotiation-ssl] +server = 314-version-negotiation-server +client = 314-version-negotiation-client + +[314-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[314-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-314] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[315-version-negotiation] +ssl_conf = 315-version-negotiation-ssl + +[315-version-negotiation-ssl] +server = 315-version-negotiation-server +client = 315-version-negotiation-client + +[315-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[315-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-315] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[316-version-negotiation] +ssl_conf = 316-version-negotiation-ssl + +[316-version-negotiation-ssl] +server = 316-version-negotiation-server +client = 316-version-negotiation-client + +[316-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[316-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-316] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[317-version-negotiation] +ssl_conf = 317-version-negotiation-ssl + +[317-version-negotiation-ssl] +server = 317-version-negotiation-server +client = 317-version-negotiation-client + +[317-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[317-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-317] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[318-version-negotiation] +ssl_conf = 318-version-negotiation-ssl + +[318-version-negotiation-ssl] +server = 318-version-negotiation-server +client = 318-version-negotiation-client + +[318-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[318-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-318] +ExpectedResult = ServerFail + + +# =========================================================== + +[319-version-negotiation] +ssl_conf = 319-version-negotiation-ssl + +[319-version-negotiation-ssl] +server = 319-version-negotiation-server +client = 319-version-negotiation-client + +[319-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[319-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-319] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[320-version-negotiation] +ssl_conf = 320-version-negotiation-ssl + +[320-version-negotiation-ssl] +server = 320-version-negotiation-server +client = 320-version-negotiation-client + +[320-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[320-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-320] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[321-version-negotiation] +ssl_conf = 321-version-negotiation-ssl + +[321-version-negotiation-ssl] +server = 321-version-negotiation-server +client = 321-version-negotiation-client + +[321-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[321-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-321] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[322-version-negotiation] +ssl_conf = 322-version-negotiation-ssl + +[322-version-negotiation-ssl] +server = 322-version-negotiation-server +client = 322-version-negotiation-client + +[322-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[322-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-322] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[323-version-negotiation] +ssl_conf = 323-version-negotiation-ssl + +[323-version-negotiation-ssl] +server = 323-version-negotiation-server +client = 323-version-negotiation-client + +[323-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[323-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-323] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[324-version-negotiation] +ssl_conf = 324-version-negotiation-ssl + +[324-version-negotiation-ssl] +server = 324-version-negotiation-server +client = 324-version-negotiation-client + +[324-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[324-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-324] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[325-version-negotiation] +ssl_conf = 325-version-negotiation-ssl + +[325-version-negotiation-ssl] +server = 325-version-negotiation-server +client = 325-version-negotiation-client + +[325-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[325-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-325] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[326-version-negotiation] +ssl_conf = 326-version-negotiation-ssl + +[326-version-negotiation-ssl] +server = 326-version-negotiation-server +client = 326-version-negotiation-client + +[326-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[326-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-326] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[327-version-negotiation] +ssl_conf = 327-version-negotiation-ssl + +[327-version-negotiation-ssl] +server = 327-version-negotiation-server +client = 327-version-negotiation-client + +[327-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[327-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-327] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[328-version-negotiation] +ssl_conf = 328-version-negotiation-ssl + +[328-version-negotiation-ssl] +server = 328-version-negotiation-server +client = 328-version-negotiation-client + +[328-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[328-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-328] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[329-version-negotiation] +ssl_conf = 329-version-negotiation-ssl + +[329-version-negotiation-ssl] +server = 329-version-negotiation-server +client = 329-version-negotiation-client + +[329-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[329-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-329] +ExpectedResult = ServerFail + + +# =========================================================== + +[330-version-negotiation] +ssl_conf = 330-version-negotiation-ssl + +[330-version-negotiation-ssl] +server = 330-version-negotiation-server +client = 330-version-negotiation-client + +[330-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[330-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-330] +ExpectedResult = ServerFail + + +# =========================================================== + +[331-version-negotiation] +ssl_conf = 331-version-negotiation-ssl + +[331-version-negotiation-ssl] +server = 331-version-negotiation-server +client = 331-version-negotiation-client + +[331-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[331-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-331] +ExpectedResult = ServerFail + + +# =========================================================== + +[332-version-negotiation] +ssl_conf = 332-version-negotiation-ssl + +[332-version-negotiation-ssl] +server = 332-version-negotiation-server +client = 332-version-negotiation-client + +[332-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[332-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-332] +ExpectedResult = ServerFail + + +# =========================================================== + +[333-version-negotiation] +ssl_conf = 333-version-negotiation-ssl + +[333-version-negotiation-ssl] +server = 333-version-negotiation-server +client = 333-version-negotiation-client + +[333-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[333-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-333] +ExpectedResult = ServerFail + + +# =========================================================== + +[334-version-negotiation] +ssl_conf = 334-version-negotiation-ssl + +[334-version-negotiation-ssl] +server = 334-version-negotiation-server +client = 334-version-negotiation-client + +[334-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[334-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-334] +ExpectedResult = ServerFail + + +# =========================================================== + +[335-version-negotiation] +ssl_conf = 335-version-negotiation-ssl + +[335-version-negotiation-ssl] +server = 335-version-negotiation-server +client = 335-version-negotiation-client + +[335-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[335-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-335] +ExpectedResult = ServerFail + + +# =========================================================== + +[336-version-negotiation] +ssl_conf = 336-version-negotiation-ssl + +[336-version-negotiation-ssl] +server = 336-version-negotiation-server +client = 336-version-negotiation-client + +[336-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[336-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-336] +ExpectedResult = ServerFail + + +# =========================================================== + +[337-version-negotiation] +ssl_conf = 337-version-negotiation-ssl + +[337-version-negotiation-ssl] +server = 337-version-negotiation-server +client = 337-version-negotiation-client + +[337-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[337-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-337] +ExpectedResult = ServerFail + + +# =========================================================== + +[338-version-negotiation] +ssl_conf = 338-version-negotiation-ssl + +[338-version-negotiation-ssl] +server = 338-version-negotiation-server +client = 338-version-negotiation-client + +[338-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[338-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-338] +ExpectedResult = ServerFail + + +# =========================================================== + +[339-version-negotiation] +ssl_conf = 339-version-negotiation-ssl + +[339-version-negotiation-ssl] +server = 339-version-negotiation-server +client = 339-version-negotiation-client + +[339-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[339-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-339] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[340-version-negotiation] +ssl_conf = 340-version-negotiation-ssl + +[340-version-negotiation-ssl] +server = 340-version-negotiation-server +client = 340-version-negotiation-client + +[340-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[340-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-340] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[341-version-negotiation] +ssl_conf = 341-version-negotiation-ssl + +[341-version-negotiation-ssl] +server = 341-version-negotiation-server +client = 341-version-negotiation-client + +[341-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[341-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-341] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[342-version-negotiation] +ssl_conf = 342-version-negotiation-ssl + +[342-version-negotiation-ssl] +server = 342-version-negotiation-server +client = 342-version-negotiation-client + +[342-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[342-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-342] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[343-version-negotiation] +ssl_conf = 343-version-negotiation-ssl + +[343-version-negotiation-ssl] +server = 343-version-negotiation-server +client = 343-version-negotiation-client + +[343-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[343-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-343] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[344-version-negotiation] +ssl_conf = 344-version-negotiation-ssl + +[344-version-negotiation-ssl] +server = 344-version-negotiation-server +client = 344-version-negotiation-client + +[344-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[344-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-344] +ExpectedResult = ServerFail + + +# =========================================================== + +[345-version-negotiation] +ssl_conf = 345-version-negotiation-ssl + +[345-version-negotiation-ssl] +server = 345-version-negotiation-server +client = 345-version-negotiation-client + +[345-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[345-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-345] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[346-version-negotiation] +ssl_conf = 346-version-negotiation-ssl + +[346-version-negotiation-ssl] +server = 346-version-negotiation-server +client = 346-version-negotiation-client + +[346-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[346-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-346] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[347-version-negotiation] +ssl_conf = 347-version-negotiation-ssl + +[347-version-negotiation-ssl] +server = 347-version-negotiation-server +client = 347-version-negotiation-client + +[347-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[347-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-347] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[348-version-negotiation] +ssl_conf = 348-version-negotiation-ssl + +[348-version-negotiation-ssl] +server = 348-version-negotiation-server +client = 348-version-negotiation-client + +[348-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[348-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-348] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[349-version-negotiation] +ssl_conf = 349-version-negotiation-ssl + +[349-version-negotiation-ssl] +server = 349-version-negotiation-server +client = 349-version-negotiation-client + +[349-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[349-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-349] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[350-version-negotiation] +ssl_conf = 350-version-negotiation-ssl + +[350-version-negotiation-ssl] +server = 350-version-negotiation-server +client = 350-version-negotiation-client + +[350-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[350-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-350] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[351-version-negotiation] +ssl_conf = 351-version-negotiation-ssl + +[351-version-negotiation-ssl] +server = 351-version-negotiation-server +client = 351-version-negotiation-client + +[351-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[351-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-351] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[352-version-negotiation] +ssl_conf = 352-version-negotiation-ssl + +[352-version-negotiation-ssl] +server = 352-version-negotiation-server +client = 352-version-negotiation-client + +[352-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[352-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-352] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[353-version-negotiation] +ssl_conf = 353-version-negotiation-ssl + +[353-version-negotiation-ssl] +server = 353-version-negotiation-server +client = 353-version-negotiation-client + +[353-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[353-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-353] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[354-version-negotiation] +ssl_conf = 354-version-negotiation-ssl + +[354-version-negotiation-ssl] +server = 354-version-negotiation-server +client = 354-version-negotiation-client + +[354-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[354-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-354] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[355-version-negotiation] +ssl_conf = 355-version-negotiation-ssl + +[355-version-negotiation-ssl] +server = 355-version-negotiation-server +client = 355-version-negotiation-client + +[355-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[355-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-355] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[356-version-negotiation] +ssl_conf = 356-version-negotiation-ssl + +[356-version-negotiation-ssl] +server = 356-version-negotiation-server +client = 356-version-negotiation-client + +[356-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[356-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-356] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[357-version-negotiation] +ssl_conf = 357-version-negotiation-ssl + +[357-version-negotiation-ssl] +server = 357-version-negotiation-server +client = 357-version-negotiation-client + +[357-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[357-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-357] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[358-version-negotiation] +ssl_conf = 358-version-negotiation-ssl + +[358-version-negotiation-ssl] +server = 358-version-negotiation-server +client = 358-version-negotiation-client + +[358-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[358-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-358] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[359-version-negotiation] +ssl_conf = 359-version-negotiation-ssl + +[359-version-negotiation-ssl] +server = 359-version-negotiation-server +client = 359-version-negotiation-client + +[359-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[359-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-359] +ExpectedResult = ServerFail + + +# =========================================================== + +[360-version-negotiation] +ssl_conf = 360-version-negotiation-ssl + +[360-version-negotiation-ssl] +server = 360-version-negotiation-server +client = 360-version-negotiation-client + +[360-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[360-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-360] +ExpectedResult = ServerFail + + +# =========================================================== + +[361-version-negotiation] +ssl_conf = 361-version-negotiation-ssl + +[361-version-negotiation-ssl] +server = 361-version-negotiation-server +client = 361-version-negotiation-client + +[361-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[361-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-361] +ExpectedResult = ServerFail + + +# =========================================================== + +[362-version-negotiation] +ssl_conf = 362-version-negotiation-ssl + +[362-version-negotiation-ssl] +server = 362-version-negotiation-server +client = 362-version-negotiation-client + +[362-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[362-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-362] +ExpectedResult = ServerFail + + +# =========================================================== + +[363-version-negotiation] +ssl_conf = 363-version-negotiation-ssl + +[363-version-negotiation-ssl] +server = 363-version-negotiation-server +client = 363-version-negotiation-client + +[363-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[363-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-363] +ExpectedResult = ServerFail + + +# =========================================================== + +[364-version-negotiation] +ssl_conf = 364-version-negotiation-ssl + +[364-version-negotiation-ssl] +server = 364-version-negotiation-server +client = 364-version-negotiation-client + +[364-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[364-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-364] +ExpectedResult = ServerFail + + +# =========================================================== + +[365-version-negotiation] +ssl_conf = 365-version-negotiation-ssl + +[365-version-negotiation-ssl] +server = 365-version-negotiation-server +client = 365-version-negotiation-client + +[365-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[365-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-365] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[366-version-negotiation] +ssl_conf = 366-version-negotiation-ssl + +[366-version-negotiation-ssl] +server = 366-version-negotiation-server +client = 366-version-negotiation-client + +[366-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[366-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-366] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[367-version-negotiation] +ssl_conf = 367-version-negotiation-ssl + +[367-version-negotiation-ssl] +server = 367-version-negotiation-server +client = 367-version-negotiation-client + +[367-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[367-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-367] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[368-version-negotiation] +ssl_conf = 368-version-negotiation-ssl + +[368-version-negotiation-ssl] +server = 368-version-negotiation-server +client = 368-version-negotiation-client + +[368-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[368-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-368] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[369-version-negotiation] +ssl_conf = 369-version-negotiation-ssl + +[369-version-negotiation-ssl] +server = 369-version-negotiation-server +client = 369-version-negotiation-client + +[369-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[369-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-369] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[370-version-negotiation] +ssl_conf = 370-version-negotiation-ssl + +[370-version-negotiation-ssl] +server = 370-version-negotiation-server +client = 370-version-negotiation-client + +[370-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[370-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-370] +ExpectedResult = ServerFail + + +# =========================================================== + +[371-version-negotiation] +ssl_conf = 371-version-negotiation-ssl + +[371-version-negotiation-ssl] +server = 371-version-negotiation-server +client = 371-version-negotiation-client + +[371-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[371-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-371] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[372-version-negotiation] +ssl_conf = 372-version-negotiation-ssl + +[372-version-negotiation-ssl] +server = 372-version-negotiation-server +client = 372-version-negotiation-client + +[372-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[372-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-372] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[373-version-negotiation] +ssl_conf = 373-version-negotiation-ssl + +[373-version-negotiation-ssl] +server = 373-version-negotiation-server +client = 373-version-negotiation-client + +[373-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[373-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-373] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[374-version-negotiation] +ssl_conf = 374-version-negotiation-ssl + +[374-version-negotiation-ssl] +server = 374-version-negotiation-server +client = 374-version-negotiation-client + +[374-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[374-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-374] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[375-version-negotiation] +ssl_conf = 375-version-negotiation-ssl + +[375-version-negotiation-ssl] +server = 375-version-negotiation-server +client = 375-version-negotiation-client + +[375-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[375-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-375] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[376-version-negotiation] +ssl_conf = 376-version-negotiation-ssl + +[376-version-negotiation-ssl] +server = 376-version-negotiation-server +client = 376-version-negotiation-client + +[376-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[376-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-376] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[377-version-negotiation] +ssl_conf = 377-version-negotiation-ssl + +[377-version-negotiation-ssl] +server = 377-version-negotiation-server +client = 377-version-negotiation-client + +[377-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[377-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-377] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[378-version-negotiation] +ssl_conf = 378-version-negotiation-ssl + +[378-version-negotiation-ssl] +server = 378-version-negotiation-server +client = 378-version-negotiation-client + +[378-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[378-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-378] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[379-version-negotiation] +ssl_conf = 379-version-negotiation-ssl + +[379-version-negotiation-ssl] +server = 379-version-negotiation-server +client = 379-version-negotiation-client + +[379-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[379-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-379] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[380-version-negotiation] +ssl_conf = 380-version-negotiation-ssl + +[380-version-negotiation-ssl] +server = 380-version-negotiation-server +client = 380-version-negotiation-client + +[380-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[380-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-380] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[381-version-negotiation] +ssl_conf = 381-version-negotiation-ssl + +[381-version-negotiation-ssl] +server = 381-version-negotiation-server +client = 381-version-negotiation-client + +[381-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[381-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-381] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[382-version-negotiation] +ssl_conf = 382-version-negotiation-ssl + +[382-version-negotiation-ssl] +server = 382-version-negotiation-server +client = 382-version-negotiation-client + +[382-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[382-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-382] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[383-version-negotiation] +ssl_conf = 383-version-negotiation-ssl + +[383-version-negotiation-ssl] +server = 383-version-negotiation-server +client = 383-version-negotiation-client + +[383-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[383-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-383] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[384-version-negotiation] +ssl_conf = 384-version-negotiation-ssl + +[384-version-negotiation-ssl] +server = 384-version-negotiation-server +client = 384-version-negotiation-client + +[384-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[384-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-384] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[385-version-negotiation] +ssl_conf = 385-version-negotiation-ssl + +[385-version-negotiation-ssl] +server = 385-version-negotiation-server +client = 385-version-negotiation-client + +[385-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[385-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-385] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[386-version-negotiation] +ssl_conf = 386-version-negotiation-ssl + +[386-version-negotiation-ssl] +server = 386-version-negotiation-server +client = 386-version-negotiation-client + +[386-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[386-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-386] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[387-version-negotiation] +ssl_conf = 387-version-negotiation-ssl + +[387-version-negotiation-ssl] +server = 387-version-negotiation-server +client = 387-version-negotiation-client + +[387-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[387-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-387] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[388-version-negotiation] +ssl_conf = 388-version-negotiation-ssl + +[388-version-negotiation-ssl] +server = 388-version-negotiation-server +client = 388-version-negotiation-client + +[388-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[388-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-388] +ExpectedResult = ServerFail + + +# =========================================================== + +[389-version-negotiation] +ssl_conf = 389-version-negotiation-ssl + +[389-version-negotiation-ssl] +server = 389-version-negotiation-server +client = 389-version-negotiation-client + +[389-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[389-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-389] +ExpectedResult = ServerFail + + +# =========================================================== + +[390-version-negotiation] +ssl_conf = 390-version-negotiation-ssl + +[390-version-negotiation-ssl] +server = 390-version-negotiation-server +client = 390-version-negotiation-client + +[390-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[390-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-390] +ExpectedResult = ServerFail + + +# =========================================================== + +[391-version-negotiation] +ssl_conf = 391-version-negotiation-ssl + +[391-version-negotiation-ssl] +server = 391-version-negotiation-server +client = 391-version-negotiation-client + +[391-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[391-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-391] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[392-version-negotiation] +ssl_conf = 392-version-negotiation-ssl + +[392-version-negotiation-ssl] +server = 392-version-negotiation-server +client = 392-version-negotiation-client + +[392-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[392-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-392] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[393-version-negotiation] +ssl_conf = 393-version-negotiation-ssl + +[393-version-negotiation-ssl] +server = 393-version-negotiation-server +client = 393-version-negotiation-client + +[393-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[393-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-393] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[394-version-negotiation] +ssl_conf = 394-version-negotiation-ssl + +[394-version-negotiation-ssl] +server = 394-version-negotiation-server +client = 394-version-negotiation-client + +[394-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[394-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-394] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[395-version-negotiation] +ssl_conf = 395-version-negotiation-ssl + +[395-version-negotiation-ssl] +server = 395-version-negotiation-server +client = 395-version-negotiation-client + +[395-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[395-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-395] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[396-version-negotiation] +ssl_conf = 396-version-negotiation-ssl + +[396-version-negotiation-ssl] +server = 396-version-negotiation-server +client = 396-version-negotiation-client + +[396-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[396-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-396] +ExpectedResult = ServerFail + + +# =========================================================== + +[397-version-negotiation] +ssl_conf = 397-version-negotiation-ssl + +[397-version-negotiation-ssl] +server = 397-version-negotiation-server +client = 397-version-negotiation-client + +[397-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[397-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-397] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[398-version-negotiation] +ssl_conf = 398-version-negotiation-ssl + +[398-version-negotiation-ssl] +server = 398-version-negotiation-server +client = 398-version-negotiation-client + +[398-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[398-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-398] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[399-version-negotiation] +ssl_conf = 399-version-negotiation-ssl + +[399-version-negotiation-ssl] +server = 399-version-negotiation-server +client = 399-version-negotiation-client + +[399-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[399-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-399] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[400-version-negotiation] +ssl_conf = 400-version-negotiation-ssl + +[400-version-negotiation-ssl] +server = 400-version-negotiation-server +client = 400-version-negotiation-client + +[400-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[400-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-400] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[401-version-negotiation] +ssl_conf = 401-version-negotiation-ssl + +[401-version-negotiation-ssl] +server = 401-version-negotiation-server +client = 401-version-negotiation-client + +[401-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[401-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-401] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[402-version-negotiation] +ssl_conf = 402-version-negotiation-ssl + +[402-version-negotiation-ssl] +server = 402-version-negotiation-server +client = 402-version-negotiation-client + +[402-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[402-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-402] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[403-version-negotiation] +ssl_conf = 403-version-negotiation-ssl + +[403-version-negotiation-ssl] +server = 403-version-negotiation-server +client = 403-version-negotiation-client + +[403-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[403-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-403] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[404-version-negotiation] +ssl_conf = 404-version-negotiation-ssl + +[404-version-negotiation-ssl] +server = 404-version-negotiation-server +client = 404-version-negotiation-client + +[404-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[404-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-404] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[405-version-negotiation] +ssl_conf = 405-version-negotiation-ssl + +[405-version-negotiation-ssl] +server = 405-version-negotiation-server +client = 405-version-negotiation-client + +[405-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[405-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-405] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[406-version-negotiation] +ssl_conf = 406-version-negotiation-ssl + +[406-version-negotiation-ssl] +server = 406-version-negotiation-server +client = 406-version-negotiation-client + +[406-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[406-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-406] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[407-version-negotiation] +ssl_conf = 407-version-negotiation-ssl + +[407-version-negotiation-ssl] +server = 407-version-negotiation-server +client = 407-version-negotiation-client + +[407-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[407-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-407] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[408-version-negotiation] +ssl_conf = 408-version-negotiation-ssl + +[408-version-negotiation-ssl] +server = 408-version-negotiation-server +client = 408-version-negotiation-client + +[408-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[408-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-408] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[409-version-negotiation] +ssl_conf = 409-version-negotiation-ssl + +[409-version-negotiation-ssl] +server = 409-version-negotiation-server +client = 409-version-negotiation-client + +[409-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[409-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-409] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[410-version-negotiation] +ssl_conf = 410-version-negotiation-ssl + +[410-version-negotiation-ssl] +server = 410-version-negotiation-server +client = 410-version-negotiation-client + +[410-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[410-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-410] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[411-version-negotiation] +ssl_conf = 411-version-negotiation-ssl + +[411-version-negotiation-ssl] +server = 411-version-negotiation-server +client = 411-version-negotiation-client + +[411-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[411-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-411] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[412-version-negotiation] +ssl_conf = 412-version-negotiation-ssl + +[412-version-negotiation-ssl] +server = 412-version-negotiation-server +client = 412-version-negotiation-client + +[412-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[412-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-412] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[413-version-negotiation] +ssl_conf = 413-version-negotiation-ssl + +[413-version-negotiation-ssl] +server = 413-version-negotiation-server +client = 413-version-negotiation-client + +[413-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[413-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-413] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[414-version-negotiation] +ssl_conf = 414-version-negotiation-ssl + +[414-version-negotiation-ssl] +server = 414-version-negotiation-server +client = 414-version-negotiation-client + +[414-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[414-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-414] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[415-version-negotiation] +ssl_conf = 415-version-negotiation-ssl + +[415-version-negotiation-ssl] +server = 415-version-negotiation-server +client = 415-version-negotiation-client + +[415-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[415-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-415] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[416-version-negotiation] +ssl_conf = 416-version-negotiation-ssl + +[416-version-negotiation-ssl] +server = 416-version-negotiation-server +client = 416-version-negotiation-client + +[416-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[416-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-416] +ExpectedResult = ServerFail + + +# =========================================================== + +[417-version-negotiation] +ssl_conf = 417-version-negotiation-ssl + +[417-version-negotiation-ssl] +server = 417-version-negotiation-server +client = 417-version-negotiation-client + +[417-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[417-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-417] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[418-version-negotiation] +ssl_conf = 418-version-negotiation-ssl + +[418-version-negotiation-ssl] +server = 418-version-negotiation-server +client = 418-version-negotiation-client + +[418-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[418-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-418] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[419-version-negotiation] +ssl_conf = 419-version-negotiation-ssl + +[419-version-negotiation-ssl] +server = 419-version-negotiation-server +client = 419-version-negotiation-client + +[419-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[419-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-419] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[420-version-negotiation] +ssl_conf = 420-version-negotiation-ssl + +[420-version-negotiation-ssl] +server = 420-version-negotiation-server +client = 420-version-negotiation-client + +[420-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[420-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-420] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[421-version-negotiation] +ssl_conf = 421-version-negotiation-ssl + +[421-version-negotiation-ssl] +server = 421-version-negotiation-server +client = 421-version-negotiation-client + +[421-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[421-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-421] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[422-version-negotiation] +ssl_conf = 422-version-negotiation-ssl + +[422-version-negotiation-ssl] +server = 422-version-negotiation-server +client = 422-version-negotiation-client + +[422-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[422-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-422] +ExpectedResult = ServerFail + + +# =========================================================== + +[423-version-negotiation] +ssl_conf = 423-version-negotiation-ssl + +[423-version-negotiation-ssl] +server = 423-version-negotiation-server +client = 423-version-negotiation-client + +[423-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[423-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-423] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[424-version-negotiation] +ssl_conf = 424-version-negotiation-ssl + +[424-version-negotiation-ssl] +server = 424-version-negotiation-server +client = 424-version-negotiation-client + +[424-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[424-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-424] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[425-version-negotiation] +ssl_conf = 425-version-negotiation-ssl + +[425-version-negotiation-ssl] +server = 425-version-negotiation-server +client = 425-version-negotiation-client + +[425-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[425-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-425] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[426-version-negotiation] +ssl_conf = 426-version-negotiation-ssl + +[426-version-negotiation-ssl] +server = 426-version-negotiation-server +client = 426-version-negotiation-client + +[426-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[426-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-426] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[427-version-negotiation] +ssl_conf = 427-version-negotiation-ssl + +[427-version-negotiation-ssl] +server = 427-version-negotiation-server +client = 427-version-negotiation-client + +[427-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[427-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-427] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[428-version-negotiation] +ssl_conf = 428-version-negotiation-ssl + +[428-version-negotiation-ssl] +server = 428-version-negotiation-server +client = 428-version-negotiation-client + +[428-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[428-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-428] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[429-version-negotiation] +ssl_conf = 429-version-negotiation-ssl + +[429-version-negotiation-ssl] +server = 429-version-negotiation-server +client = 429-version-negotiation-client + +[429-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[429-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-429] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[430-version-negotiation] +ssl_conf = 430-version-negotiation-ssl + +[430-version-negotiation-ssl] +server = 430-version-negotiation-server +client = 430-version-negotiation-client + +[430-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[430-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-430] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[431-version-negotiation] +ssl_conf = 431-version-negotiation-ssl + +[431-version-negotiation-ssl] +server = 431-version-negotiation-server +client = 431-version-negotiation-client + +[431-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[431-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-431] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[432-version-negotiation] +ssl_conf = 432-version-negotiation-ssl + +[432-version-negotiation-ssl] +server = 432-version-negotiation-server +client = 432-version-negotiation-client + +[432-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[432-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-432] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[433-version-negotiation] +ssl_conf = 433-version-negotiation-ssl + +[433-version-negotiation-ssl] +server = 433-version-negotiation-server +client = 433-version-negotiation-client + +[433-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[433-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-433] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[434-version-negotiation] +ssl_conf = 434-version-negotiation-ssl + +[434-version-negotiation-ssl] +server = 434-version-negotiation-server +client = 434-version-negotiation-client + +[434-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[434-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-434] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[435-version-negotiation] +ssl_conf = 435-version-negotiation-ssl + +[435-version-negotiation-ssl] +server = 435-version-negotiation-server +client = 435-version-negotiation-client + +[435-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[435-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-435] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[436-version-negotiation] +ssl_conf = 436-version-negotiation-ssl + +[436-version-negotiation-ssl] +server = 436-version-negotiation-server +client = 436-version-negotiation-client + +[436-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[436-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-436] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[437-version-negotiation] +ssl_conf = 437-version-negotiation-ssl + +[437-version-negotiation-ssl] +server = 437-version-negotiation-server +client = 437-version-negotiation-client + +[437-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[437-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-437] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[438-version-negotiation] +ssl_conf = 438-version-negotiation-ssl + +[438-version-negotiation-ssl] +server = 438-version-negotiation-server +client = 438-version-negotiation-client + +[438-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[438-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-438] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[439-version-negotiation] +ssl_conf = 439-version-negotiation-ssl + +[439-version-negotiation-ssl] +server = 439-version-negotiation-server +client = 439-version-negotiation-client + +[439-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[439-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-439] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[440-version-negotiation] +ssl_conf = 440-version-negotiation-ssl + +[440-version-negotiation-ssl] +server = 440-version-negotiation-server +client = 440-version-negotiation-client + +[440-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[440-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-440] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[441-version-negotiation] +ssl_conf = 441-version-negotiation-ssl + +[441-version-negotiation-ssl] +server = 441-version-negotiation-server +client = 441-version-negotiation-client + +[441-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[441-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-441] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[442-version-negotiation] +ssl_conf = 442-version-negotiation-ssl + +[442-version-negotiation-ssl] +server = 442-version-negotiation-server +client = 442-version-negotiation-client + +[442-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[442-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-442] +ExpectedResult = ServerFail + + +# =========================================================== + +[443-version-negotiation] +ssl_conf = 443-version-negotiation-ssl + +[443-version-negotiation-ssl] +server = 443-version-negotiation-server +client = 443-version-negotiation-client + +[443-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[443-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-443] +ExpectedResult = ClientFail + + +# =========================================================== + +[444-version-negotiation] +ssl_conf = 444-version-negotiation-ssl + +[444-version-negotiation-ssl] +server = 444-version-negotiation-server +client = 444-version-negotiation-client + +[444-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[444-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-444] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[445-version-negotiation] +ssl_conf = 445-version-negotiation-ssl + +[445-version-negotiation-ssl] +server = 445-version-negotiation-server +client = 445-version-negotiation-client + +[445-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[445-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-445] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[446-version-negotiation] +ssl_conf = 446-version-negotiation-ssl + +[446-version-negotiation-ssl] +server = 446-version-negotiation-server +client = 446-version-negotiation-client + +[446-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[446-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-446] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[447-version-negotiation] +ssl_conf = 447-version-negotiation-ssl + +[447-version-negotiation-ssl] +server = 447-version-negotiation-server +client = 447-version-negotiation-client + +[447-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[447-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-447] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[448-version-negotiation] +ssl_conf = 448-version-negotiation-ssl + +[448-version-negotiation-ssl] +server = 448-version-negotiation-server +client = 448-version-negotiation-client + +[448-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[448-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-448] +ExpectedResult = ServerFail + + +# =========================================================== + +[449-version-negotiation] +ssl_conf = 449-version-negotiation-ssl + +[449-version-negotiation-ssl] +server = 449-version-negotiation-server +client = 449-version-negotiation-client + +[449-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[449-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-449] +ExpectedResult = ClientFail + + +# =========================================================== + +[450-version-negotiation] +ssl_conf = 450-version-negotiation-ssl + +[450-version-negotiation-ssl] +server = 450-version-negotiation-server +client = 450-version-negotiation-client + +[450-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[450-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-450] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[451-version-negotiation] +ssl_conf = 451-version-negotiation-ssl + +[451-version-negotiation-ssl] +server = 451-version-negotiation-server +client = 451-version-negotiation-client + +[451-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[451-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-451] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[452-version-negotiation] +ssl_conf = 452-version-negotiation-ssl + +[452-version-negotiation-ssl] +server = 452-version-negotiation-server +client = 452-version-negotiation-client + +[452-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[452-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-452] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[453-version-negotiation] +ssl_conf = 453-version-negotiation-ssl + +[453-version-negotiation-ssl] +server = 453-version-negotiation-server +client = 453-version-negotiation-client + +[453-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[453-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-453] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[454-version-negotiation] +ssl_conf = 454-version-negotiation-ssl + +[454-version-negotiation-ssl] +server = 454-version-negotiation-server +client = 454-version-negotiation-client + +[454-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[454-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-454] +ExpectedResult = ClientFail + + +# =========================================================== + +[455-version-negotiation] +ssl_conf = 455-version-negotiation-ssl + +[455-version-negotiation-ssl] +server = 455-version-negotiation-server +client = 455-version-negotiation-client + +[455-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[455-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-455] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[456-version-negotiation] +ssl_conf = 456-version-negotiation-ssl + +[456-version-negotiation-ssl] +server = 456-version-negotiation-server +client = 456-version-negotiation-client + +[456-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[456-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-456] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[457-version-negotiation] +ssl_conf = 457-version-negotiation-ssl + +[457-version-negotiation-ssl] +server = 457-version-negotiation-server +client = 457-version-negotiation-client + +[457-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[457-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-457] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[458-version-negotiation] +ssl_conf = 458-version-negotiation-ssl + +[458-version-negotiation-ssl] +server = 458-version-negotiation-server +client = 458-version-negotiation-client + +[458-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[458-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-458] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[459-version-negotiation] +ssl_conf = 459-version-negotiation-ssl + +[459-version-negotiation-ssl] +server = 459-version-negotiation-server +client = 459-version-negotiation-client + +[459-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[459-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-459] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[460-version-negotiation] +ssl_conf = 460-version-negotiation-ssl + +[460-version-negotiation-ssl] +server = 460-version-negotiation-server +client = 460-version-negotiation-client + +[460-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[460-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-460] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[461-version-negotiation] +ssl_conf = 461-version-negotiation-ssl + +[461-version-negotiation-ssl] +server = 461-version-negotiation-server +client = 461-version-negotiation-client + +[461-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[461-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-461] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[462-version-negotiation] +ssl_conf = 462-version-negotiation-ssl + +[462-version-negotiation-ssl] +server = 462-version-negotiation-server +client = 462-version-negotiation-client + +[462-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[462-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-462] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[463-version-negotiation] +ssl_conf = 463-version-negotiation-ssl + +[463-version-negotiation-ssl] +server = 463-version-negotiation-server +client = 463-version-negotiation-client + +[463-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[463-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-463] +ExpectedResult = ServerFail + + +# =========================================================== + +[464-version-negotiation] +ssl_conf = 464-version-negotiation-ssl + +[464-version-negotiation-ssl] +server = 464-version-negotiation-server +client = 464-version-negotiation-client + +[464-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[464-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-464] +ExpectedResult = ServerFail + + +# =========================================================== + +[465-version-negotiation] +ssl_conf = 465-version-negotiation-ssl + +[465-version-negotiation-ssl] +server = 465-version-negotiation-server +client = 465-version-negotiation-client + +[465-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[465-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-465] +ExpectedResult = ServerFail + + +# =========================================================== + +[466-version-negotiation] +ssl_conf = 466-version-negotiation-ssl + +[466-version-negotiation-ssl] +server = 466-version-negotiation-server +client = 466-version-negotiation-client + +[466-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[466-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-466] +ExpectedResult = ServerFail + + +# =========================================================== + +[467-version-negotiation] +ssl_conf = 467-version-negotiation-ssl + +[467-version-negotiation-ssl] +server = 467-version-negotiation-server +client = 467-version-negotiation-client + +[467-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[467-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-467] +ExpectedResult = ServerFail + + +# =========================================================== + +[468-version-negotiation] +ssl_conf = 468-version-negotiation-ssl + +[468-version-negotiation-ssl] +server = 468-version-negotiation-server +client = 468-version-negotiation-client + +[468-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[468-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-468] +ExpectedResult = ServerFail + + +# =========================================================== + +[469-version-negotiation] +ssl_conf = 469-version-negotiation-ssl + +[469-version-negotiation-ssl] +server = 469-version-negotiation-server +client = 469-version-negotiation-client + +[469-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[469-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-469] +ExpectedResult = ClientFail + + +# =========================================================== + +[470-version-negotiation] +ssl_conf = 470-version-negotiation-ssl + +[470-version-negotiation-ssl] +server = 470-version-negotiation-server +client = 470-version-negotiation-client + +[470-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[470-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-470] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[471-version-negotiation] +ssl_conf = 471-version-negotiation-ssl + +[471-version-negotiation-ssl] +server = 471-version-negotiation-server +client = 471-version-negotiation-client + +[471-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[471-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-471] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[472-version-negotiation] +ssl_conf = 472-version-negotiation-ssl + +[472-version-negotiation-ssl] +server = 472-version-negotiation-server +client = 472-version-negotiation-client + +[472-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[472-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-472] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[473-version-negotiation] +ssl_conf = 473-version-negotiation-ssl + +[473-version-negotiation-ssl] +server = 473-version-negotiation-server +client = 473-version-negotiation-client + +[473-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[473-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-473] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[474-version-negotiation] +ssl_conf = 474-version-negotiation-ssl + +[474-version-negotiation-ssl] +server = 474-version-negotiation-server +client = 474-version-negotiation-client + +[474-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[474-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-474] +ExpectedResult = ServerFail + + +# =========================================================== + +[475-version-negotiation] +ssl_conf = 475-version-negotiation-ssl + +[475-version-negotiation-ssl] +server = 475-version-negotiation-server +client = 475-version-negotiation-client + +[475-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[475-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-475] +ExpectedResult = ClientFail + + +# =========================================================== + +[476-version-negotiation] +ssl_conf = 476-version-negotiation-ssl + +[476-version-negotiation-ssl] +server = 476-version-negotiation-server +client = 476-version-negotiation-client + +[476-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[476-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-476] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[477-version-negotiation] +ssl_conf = 477-version-negotiation-ssl + +[477-version-negotiation-ssl] +server = 477-version-negotiation-server +client = 477-version-negotiation-client + +[477-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[477-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-477] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[478-version-negotiation] +ssl_conf = 478-version-negotiation-ssl + +[478-version-negotiation-ssl] +server = 478-version-negotiation-server +client = 478-version-negotiation-client + +[478-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[478-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-478] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[479-version-negotiation] +ssl_conf = 479-version-negotiation-ssl + +[479-version-negotiation-ssl] +server = 479-version-negotiation-server +client = 479-version-negotiation-client + +[479-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[479-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-479] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[480-version-negotiation] +ssl_conf = 480-version-negotiation-ssl + +[480-version-negotiation-ssl] +server = 480-version-negotiation-server +client = 480-version-negotiation-client + +[480-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[480-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-480] +ExpectedResult = ClientFail + + +# =========================================================== + +[481-version-negotiation] +ssl_conf = 481-version-negotiation-ssl + +[481-version-negotiation-ssl] +server = 481-version-negotiation-server +client = 481-version-negotiation-client + +[481-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[481-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-481] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[482-version-negotiation] +ssl_conf = 482-version-negotiation-ssl + +[482-version-negotiation-ssl] +server = 482-version-negotiation-server +client = 482-version-negotiation-client + +[482-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[482-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-482] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[483-version-negotiation] +ssl_conf = 483-version-negotiation-ssl + +[483-version-negotiation-ssl] +server = 483-version-negotiation-server +client = 483-version-negotiation-client + +[483-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[483-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-483] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[484-version-negotiation] +ssl_conf = 484-version-negotiation-ssl + +[484-version-negotiation-ssl] +server = 484-version-negotiation-server +client = 484-version-negotiation-client + +[484-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[484-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-484] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[485-version-negotiation] +ssl_conf = 485-version-negotiation-ssl + +[485-version-negotiation-ssl] +server = 485-version-negotiation-server +client = 485-version-negotiation-client + +[485-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[485-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-485] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[486-version-negotiation] +ssl_conf = 486-version-negotiation-ssl + +[486-version-negotiation-ssl] +server = 486-version-negotiation-server +client = 486-version-negotiation-client + +[486-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[486-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-486] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[487-version-negotiation] +ssl_conf = 487-version-negotiation-ssl + +[487-version-negotiation-ssl] +server = 487-version-negotiation-server +client = 487-version-negotiation-client + +[487-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[487-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-487] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[488-version-negotiation] +ssl_conf = 488-version-negotiation-ssl + +[488-version-negotiation-ssl] +server = 488-version-negotiation-server +client = 488-version-negotiation-client + +[488-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[488-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-488] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[489-version-negotiation] +ssl_conf = 489-version-negotiation-ssl + +[489-version-negotiation-ssl] +server = 489-version-negotiation-server +client = 489-version-negotiation-client + +[489-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[489-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-489] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[490-version-negotiation] +ssl_conf = 490-version-negotiation-ssl + +[490-version-negotiation-ssl] +server = 490-version-negotiation-server +client = 490-version-negotiation-client + +[490-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[490-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-490] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[491-version-negotiation] +ssl_conf = 491-version-negotiation-ssl + +[491-version-negotiation-ssl] +server = 491-version-negotiation-server +client = 491-version-negotiation-client + +[491-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[491-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-491] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[492-version-negotiation] +ssl_conf = 492-version-negotiation-ssl + +[492-version-negotiation-ssl] +server = 492-version-negotiation-server +client = 492-version-negotiation-client + +[492-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[492-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-492] +ExpectedResult = ServerFail + + +# =========================================================== + +[493-version-negotiation] +ssl_conf = 493-version-negotiation-ssl + +[493-version-negotiation-ssl] +server = 493-version-negotiation-server +client = 493-version-negotiation-client + +[493-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[493-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-493] +ExpectedResult = ServerFail + + +# =========================================================== + +[494-version-negotiation] +ssl_conf = 494-version-negotiation-ssl + +[494-version-negotiation-ssl] +server = 494-version-negotiation-server +client = 494-version-negotiation-client + +[494-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[494-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-494] +ExpectedResult = ServerFail + + +# =========================================================== + +[495-version-negotiation] +ssl_conf = 495-version-negotiation-ssl + +[495-version-negotiation-ssl] +server = 495-version-negotiation-server +client = 495-version-negotiation-client + +[495-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[495-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-495] +ExpectedResult = ServerFail + + +# =========================================================== + +[496-version-negotiation] +ssl_conf = 496-version-negotiation-ssl + +[496-version-negotiation-ssl] +server = 496-version-negotiation-server +client = 496-version-negotiation-client + +[496-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[496-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-496] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[497-version-negotiation] +ssl_conf = 497-version-negotiation-ssl + +[497-version-negotiation-ssl] +server = 497-version-negotiation-server +client = 497-version-negotiation-client + +[497-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[497-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-497] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[498-version-negotiation] +ssl_conf = 498-version-negotiation-ssl + +[498-version-negotiation-ssl] +server = 498-version-negotiation-server +client = 498-version-negotiation-client + +[498-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[498-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-498] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[499-version-negotiation] +ssl_conf = 499-version-negotiation-ssl + +[499-version-negotiation-ssl] +server = 499-version-negotiation-server +client = 499-version-negotiation-client + +[499-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[499-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-499] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[500-version-negotiation] +ssl_conf = 500-version-negotiation-ssl + +[500-version-negotiation-ssl] +server = 500-version-negotiation-server +client = 500-version-negotiation-client + +[500-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[500-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-500] +ExpectedResult = ServerFail + + +# =========================================================== + +[501-version-negotiation] +ssl_conf = 501-version-negotiation-ssl + +[501-version-negotiation-ssl] +server = 501-version-negotiation-server +client = 501-version-negotiation-client + +[501-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[501-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-501] +ExpectedResult = ServerFail + + +# =========================================================== + +[502-version-negotiation] +ssl_conf = 502-version-negotiation-ssl + +[502-version-negotiation-ssl] +server = 502-version-negotiation-server +client = 502-version-negotiation-client + +[502-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[502-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-502] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[503-version-negotiation] +ssl_conf = 503-version-negotiation-ssl + +[503-version-negotiation-ssl] +server = 503-version-negotiation-server +client = 503-version-negotiation-client + +[503-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[503-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-503] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[504-version-negotiation] +ssl_conf = 504-version-negotiation-ssl + +[504-version-negotiation-ssl] +server = 504-version-negotiation-server +client = 504-version-negotiation-client + +[504-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[504-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-504] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[505-version-negotiation] +ssl_conf = 505-version-negotiation-ssl + +[505-version-negotiation-ssl] +server = 505-version-negotiation-server +client = 505-version-negotiation-client + +[505-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[505-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-505] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[506-version-negotiation] +ssl_conf = 506-version-negotiation-ssl + +[506-version-negotiation-ssl] +server = 506-version-negotiation-server +client = 506-version-negotiation-client + +[506-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[506-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-506] +ExpectedResult = ServerFail + + +# =========================================================== + +[507-version-negotiation] +ssl_conf = 507-version-negotiation-ssl + +[507-version-negotiation-ssl] +server = 507-version-negotiation-server +client = 507-version-negotiation-client + +[507-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[507-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-507] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[508-version-negotiation] +ssl_conf = 508-version-negotiation-ssl + +[508-version-negotiation-ssl] +server = 508-version-negotiation-server +client = 508-version-negotiation-client + +[508-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[508-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-508] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[509-version-negotiation] +ssl_conf = 509-version-negotiation-ssl + +[509-version-negotiation-ssl] +server = 509-version-negotiation-server +client = 509-version-negotiation-client + +[509-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[509-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-509] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[510-version-negotiation] +ssl_conf = 510-version-negotiation-ssl + +[510-version-negotiation-ssl] +server = 510-version-negotiation-server +client = 510-version-negotiation-client + +[510-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[510-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-510] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[511-version-negotiation] +ssl_conf = 511-version-negotiation-ssl + +[511-version-negotiation-ssl] +server = 511-version-negotiation-server +client = 511-version-negotiation-client + +[511-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[511-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-511] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[512-version-negotiation] +ssl_conf = 512-version-negotiation-ssl + +[512-version-negotiation-ssl] +server = 512-version-negotiation-server +client = 512-version-negotiation-client + +[512-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[512-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-512] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[513-version-negotiation] +ssl_conf = 513-version-negotiation-ssl + +[513-version-negotiation-ssl] +server = 513-version-negotiation-server +client = 513-version-negotiation-client + +[513-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[513-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-513] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[514-version-negotiation] +ssl_conf = 514-version-negotiation-ssl + +[514-version-negotiation-ssl] +server = 514-version-negotiation-server +client = 514-version-negotiation-client + +[514-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[514-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-514] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[515-version-negotiation] +ssl_conf = 515-version-negotiation-ssl + +[515-version-negotiation-ssl] +server = 515-version-negotiation-server +client = 515-version-negotiation-client + +[515-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[515-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-515] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[516-version-negotiation] +ssl_conf = 516-version-negotiation-ssl + +[516-version-negotiation-ssl] +server = 516-version-negotiation-server +client = 516-version-negotiation-client + +[516-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[516-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-516] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[517-version-negotiation] +ssl_conf = 517-version-negotiation-ssl + +[517-version-negotiation-ssl] +server = 517-version-negotiation-server +client = 517-version-negotiation-client + +[517-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[517-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-517] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[518-version-negotiation] +ssl_conf = 518-version-negotiation-ssl + +[518-version-negotiation-ssl] +server = 518-version-negotiation-server +client = 518-version-negotiation-client + +[518-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[518-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-518] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[519-version-negotiation] +ssl_conf = 519-version-negotiation-ssl + +[519-version-negotiation-ssl] +server = 519-version-negotiation-server +client = 519-version-negotiation-client + +[519-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[519-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-519] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[520-version-negotiation] +ssl_conf = 520-version-negotiation-ssl + +[520-version-negotiation-ssl] +server = 520-version-negotiation-server +client = 520-version-negotiation-client + +[520-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[520-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-520] +ExpectedResult = ServerFail + + +# =========================================================== + +[521-version-negotiation] +ssl_conf = 521-version-negotiation-ssl + +[521-version-negotiation-ssl] +server = 521-version-negotiation-server +client = 521-version-negotiation-client + +[521-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[521-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-521] +ExpectedResult = ServerFail + + +# =========================================================== + +[522-version-negotiation] +ssl_conf = 522-version-negotiation-ssl + +[522-version-negotiation-ssl] +server = 522-version-negotiation-server +client = 522-version-negotiation-client + +[522-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[522-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-522] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[523-version-negotiation] +ssl_conf = 523-version-negotiation-ssl + +[523-version-negotiation-ssl] +server = 523-version-negotiation-server +client = 523-version-negotiation-client + +[523-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[523-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-523] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[524-version-negotiation] +ssl_conf = 524-version-negotiation-ssl + +[524-version-negotiation-ssl] +server = 524-version-negotiation-server +client = 524-version-negotiation-client + +[524-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[524-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-524] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[525-version-negotiation] +ssl_conf = 525-version-negotiation-ssl + +[525-version-negotiation-ssl] +server = 525-version-negotiation-server +client = 525-version-negotiation-client + +[525-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[525-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-525] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[526-version-negotiation] +ssl_conf = 526-version-negotiation-ssl + +[526-version-negotiation-ssl] +server = 526-version-negotiation-server +client = 526-version-negotiation-client + +[526-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[526-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-526] +ExpectedResult = ServerFail + + +# =========================================================== + +[527-version-negotiation] +ssl_conf = 527-version-negotiation-ssl + +[527-version-negotiation-ssl] +server = 527-version-negotiation-server +client = 527-version-negotiation-client + +[527-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[527-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-527] +ExpectedResult = ServerFail + + +# =========================================================== + +[528-version-negotiation] +ssl_conf = 528-version-negotiation-ssl + +[528-version-negotiation-ssl] +server = 528-version-negotiation-server +client = 528-version-negotiation-client + +[528-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[528-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-528] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[529-version-negotiation] +ssl_conf = 529-version-negotiation-ssl + +[529-version-negotiation-ssl] +server = 529-version-negotiation-server +client = 529-version-negotiation-client + +[529-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[529-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-529] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[530-version-negotiation] +ssl_conf = 530-version-negotiation-ssl + +[530-version-negotiation-ssl] +server = 530-version-negotiation-server +client = 530-version-negotiation-client + +[530-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[530-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-530] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[531-version-negotiation] +ssl_conf = 531-version-negotiation-ssl + +[531-version-negotiation-ssl] +server = 531-version-negotiation-server +client = 531-version-negotiation-client + +[531-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[531-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-531] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[532-version-negotiation] +ssl_conf = 532-version-negotiation-ssl + +[532-version-negotiation-ssl] +server = 532-version-negotiation-server +client = 532-version-negotiation-client + +[532-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[532-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-532] +ExpectedResult = ServerFail + + +# =========================================================== + +[533-version-negotiation] +ssl_conf = 533-version-negotiation-ssl + +[533-version-negotiation-ssl] +server = 533-version-negotiation-server +client = 533-version-negotiation-client + +[533-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[533-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-533] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[534-version-negotiation] +ssl_conf = 534-version-negotiation-ssl + +[534-version-negotiation-ssl] +server = 534-version-negotiation-server +client = 534-version-negotiation-client + +[534-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[534-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-534] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[535-version-negotiation] +ssl_conf = 535-version-negotiation-ssl + +[535-version-negotiation-ssl] +server = 535-version-negotiation-server +client = 535-version-negotiation-client + +[535-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[535-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-535] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[536-version-negotiation] +ssl_conf = 536-version-negotiation-ssl + +[536-version-negotiation-ssl] +server = 536-version-negotiation-server +client = 536-version-negotiation-client + +[536-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[536-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-536] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[537-version-negotiation] +ssl_conf = 537-version-negotiation-ssl + +[537-version-negotiation-ssl] +server = 537-version-negotiation-server +client = 537-version-negotiation-client + +[537-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[537-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-537] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[538-version-negotiation] +ssl_conf = 538-version-negotiation-ssl + +[538-version-negotiation-ssl] +server = 538-version-negotiation-server +client = 538-version-negotiation-client + +[538-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[538-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-538] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[539-version-negotiation] +ssl_conf = 539-version-negotiation-ssl + +[539-version-negotiation-ssl] +server = 539-version-negotiation-server +client = 539-version-negotiation-client + +[539-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[539-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-539] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[540-version-negotiation] +ssl_conf = 540-version-negotiation-ssl + +[540-version-negotiation-ssl] +server = 540-version-negotiation-server +client = 540-version-negotiation-client + +[540-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[540-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-540] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[541-version-negotiation] +ssl_conf = 541-version-negotiation-ssl + +[541-version-negotiation-ssl] +server = 541-version-negotiation-server +client = 541-version-negotiation-client + +[541-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[541-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-541] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[542-version-negotiation] +ssl_conf = 542-version-negotiation-ssl + +[542-version-negotiation-ssl] +server = 542-version-negotiation-server +client = 542-version-negotiation-client + +[542-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[542-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-542] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[543-version-negotiation] +ssl_conf = 543-version-negotiation-ssl + +[543-version-negotiation-ssl] +server = 543-version-negotiation-server +client = 543-version-negotiation-client + +[543-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[543-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-543] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[544-version-negotiation] +ssl_conf = 544-version-negotiation-ssl + +[544-version-negotiation-ssl] +server = 544-version-negotiation-server +client = 544-version-negotiation-client + +[544-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[544-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-544] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[545-version-negotiation] +ssl_conf = 545-version-negotiation-ssl + +[545-version-negotiation-ssl] +server = 545-version-negotiation-server +client = 545-version-negotiation-client + +[545-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[545-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-545] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[546-version-negotiation] +ssl_conf = 546-version-negotiation-ssl + +[546-version-negotiation-ssl] +server = 546-version-negotiation-server +client = 546-version-negotiation-client + +[546-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[546-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-546] +ExpectedResult = ServerFail + + +# =========================================================== + +[547-version-negotiation] +ssl_conf = 547-version-negotiation-ssl + +[547-version-negotiation-ssl] +server = 547-version-negotiation-server +client = 547-version-negotiation-client + +[547-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[547-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-547] +ExpectedResult = ClientFail + + +# =========================================================== + +[548-version-negotiation] +ssl_conf = 548-version-negotiation-ssl + +[548-version-negotiation-ssl] +server = 548-version-negotiation-server +client = 548-version-negotiation-client + +[548-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[548-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-548] +ExpectedResult = ClientFail + + +# =========================================================== + +[549-version-negotiation] +ssl_conf = 549-version-negotiation-ssl + +[549-version-negotiation-ssl] +server = 549-version-negotiation-server +client = 549-version-negotiation-client + +[549-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[549-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-549] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[550-version-negotiation] +ssl_conf = 550-version-negotiation-ssl + +[550-version-negotiation-ssl] +server = 550-version-negotiation-server +client = 550-version-negotiation-client + +[550-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[550-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-550] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[551-version-negotiation] +ssl_conf = 551-version-negotiation-ssl + +[551-version-negotiation-ssl] +server = 551-version-negotiation-server +client = 551-version-negotiation-client + +[551-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[551-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-551] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[552-version-negotiation] +ssl_conf = 552-version-negotiation-ssl + +[552-version-negotiation-ssl] +server = 552-version-negotiation-server +client = 552-version-negotiation-client + +[552-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[552-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-552] +ExpectedResult = ServerFail + + +# =========================================================== + +[553-version-negotiation] +ssl_conf = 553-version-negotiation-ssl + +[553-version-negotiation-ssl] +server = 553-version-negotiation-server +client = 553-version-negotiation-client + +[553-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[553-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-553] +ExpectedResult = ClientFail + + +# =========================================================== + +[554-version-negotiation] +ssl_conf = 554-version-negotiation-ssl + +[554-version-negotiation-ssl] +server = 554-version-negotiation-server +client = 554-version-negotiation-client + +[554-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[554-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-554] +ExpectedResult = ClientFail + + +# =========================================================== + +[555-version-negotiation] +ssl_conf = 555-version-negotiation-ssl + +[555-version-negotiation-ssl] +server = 555-version-negotiation-server +client = 555-version-negotiation-client + +[555-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[555-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-555] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[556-version-negotiation] +ssl_conf = 556-version-negotiation-ssl + +[556-version-negotiation-ssl] +server = 556-version-negotiation-server +client = 556-version-negotiation-client + +[556-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[556-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-556] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[557-version-negotiation] +ssl_conf = 557-version-negotiation-ssl + +[557-version-negotiation-ssl] +server = 557-version-negotiation-server +client = 557-version-negotiation-client + +[557-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[557-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-557] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[558-version-negotiation] +ssl_conf = 558-version-negotiation-ssl + +[558-version-negotiation-ssl] +server = 558-version-negotiation-server +client = 558-version-negotiation-client + +[558-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[558-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-558] +ExpectedResult = ClientFail + + +# =========================================================== + +[559-version-negotiation] +ssl_conf = 559-version-negotiation-ssl + +[559-version-negotiation-ssl] +server = 559-version-negotiation-server +client = 559-version-negotiation-client + +[559-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[559-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-559] +ExpectedResult = ClientFail + + +# =========================================================== + +[560-version-negotiation] +ssl_conf = 560-version-negotiation-ssl + +[560-version-negotiation-ssl] +server = 560-version-negotiation-server +client = 560-version-negotiation-client + +[560-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[560-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-560] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[561-version-negotiation] +ssl_conf = 561-version-negotiation-ssl + +[561-version-negotiation-ssl] +server = 561-version-negotiation-server +client = 561-version-negotiation-client + +[561-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[561-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-561] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[562-version-negotiation] +ssl_conf = 562-version-negotiation-ssl + +[562-version-negotiation-ssl] +server = 562-version-negotiation-server +client = 562-version-negotiation-client + +[562-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[562-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-562] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[563-version-negotiation] +ssl_conf = 563-version-negotiation-ssl + +[563-version-negotiation-ssl] +server = 563-version-negotiation-server +client = 563-version-negotiation-client + +[563-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[563-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-563] +ExpectedResult = ClientFail + + +# =========================================================== + +[564-version-negotiation] +ssl_conf = 564-version-negotiation-ssl + +[564-version-negotiation-ssl] +server = 564-version-negotiation-server +client = 564-version-negotiation-client + +[564-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[564-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-564] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[565-version-negotiation] +ssl_conf = 565-version-negotiation-ssl + +[565-version-negotiation-ssl] +server = 565-version-negotiation-server +client = 565-version-negotiation-client + +[565-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[565-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-565] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[566-version-negotiation] +ssl_conf = 566-version-negotiation-ssl + +[566-version-negotiation-ssl] +server = 566-version-negotiation-server +client = 566-version-negotiation-client + +[566-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[566-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-566] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[567-version-negotiation] +ssl_conf = 567-version-negotiation-ssl + +[567-version-negotiation-ssl] +server = 567-version-negotiation-server +client = 567-version-negotiation-client + +[567-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[567-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-567] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[568-version-negotiation] +ssl_conf = 568-version-negotiation-ssl + +[568-version-negotiation-ssl] +server = 568-version-negotiation-server +client = 568-version-negotiation-client + +[568-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[568-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-568] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[569-version-negotiation] +ssl_conf = 569-version-negotiation-ssl + +[569-version-negotiation-ssl] +server = 569-version-negotiation-server +client = 569-version-negotiation-client + +[569-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[569-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-569] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[570-version-negotiation] +ssl_conf = 570-version-negotiation-ssl + +[570-version-negotiation-ssl] +server = 570-version-negotiation-server +client = 570-version-negotiation-client + +[570-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[570-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-570] +ExpectedResult = ServerFail + + +# =========================================================== + +[571-version-negotiation] +ssl_conf = 571-version-negotiation-ssl + +[571-version-negotiation-ssl] +server = 571-version-negotiation-server +client = 571-version-negotiation-client + +[571-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[571-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-571] +ExpectedResult = ServerFail + + +# =========================================================== + +[572-version-negotiation] +ssl_conf = 572-version-negotiation-ssl + +[572-version-negotiation-ssl] +server = 572-version-negotiation-server +client = 572-version-negotiation-client + +[572-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[572-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-572] +ExpectedResult = ServerFail + + +# =========================================================== + +[573-version-negotiation] +ssl_conf = 573-version-negotiation-ssl + +[573-version-negotiation-ssl] +server = 573-version-negotiation-server +client = 573-version-negotiation-client + +[573-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[573-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-573] +ExpectedResult = ServerFail + + +# =========================================================== + +[574-version-negotiation] +ssl_conf = 574-version-negotiation-ssl + +[574-version-negotiation-ssl] +server = 574-version-negotiation-server +client = 574-version-negotiation-client + +[574-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[574-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-574] +ExpectedResult = ServerFail + + +# =========================================================== + +[575-version-negotiation] +ssl_conf = 575-version-negotiation-ssl + +[575-version-negotiation-ssl] +server = 575-version-negotiation-server +client = 575-version-negotiation-client + +[575-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[575-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-575] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[576-version-negotiation] +ssl_conf = 576-version-negotiation-ssl + +[576-version-negotiation-ssl] +server = 576-version-negotiation-server +client = 576-version-negotiation-client + +[576-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[576-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-576] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[577-version-negotiation] +ssl_conf = 577-version-negotiation-ssl + +[577-version-negotiation-ssl] +server = 577-version-negotiation-server +client = 577-version-negotiation-client + +[577-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[577-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-577] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[578-version-negotiation] +ssl_conf = 578-version-negotiation-ssl + +[578-version-negotiation-ssl] +server = 578-version-negotiation-server +client = 578-version-negotiation-client + +[578-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[578-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-578] +ExpectedResult = ServerFail + + +# =========================================================== + +[579-version-negotiation] +ssl_conf = 579-version-negotiation-ssl + +[579-version-negotiation-ssl] +server = 579-version-negotiation-server +client = 579-version-negotiation-client + +[579-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[579-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-579] +ExpectedResult = ServerFail + + +# =========================================================== + +[580-version-negotiation] +ssl_conf = 580-version-negotiation-ssl + +[580-version-negotiation-ssl] +server = 580-version-negotiation-server +client = 580-version-negotiation-client + +[580-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[580-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-580] +ExpectedResult = ServerFail + + +# =========================================================== + +[581-version-negotiation] +ssl_conf = 581-version-negotiation-ssl + +[581-version-negotiation-ssl] +server = 581-version-negotiation-server +client = 581-version-negotiation-client + +[581-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[581-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-581] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[582-version-negotiation] +ssl_conf = 582-version-negotiation-ssl + +[582-version-negotiation-ssl] +server = 582-version-negotiation-server +client = 582-version-negotiation-client + +[582-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[582-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-582] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[583-version-negotiation] +ssl_conf = 583-version-negotiation-ssl + +[583-version-negotiation-ssl] +server = 583-version-negotiation-server +client = 583-version-negotiation-client + +[583-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[583-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-583] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[584-version-negotiation] +ssl_conf = 584-version-negotiation-ssl + +[584-version-negotiation-ssl] +server = 584-version-negotiation-server +client = 584-version-negotiation-client + +[584-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[584-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-584] +ExpectedResult = ServerFail + + +# =========================================================== + +[585-version-negotiation] +ssl_conf = 585-version-negotiation-ssl + +[585-version-negotiation-ssl] +server = 585-version-negotiation-server +client = 585-version-negotiation-client + +[585-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[585-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-585] +ExpectedResult = ServerFail + + +# =========================================================== + +[586-version-negotiation] +ssl_conf = 586-version-negotiation-ssl + +[586-version-negotiation-ssl] +server = 586-version-negotiation-server +client = 586-version-negotiation-client + +[586-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[586-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-586] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[587-version-negotiation] +ssl_conf = 587-version-negotiation-ssl + +[587-version-negotiation-ssl] +server = 587-version-negotiation-server +client = 587-version-negotiation-client + +[587-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[587-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-587] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[588-version-negotiation] +ssl_conf = 588-version-negotiation-ssl + +[588-version-negotiation-ssl] +server = 588-version-negotiation-server +client = 588-version-negotiation-client + +[588-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[588-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-588] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[589-version-negotiation] +ssl_conf = 589-version-negotiation-ssl + +[589-version-negotiation-ssl] +server = 589-version-negotiation-server +client = 589-version-negotiation-client + +[589-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[589-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-589] +ExpectedResult = ServerFail + + +# =========================================================== + +[590-version-negotiation] +ssl_conf = 590-version-negotiation-ssl + +[590-version-negotiation-ssl] +server = 590-version-negotiation-server +client = 590-version-negotiation-client + +[590-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[590-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-590] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[591-version-negotiation] +ssl_conf = 591-version-negotiation-ssl + +[591-version-negotiation-ssl] +server = 591-version-negotiation-server +client = 591-version-negotiation-client + +[591-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[591-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-591] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[592-version-negotiation] +ssl_conf = 592-version-negotiation-ssl + +[592-version-negotiation-ssl] +server = 592-version-negotiation-server +client = 592-version-negotiation-client + +[592-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[592-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-592] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[593-version-negotiation] +ssl_conf = 593-version-negotiation-ssl + +[593-version-negotiation-ssl] +server = 593-version-negotiation-server +client = 593-version-negotiation-client + +[593-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[593-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-593] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[594-version-negotiation] +ssl_conf = 594-version-negotiation-ssl + +[594-version-negotiation-ssl] +server = 594-version-negotiation-server +client = 594-version-negotiation-client + +[594-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[594-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-594] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[595-version-negotiation] +ssl_conf = 595-version-negotiation-ssl + +[595-version-negotiation-ssl] +server = 595-version-negotiation-server +client = 595-version-negotiation-client + +[595-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[595-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-595] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[596-version-negotiation] +ssl_conf = 596-version-negotiation-ssl + +[596-version-negotiation-ssl] +server = 596-version-negotiation-server +client = 596-version-negotiation-client + +[596-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[596-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-596] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[597-version-negotiation] +ssl_conf = 597-version-negotiation-ssl + +[597-version-negotiation-ssl] +server = 597-version-negotiation-server +client = 597-version-negotiation-client + +[597-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[597-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-597] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[598-version-negotiation] +ssl_conf = 598-version-negotiation-ssl + +[598-version-negotiation-ssl] +server = 598-version-negotiation-server +client = 598-version-negotiation-client + +[598-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[598-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-598] +ExpectedResult = ServerFail + + +# =========================================================== + +[599-version-negotiation] +ssl_conf = 599-version-negotiation-ssl + +[599-version-negotiation-ssl] +server = 599-version-negotiation-server +client = 599-version-negotiation-client + +[599-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[599-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-599] +ExpectedResult = ServerFail + + +# =========================================================== + +[600-version-negotiation] +ssl_conf = 600-version-negotiation-ssl + +[600-version-negotiation-ssl] +server = 600-version-negotiation-server +client = 600-version-negotiation-client + +[600-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[600-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-600] +ExpectedResult = ServerFail + + +# =========================================================== + +[601-version-negotiation] +ssl_conf = 601-version-negotiation-ssl + +[601-version-negotiation-ssl] +server = 601-version-negotiation-server +client = 601-version-negotiation-client + +[601-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[601-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-601] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[602-version-negotiation] +ssl_conf = 602-version-negotiation-ssl + +[602-version-negotiation-ssl] +server = 602-version-negotiation-server +client = 602-version-negotiation-client + +[602-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[602-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-602] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[603-version-negotiation] +ssl_conf = 603-version-negotiation-ssl + +[603-version-negotiation-ssl] +server = 603-version-negotiation-server +client = 603-version-negotiation-client + +[603-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[603-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-603] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[604-version-negotiation] +ssl_conf = 604-version-negotiation-ssl + +[604-version-negotiation-ssl] +server = 604-version-negotiation-server +client = 604-version-negotiation-client + +[604-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[604-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-604] +ExpectedResult = ServerFail + + +# =========================================================== + +[605-version-negotiation] +ssl_conf = 605-version-negotiation-ssl + +[605-version-negotiation-ssl] +server = 605-version-negotiation-server +client = 605-version-negotiation-client + +[605-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[605-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-605] +ExpectedResult = ServerFail + + +# =========================================================== + +[606-version-negotiation] +ssl_conf = 606-version-negotiation-ssl + +[606-version-negotiation-ssl] +server = 606-version-negotiation-server +client = 606-version-negotiation-client + +[606-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[606-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-606] +ExpectedResult = ServerFail + + +# =========================================================== + +[607-version-negotiation] +ssl_conf = 607-version-negotiation-ssl + +[607-version-negotiation-ssl] +server = 607-version-negotiation-server +client = 607-version-negotiation-client + +[607-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[607-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-607] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[608-version-negotiation] +ssl_conf = 608-version-negotiation-ssl + +[608-version-negotiation-ssl] +server = 608-version-negotiation-server +client = 608-version-negotiation-client + +[608-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[608-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-608] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[609-version-negotiation] +ssl_conf = 609-version-negotiation-ssl + +[609-version-negotiation-ssl] +server = 609-version-negotiation-server +client = 609-version-negotiation-client + +[609-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[609-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-609] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[610-version-negotiation] +ssl_conf = 610-version-negotiation-ssl + +[610-version-negotiation-ssl] +server = 610-version-negotiation-server +client = 610-version-negotiation-client + +[610-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[610-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-610] +ExpectedResult = ServerFail + + +# =========================================================== + +[611-version-negotiation] +ssl_conf = 611-version-negotiation-ssl + +[611-version-negotiation-ssl] +server = 611-version-negotiation-server +client = 611-version-negotiation-client + +[611-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[611-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-611] +ExpectedResult = ServerFail + + +# =========================================================== + +[612-version-negotiation] +ssl_conf = 612-version-negotiation-ssl + +[612-version-negotiation-ssl] +server = 612-version-negotiation-server +client = 612-version-negotiation-client + +[612-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[612-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-612] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[613-version-negotiation] +ssl_conf = 613-version-negotiation-ssl + +[613-version-negotiation-ssl] +server = 613-version-negotiation-server +client = 613-version-negotiation-client + +[613-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[613-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-613] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[614-version-negotiation] +ssl_conf = 614-version-negotiation-ssl + +[614-version-negotiation-ssl] +server = 614-version-negotiation-server +client = 614-version-negotiation-client + +[614-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[614-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-614] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[615-version-negotiation] +ssl_conf = 615-version-negotiation-ssl + +[615-version-negotiation-ssl] +server = 615-version-negotiation-server +client = 615-version-negotiation-client + +[615-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[615-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-615] +ExpectedResult = ServerFail + + +# =========================================================== + +[616-version-negotiation] +ssl_conf = 616-version-negotiation-ssl + +[616-version-negotiation-ssl] +server = 616-version-negotiation-server +client = 616-version-negotiation-client + +[616-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[616-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-616] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[617-version-negotiation] +ssl_conf = 617-version-negotiation-ssl + +[617-version-negotiation-ssl] +server = 617-version-negotiation-server +client = 617-version-negotiation-client + +[617-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[617-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-617] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[618-version-negotiation] +ssl_conf = 618-version-negotiation-ssl + +[618-version-negotiation-ssl] +server = 618-version-negotiation-server +client = 618-version-negotiation-client + +[618-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[618-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-618] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[619-version-negotiation] +ssl_conf = 619-version-negotiation-ssl + +[619-version-negotiation-ssl] +server = 619-version-negotiation-server +client = 619-version-negotiation-client + +[619-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[619-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-619] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[620-version-negotiation] +ssl_conf = 620-version-negotiation-ssl + +[620-version-negotiation-ssl] +server = 620-version-negotiation-server +client = 620-version-negotiation-client + +[620-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[620-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-620] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[621-version-negotiation] +ssl_conf = 621-version-negotiation-ssl + +[621-version-negotiation-ssl] +server = 621-version-negotiation-server +client = 621-version-negotiation-client + +[621-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[621-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-621] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[622-version-negotiation] +ssl_conf = 622-version-negotiation-ssl + +[622-version-negotiation-ssl] +server = 622-version-negotiation-server +client = 622-version-negotiation-client + +[622-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[622-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-622] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[623-version-negotiation] +ssl_conf = 623-version-negotiation-ssl + +[623-version-negotiation-ssl] +server = 623-version-negotiation-server +client = 623-version-negotiation-client + +[623-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[623-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-623] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[624-version-negotiation] +ssl_conf = 624-version-negotiation-ssl + +[624-version-negotiation-ssl] +server = 624-version-negotiation-server +client = 624-version-negotiation-client + +[624-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[624-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-624] +ExpectedResult = ServerFail + + +# =========================================================== + +[625-version-negotiation] +ssl_conf = 625-version-negotiation-ssl + +[625-version-negotiation-ssl] +server = 625-version-negotiation-server +client = 625-version-negotiation-client + +[625-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[625-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-625] +ExpectedResult = ServerFail + + +# =========================================================== + +[626-version-negotiation] +ssl_conf = 626-version-negotiation-ssl + +[626-version-negotiation-ssl] +server = 626-version-negotiation-server +client = 626-version-negotiation-client + +[626-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[626-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-626] +ExpectedResult = ServerFail + + +# =========================================================== + +[627-version-negotiation] +ssl_conf = 627-version-negotiation-ssl + +[627-version-negotiation-ssl] +server = 627-version-negotiation-server +client = 627-version-negotiation-client + +[627-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[627-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-627] +ExpectedResult = ServerFail + + +# =========================================================== + +[628-version-negotiation] +ssl_conf = 628-version-negotiation-ssl + +[628-version-negotiation-ssl] +server = 628-version-negotiation-server +client = 628-version-negotiation-client + +[628-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[628-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-628] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[629-version-negotiation] +ssl_conf = 629-version-negotiation-ssl + +[629-version-negotiation-ssl] +server = 629-version-negotiation-server +client = 629-version-negotiation-client + +[629-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[629-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-629] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[630-version-negotiation] +ssl_conf = 630-version-negotiation-ssl + +[630-version-negotiation-ssl] +server = 630-version-negotiation-server +client = 630-version-negotiation-client + +[630-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[630-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-630] +ExpectedResult = ServerFail + + +# =========================================================== + +[631-version-negotiation] +ssl_conf = 631-version-negotiation-ssl + +[631-version-negotiation-ssl] +server = 631-version-negotiation-server +client = 631-version-negotiation-client + +[631-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[631-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-631] +ExpectedResult = ServerFail + + +# =========================================================== + +[632-version-negotiation] +ssl_conf = 632-version-negotiation-ssl + +[632-version-negotiation-ssl] +server = 632-version-negotiation-server +client = 632-version-negotiation-client + +[632-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[632-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-632] +ExpectedResult = ServerFail + + +# =========================================================== + +[633-version-negotiation] +ssl_conf = 633-version-negotiation-ssl + +[633-version-negotiation-ssl] +server = 633-version-negotiation-server +client = 633-version-negotiation-client + +[633-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[633-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-633] +ExpectedResult = ServerFail + + +# =========================================================== + +[634-version-negotiation] +ssl_conf = 634-version-negotiation-ssl + +[634-version-negotiation-ssl] +server = 634-version-negotiation-server +client = 634-version-negotiation-client + +[634-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[634-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-634] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[635-version-negotiation] +ssl_conf = 635-version-negotiation-ssl + +[635-version-negotiation-ssl] +server = 635-version-negotiation-server +client = 635-version-negotiation-client + +[635-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[635-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-635] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[636-version-negotiation] +ssl_conf = 636-version-negotiation-ssl + +[636-version-negotiation-ssl] +server = 636-version-negotiation-server +client = 636-version-negotiation-client + +[636-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[636-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-636] +ExpectedResult = ServerFail + + +# =========================================================== + +[637-version-negotiation] +ssl_conf = 637-version-negotiation-ssl + +[637-version-negotiation-ssl] +server = 637-version-negotiation-server +client = 637-version-negotiation-client + +[637-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[637-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-637] +ExpectedResult = ServerFail + + +# =========================================================== + +[638-version-negotiation] +ssl_conf = 638-version-negotiation-ssl + +[638-version-negotiation-ssl] +server = 638-version-negotiation-server +client = 638-version-negotiation-client + +[638-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[638-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-638] +ExpectedResult = ServerFail + + +# =========================================================== + +[639-version-negotiation] +ssl_conf = 639-version-negotiation-ssl + +[639-version-negotiation-ssl] +server = 639-version-negotiation-server +client = 639-version-negotiation-client + +[639-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[639-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-639] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[640-version-negotiation] +ssl_conf = 640-version-negotiation-ssl + +[640-version-negotiation-ssl] +server = 640-version-negotiation-server +client = 640-version-negotiation-client + +[640-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[640-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-640] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[641-version-negotiation] +ssl_conf = 641-version-negotiation-ssl + +[641-version-negotiation-ssl] +server = 641-version-negotiation-server +client = 641-version-negotiation-client + +[641-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[641-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-641] +ExpectedResult = ServerFail + + +# =========================================================== + +[642-version-negotiation] +ssl_conf = 642-version-negotiation-ssl + +[642-version-negotiation-ssl] +server = 642-version-negotiation-server +client = 642-version-negotiation-client + +[642-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[642-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-642] +ExpectedResult = ServerFail + + +# =========================================================== + +[643-version-negotiation] +ssl_conf = 643-version-negotiation-ssl + +[643-version-negotiation-ssl] +server = 643-version-negotiation-server +client = 643-version-negotiation-client + +[643-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[643-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-643] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[644-version-negotiation] +ssl_conf = 644-version-negotiation-ssl + +[644-version-negotiation-ssl] +server = 644-version-negotiation-server +client = 644-version-negotiation-client + +[644-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[644-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-644] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[645-version-negotiation] +ssl_conf = 645-version-negotiation-ssl + +[645-version-negotiation-ssl] +server = 645-version-negotiation-server +client = 645-version-negotiation-client + +[645-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[645-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-645] +ExpectedResult = ServerFail + + +# =========================================================== + +[646-version-negotiation] +ssl_conf = 646-version-negotiation-ssl + +[646-version-negotiation-ssl] +server = 646-version-negotiation-server +client = 646-version-negotiation-client + +[646-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[646-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-646] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[647-version-negotiation] +ssl_conf = 647-version-negotiation-ssl + +[647-version-negotiation-ssl] +server = 647-version-negotiation-server +client = 647-version-negotiation-client + +[647-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[647-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-647] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[648-version-negotiation] +ssl_conf = 648-version-negotiation-ssl + +[648-version-negotiation-ssl] +server = 648-version-negotiation-server +client = 648-version-negotiation-client + +[648-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[648-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-648] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[649-version-negotiation] +ssl_conf = 649-version-negotiation-ssl + +[649-version-negotiation-ssl] +server = 649-version-negotiation-server +client = 649-version-negotiation-client + +[649-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[649-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-649] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[650-version-negotiation] +ssl_conf = 650-version-negotiation-ssl + +[650-version-negotiation-ssl] +server = 650-version-negotiation-server +client = 650-version-negotiation-client + +[650-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[650-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-650] +ExpectedResult = ServerFail + + +# =========================================================== + +[651-version-negotiation] +ssl_conf = 651-version-negotiation-ssl + +[651-version-negotiation-ssl] +server = 651-version-negotiation-server +client = 651-version-negotiation-client + +[651-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[651-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-651] +ExpectedResult = ServerFail + + +# =========================================================== + +[652-version-negotiation] +ssl_conf = 652-version-negotiation-ssl + +[652-version-negotiation-ssl] +server = 652-version-negotiation-server +client = 652-version-negotiation-client + +[652-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[652-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-652] +ExpectedResult = ServerFail + + +# =========================================================== + +[653-version-negotiation] +ssl_conf = 653-version-negotiation-ssl + +[653-version-negotiation-ssl] +server = 653-version-negotiation-server +client = 653-version-negotiation-client + +[653-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[653-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-653] +ExpectedResult = ServerFail + + +# =========================================================== + +[654-version-negotiation] +ssl_conf = 654-version-negotiation-ssl + +[654-version-negotiation-ssl] +server = 654-version-negotiation-server +client = 654-version-negotiation-client + +[654-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[654-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-654] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[655-version-negotiation] +ssl_conf = 655-version-negotiation-ssl + +[655-version-negotiation-ssl] +server = 655-version-negotiation-server +client = 655-version-negotiation-client + +[655-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[655-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-655] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[656-version-negotiation] +ssl_conf = 656-version-negotiation-ssl + +[656-version-negotiation-ssl] +server = 656-version-negotiation-server +client = 656-version-negotiation-client + +[656-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[656-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-656] +ExpectedResult = ServerFail + + +# =========================================================== + +[657-version-negotiation] +ssl_conf = 657-version-negotiation-ssl + +[657-version-negotiation-ssl] +server = 657-version-negotiation-server +client = 657-version-negotiation-client + +[657-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[657-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-657] +ExpectedResult = ServerFail + + +# =========================================================== + +[658-version-negotiation] +ssl_conf = 658-version-negotiation-ssl + +[658-version-negotiation-ssl] +server = 658-version-negotiation-server +client = 658-version-negotiation-client + +[658-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[658-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-658] +ExpectedResult = ServerFail + + +# =========================================================== + +[659-version-negotiation] +ssl_conf = 659-version-negotiation-ssl + +[659-version-negotiation-ssl] +server = 659-version-negotiation-server +client = 659-version-negotiation-client + +[659-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[659-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-659] +ExpectedResult = ServerFail + + +# =========================================================== + +[660-version-negotiation] +ssl_conf = 660-version-negotiation-ssl + +[660-version-negotiation-ssl] +server = 660-version-negotiation-server +client = 660-version-negotiation-client + +[660-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[660-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-660] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[661-version-negotiation] +ssl_conf = 661-version-negotiation-ssl + +[661-version-negotiation-ssl] +server = 661-version-negotiation-server +client = 661-version-negotiation-client + +[661-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[661-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-661] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[662-version-negotiation] +ssl_conf = 662-version-negotiation-ssl + +[662-version-negotiation-ssl] +server = 662-version-negotiation-server +client = 662-version-negotiation-client + +[662-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[662-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-662] +ExpectedResult = ServerFail + + +# =========================================================== + +[663-version-negotiation] +ssl_conf = 663-version-negotiation-ssl + +[663-version-negotiation-ssl] +server = 663-version-negotiation-server +client = 663-version-negotiation-client + +[663-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[663-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-663] +ExpectedResult = ServerFail + + +# =========================================================== + +[664-version-negotiation] +ssl_conf = 664-version-negotiation-ssl + +[664-version-negotiation-ssl] +server = 664-version-negotiation-server +client = 664-version-negotiation-client + +[664-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[664-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-664] +ExpectedResult = ServerFail + + +# =========================================================== + +[665-version-negotiation] +ssl_conf = 665-version-negotiation-ssl + +[665-version-negotiation-ssl] +server = 665-version-negotiation-server +client = 665-version-negotiation-client + +[665-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[665-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-665] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[666-version-negotiation] +ssl_conf = 666-version-negotiation-ssl + +[666-version-negotiation-ssl] +server = 666-version-negotiation-server +client = 666-version-negotiation-client + +[666-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[666-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-666] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[667-version-negotiation] +ssl_conf = 667-version-negotiation-ssl + +[667-version-negotiation-ssl] +server = 667-version-negotiation-server +client = 667-version-negotiation-client + +[667-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[667-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-667] +ExpectedResult = ServerFail + + +# =========================================================== + +[668-version-negotiation] +ssl_conf = 668-version-negotiation-ssl + +[668-version-negotiation-ssl] +server = 668-version-negotiation-server +client = 668-version-negotiation-client + +[668-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[668-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-668] +ExpectedResult = ServerFail + + +# =========================================================== + +[669-version-negotiation] +ssl_conf = 669-version-negotiation-ssl + +[669-version-negotiation-ssl] +server = 669-version-negotiation-server +client = 669-version-negotiation-client + +[669-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[669-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-669] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[670-version-negotiation] +ssl_conf = 670-version-negotiation-ssl + +[670-version-negotiation-ssl] +server = 670-version-negotiation-server +client = 670-version-negotiation-client + +[670-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[670-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-670] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[671-version-negotiation] +ssl_conf = 671-version-negotiation-ssl + +[671-version-negotiation-ssl] +server = 671-version-negotiation-server +client = 671-version-negotiation-client + +[671-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[671-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-671] +ExpectedResult = ServerFail + + +# =========================================================== + +[672-version-negotiation] +ssl_conf = 672-version-negotiation-ssl + +[672-version-negotiation-ssl] +server = 672-version-negotiation-server +client = 672-version-negotiation-client + +[672-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[672-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-672] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[673-version-negotiation] +ssl_conf = 673-version-negotiation-ssl + +[673-version-negotiation-ssl] +server = 673-version-negotiation-server +client = 673-version-negotiation-client + +[673-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[673-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-673] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[674-version-negotiation] +ssl_conf = 674-version-negotiation-ssl + +[674-version-negotiation-ssl] +server = 674-version-negotiation-server +client = 674-version-negotiation-client + +[674-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[674-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-674] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[675-version-negotiation] +ssl_conf = 675-version-negotiation-ssl + +[675-version-negotiation-ssl] +server = 675-version-negotiation-server +client = 675-version-negotiation-client + +[675-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[675-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-675] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[676-ciphersuite-sanity-check-client] +ssl_conf = 676-ciphersuite-sanity-check-client-ssl + +[676-ciphersuite-sanity-check-client-ssl] +server = 676-ciphersuite-sanity-check-client-server +client = 676-ciphersuite-sanity-check-client-client + +[676-ciphersuite-sanity-check-client-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[676-ciphersuite-sanity-check-client-client] +CipherString = AES128-SHA +Ciphersuites = +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-676] +ExpectedResult = ClientFail + + +# =========================================================== + +[677-ciphersuite-sanity-check-server] +ssl_conf = 677-ciphersuite-sanity-check-server-ssl + +[677-ciphersuite-sanity-check-server-ssl] +server = 677-ciphersuite-sanity-check-server-server +client = 677-ciphersuite-sanity-check-server-client + +[677-ciphersuite-sanity-check-server-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = AES128-SHA +Ciphersuites = +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[677-ciphersuite-sanity-check-server-client] +CipherString = AES128-SHA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-677] +ExpectedResult = ServerFail + + diff --git a/test/ssl-tests/02-protocol-version.cnf.in b/test/ssl-tests/02-protocol-version.cnf.in new file mode 100644 index 0000000000..a6799df0ac --- /dev/null +++ b/test/ssl-tests/02-protocol-version.cnf.in @@ -0,0 +1,19 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test TLS version negotiation + +package ssltests; + +use strict; +use warnings; + +use protocol_version; + +our @tests = generate_version_tests("TLS"); diff --git a/test/ssl-tests/02-protocol-version.conf b/test/ssl-tests/02-protocol-version.conf deleted file mode 100644 index 4b7d7df218..0000000000 --- a/test/ssl-tests/02-protocol-version.conf +++ /dev/null @@ -1,18822 +0,0 @@ -# Generated with generate_ssl_tests.pl - -num_tests = 678 - -test-0 = 0-version-negotiation -test-1 = 1-version-negotiation -test-2 = 2-version-negotiation -test-3 = 3-version-negotiation -test-4 = 4-version-negotiation -test-5 = 5-version-negotiation -test-6 = 6-version-negotiation -test-7 = 7-version-negotiation -test-8 = 8-version-negotiation -test-9 = 9-version-negotiation -test-10 = 10-version-negotiation -test-11 = 11-version-negotiation -test-12 = 12-version-negotiation -test-13 = 13-version-negotiation -test-14 = 14-version-negotiation -test-15 = 15-version-negotiation -test-16 = 16-version-negotiation -test-17 = 17-version-negotiation -test-18 = 18-version-negotiation -test-19 = 19-version-negotiation -test-20 = 20-version-negotiation -test-21 = 21-version-negotiation -test-22 = 22-version-negotiation -test-23 = 23-version-negotiation -test-24 = 24-version-negotiation -test-25 = 25-version-negotiation -test-26 = 26-version-negotiation -test-27 = 27-version-negotiation -test-28 = 28-version-negotiation -test-29 = 29-version-negotiation -test-30 = 30-version-negotiation -test-31 = 31-version-negotiation -test-32 = 32-version-negotiation -test-33 = 33-version-negotiation -test-34 = 34-version-negotiation -test-35 = 35-version-negotiation -test-36 = 36-version-negotiation -test-37 = 37-version-negotiation -test-38 = 38-version-negotiation -test-39 = 39-version-negotiation -test-40 = 40-version-negotiation -test-41 = 41-version-negotiation -test-42 = 42-version-negotiation -test-43 = 43-version-negotiation -test-44 = 44-version-negotiation -test-45 = 45-version-negotiation -test-46 = 46-version-negotiation -test-47 = 47-version-negotiation -test-48 = 48-version-negotiation -test-49 = 49-version-negotiation -test-50 = 50-version-negotiation -test-51 = 51-version-negotiation -test-52 = 52-version-negotiation -test-53 = 53-version-negotiation -test-54 = 54-version-negotiation -test-55 = 55-version-negotiation -test-56 = 56-version-negotiation -test-57 = 57-version-negotiation -test-58 = 58-version-negotiation -test-59 = 59-version-negotiation -test-60 = 60-version-negotiation -test-61 = 61-version-negotiation -test-62 = 62-version-negotiation -test-63 = 63-version-negotiation -test-64 = 64-version-negotiation -test-65 = 65-version-negotiation -test-66 = 66-version-negotiation -test-67 = 67-version-negotiation -test-68 = 68-version-negotiation -test-69 = 69-version-negotiation -test-70 = 70-version-negotiation -test-71 = 71-version-negotiation -test-72 = 72-version-negotiation -test-73 = 73-version-negotiation -test-74 = 74-version-negotiation -test-75 = 75-version-negotiation -test-76 = 76-version-negotiation -test-77 = 77-version-negotiation -test-78 = 78-version-negotiation -test-79 = 79-version-negotiation -test-80 = 80-version-negotiation -test-81 = 81-version-negotiation -test-82 = 82-version-negotiation -test-83 = 83-version-negotiation -test-84 = 84-version-negotiation -test-85 = 85-version-negotiation -test-86 = 86-version-negotiation -test-87 = 87-version-negotiation -test-88 = 88-version-negotiation -test-89 = 89-version-negotiation -test-90 = 90-version-negotiation -test-91 = 91-version-negotiation -test-92 = 92-version-negotiation -test-93 = 93-version-negotiation -test-94 = 94-version-negotiation -test-95 = 95-version-negotiation -test-96 = 96-version-negotiation -test-97 = 97-version-negotiation -test-98 = 98-version-negotiation -test-99 = 99-version-negotiation -test-100 = 100-version-negotiation -test-101 = 101-version-negotiation -test-102 = 102-version-negotiation -test-103 = 103-version-negotiation -test-104 = 104-version-negotiation -test-105 = 105-version-negotiation -test-106 = 106-version-negotiation -test-107 = 107-version-negotiation -test-108 = 108-version-negotiation -test-109 = 109-version-negotiation -test-110 = 110-version-negotiation -test-111 = 111-version-negotiation -test-112 = 112-version-negotiation -test-113 = 113-version-negotiation -test-114 = 114-version-negotiation -test-115 = 115-version-negotiation -test-116 = 116-version-negotiation -test-117 = 117-version-negotiation -test-118 = 118-version-negotiation -test-119 = 119-version-negotiation -test-120 = 120-version-negotiation -test-121 = 121-version-negotiation -test-122 = 122-version-negotiation -test-123 = 123-version-negotiation -test-124 = 124-version-negotiation -test-125 = 125-version-negotiation -test-126 = 126-version-negotiation -test-127 = 127-version-negotiation -test-128 = 128-version-negotiation -test-129 = 129-version-negotiation -test-130 = 130-version-negotiation -test-131 = 131-version-negotiation -test-132 = 132-version-negotiation -test-133 = 133-version-negotiation -test-134 = 134-version-negotiation -test-135 = 135-version-negotiation -test-136 = 136-version-negotiation -test-137 = 137-version-negotiation -test-138 = 138-version-negotiation -test-139 = 139-version-negotiation -test-140 = 140-version-negotiation -test-141 = 141-version-negotiation -test-142 = 142-version-negotiation -test-143 = 143-version-negotiation -test-144 = 144-version-negotiation -test-145 = 145-version-negotiation -test-146 = 146-version-negotiation -test-147 = 147-version-negotiation -test-148 = 148-version-negotiation -test-149 = 149-version-negotiation -test-150 = 150-version-negotiation -test-151 = 151-version-negotiation -test-152 = 152-version-negotiation -test-153 = 153-version-negotiation -test-154 = 154-version-negotiation -test-155 = 155-version-negotiation -test-156 = 156-version-negotiation -test-157 = 157-version-negotiation -test-158 = 158-version-negotiation -test-159 = 159-version-negotiation -test-160 = 160-version-negotiation -test-161 = 161-version-negotiation -test-162 = 162-version-negotiation -test-163 = 163-version-negotiation -test-164 = 164-version-negotiation -test-165 = 165-version-negotiation -test-166 = 166-version-negotiation -test-167 = 167-version-negotiation -test-168 = 168-version-negotiation -test-169 = 169-version-negotiation -test-170 = 170-version-negotiation -test-171 = 171-version-negotiation -test-172 = 172-version-negotiation -test-173 = 173-version-negotiation -test-174 = 174-version-negotiation -test-175 = 175-version-negotiation -test-176 = 176-version-negotiation -test-177 = 177-version-negotiation -test-178 = 178-version-negotiation -test-179 = 179-version-negotiation -test-180 = 180-version-negotiation -test-181 = 181-version-negotiation -test-182 = 182-version-negotiation -test-183 = 183-version-negotiation -test-184 = 184-version-negotiation -test-185 = 185-version-negotiation -test-186 = 186-version-negotiation -test-187 = 187-version-negotiation -test-188 = 188-version-negotiation -test-189 = 189-version-negotiation -test-190 = 190-version-negotiation -test-191 = 191-version-negotiation -test-192 = 192-version-negotiation -test-193 = 193-version-negotiation -test-194 = 194-version-negotiation -test-195 = 195-version-negotiation -test-196 = 196-version-negotiation -test-197 = 197-version-negotiation -test-198 = 198-version-negotiation -test-199 = 199-version-negotiation -test-200 = 200-version-negotiation -test-201 = 201-version-negotiation -test-202 = 202-version-negotiation -test-203 = 203-version-negotiation -test-204 = 204-version-negotiation -test-205 = 205-version-negotiation -test-206 = 206-version-negotiation -test-207 = 207-version-negotiation -test-208 = 208-version-negotiation -test-209 = 209-version-negotiation -test-210 = 210-version-negotiation -test-211 = 211-version-negotiation -test-212 = 212-version-negotiation -test-213 = 213-version-negotiation -test-214 = 214-version-negotiation -test-215 = 215-version-negotiation -test-216 = 216-version-negotiation -test-217 = 217-version-negotiation -test-218 = 218-version-negotiation -test-219 = 219-version-negotiation -test-220 = 220-version-negotiation -test-221 = 221-version-negotiation -test-222 = 222-version-negotiation -test-223 = 223-version-negotiation -test-224 = 224-version-negotiation -test-225 = 225-version-negotiation -test-226 = 226-version-negotiation -test-227 = 227-version-negotiation -test-228 = 228-version-negotiation -test-229 = 229-version-negotiation -test-230 = 230-version-negotiation -test-231 = 231-version-negotiation -test-232 = 232-version-negotiation -test-233 = 233-version-negotiation -test-234 = 234-version-negotiation -test-235 = 235-version-negotiation -test-236 = 236-version-negotiation -test-237 = 237-version-negotiation -test-238 = 238-version-negotiation -test-239 = 239-version-negotiation -test-240 = 240-version-negotiation -test-241 = 241-version-negotiation -test-242 = 242-version-negotiation -test-243 = 243-version-negotiation -test-244 = 244-version-negotiation -test-245 = 245-version-negotiation -test-246 = 246-version-negotiation -test-247 = 247-version-negotiation -test-248 = 248-version-negotiation -test-249 = 249-version-negotiation -test-250 = 250-version-negotiation -test-251 = 251-version-negotiation -test-252 = 252-version-negotiation -test-253 = 253-version-negotiation -test-254 = 254-version-negotiation -test-255 = 255-version-negotiation -test-256 = 256-version-negotiation -test-257 = 257-version-negotiation -test-258 = 258-version-negotiation -test-259 = 259-version-negotiation -test-260 = 260-version-negotiation -test-261 = 261-version-negotiation -test-262 = 262-version-negotiation -test-263 = 263-version-negotiation -test-264 = 264-version-negotiation -test-265 = 265-version-negotiation -test-266 = 266-version-negotiation -test-267 = 267-version-negotiation -test-268 = 268-version-negotiation -test-269 = 269-version-negotiation -test-270 = 270-version-negotiation -test-271 = 271-version-negotiation -test-272 = 272-version-negotiation -test-273 = 273-version-negotiation -test-274 = 274-version-negotiation -test-275 = 275-version-negotiation -test-276 = 276-version-negotiation -test-277 = 277-version-negotiation -test-278 = 278-version-negotiation -test-279 = 279-version-negotiation -test-280 = 280-version-negotiation -test-281 = 281-version-negotiation -test-282 = 282-version-negotiation -test-283 = 283-version-negotiation -test-284 = 284-version-negotiation -test-285 = 285-version-negotiation -test-286 = 286-version-negotiation -test-287 = 287-version-negotiation -test-288 = 288-version-negotiation -test-289 = 289-version-negotiation -test-290 = 290-version-negotiation -test-291 = 291-version-negotiation -test-292 = 292-version-negotiation -test-293 = 293-version-negotiation -test-294 = 294-version-negotiation -test-295 = 295-version-negotiation -test-296 = 296-version-negotiation -test-297 = 297-version-negotiation -test-298 = 298-version-negotiation -test-299 = 299-version-negotiation -test-300 = 300-version-negotiation -test-301 = 301-version-negotiation -test-302 = 302-version-negotiation -test-303 = 303-version-negotiation -test-304 = 304-version-negotiation -test-305 = 305-version-negotiation -test-306 = 306-version-negotiation -test-307 = 307-version-negotiation -test-308 = 308-version-negotiation -test-309 = 309-version-negotiation -test-310 = 310-version-negotiation -test-311 = 311-version-negotiation -test-312 = 312-version-negotiation -test-313 = 313-version-negotiation -test-314 = 314-version-negotiation -test-315 = 315-version-negotiation -test-316 = 316-version-negotiation -test-317 = 317-version-negotiation -test-318 = 318-version-negotiation -test-319 = 319-version-negotiation -test-320 = 320-version-negotiation -test-321 = 321-version-negotiation -test-322 = 322-version-negotiation -test-323 = 323-version-negotiation -test-324 = 324-version-negotiation -test-325 = 325-version-negotiation -test-326 = 326-version-negotiation -test-327 = 327-version-negotiation -test-328 = 328-version-negotiation -test-329 = 329-version-negotiation -test-330 = 330-version-negotiation -test-331 = 331-version-negotiation -test-332 = 332-version-negotiation -test-333 = 333-version-negotiation -test-334 = 334-version-negotiation -test-335 = 335-version-negotiation -test-336 = 336-version-negotiation -test-337 = 337-version-negotiation -test-338 = 338-version-negotiation -test-339 = 339-version-negotiation -test-340 = 340-version-negotiation -test-341 = 341-version-negotiation -test-342 = 342-version-negotiation -test-343 = 343-version-negotiation -test-344 = 344-version-negotiation -test-345 = 345-version-negotiation -test-346 = 346-version-negotiation -test-347 = 347-version-negotiation -test-348 = 348-version-negotiation -test-349 = 349-version-negotiation -test-350 = 350-version-negotiation -test-351 = 351-version-negotiation -test-352 = 352-version-negotiation -test-353 = 353-version-negotiation -test-354 = 354-version-negotiation -test-355 = 355-version-negotiation -test-356 = 356-version-negotiation -test-357 = 357-version-negotiation -test-358 = 358-version-negotiation -test-359 = 359-version-negotiation -test-360 = 360-version-negotiation -test-361 = 361-version-negotiation -test-362 = 362-version-negotiation -test-363 = 363-version-negotiation -test-364 = 364-version-negotiation -test-365 = 365-version-negotiation -test-366 = 366-version-negotiation -test-367 = 367-version-negotiation -test-368 = 368-version-negotiation -test-369 = 369-version-negotiation -test-370 = 370-version-negotiation -test-371 = 371-version-negotiation -test-372 = 372-version-negotiation -test-373 = 373-version-negotiation -test-374 = 374-version-negotiation -test-375 = 375-version-negotiation -test-376 = 376-version-negotiation -test-377 = 377-version-negotiation -test-378 = 378-version-negotiation -test-379 = 379-version-negotiation -test-380 = 380-version-negotiation -test-381 = 381-version-negotiation -test-382 = 382-version-negotiation -test-383 = 383-version-negotiation -test-384 = 384-version-negotiation -test-385 = 385-version-negotiation -test-386 = 386-version-negotiation -test-387 = 387-version-negotiation -test-388 = 388-version-negotiation -test-389 = 389-version-negotiation -test-390 = 390-version-negotiation -test-391 = 391-version-negotiation -test-392 = 392-version-negotiation -test-393 = 393-version-negotiation -test-394 = 394-version-negotiation -test-395 = 395-version-negotiation -test-396 = 396-version-negotiation -test-397 = 397-version-negotiation -test-398 = 398-version-negotiation -test-399 = 399-version-negotiation -test-400 = 400-version-negotiation -test-401 = 401-version-negotiation -test-402 = 402-version-negotiation -test-403 = 403-version-negotiation -test-404 = 404-version-negotiation -test-405 = 405-version-negotiation -test-406 = 406-version-negotiation -test-407 = 407-version-negotiation -test-408 = 408-version-negotiation -test-409 = 409-version-negotiation -test-410 = 410-version-negotiation -test-411 = 411-version-negotiation -test-412 = 412-version-negotiation -test-413 = 413-version-negotiation -test-414 = 414-version-negotiation -test-415 = 415-version-negotiation -test-416 = 416-version-negotiation -test-417 = 417-version-negotiation -test-418 = 418-version-negotiation -test-419 = 419-version-negotiation -test-420 = 420-version-negotiation -test-421 = 421-version-negotiation -test-422 = 422-version-negotiation -test-423 = 423-version-negotiation -test-424 = 424-version-negotiation -test-425 = 425-version-negotiation -test-426 = 426-version-negotiation -test-427 = 427-version-negotiation -test-428 = 428-version-negotiation -test-429 = 429-version-negotiation -test-430 = 430-version-negotiation -test-431 = 431-version-negotiation -test-432 = 432-version-negotiation -test-433 = 433-version-negotiation -test-434 = 434-version-negotiation -test-435 = 435-version-negotiation -test-436 = 436-version-negotiation -test-437 = 437-version-negotiation -test-438 = 438-version-negotiation -test-439 = 439-version-negotiation -test-440 = 440-version-negotiation -test-441 = 441-version-negotiation -test-442 = 442-version-negotiation -test-443 = 443-version-negotiation -test-444 = 444-version-negotiation -test-445 = 445-version-negotiation -test-446 = 446-version-negotiation -test-447 = 447-version-negotiation -test-448 = 448-version-negotiation -test-449 = 449-version-negotiation -test-450 = 450-version-negotiation -test-451 = 451-version-negotiation -test-452 = 452-version-negotiation -test-453 = 453-version-negotiation -test-454 = 454-version-negotiation -test-455 = 455-version-negotiation -test-456 = 456-version-negotiation -test-457 = 457-version-negotiation -test-458 = 458-version-negotiation -test-459 = 459-version-negotiation -test-460 = 460-version-negotiation -test-461 = 461-version-negotiation -test-462 = 462-version-negotiation -test-463 = 463-version-negotiation -test-464 = 464-version-negotiation -test-465 = 465-version-negotiation -test-466 = 466-version-negotiation -test-467 = 467-version-negotiation -test-468 = 468-version-negotiation -test-469 = 469-version-negotiation -test-470 = 470-version-negotiation -test-471 = 471-version-negotiation -test-472 = 472-version-negotiation -test-473 = 473-version-negotiation -test-474 = 474-version-negotiation -test-475 = 475-version-negotiation -test-476 = 476-version-negotiation -test-477 = 477-version-negotiation -test-478 = 478-version-negotiation -test-479 = 479-version-negotiation -test-480 = 480-version-negotiation -test-481 = 481-version-negotiation -test-482 = 482-version-negotiation -test-483 = 483-version-negotiation -test-484 = 484-version-negotiation -test-485 = 485-version-negotiation -test-486 = 486-version-negotiation -test-487 = 487-version-negotiation -test-488 = 488-version-negotiation -test-489 = 489-version-negotiation -test-490 = 490-version-negotiation -test-491 = 491-version-negotiation -test-492 = 492-version-negotiation -test-493 = 493-version-negotiation -test-494 = 494-version-negotiation -test-495 = 495-version-negotiation -test-496 = 496-version-negotiation -test-497 = 497-version-negotiation -test-498 = 498-version-negotiation -test-499 = 499-version-negotiation -test-500 = 500-version-negotiation -test-501 = 501-version-negotiation -test-502 = 502-version-negotiation -test-503 = 503-version-negotiation -test-504 = 504-version-negotiation -test-505 = 505-version-negotiation -test-506 = 506-version-negotiation -test-507 = 507-version-negotiation -test-508 = 508-version-negotiation -test-509 = 509-version-negotiation -test-510 = 510-version-negotiation -test-511 = 511-version-negotiation -test-512 = 512-version-negotiation -test-513 = 513-version-negotiation -test-514 = 514-version-negotiation -test-515 = 515-version-negotiation -test-516 = 516-version-negotiation -test-517 = 517-version-negotiation -test-518 = 518-version-negotiation -test-519 = 519-version-negotiation -test-520 = 520-version-negotiation -test-521 = 521-version-negotiation -test-522 = 522-version-negotiation -test-523 = 523-version-negotiation -test-524 = 524-version-negotiation -test-525 = 525-version-negotiation -test-526 = 526-version-negotiation -test-527 = 527-version-negotiation -test-528 = 528-version-negotiation -test-529 = 529-version-negotiation -test-530 = 530-version-negotiation -test-531 = 531-version-negotiation -test-532 = 532-version-negotiation -test-533 = 533-version-negotiation -test-534 = 534-version-negotiation -test-535 = 535-version-negotiation -test-536 = 536-version-negotiation -test-537 = 537-version-negotiation -test-538 = 538-version-negotiation -test-539 = 539-version-negotiation -test-540 = 540-version-negotiation -test-541 = 541-version-negotiation -test-542 = 542-version-negotiation -test-543 = 543-version-negotiation -test-544 = 544-version-negotiation -test-545 = 545-version-negotiation -test-546 = 546-version-negotiation -test-547 = 547-version-negotiation -test-548 = 548-version-negotiation -test-549 = 549-version-negotiation -test-550 = 550-version-negotiation -test-551 = 551-version-negotiation -test-552 = 552-version-negotiation -test-553 = 553-version-negotiation -test-554 = 554-version-negotiation -test-555 = 555-version-negotiation -test-556 = 556-version-negotiation -test-557 = 557-version-negotiation -test-558 = 558-version-negotiation -test-559 = 559-version-negotiation -test-560 = 560-version-negotiation -test-561 = 561-version-negotiation -test-562 = 562-version-negotiation -test-563 = 563-version-negotiation -test-564 = 564-version-negotiation -test-565 = 565-version-negotiation -test-566 = 566-version-negotiation -test-567 = 567-version-negotiation -test-568 = 568-version-negotiation -test-569 = 569-version-negotiation -test-570 = 570-version-negotiation -test-571 = 571-version-negotiation -test-572 = 572-version-negotiation -test-573 = 573-version-negotiation -test-574 = 574-version-negotiation -test-575 = 575-version-negotiation -test-576 = 576-version-negotiation -test-577 = 577-version-negotiation -test-578 = 578-version-negotiation -test-579 = 579-version-negotiation -test-580 = 580-version-negotiation -test-581 = 581-version-negotiation -test-582 = 582-version-negotiation -test-583 = 583-version-negotiation -test-584 = 584-version-negotiation -test-585 = 585-version-negotiation -test-586 = 586-version-negotiation -test-587 = 587-version-negotiation -test-588 = 588-version-negotiation -test-589 = 589-version-negotiation -test-590 = 590-version-negotiation -test-591 = 591-version-negotiation -test-592 = 592-version-negotiation -test-593 = 593-version-negotiation -test-594 = 594-version-negotiation -test-595 = 595-version-negotiation -test-596 = 596-version-negotiation -test-597 = 597-version-negotiation -test-598 = 598-version-negotiation -test-599 = 599-version-negotiation -test-600 = 600-version-negotiation -test-601 = 601-version-negotiation -test-602 = 602-version-negotiation -test-603 = 603-version-negotiation -test-604 = 604-version-negotiation -test-605 = 605-version-negotiation -test-606 = 606-version-negotiation -test-607 = 607-version-negotiation -test-608 = 608-version-negotiation -test-609 = 609-version-negotiation -test-610 = 610-version-negotiation -test-611 = 611-version-negotiation -test-612 = 612-version-negotiation -test-613 = 613-version-negotiation -test-614 = 614-version-negotiation -test-615 = 615-version-negotiation -test-616 = 616-version-negotiation -test-617 = 617-version-negotiation -test-618 = 618-version-negotiation -test-619 = 619-version-negotiation -test-620 = 620-version-negotiation -test-621 = 621-version-negotiation -test-622 = 622-version-negotiation -test-623 = 623-version-negotiation -test-624 = 624-version-negotiation -test-625 = 625-version-negotiation -test-626 = 626-version-negotiation -test-627 = 627-version-negotiation -test-628 = 628-version-negotiation -test-629 = 629-version-negotiation -test-630 = 630-version-negotiation -test-631 = 631-version-negotiation -test-632 = 632-version-negotiation -test-633 = 633-version-negotiation -test-634 = 634-version-negotiation -test-635 = 635-version-negotiation -test-636 = 636-version-negotiation -test-637 = 637-version-negotiation -test-638 = 638-version-negotiation -test-639 = 639-version-negotiation -test-640 = 640-version-negotiation -test-641 = 641-version-negotiation -test-642 = 642-version-negotiation -test-643 = 643-version-negotiation -test-644 = 644-version-negotiation -test-645 = 645-version-negotiation -test-646 = 646-version-negotiation -test-647 = 647-version-negotiation -test-648 = 648-version-negotiation -test-649 = 649-version-negotiation -test-650 = 650-version-negotiation -test-651 = 651-version-negotiation -test-652 = 652-version-negotiation -test-653 = 653-version-negotiation -test-654 = 654-version-negotiation -test-655 = 655-version-negotiation -test-656 = 656-version-negotiation -test-657 = 657-version-negotiation -test-658 = 658-version-negotiation -test-659 = 659-version-negotiation -test-660 = 660-version-negotiation -test-661 = 661-version-negotiation -test-662 = 662-version-negotiation -test-663 = 663-version-negotiation -test-664 = 664-version-negotiation -test-665 = 665-version-negotiation -test-666 = 666-version-negotiation -test-667 = 667-version-negotiation -test-668 = 668-version-negotiation -test-669 = 669-version-negotiation -test-670 = 670-version-negotiation -test-671 = 671-version-negotiation -test-672 = 672-version-negotiation -test-673 = 673-version-negotiation -test-674 = 674-version-negotiation -test-675 = 675-version-negotiation -test-676 = 676-ciphersuite-sanity-check-client -test-677 = 677-ciphersuite-sanity-check-server -# =========================================================== - -[0-version-negotiation] -ssl_conf = 0-version-negotiation-ssl - -[0-version-negotiation-ssl] -server = 0-version-negotiation-server -client = 0-version-negotiation-client - -[0-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[0-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-0] -ExpectedResult = ClientFail - - -# =========================================================== - -[1-version-negotiation] -ssl_conf = 1-version-negotiation-ssl - -[1-version-negotiation-ssl] -server = 1-version-negotiation-server -client = 1-version-negotiation-client - -[1-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[1-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-1] -ExpectedResult = ClientFail - - -# =========================================================== - -[2-version-negotiation] -ssl_conf = 2-version-negotiation-ssl - -[2-version-negotiation-ssl] -server = 2-version-negotiation-server -client = 2-version-negotiation-client - -[2-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[2-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-2] -ExpectedResult = ClientFail - - -# =========================================================== - -[3-version-negotiation] -ssl_conf = 3-version-negotiation-ssl - -[3-version-negotiation-ssl] -server = 3-version-negotiation-server -client = 3-version-negotiation-client - -[3-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[3-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-3] -ExpectedResult = ClientFail - - -# =========================================================== - -[4-version-negotiation] -ssl_conf = 4-version-negotiation-ssl - -[4-version-negotiation-ssl] -server = 4-version-negotiation-server -client = 4-version-negotiation-client - -[4-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[4-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-4] -ExpectedResult = ClientFail - - -# =========================================================== - -[5-version-negotiation] -ssl_conf = 5-version-negotiation-ssl - -[5-version-negotiation-ssl] -server = 5-version-negotiation-server -client = 5-version-negotiation-client - -[5-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[5-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-5] -ExpectedResult = ClientFail - - -# =========================================================== - -[6-version-negotiation] -ssl_conf = 6-version-negotiation-ssl - -[6-version-negotiation-ssl] -server = 6-version-negotiation-server -client = 6-version-negotiation-client - -[6-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[6-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-6] -ExpectedResult = ClientFail - - -# =========================================================== - -[7-version-negotiation] -ssl_conf = 7-version-negotiation-ssl - -[7-version-negotiation-ssl] -server = 7-version-negotiation-server -client = 7-version-negotiation-client - -[7-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[7-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-7] -ExpectedResult = ClientFail - - -# =========================================================== - -[8-version-negotiation] -ssl_conf = 8-version-negotiation-ssl - -[8-version-negotiation-ssl] -server = 8-version-negotiation-server -client = 8-version-negotiation-client - -[8-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[8-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-8] -ExpectedResult = ClientFail - - -# =========================================================== - -[9-version-negotiation] -ssl_conf = 9-version-negotiation-ssl - -[9-version-negotiation-ssl] -server = 9-version-negotiation-server -client = 9-version-negotiation-client - -[9-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[9-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-9] -ExpectedResult = ClientFail - - -# =========================================================== - -[10-version-negotiation] -ssl_conf = 10-version-negotiation-ssl - -[10-version-negotiation-ssl] -server = 10-version-negotiation-server -client = 10-version-negotiation-client - -[10-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[10-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-10] -ExpectedResult = ClientFail - - -# =========================================================== - -[11-version-negotiation] -ssl_conf = 11-version-negotiation-ssl - -[11-version-negotiation-ssl] -server = 11-version-negotiation-server -client = 11-version-negotiation-client - -[11-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[11-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-11] -ExpectedResult = ClientFail - - -# =========================================================== - -[12-version-negotiation] -ssl_conf = 12-version-negotiation-ssl - -[12-version-negotiation-ssl] -server = 12-version-negotiation-server -client = 12-version-negotiation-client - -[12-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[12-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-12] -ExpectedResult = ClientFail - - -# =========================================================== - -[13-version-negotiation] -ssl_conf = 13-version-negotiation-ssl - -[13-version-negotiation-ssl] -server = 13-version-negotiation-server -client = 13-version-negotiation-client - -[13-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[13-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-13] -ExpectedResult = ClientFail - - -# =========================================================== - -[14-version-negotiation] -ssl_conf = 14-version-negotiation-ssl - -[14-version-negotiation-ssl] -server = 14-version-negotiation-server -client = 14-version-negotiation-client - -[14-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[14-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-14] -ExpectedResult = ClientFail - - -# =========================================================== - -[15-version-negotiation] -ssl_conf = 15-version-negotiation-ssl - -[15-version-negotiation-ssl] -server = 15-version-negotiation-server -client = 15-version-negotiation-client - -[15-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[15-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-15] -ExpectedResult = ClientFail - - -# =========================================================== - -[16-version-negotiation] -ssl_conf = 16-version-negotiation-ssl - -[16-version-negotiation-ssl] -server = 16-version-negotiation-server -client = 16-version-negotiation-client - -[16-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[16-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-16] -ExpectedResult = ClientFail - - -# =========================================================== - -[17-version-negotiation] -ssl_conf = 17-version-negotiation-ssl - -[17-version-negotiation-ssl] -server = 17-version-negotiation-server -client = 17-version-negotiation-client - -[17-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[17-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-17] -ExpectedResult = ClientFail - - -# =========================================================== - -[18-version-negotiation] -ssl_conf = 18-version-negotiation-ssl - -[18-version-negotiation-ssl] -server = 18-version-negotiation-server -client = 18-version-negotiation-client - -[18-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[18-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-18] -ExpectedResult = ClientFail - - -# =========================================================== - -[19-version-negotiation] -ssl_conf = 19-version-negotiation-ssl - -[19-version-negotiation-ssl] -server = 19-version-negotiation-server -client = 19-version-negotiation-client - -[19-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[19-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-19] -ExpectedResult = ClientFail - - -# =========================================================== - -[20-version-negotiation] -ssl_conf = 20-version-negotiation-ssl - -[20-version-negotiation-ssl] -server = 20-version-negotiation-server -client = 20-version-negotiation-client - -[20-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[20-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-20] -ExpectedResult = ClientFail - - -# =========================================================== - -[21-version-negotiation] -ssl_conf = 21-version-negotiation-ssl - -[21-version-negotiation-ssl] -server = 21-version-negotiation-server -client = 21-version-negotiation-client - -[21-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[21-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-21] -ExpectedResult = ClientFail - - -# =========================================================== - -[22-version-negotiation] -ssl_conf = 22-version-negotiation-ssl - -[22-version-negotiation-ssl] -server = 22-version-negotiation-server -client = 22-version-negotiation-client - -[22-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[22-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-22] -ExpectedResult = ClientFail - - -# =========================================================== - -[23-version-negotiation] -ssl_conf = 23-version-negotiation-ssl - -[23-version-negotiation-ssl] -server = 23-version-negotiation-server -client = 23-version-negotiation-client - -[23-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[23-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-23] -ExpectedResult = ClientFail - - -# =========================================================== - -[24-version-negotiation] -ssl_conf = 24-version-negotiation-ssl - -[24-version-negotiation-ssl] -server = 24-version-negotiation-server -client = 24-version-negotiation-client - -[24-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[24-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-24] -ExpectedResult = ClientFail - - -# =========================================================== - -[25-version-negotiation] -ssl_conf = 25-version-negotiation-ssl - -[25-version-negotiation-ssl] -server = 25-version-negotiation-server -client = 25-version-negotiation-client - -[25-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[25-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-25] -ExpectedResult = ClientFail - - -# =========================================================== - -[26-version-negotiation] -ssl_conf = 26-version-negotiation-ssl - -[26-version-negotiation-ssl] -server = 26-version-negotiation-server -client = 26-version-negotiation-client - -[26-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[26-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-26] -ExpectedResult = ServerFail - - -# =========================================================== - -[27-version-negotiation] -ssl_conf = 27-version-negotiation-ssl - -[27-version-negotiation-ssl] -server = 27-version-negotiation-server -client = 27-version-negotiation-client - -[27-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[27-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-27] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[28-version-negotiation] -ssl_conf = 28-version-negotiation-ssl - -[28-version-negotiation-ssl] -server = 28-version-negotiation-server -client = 28-version-negotiation-client - -[28-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[28-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-28] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[29-version-negotiation] -ssl_conf = 29-version-negotiation-ssl - -[29-version-negotiation-ssl] -server = 29-version-negotiation-server -client = 29-version-negotiation-client - -[29-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[29-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-29] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[30-version-negotiation] -ssl_conf = 30-version-negotiation-ssl - -[30-version-negotiation-ssl] -server = 30-version-negotiation-server -client = 30-version-negotiation-client - -[30-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[30-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-30] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[31-version-negotiation] -ssl_conf = 31-version-negotiation-ssl - -[31-version-negotiation-ssl] -server = 31-version-negotiation-server -client = 31-version-negotiation-client - -[31-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[31-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-31] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[32-version-negotiation] -ssl_conf = 32-version-negotiation-ssl - -[32-version-negotiation-ssl] -server = 32-version-negotiation-server -client = 32-version-negotiation-client - -[32-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[32-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-32] -ExpectedResult = ServerFail - - -# =========================================================== - -[33-version-negotiation] -ssl_conf = 33-version-negotiation-ssl - -[33-version-negotiation-ssl] -server = 33-version-negotiation-server -client = 33-version-negotiation-client - -[33-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[33-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-33] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[34-version-negotiation] -ssl_conf = 34-version-negotiation-ssl - -[34-version-negotiation-ssl] -server = 34-version-negotiation-server -client = 34-version-negotiation-client - -[34-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[34-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-34] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[35-version-negotiation] -ssl_conf = 35-version-negotiation-ssl - -[35-version-negotiation-ssl] -server = 35-version-negotiation-server -client = 35-version-negotiation-client - -[35-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[35-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-35] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[36-version-negotiation] -ssl_conf = 36-version-negotiation-ssl - -[36-version-negotiation-ssl] -server = 36-version-negotiation-server -client = 36-version-negotiation-client - -[36-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[36-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-36] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[37-version-negotiation] -ssl_conf = 37-version-negotiation-ssl - -[37-version-negotiation-ssl] -server = 37-version-negotiation-server -client = 37-version-negotiation-client - -[37-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[37-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-37] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[38-version-negotiation] -ssl_conf = 38-version-negotiation-ssl - -[38-version-negotiation-ssl] -server = 38-version-negotiation-server -client = 38-version-negotiation-client - -[38-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[38-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-38] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[39-version-negotiation] -ssl_conf = 39-version-negotiation-ssl - -[39-version-negotiation-ssl] -server = 39-version-negotiation-server -client = 39-version-negotiation-client - -[39-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[39-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-39] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[40-version-negotiation] -ssl_conf = 40-version-negotiation-ssl - -[40-version-negotiation-ssl] -server = 40-version-negotiation-server -client = 40-version-negotiation-client - -[40-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[40-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-40] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[41-version-negotiation] -ssl_conf = 41-version-negotiation-ssl - -[41-version-negotiation-ssl] -server = 41-version-negotiation-server -client = 41-version-negotiation-client - -[41-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[41-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-41] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[42-version-negotiation] -ssl_conf = 42-version-negotiation-ssl - -[42-version-negotiation-ssl] -server = 42-version-negotiation-server -client = 42-version-negotiation-client - -[42-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[42-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-42] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[43-version-negotiation] -ssl_conf = 43-version-negotiation-ssl - -[43-version-negotiation-ssl] -server = 43-version-negotiation-server -client = 43-version-negotiation-client - -[43-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[43-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-43] -ExpectedResult = ServerFail - - -# =========================================================== - -[44-version-negotiation] -ssl_conf = 44-version-negotiation-ssl - -[44-version-negotiation-ssl] -server = 44-version-negotiation-server -client = 44-version-negotiation-client - -[44-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[44-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-44] -ExpectedResult = ServerFail - - -# =========================================================== - -[45-version-negotiation] -ssl_conf = 45-version-negotiation-ssl - -[45-version-negotiation-ssl] -server = 45-version-negotiation-server -client = 45-version-negotiation-client - -[45-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[45-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-45] -ExpectedResult = ServerFail - - -# =========================================================== - -[46-version-negotiation] -ssl_conf = 46-version-negotiation-ssl - -[46-version-negotiation-ssl] -server = 46-version-negotiation-server -client = 46-version-negotiation-client - -[46-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[46-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-46] -ExpectedResult = ServerFail - - -# =========================================================== - -[47-version-negotiation] -ssl_conf = 47-version-negotiation-ssl - -[47-version-negotiation-ssl] -server = 47-version-negotiation-server -client = 47-version-negotiation-client - -[47-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[47-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-47] -ExpectedResult = ServerFail - - -# =========================================================== - -[48-version-negotiation] -ssl_conf = 48-version-negotiation-ssl - -[48-version-negotiation-ssl] -server = 48-version-negotiation-server -client = 48-version-negotiation-client - -[48-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[48-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-48] -ExpectedResult = ServerFail - - -# =========================================================== - -[49-version-negotiation] -ssl_conf = 49-version-negotiation-ssl - -[49-version-negotiation-ssl] -server = 49-version-negotiation-server -client = 49-version-negotiation-client - -[49-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[49-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-49] -ExpectedResult = ServerFail - - -# =========================================================== - -[50-version-negotiation] -ssl_conf = 50-version-negotiation-ssl - -[50-version-negotiation-ssl] -server = 50-version-negotiation-server -client = 50-version-negotiation-client - -[50-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[50-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-50] -ExpectedResult = ServerFail - - -# =========================================================== - -[51-version-negotiation] -ssl_conf = 51-version-negotiation-ssl - -[51-version-negotiation-ssl] -server = 51-version-negotiation-server -client = 51-version-negotiation-client - -[51-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[51-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-51] -ExpectedResult = ServerFail - - -# =========================================================== - -[52-version-negotiation] -ssl_conf = 52-version-negotiation-ssl - -[52-version-negotiation-ssl] -server = 52-version-negotiation-server -client = 52-version-negotiation-client - -[52-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[52-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-52] -ExpectedResult = ServerFail - - -# =========================================================== - -[53-version-negotiation] -ssl_conf = 53-version-negotiation-ssl - -[53-version-negotiation-ssl] -server = 53-version-negotiation-server -client = 53-version-negotiation-client - -[53-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[53-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-53] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[54-version-negotiation] -ssl_conf = 54-version-negotiation-ssl - -[54-version-negotiation-ssl] -server = 54-version-negotiation-server -client = 54-version-negotiation-client - -[54-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[54-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-54] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[55-version-negotiation] -ssl_conf = 55-version-negotiation-ssl - -[55-version-negotiation-ssl] -server = 55-version-negotiation-server -client = 55-version-negotiation-client - -[55-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[55-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-55] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[56-version-negotiation] -ssl_conf = 56-version-negotiation-ssl - -[56-version-negotiation-ssl] -server = 56-version-negotiation-server -client = 56-version-negotiation-client - -[56-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[56-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-56] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[57-version-negotiation] -ssl_conf = 57-version-negotiation-ssl - -[57-version-negotiation-ssl] -server = 57-version-negotiation-server -client = 57-version-negotiation-client - -[57-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[57-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-57] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[58-version-negotiation] -ssl_conf = 58-version-negotiation-ssl - -[58-version-negotiation-ssl] -server = 58-version-negotiation-server -client = 58-version-negotiation-client - -[58-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[58-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-58] -ExpectedResult = ServerFail - - -# =========================================================== - -[59-version-negotiation] -ssl_conf = 59-version-negotiation-ssl - -[59-version-negotiation-ssl] -server = 59-version-negotiation-server -client = 59-version-negotiation-client - -[59-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[59-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-59] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[60-version-negotiation] -ssl_conf = 60-version-negotiation-ssl - -[60-version-negotiation-ssl] -server = 60-version-negotiation-server -client = 60-version-negotiation-client - -[60-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[60-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-60] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[61-version-negotiation] -ssl_conf = 61-version-negotiation-ssl - -[61-version-negotiation-ssl] -server = 61-version-negotiation-server -client = 61-version-negotiation-client - -[61-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[61-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-61] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[62-version-negotiation] -ssl_conf = 62-version-negotiation-ssl - -[62-version-negotiation-ssl] -server = 62-version-negotiation-server -client = 62-version-negotiation-client - -[62-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[62-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-62] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[63-version-negotiation] -ssl_conf = 63-version-negotiation-ssl - -[63-version-negotiation-ssl] -server = 63-version-negotiation-server -client = 63-version-negotiation-client - -[63-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[63-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-63] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[64-version-negotiation] -ssl_conf = 64-version-negotiation-ssl - -[64-version-negotiation-ssl] -server = 64-version-negotiation-server -client = 64-version-negotiation-client - -[64-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[64-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-64] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[65-version-negotiation] -ssl_conf = 65-version-negotiation-ssl - -[65-version-negotiation-ssl] -server = 65-version-negotiation-server -client = 65-version-negotiation-client - -[65-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[65-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-65] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[66-version-negotiation] -ssl_conf = 66-version-negotiation-ssl - -[66-version-negotiation-ssl] -server = 66-version-negotiation-server -client = 66-version-negotiation-client - -[66-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[66-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-66] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[67-version-negotiation] -ssl_conf = 67-version-negotiation-ssl - -[67-version-negotiation-ssl] -server = 67-version-negotiation-server -client = 67-version-negotiation-client - -[67-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[67-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-67] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[68-version-negotiation] -ssl_conf = 68-version-negotiation-ssl - -[68-version-negotiation-ssl] -server = 68-version-negotiation-server -client = 68-version-negotiation-client - -[68-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[68-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-68] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[69-version-negotiation] -ssl_conf = 69-version-negotiation-ssl - -[69-version-negotiation-ssl] -server = 69-version-negotiation-server -client = 69-version-negotiation-client - -[69-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[69-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-69] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[70-version-negotiation] -ssl_conf = 70-version-negotiation-ssl - -[70-version-negotiation-ssl] -server = 70-version-negotiation-server -client = 70-version-negotiation-client - -[70-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[70-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-70] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[71-version-negotiation] -ssl_conf = 71-version-negotiation-ssl - -[71-version-negotiation-ssl] -server = 71-version-negotiation-server -client = 71-version-negotiation-client - -[71-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[71-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-71] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[72-version-negotiation] -ssl_conf = 72-version-negotiation-ssl - -[72-version-negotiation-ssl] -server = 72-version-negotiation-server -client = 72-version-negotiation-client - -[72-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[72-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-72] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[73-version-negotiation] -ssl_conf = 73-version-negotiation-ssl - -[73-version-negotiation-ssl] -server = 73-version-negotiation-server -client = 73-version-negotiation-client - -[73-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[73-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-73] -ExpectedResult = ServerFail - - -# =========================================================== - -[74-version-negotiation] -ssl_conf = 74-version-negotiation-ssl - -[74-version-negotiation-ssl] -server = 74-version-negotiation-server -client = 74-version-negotiation-client - -[74-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[74-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-74] -ExpectedResult = ServerFail - - -# =========================================================== - -[75-version-negotiation] -ssl_conf = 75-version-negotiation-ssl - -[75-version-negotiation-ssl] -server = 75-version-negotiation-server -client = 75-version-negotiation-client - -[75-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[75-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-75] -ExpectedResult = ServerFail - - -# =========================================================== - -[76-version-negotiation] -ssl_conf = 76-version-negotiation-ssl - -[76-version-negotiation-ssl] -server = 76-version-negotiation-server -client = 76-version-negotiation-client - -[76-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[76-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-76] -ExpectedResult = ServerFail - - -# =========================================================== - -[77-version-negotiation] -ssl_conf = 77-version-negotiation-ssl - -[77-version-negotiation-ssl] -server = 77-version-negotiation-server -client = 77-version-negotiation-client - -[77-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[77-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-77] -ExpectedResult = ServerFail - - -# =========================================================== - -[78-version-negotiation] -ssl_conf = 78-version-negotiation-ssl - -[78-version-negotiation-ssl] -server = 78-version-negotiation-server -client = 78-version-negotiation-client - -[78-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[78-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-78] -ExpectedResult = ServerFail - - -# =========================================================== - -[79-version-negotiation] -ssl_conf = 79-version-negotiation-ssl - -[79-version-negotiation-ssl] -server = 79-version-negotiation-server -client = 79-version-negotiation-client - -[79-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[79-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-79] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[80-version-negotiation] -ssl_conf = 80-version-negotiation-ssl - -[80-version-negotiation-ssl] -server = 80-version-negotiation-server -client = 80-version-negotiation-client - -[80-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[80-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-80] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[81-version-negotiation] -ssl_conf = 81-version-negotiation-ssl - -[81-version-negotiation-ssl] -server = 81-version-negotiation-server -client = 81-version-negotiation-client - -[81-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[81-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-81] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[82-version-negotiation] -ssl_conf = 82-version-negotiation-ssl - -[82-version-negotiation-ssl] -server = 82-version-negotiation-server -client = 82-version-negotiation-client - -[82-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[82-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-82] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[83-version-negotiation] -ssl_conf = 83-version-negotiation-ssl - -[83-version-negotiation-ssl] -server = 83-version-negotiation-server -client = 83-version-negotiation-client - -[83-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[83-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-83] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[84-version-negotiation] -ssl_conf = 84-version-negotiation-ssl - -[84-version-negotiation-ssl] -server = 84-version-negotiation-server -client = 84-version-negotiation-client - -[84-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[84-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-84] -ExpectedResult = ServerFail - - -# =========================================================== - -[85-version-negotiation] -ssl_conf = 85-version-negotiation-ssl - -[85-version-negotiation-ssl] -server = 85-version-negotiation-server -client = 85-version-negotiation-client - -[85-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[85-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-85] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[86-version-negotiation] -ssl_conf = 86-version-negotiation-ssl - -[86-version-negotiation-ssl] -server = 86-version-negotiation-server -client = 86-version-negotiation-client - -[86-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[86-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-86] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[87-version-negotiation] -ssl_conf = 87-version-negotiation-ssl - -[87-version-negotiation-ssl] -server = 87-version-negotiation-server -client = 87-version-negotiation-client - -[87-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[87-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-87] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[88-version-negotiation] -ssl_conf = 88-version-negotiation-ssl - -[88-version-negotiation-ssl] -server = 88-version-negotiation-server -client = 88-version-negotiation-client - -[88-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[88-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-88] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[89-version-negotiation] -ssl_conf = 89-version-negotiation-ssl - -[89-version-negotiation-ssl] -server = 89-version-negotiation-server -client = 89-version-negotiation-client - -[89-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[89-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-89] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[90-version-negotiation] -ssl_conf = 90-version-negotiation-ssl - -[90-version-negotiation-ssl] -server = 90-version-negotiation-server -client = 90-version-negotiation-client - -[90-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[90-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-90] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[91-version-negotiation] -ssl_conf = 91-version-negotiation-ssl - -[91-version-negotiation-ssl] -server = 91-version-negotiation-server -client = 91-version-negotiation-client - -[91-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[91-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-91] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[92-version-negotiation] -ssl_conf = 92-version-negotiation-ssl - -[92-version-negotiation-ssl] -server = 92-version-negotiation-server -client = 92-version-negotiation-client - -[92-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[92-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-92] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[93-version-negotiation] -ssl_conf = 93-version-negotiation-ssl - -[93-version-negotiation-ssl] -server = 93-version-negotiation-server -client = 93-version-negotiation-client - -[93-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[93-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-93] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[94-version-negotiation] -ssl_conf = 94-version-negotiation-ssl - -[94-version-negotiation-ssl] -server = 94-version-negotiation-server -client = 94-version-negotiation-client - -[94-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[94-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-94] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[95-version-negotiation] -ssl_conf = 95-version-negotiation-ssl - -[95-version-negotiation-ssl] -server = 95-version-negotiation-server -client = 95-version-negotiation-client - -[95-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[95-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-95] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[96-version-negotiation] -ssl_conf = 96-version-negotiation-ssl - -[96-version-negotiation-ssl] -server = 96-version-negotiation-server -client = 96-version-negotiation-client - -[96-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[96-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-96] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[97-version-negotiation] -ssl_conf = 97-version-negotiation-ssl - -[97-version-negotiation-ssl] -server = 97-version-negotiation-server -client = 97-version-negotiation-client - -[97-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[97-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-97] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[98-version-negotiation] -ssl_conf = 98-version-negotiation-ssl - -[98-version-negotiation-ssl] -server = 98-version-negotiation-server -client = 98-version-negotiation-client - -[98-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[98-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-98] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[99-version-negotiation] -ssl_conf = 99-version-negotiation-ssl - -[99-version-negotiation-ssl] -server = 99-version-negotiation-server -client = 99-version-negotiation-client - -[99-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[99-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-99] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[100-version-negotiation] -ssl_conf = 100-version-negotiation-ssl - -[100-version-negotiation-ssl] -server = 100-version-negotiation-server -client = 100-version-negotiation-client - -[100-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[100-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-100] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[101-version-negotiation] -ssl_conf = 101-version-negotiation-ssl - -[101-version-negotiation-ssl] -server = 101-version-negotiation-server -client = 101-version-negotiation-client - -[101-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[101-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-101] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[102-version-negotiation] -ssl_conf = 102-version-negotiation-ssl - -[102-version-negotiation-ssl] -server = 102-version-negotiation-server -client = 102-version-negotiation-client - -[102-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[102-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-102] -ExpectedResult = ServerFail - - -# =========================================================== - -[103-version-negotiation] -ssl_conf = 103-version-negotiation-ssl - -[103-version-negotiation-ssl] -server = 103-version-negotiation-server -client = 103-version-negotiation-client - -[103-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[103-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-103] -ExpectedResult = ServerFail - - -# =========================================================== - -[104-version-negotiation] -ssl_conf = 104-version-negotiation-ssl - -[104-version-negotiation-ssl] -server = 104-version-negotiation-server -client = 104-version-negotiation-client - -[104-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[104-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-104] -ExpectedResult = ServerFail - - -# =========================================================== - -[105-version-negotiation] -ssl_conf = 105-version-negotiation-ssl - -[105-version-negotiation-ssl] -server = 105-version-negotiation-server -client = 105-version-negotiation-client - -[105-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[105-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-105] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[106-version-negotiation] -ssl_conf = 106-version-negotiation-ssl - -[106-version-negotiation-ssl] -server = 106-version-negotiation-server -client = 106-version-negotiation-client - -[106-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[106-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-106] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[107-version-negotiation] -ssl_conf = 107-version-negotiation-ssl - -[107-version-negotiation-ssl] -server = 107-version-negotiation-server -client = 107-version-negotiation-client - -[107-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[107-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-107] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[108-version-negotiation] -ssl_conf = 108-version-negotiation-ssl - -[108-version-negotiation-ssl] -server = 108-version-negotiation-server -client = 108-version-negotiation-client - -[108-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[108-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-108] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[109-version-negotiation] -ssl_conf = 109-version-negotiation-ssl - -[109-version-negotiation-ssl] -server = 109-version-negotiation-server -client = 109-version-negotiation-client - -[109-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[109-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-109] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[110-version-negotiation] -ssl_conf = 110-version-negotiation-ssl - -[110-version-negotiation-ssl] -server = 110-version-negotiation-server -client = 110-version-negotiation-client - -[110-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[110-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-110] -ExpectedResult = ServerFail - - -# =========================================================== - -[111-version-negotiation] -ssl_conf = 111-version-negotiation-ssl - -[111-version-negotiation-ssl] -server = 111-version-negotiation-server -client = 111-version-negotiation-client - -[111-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[111-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-111] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[112-version-negotiation] -ssl_conf = 112-version-negotiation-ssl - -[112-version-negotiation-ssl] -server = 112-version-negotiation-server -client = 112-version-negotiation-client - -[112-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[112-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-112] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[113-version-negotiation] -ssl_conf = 113-version-negotiation-ssl - -[113-version-negotiation-ssl] -server = 113-version-negotiation-server -client = 113-version-negotiation-client - -[113-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[113-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-113] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[114-version-negotiation] -ssl_conf = 114-version-negotiation-ssl - -[114-version-negotiation-ssl] -server = 114-version-negotiation-server -client = 114-version-negotiation-client - -[114-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[114-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-114] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[115-version-negotiation] -ssl_conf = 115-version-negotiation-ssl - -[115-version-negotiation-ssl] -server = 115-version-negotiation-server -client = 115-version-negotiation-client - -[115-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[115-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-115] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[116-version-negotiation] -ssl_conf = 116-version-negotiation-ssl - -[116-version-negotiation-ssl] -server = 116-version-negotiation-server -client = 116-version-negotiation-client - -[116-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[116-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-116] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[117-version-negotiation] -ssl_conf = 117-version-negotiation-ssl - -[117-version-negotiation-ssl] -server = 117-version-negotiation-server -client = 117-version-negotiation-client - -[117-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[117-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-117] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[118-version-negotiation] -ssl_conf = 118-version-negotiation-ssl - -[118-version-negotiation-ssl] -server = 118-version-negotiation-server -client = 118-version-negotiation-client - -[118-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[118-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-118] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[119-version-negotiation] -ssl_conf = 119-version-negotiation-ssl - -[119-version-negotiation-ssl] -server = 119-version-negotiation-server -client = 119-version-negotiation-client - -[119-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[119-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-119] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[120-version-negotiation] -ssl_conf = 120-version-negotiation-ssl - -[120-version-negotiation-ssl] -server = 120-version-negotiation-server -client = 120-version-negotiation-client - -[120-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[120-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-120] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[121-version-negotiation] -ssl_conf = 121-version-negotiation-ssl - -[121-version-negotiation-ssl] -server = 121-version-negotiation-server -client = 121-version-negotiation-client - -[121-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[121-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-121] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[122-version-negotiation] -ssl_conf = 122-version-negotiation-ssl - -[122-version-negotiation-ssl] -server = 122-version-negotiation-server -client = 122-version-negotiation-client - -[122-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[122-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-122] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[123-version-negotiation] -ssl_conf = 123-version-negotiation-ssl - -[123-version-negotiation-ssl] -server = 123-version-negotiation-server -client = 123-version-negotiation-client - -[123-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[123-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-123] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[124-version-negotiation] -ssl_conf = 124-version-negotiation-ssl - -[124-version-negotiation-ssl] -server = 124-version-negotiation-server -client = 124-version-negotiation-client - -[124-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[124-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-124] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[125-version-negotiation] -ssl_conf = 125-version-negotiation-ssl - -[125-version-negotiation-ssl] -server = 125-version-negotiation-server -client = 125-version-negotiation-client - -[125-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[125-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-125] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[126-version-negotiation] -ssl_conf = 126-version-negotiation-ssl - -[126-version-negotiation-ssl] -server = 126-version-negotiation-server -client = 126-version-negotiation-client - -[126-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[126-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-126] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[127-version-negotiation] -ssl_conf = 127-version-negotiation-ssl - -[127-version-negotiation-ssl] -server = 127-version-negotiation-server -client = 127-version-negotiation-client - -[127-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[127-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-127] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[128-version-negotiation] -ssl_conf = 128-version-negotiation-ssl - -[128-version-negotiation-ssl] -server = 128-version-negotiation-server -client = 128-version-negotiation-client - -[128-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[128-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-128] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[129-version-negotiation] -ssl_conf = 129-version-negotiation-ssl - -[129-version-negotiation-ssl] -server = 129-version-negotiation-server -client = 129-version-negotiation-client - -[129-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[129-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-129] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[130-version-negotiation] -ssl_conf = 130-version-negotiation-ssl - -[130-version-negotiation-ssl] -server = 130-version-negotiation-server -client = 130-version-negotiation-client - -[130-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[130-version-negotiation-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-130] -ExpectedResult = ServerFail - - -# =========================================================== - -[131-version-negotiation] -ssl_conf = 131-version-negotiation-ssl - -[131-version-negotiation-ssl] -server = 131-version-negotiation-server -client = 131-version-negotiation-client - -[131-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[131-version-negotiation-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-131] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[132-version-negotiation] -ssl_conf = 132-version-negotiation-ssl - -[132-version-negotiation-ssl] -server = 132-version-negotiation-server -client = 132-version-negotiation-client - -[132-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[132-version-negotiation-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-132] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[133-version-negotiation] -ssl_conf = 133-version-negotiation-ssl - -[133-version-negotiation-ssl] -server = 133-version-negotiation-server -client = 133-version-negotiation-client - -[133-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[133-version-negotiation-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-133] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[134-version-negotiation] -ssl_conf = 134-version-negotiation-ssl - -[134-version-negotiation-ssl] -server = 134-version-negotiation-server -client = 134-version-negotiation-client - -[134-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[134-version-negotiation-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-134] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[135-version-negotiation] -ssl_conf = 135-version-negotiation-ssl - -[135-version-negotiation-ssl] -server = 135-version-negotiation-server -client = 135-version-negotiation-client - -[135-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[135-version-negotiation-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-135] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[136-version-negotiation] -ssl_conf = 136-version-negotiation-ssl - -[136-version-negotiation-ssl] -server = 136-version-negotiation-server -client = 136-version-negotiation-client - -[136-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[136-version-negotiation-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-136] -ExpectedResult = ServerFail - - -# =========================================================== - -[137-version-negotiation] -ssl_conf = 137-version-negotiation-ssl - -[137-version-negotiation-ssl] -server = 137-version-negotiation-server -client = 137-version-negotiation-client - -[137-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[137-version-negotiation-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-137] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[138-version-negotiation] -ssl_conf = 138-version-negotiation-ssl - -[138-version-negotiation-ssl] -server = 138-version-negotiation-server -client = 138-version-negotiation-client - -[138-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[138-version-negotiation-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-138] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[139-version-negotiation] -ssl_conf = 139-version-negotiation-ssl - -[139-version-negotiation-ssl] -server = 139-version-negotiation-server -client = 139-version-negotiation-client - -[139-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[139-version-negotiation-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-139] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[140-version-negotiation] -ssl_conf = 140-version-negotiation-ssl - -[140-version-negotiation-ssl] -server = 140-version-negotiation-server -client = 140-version-negotiation-client - -[140-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[140-version-negotiation-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-140] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[141-version-negotiation] -ssl_conf = 141-version-negotiation-ssl - -[141-version-negotiation-ssl] -server = 141-version-negotiation-server -client = 141-version-negotiation-client - -[141-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[141-version-negotiation-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-141] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[142-version-negotiation] -ssl_conf = 142-version-negotiation-ssl - -[142-version-negotiation-ssl] -server = 142-version-negotiation-server -client = 142-version-negotiation-client - -[142-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[142-version-negotiation-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-142] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[143-version-negotiation] -ssl_conf = 143-version-negotiation-ssl - -[143-version-negotiation-ssl] -server = 143-version-negotiation-server -client = 143-version-negotiation-client - -[143-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[143-version-negotiation-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-143] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[144-version-negotiation] -ssl_conf = 144-version-negotiation-ssl - -[144-version-negotiation-ssl] -server = 144-version-negotiation-server -client = 144-version-negotiation-client - -[144-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[144-version-negotiation-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-144] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[145-version-negotiation] -ssl_conf = 145-version-negotiation-ssl - -[145-version-negotiation-ssl] -server = 145-version-negotiation-server -client = 145-version-negotiation-client - -[145-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[145-version-negotiation-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-145] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[146-version-negotiation] -ssl_conf = 146-version-negotiation-ssl - -[146-version-negotiation-ssl] -server = 146-version-negotiation-server -client = 146-version-negotiation-client - -[146-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[146-version-negotiation-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-146] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[147-version-negotiation] -ssl_conf = 147-version-negotiation-ssl - -[147-version-negotiation-ssl] -server = 147-version-negotiation-server -client = 147-version-negotiation-client - -[147-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[147-version-negotiation-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-147] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[148-version-negotiation] -ssl_conf = 148-version-negotiation-ssl - -[148-version-negotiation-ssl] -server = 148-version-negotiation-server -client = 148-version-negotiation-client - -[148-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[148-version-negotiation-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-148] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[149-version-negotiation] -ssl_conf = 149-version-negotiation-ssl - -[149-version-negotiation-ssl] -server = 149-version-negotiation-server -client = 149-version-negotiation-client - -[149-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[149-version-negotiation-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-149] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[150-version-negotiation] -ssl_conf = 150-version-negotiation-ssl - -[150-version-negotiation-ssl] -server = 150-version-negotiation-server -client = 150-version-negotiation-client - -[150-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[150-version-negotiation-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-150] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[151-version-negotiation] -ssl_conf = 151-version-negotiation-ssl - -[151-version-negotiation-ssl] -server = 151-version-negotiation-server -client = 151-version-negotiation-client - -[151-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[151-version-negotiation-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-151] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[152-version-negotiation] -ssl_conf = 152-version-negotiation-ssl - -[152-version-negotiation-ssl] -server = 152-version-negotiation-server -client = 152-version-negotiation-client - -[152-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[152-version-negotiation-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-152] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[153-version-negotiation] -ssl_conf = 153-version-negotiation-ssl - -[153-version-negotiation-ssl] -server = 153-version-negotiation-server -client = 153-version-negotiation-client - -[153-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[153-version-negotiation-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-153] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[154-version-negotiation] -ssl_conf = 154-version-negotiation-ssl - -[154-version-negotiation-ssl] -server = 154-version-negotiation-server -client = 154-version-negotiation-client - -[154-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[154-version-negotiation-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-154] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[155-version-negotiation] -ssl_conf = 155-version-negotiation-ssl - -[155-version-negotiation-ssl] -server = 155-version-negotiation-server -client = 155-version-negotiation-client - -[155-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[155-version-negotiation-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-155] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[156-version-negotiation] -ssl_conf = 156-version-negotiation-ssl - -[156-version-negotiation-ssl] -server = 156-version-negotiation-server -client = 156-version-negotiation-client - -[156-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[156-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-156] -ExpectedResult = ClientFail - - -# =========================================================== - -[157-version-negotiation] -ssl_conf = 157-version-negotiation-ssl - -[157-version-negotiation-ssl] -server = 157-version-negotiation-server -client = 157-version-negotiation-client - -[157-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[157-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-157] -ExpectedResult = ClientFail - - -# =========================================================== - -[158-version-negotiation] -ssl_conf = 158-version-negotiation-ssl - -[158-version-negotiation-ssl] -server = 158-version-negotiation-server -client = 158-version-negotiation-client - -[158-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[158-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-158] -ExpectedResult = ClientFail - - -# =========================================================== - -[159-version-negotiation] -ssl_conf = 159-version-negotiation-ssl - -[159-version-negotiation-ssl] -server = 159-version-negotiation-server -client = 159-version-negotiation-client - -[159-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[159-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-159] -ExpectedResult = ClientFail - - -# =========================================================== - -[160-version-negotiation] -ssl_conf = 160-version-negotiation-ssl - -[160-version-negotiation-ssl] -server = 160-version-negotiation-server -client = 160-version-negotiation-client - -[160-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[160-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-160] -ExpectedResult = ClientFail - - -# =========================================================== - -[161-version-negotiation] -ssl_conf = 161-version-negotiation-ssl - -[161-version-negotiation-ssl] -server = 161-version-negotiation-server -client = 161-version-negotiation-client - -[161-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[161-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-161] -ExpectedResult = ClientFail - - -# =========================================================== - -[162-version-negotiation] -ssl_conf = 162-version-negotiation-ssl - -[162-version-negotiation-ssl] -server = 162-version-negotiation-server -client = 162-version-negotiation-client - -[162-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[162-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-162] -ExpectedResult = ClientFail - - -# =========================================================== - -[163-version-negotiation] -ssl_conf = 163-version-negotiation-ssl - -[163-version-negotiation-ssl] -server = 163-version-negotiation-server -client = 163-version-negotiation-client - -[163-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[163-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-163] -ExpectedResult = ClientFail - - -# =========================================================== - -[164-version-negotiation] -ssl_conf = 164-version-negotiation-ssl - -[164-version-negotiation-ssl] -server = 164-version-negotiation-server -client = 164-version-negotiation-client - -[164-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[164-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-164] -ExpectedResult = ClientFail - - -# =========================================================== - -[165-version-negotiation] -ssl_conf = 165-version-negotiation-ssl - -[165-version-negotiation-ssl] -server = 165-version-negotiation-server -client = 165-version-negotiation-client - -[165-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[165-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-165] -ExpectedResult = ClientFail - - -# =========================================================== - -[166-version-negotiation] -ssl_conf = 166-version-negotiation-ssl - -[166-version-negotiation-ssl] -server = 166-version-negotiation-server -client = 166-version-negotiation-client - -[166-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[166-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-166] -ExpectedResult = ClientFail - - -# =========================================================== - -[167-version-negotiation] -ssl_conf = 167-version-negotiation-ssl - -[167-version-negotiation-ssl] -server = 167-version-negotiation-server -client = 167-version-negotiation-client - -[167-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[167-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-167] -ExpectedResult = ClientFail - - -# =========================================================== - -[168-version-negotiation] -ssl_conf = 168-version-negotiation-ssl - -[168-version-negotiation-ssl] -server = 168-version-negotiation-server -client = 168-version-negotiation-client - -[168-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[168-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-168] -ExpectedResult = ClientFail - - -# =========================================================== - -[169-version-negotiation] -ssl_conf = 169-version-negotiation-ssl - -[169-version-negotiation-ssl] -server = 169-version-negotiation-server -client = 169-version-negotiation-client - -[169-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[169-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-169] -ExpectedResult = ClientFail - - -# =========================================================== - -[170-version-negotiation] -ssl_conf = 170-version-negotiation-ssl - -[170-version-negotiation-ssl] -server = 170-version-negotiation-server -client = 170-version-negotiation-client - -[170-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[170-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-170] -ExpectedResult = ClientFail - - -# =========================================================== - -[171-version-negotiation] -ssl_conf = 171-version-negotiation-ssl - -[171-version-negotiation-ssl] -server = 171-version-negotiation-server -client = 171-version-negotiation-client - -[171-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[171-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-171] -ExpectedResult = ClientFail - - -# =========================================================== - -[172-version-negotiation] -ssl_conf = 172-version-negotiation-ssl - -[172-version-negotiation-ssl] -server = 172-version-negotiation-server -client = 172-version-negotiation-client - -[172-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[172-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-172] -ExpectedResult = ClientFail - - -# =========================================================== - -[173-version-negotiation] -ssl_conf = 173-version-negotiation-ssl - -[173-version-negotiation-ssl] -server = 173-version-negotiation-server -client = 173-version-negotiation-client - -[173-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[173-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-173] -ExpectedResult = ClientFail - - -# =========================================================== - -[174-version-negotiation] -ssl_conf = 174-version-negotiation-ssl - -[174-version-negotiation-ssl] -server = 174-version-negotiation-server -client = 174-version-negotiation-client - -[174-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[174-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-174] -ExpectedResult = ClientFail - - -# =========================================================== - -[175-version-negotiation] -ssl_conf = 175-version-negotiation-ssl - -[175-version-negotiation-ssl] -server = 175-version-negotiation-server -client = 175-version-negotiation-client - -[175-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[175-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-175] -ExpectedResult = ClientFail - - -# =========================================================== - -[176-version-negotiation] -ssl_conf = 176-version-negotiation-ssl - -[176-version-negotiation-ssl] -server = 176-version-negotiation-server -client = 176-version-negotiation-client - -[176-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[176-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-176] -ExpectedResult = ClientFail - - -# =========================================================== - -[177-version-negotiation] -ssl_conf = 177-version-negotiation-ssl - -[177-version-negotiation-ssl] -server = 177-version-negotiation-server -client = 177-version-negotiation-client - -[177-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[177-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-177] -ExpectedResult = ClientFail - - -# =========================================================== - -[178-version-negotiation] -ssl_conf = 178-version-negotiation-ssl - -[178-version-negotiation-ssl] -server = 178-version-negotiation-server -client = 178-version-negotiation-client - -[178-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[178-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-178] -ExpectedResult = ClientFail - - -# =========================================================== - -[179-version-negotiation] -ssl_conf = 179-version-negotiation-ssl - -[179-version-negotiation-ssl] -server = 179-version-negotiation-server -client = 179-version-negotiation-client - -[179-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[179-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-179] -ExpectedResult = ClientFail - - -# =========================================================== - -[180-version-negotiation] -ssl_conf = 180-version-negotiation-ssl - -[180-version-negotiation-ssl] -server = 180-version-negotiation-server -client = 180-version-negotiation-client - -[180-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[180-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-180] -ExpectedResult = ClientFail - - -# =========================================================== - -[181-version-negotiation] -ssl_conf = 181-version-negotiation-ssl - -[181-version-negotiation-ssl] -server = 181-version-negotiation-server -client = 181-version-negotiation-client - -[181-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[181-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-181] -ExpectedResult = ClientFail - - -# =========================================================== - -[182-version-negotiation] -ssl_conf = 182-version-negotiation-ssl - -[182-version-negotiation-ssl] -server = 182-version-negotiation-server -client = 182-version-negotiation-client - -[182-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[182-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-182] -ExpectedResult = ServerFail - - -# =========================================================== - -[183-version-negotiation] -ssl_conf = 183-version-negotiation-ssl - -[183-version-negotiation-ssl] -server = 183-version-negotiation-server -client = 183-version-negotiation-client - -[183-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[183-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-183] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[184-version-negotiation] -ssl_conf = 184-version-negotiation-ssl - -[184-version-negotiation-ssl] -server = 184-version-negotiation-server -client = 184-version-negotiation-client - -[184-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[184-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-184] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[185-version-negotiation] -ssl_conf = 185-version-negotiation-ssl - -[185-version-negotiation-ssl] -server = 185-version-negotiation-server -client = 185-version-negotiation-client - -[185-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[185-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-185] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[186-version-negotiation] -ssl_conf = 186-version-negotiation-ssl - -[186-version-negotiation-ssl] -server = 186-version-negotiation-server -client = 186-version-negotiation-client - -[186-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[186-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-186] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[187-version-negotiation] -ssl_conf = 187-version-negotiation-ssl - -[187-version-negotiation-ssl] -server = 187-version-negotiation-server -client = 187-version-negotiation-client - -[187-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[187-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-187] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[188-version-negotiation] -ssl_conf = 188-version-negotiation-ssl - -[188-version-negotiation-ssl] -server = 188-version-negotiation-server -client = 188-version-negotiation-client - -[188-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[188-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-188] -ExpectedResult = ServerFail - - -# =========================================================== - -[189-version-negotiation] -ssl_conf = 189-version-negotiation-ssl - -[189-version-negotiation-ssl] -server = 189-version-negotiation-server -client = 189-version-negotiation-client - -[189-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[189-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-189] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[190-version-negotiation] -ssl_conf = 190-version-negotiation-ssl - -[190-version-negotiation-ssl] -server = 190-version-negotiation-server -client = 190-version-negotiation-client - -[190-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[190-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-190] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[191-version-negotiation] -ssl_conf = 191-version-negotiation-ssl - -[191-version-negotiation-ssl] -server = 191-version-negotiation-server -client = 191-version-negotiation-client - -[191-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[191-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-191] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[192-version-negotiation] -ssl_conf = 192-version-negotiation-ssl - -[192-version-negotiation-ssl] -server = 192-version-negotiation-server -client = 192-version-negotiation-client - -[192-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[192-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-192] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[193-version-negotiation] -ssl_conf = 193-version-negotiation-ssl - -[193-version-negotiation-ssl] -server = 193-version-negotiation-server -client = 193-version-negotiation-client - -[193-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[193-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-193] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[194-version-negotiation] -ssl_conf = 194-version-negotiation-ssl - -[194-version-negotiation-ssl] -server = 194-version-negotiation-server -client = 194-version-negotiation-client - -[194-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[194-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-194] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[195-version-negotiation] -ssl_conf = 195-version-negotiation-ssl - -[195-version-negotiation-ssl] -server = 195-version-negotiation-server -client = 195-version-negotiation-client - -[195-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[195-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-195] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[196-version-negotiation] -ssl_conf = 196-version-negotiation-ssl - -[196-version-negotiation-ssl] -server = 196-version-negotiation-server -client = 196-version-negotiation-client - -[196-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[196-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-196] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[197-version-negotiation] -ssl_conf = 197-version-negotiation-ssl - -[197-version-negotiation-ssl] -server = 197-version-negotiation-server -client = 197-version-negotiation-client - -[197-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[197-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-197] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[198-version-negotiation] -ssl_conf = 198-version-negotiation-ssl - -[198-version-negotiation-ssl] -server = 198-version-negotiation-server -client = 198-version-negotiation-client - -[198-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[198-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-198] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[199-version-negotiation] -ssl_conf = 199-version-negotiation-ssl - -[199-version-negotiation-ssl] -server = 199-version-negotiation-server -client = 199-version-negotiation-client - -[199-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[199-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-199] -ExpectedResult = ServerFail - - -# =========================================================== - -[200-version-negotiation] -ssl_conf = 200-version-negotiation-ssl - -[200-version-negotiation-ssl] -server = 200-version-negotiation-server -client = 200-version-negotiation-client - -[200-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[200-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-200] -ExpectedResult = ServerFail - - -# =========================================================== - -[201-version-negotiation] -ssl_conf = 201-version-negotiation-ssl - -[201-version-negotiation-ssl] -server = 201-version-negotiation-server -client = 201-version-negotiation-client - -[201-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[201-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-201] -ExpectedResult = ServerFail - - -# =========================================================== - -[202-version-negotiation] -ssl_conf = 202-version-negotiation-ssl - -[202-version-negotiation-ssl] -server = 202-version-negotiation-server -client = 202-version-negotiation-client - -[202-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[202-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-202] -ExpectedResult = ServerFail - - -# =========================================================== - -[203-version-negotiation] -ssl_conf = 203-version-negotiation-ssl - -[203-version-negotiation-ssl] -server = 203-version-negotiation-server -client = 203-version-negotiation-client - -[203-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[203-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-203] -ExpectedResult = ServerFail - - -# =========================================================== - -[204-version-negotiation] -ssl_conf = 204-version-negotiation-ssl - -[204-version-negotiation-ssl] -server = 204-version-negotiation-server -client = 204-version-negotiation-client - -[204-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[204-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-204] -ExpectedResult = ServerFail - - -# =========================================================== - -[205-version-negotiation] -ssl_conf = 205-version-negotiation-ssl - -[205-version-negotiation-ssl] -server = 205-version-negotiation-server -client = 205-version-negotiation-client - -[205-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[205-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-205] -ExpectedResult = ServerFail - - -# =========================================================== - -[206-version-negotiation] -ssl_conf = 206-version-negotiation-ssl - -[206-version-negotiation-ssl] -server = 206-version-negotiation-server -client = 206-version-negotiation-client - -[206-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[206-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-206] -ExpectedResult = ServerFail - - -# =========================================================== - -[207-version-negotiation] -ssl_conf = 207-version-negotiation-ssl - -[207-version-negotiation-ssl] -server = 207-version-negotiation-server -client = 207-version-negotiation-client - -[207-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[207-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-207] -ExpectedResult = ServerFail - - -# =========================================================== - -[208-version-negotiation] -ssl_conf = 208-version-negotiation-ssl - -[208-version-negotiation-ssl] -server = 208-version-negotiation-server -client = 208-version-negotiation-client - -[208-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[208-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-208] -ExpectedResult = ServerFail - - -# =========================================================== - -[209-version-negotiation] -ssl_conf = 209-version-negotiation-ssl - -[209-version-negotiation-ssl] -server = 209-version-negotiation-server -client = 209-version-negotiation-client - -[209-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[209-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-209] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[210-version-negotiation] -ssl_conf = 210-version-negotiation-ssl - -[210-version-negotiation-ssl] -server = 210-version-negotiation-server -client = 210-version-negotiation-client - -[210-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[210-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-210] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[211-version-negotiation] -ssl_conf = 211-version-negotiation-ssl - -[211-version-negotiation-ssl] -server = 211-version-negotiation-server -client = 211-version-negotiation-client - -[211-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[211-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-211] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[212-version-negotiation] -ssl_conf = 212-version-negotiation-ssl - -[212-version-negotiation-ssl] -server = 212-version-negotiation-server -client = 212-version-negotiation-client - -[212-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[212-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-212] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[213-version-negotiation] -ssl_conf = 213-version-negotiation-ssl - -[213-version-negotiation-ssl] -server = 213-version-negotiation-server -client = 213-version-negotiation-client - -[213-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[213-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-213] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[214-version-negotiation] -ssl_conf = 214-version-negotiation-ssl - -[214-version-negotiation-ssl] -server = 214-version-negotiation-server -client = 214-version-negotiation-client - -[214-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[214-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-214] -ExpectedResult = ServerFail - - -# =========================================================== - -[215-version-negotiation] -ssl_conf = 215-version-negotiation-ssl - -[215-version-negotiation-ssl] -server = 215-version-negotiation-server -client = 215-version-negotiation-client - -[215-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[215-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-215] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[216-version-negotiation] -ssl_conf = 216-version-negotiation-ssl - -[216-version-negotiation-ssl] -server = 216-version-negotiation-server -client = 216-version-negotiation-client - -[216-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[216-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-216] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[217-version-negotiation] -ssl_conf = 217-version-negotiation-ssl - -[217-version-negotiation-ssl] -server = 217-version-negotiation-server -client = 217-version-negotiation-client - -[217-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[217-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-217] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[218-version-negotiation] -ssl_conf = 218-version-negotiation-ssl - -[218-version-negotiation-ssl] -server = 218-version-negotiation-server -client = 218-version-negotiation-client - -[218-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[218-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-218] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[219-version-negotiation] -ssl_conf = 219-version-negotiation-ssl - -[219-version-negotiation-ssl] -server = 219-version-negotiation-server -client = 219-version-negotiation-client - -[219-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[219-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-219] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[220-version-negotiation] -ssl_conf = 220-version-negotiation-ssl - -[220-version-negotiation-ssl] -server = 220-version-negotiation-server -client = 220-version-negotiation-client - -[220-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[220-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-220] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[221-version-negotiation] -ssl_conf = 221-version-negotiation-ssl - -[221-version-negotiation-ssl] -server = 221-version-negotiation-server -client = 221-version-negotiation-client - -[221-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[221-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-221] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[222-version-negotiation] -ssl_conf = 222-version-negotiation-ssl - -[222-version-negotiation-ssl] -server = 222-version-negotiation-server -client = 222-version-negotiation-client - -[222-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[222-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-222] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[223-version-negotiation] -ssl_conf = 223-version-negotiation-ssl - -[223-version-negotiation-ssl] -server = 223-version-negotiation-server -client = 223-version-negotiation-client - -[223-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[223-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-223] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[224-version-negotiation] -ssl_conf = 224-version-negotiation-ssl - -[224-version-negotiation-ssl] -server = 224-version-negotiation-server -client = 224-version-negotiation-client - -[224-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[224-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-224] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[225-version-negotiation] -ssl_conf = 225-version-negotiation-ssl - -[225-version-negotiation-ssl] -server = 225-version-negotiation-server -client = 225-version-negotiation-client - -[225-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[225-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-225] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[226-version-negotiation] -ssl_conf = 226-version-negotiation-ssl - -[226-version-negotiation-ssl] -server = 226-version-negotiation-server -client = 226-version-negotiation-client - -[226-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[226-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-226] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[227-version-negotiation] -ssl_conf = 227-version-negotiation-ssl - -[227-version-negotiation-ssl] -server = 227-version-negotiation-server -client = 227-version-negotiation-client - -[227-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[227-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-227] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[228-version-negotiation] -ssl_conf = 228-version-negotiation-ssl - -[228-version-negotiation-ssl] -server = 228-version-negotiation-server -client = 228-version-negotiation-client - -[228-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[228-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-228] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[229-version-negotiation] -ssl_conf = 229-version-negotiation-ssl - -[229-version-negotiation-ssl] -server = 229-version-negotiation-server -client = 229-version-negotiation-client - -[229-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[229-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-229] -ExpectedResult = ServerFail - - -# =========================================================== - -[230-version-negotiation] -ssl_conf = 230-version-negotiation-ssl - -[230-version-negotiation-ssl] -server = 230-version-negotiation-server -client = 230-version-negotiation-client - -[230-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[230-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-230] -ExpectedResult = ServerFail - - -# =========================================================== - -[231-version-negotiation] -ssl_conf = 231-version-negotiation-ssl - -[231-version-negotiation-ssl] -server = 231-version-negotiation-server -client = 231-version-negotiation-client - -[231-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[231-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-231] -ExpectedResult = ServerFail - - -# =========================================================== - -[232-version-negotiation] -ssl_conf = 232-version-negotiation-ssl - -[232-version-negotiation-ssl] -server = 232-version-negotiation-server -client = 232-version-negotiation-client - -[232-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[232-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-232] -ExpectedResult = ServerFail - - -# =========================================================== - -[233-version-negotiation] -ssl_conf = 233-version-negotiation-ssl - -[233-version-negotiation-ssl] -server = 233-version-negotiation-server -client = 233-version-negotiation-client - -[233-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[233-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-233] -ExpectedResult = ServerFail - - -# =========================================================== - -[234-version-negotiation] -ssl_conf = 234-version-negotiation-ssl - -[234-version-negotiation-ssl] -server = 234-version-negotiation-server -client = 234-version-negotiation-client - -[234-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[234-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-234] -ExpectedResult = ServerFail - - -# =========================================================== - -[235-version-negotiation] -ssl_conf = 235-version-negotiation-ssl - -[235-version-negotiation-ssl] -server = 235-version-negotiation-server -client = 235-version-negotiation-client - -[235-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[235-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-235] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[236-version-negotiation] -ssl_conf = 236-version-negotiation-ssl - -[236-version-negotiation-ssl] -server = 236-version-negotiation-server -client = 236-version-negotiation-client - -[236-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[236-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-236] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[237-version-negotiation] -ssl_conf = 237-version-negotiation-ssl - -[237-version-negotiation-ssl] -server = 237-version-negotiation-server -client = 237-version-negotiation-client - -[237-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[237-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-237] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[238-version-negotiation] -ssl_conf = 238-version-negotiation-ssl - -[238-version-negotiation-ssl] -server = 238-version-negotiation-server -client = 238-version-negotiation-client - -[238-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[238-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-238] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[239-version-negotiation] -ssl_conf = 239-version-negotiation-ssl - -[239-version-negotiation-ssl] -server = 239-version-negotiation-server -client = 239-version-negotiation-client - -[239-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[239-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-239] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[240-version-negotiation] -ssl_conf = 240-version-negotiation-ssl - -[240-version-negotiation-ssl] -server = 240-version-negotiation-server -client = 240-version-negotiation-client - -[240-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[240-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-240] -ExpectedResult = ServerFail - - -# =========================================================== - -[241-version-negotiation] -ssl_conf = 241-version-negotiation-ssl - -[241-version-negotiation-ssl] -server = 241-version-negotiation-server -client = 241-version-negotiation-client - -[241-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[241-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-241] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[242-version-negotiation] -ssl_conf = 242-version-negotiation-ssl - -[242-version-negotiation-ssl] -server = 242-version-negotiation-server -client = 242-version-negotiation-client - -[242-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[242-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-242] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[243-version-negotiation] -ssl_conf = 243-version-negotiation-ssl - -[243-version-negotiation-ssl] -server = 243-version-negotiation-server -client = 243-version-negotiation-client - -[243-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[243-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-243] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[244-version-negotiation] -ssl_conf = 244-version-negotiation-ssl - -[244-version-negotiation-ssl] -server = 244-version-negotiation-server -client = 244-version-negotiation-client - -[244-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[244-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-244] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[245-version-negotiation] -ssl_conf = 245-version-negotiation-ssl - -[245-version-negotiation-ssl] -server = 245-version-negotiation-server -client = 245-version-negotiation-client - -[245-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[245-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-245] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[246-version-negotiation] -ssl_conf = 246-version-negotiation-ssl - -[246-version-negotiation-ssl] -server = 246-version-negotiation-server -client = 246-version-negotiation-client - -[246-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[246-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-246] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[247-version-negotiation] -ssl_conf = 247-version-negotiation-ssl - -[247-version-negotiation-ssl] -server = 247-version-negotiation-server -client = 247-version-negotiation-client - -[247-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[247-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-247] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[248-version-negotiation] -ssl_conf = 248-version-negotiation-ssl - -[248-version-negotiation-ssl] -server = 248-version-negotiation-server -client = 248-version-negotiation-client - -[248-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[248-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-248] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[249-version-negotiation] -ssl_conf = 249-version-negotiation-ssl - -[249-version-negotiation-ssl] -server = 249-version-negotiation-server -client = 249-version-negotiation-client - -[249-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[249-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-249] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[250-version-negotiation] -ssl_conf = 250-version-negotiation-ssl - -[250-version-negotiation-ssl] -server = 250-version-negotiation-server -client = 250-version-negotiation-client - -[250-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[250-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-250] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[251-version-negotiation] -ssl_conf = 251-version-negotiation-ssl - -[251-version-negotiation-ssl] -server = 251-version-negotiation-server -client = 251-version-negotiation-client - -[251-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[251-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-251] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[252-version-negotiation] -ssl_conf = 252-version-negotiation-ssl - -[252-version-negotiation-ssl] -server = 252-version-negotiation-server -client = 252-version-negotiation-client - -[252-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[252-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-252] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[253-version-negotiation] -ssl_conf = 253-version-negotiation-ssl - -[253-version-negotiation-ssl] -server = 253-version-negotiation-server -client = 253-version-negotiation-client - -[253-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[253-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-253] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[254-version-negotiation] -ssl_conf = 254-version-negotiation-ssl - -[254-version-negotiation-ssl] -server = 254-version-negotiation-server -client = 254-version-negotiation-client - -[254-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[254-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-254] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[255-version-negotiation] -ssl_conf = 255-version-negotiation-ssl - -[255-version-negotiation-ssl] -server = 255-version-negotiation-server -client = 255-version-negotiation-client - -[255-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[255-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-255] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[256-version-negotiation] -ssl_conf = 256-version-negotiation-ssl - -[256-version-negotiation-ssl] -server = 256-version-negotiation-server -client = 256-version-negotiation-client - -[256-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[256-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-256] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[257-version-negotiation] -ssl_conf = 257-version-negotiation-ssl - -[257-version-negotiation-ssl] -server = 257-version-negotiation-server -client = 257-version-negotiation-client - -[257-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[257-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-257] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[258-version-negotiation] -ssl_conf = 258-version-negotiation-ssl - -[258-version-negotiation-ssl] -server = 258-version-negotiation-server -client = 258-version-negotiation-client - -[258-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[258-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-258] -ExpectedResult = ServerFail - - -# =========================================================== - -[259-version-negotiation] -ssl_conf = 259-version-negotiation-ssl - -[259-version-negotiation-ssl] -server = 259-version-negotiation-server -client = 259-version-negotiation-client - -[259-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[259-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-259] -ExpectedResult = ServerFail - - -# =========================================================== - -[260-version-negotiation] -ssl_conf = 260-version-negotiation-ssl - -[260-version-negotiation-ssl] -server = 260-version-negotiation-server -client = 260-version-negotiation-client - -[260-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[260-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-260] -ExpectedResult = ServerFail - - -# =========================================================== - -[261-version-negotiation] -ssl_conf = 261-version-negotiation-ssl - -[261-version-negotiation-ssl] -server = 261-version-negotiation-server -client = 261-version-negotiation-client - -[261-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[261-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-261] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[262-version-negotiation] -ssl_conf = 262-version-negotiation-ssl - -[262-version-negotiation-ssl] -server = 262-version-negotiation-server -client = 262-version-negotiation-client - -[262-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[262-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-262] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[263-version-negotiation] -ssl_conf = 263-version-negotiation-ssl - -[263-version-negotiation-ssl] -server = 263-version-negotiation-server -client = 263-version-negotiation-client - -[263-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[263-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-263] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[264-version-negotiation] -ssl_conf = 264-version-negotiation-ssl - -[264-version-negotiation-ssl] -server = 264-version-negotiation-server -client = 264-version-negotiation-client - -[264-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[264-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-264] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[265-version-negotiation] -ssl_conf = 265-version-negotiation-ssl - -[265-version-negotiation-ssl] -server = 265-version-negotiation-server -client = 265-version-negotiation-client - -[265-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[265-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-265] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[266-version-negotiation] -ssl_conf = 266-version-negotiation-ssl - -[266-version-negotiation-ssl] -server = 266-version-negotiation-server -client = 266-version-negotiation-client - -[266-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[266-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-266] -ExpectedResult = ServerFail - - -# =========================================================== - -[267-version-negotiation] -ssl_conf = 267-version-negotiation-ssl - -[267-version-negotiation-ssl] -server = 267-version-negotiation-server -client = 267-version-negotiation-client - -[267-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[267-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-267] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[268-version-negotiation] -ssl_conf = 268-version-negotiation-ssl - -[268-version-negotiation-ssl] -server = 268-version-negotiation-server -client = 268-version-negotiation-client - -[268-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[268-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-268] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[269-version-negotiation] -ssl_conf = 269-version-negotiation-ssl - -[269-version-negotiation-ssl] -server = 269-version-negotiation-server -client = 269-version-negotiation-client - -[269-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[269-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-269] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[270-version-negotiation] -ssl_conf = 270-version-negotiation-ssl - -[270-version-negotiation-ssl] -server = 270-version-negotiation-server -client = 270-version-negotiation-client - -[270-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[270-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-270] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[271-version-negotiation] -ssl_conf = 271-version-negotiation-ssl - -[271-version-negotiation-ssl] -server = 271-version-negotiation-server -client = 271-version-negotiation-client - -[271-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[271-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-271] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[272-version-negotiation] -ssl_conf = 272-version-negotiation-ssl - -[272-version-negotiation-ssl] -server = 272-version-negotiation-server -client = 272-version-negotiation-client - -[272-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[272-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-272] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[273-version-negotiation] -ssl_conf = 273-version-negotiation-ssl - -[273-version-negotiation-ssl] -server = 273-version-negotiation-server -client = 273-version-negotiation-client - -[273-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[273-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-273] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[274-version-negotiation] -ssl_conf = 274-version-negotiation-ssl - -[274-version-negotiation-ssl] -server = 274-version-negotiation-server -client = 274-version-negotiation-client - -[274-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[274-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-274] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[275-version-negotiation] -ssl_conf = 275-version-negotiation-ssl - -[275-version-negotiation-ssl] -server = 275-version-negotiation-server -client = 275-version-negotiation-client - -[275-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[275-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-275] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[276-version-negotiation] -ssl_conf = 276-version-negotiation-ssl - -[276-version-negotiation-ssl] -server = 276-version-negotiation-server -client = 276-version-negotiation-client - -[276-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[276-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-276] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[277-version-negotiation] -ssl_conf = 277-version-negotiation-ssl - -[277-version-negotiation-ssl] -server = 277-version-negotiation-server -client = 277-version-negotiation-client - -[277-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[277-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-277] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[278-version-negotiation] -ssl_conf = 278-version-negotiation-ssl - -[278-version-negotiation-ssl] -server = 278-version-negotiation-server -client = 278-version-negotiation-client - -[278-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[278-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-278] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[279-version-negotiation] -ssl_conf = 279-version-negotiation-ssl - -[279-version-negotiation-ssl] -server = 279-version-negotiation-server -client = 279-version-negotiation-client - -[279-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[279-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-279] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[280-version-negotiation] -ssl_conf = 280-version-negotiation-ssl - -[280-version-negotiation-ssl] -server = 280-version-negotiation-server -client = 280-version-negotiation-client - -[280-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[280-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-280] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[281-version-negotiation] -ssl_conf = 281-version-negotiation-ssl - -[281-version-negotiation-ssl] -server = 281-version-negotiation-server -client = 281-version-negotiation-client - -[281-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[281-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-281] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[282-version-negotiation] -ssl_conf = 282-version-negotiation-ssl - -[282-version-negotiation-ssl] -server = 282-version-negotiation-server -client = 282-version-negotiation-client - -[282-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[282-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-282] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[283-version-negotiation] -ssl_conf = 283-version-negotiation-ssl - -[283-version-negotiation-ssl] -server = 283-version-negotiation-server -client = 283-version-negotiation-client - -[283-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[283-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-283] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[284-version-negotiation] -ssl_conf = 284-version-negotiation-ssl - -[284-version-negotiation-ssl] -server = 284-version-negotiation-server -client = 284-version-negotiation-client - -[284-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[284-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-284] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[285-version-negotiation] -ssl_conf = 285-version-negotiation-ssl - -[285-version-negotiation-ssl] -server = 285-version-negotiation-server -client = 285-version-negotiation-client - -[285-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[285-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-285] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[286-version-negotiation] -ssl_conf = 286-version-negotiation-ssl - -[286-version-negotiation-ssl] -server = 286-version-negotiation-server -client = 286-version-negotiation-client - -[286-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[286-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-286] -ExpectedResult = ServerFail - - -# =========================================================== - -[287-version-negotiation] -ssl_conf = 287-version-negotiation-ssl - -[287-version-negotiation-ssl] -server = 287-version-negotiation-server -client = 287-version-negotiation-client - -[287-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[287-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-287] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[288-version-negotiation] -ssl_conf = 288-version-negotiation-ssl - -[288-version-negotiation-ssl] -server = 288-version-negotiation-server -client = 288-version-negotiation-client - -[288-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[288-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-288] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[289-version-negotiation] -ssl_conf = 289-version-negotiation-ssl - -[289-version-negotiation-ssl] -server = 289-version-negotiation-server -client = 289-version-negotiation-client - -[289-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[289-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-289] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[290-version-negotiation] -ssl_conf = 290-version-negotiation-ssl - -[290-version-negotiation-ssl] -server = 290-version-negotiation-server -client = 290-version-negotiation-client - -[290-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[290-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-290] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[291-version-negotiation] -ssl_conf = 291-version-negotiation-ssl - -[291-version-negotiation-ssl] -server = 291-version-negotiation-server -client = 291-version-negotiation-client - -[291-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[291-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-291] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[292-version-negotiation] -ssl_conf = 292-version-negotiation-ssl - -[292-version-negotiation-ssl] -server = 292-version-negotiation-server -client = 292-version-negotiation-client - -[292-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[292-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-292] -ExpectedResult = ServerFail - - -# =========================================================== - -[293-version-negotiation] -ssl_conf = 293-version-negotiation-ssl - -[293-version-negotiation-ssl] -server = 293-version-negotiation-server -client = 293-version-negotiation-client - -[293-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[293-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-293] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[294-version-negotiation] -ssl_conf = 294-version-negotiation-ssl - -[294-version-negotiation-ssl] -server = 294-version-negotiation-server -client = 294-version-negotiation-client - -[294-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[294-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-294] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[295-version-negotiation] -ssl_conf = 295-version-negotiation-ssl - -[295-version-negotiation-ssl] -server = 295-version-negotiation-server -client = 295-version-negotiation-client - -[295-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[295-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-295] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[296-version-negotiation] -ssl_conf = 296-version-negotiation-ssl - -[296-version-negotiation-ssl] -server = 296-version-negotiation-server -client = 296-version-negotiation-client - -[296-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[296-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-296] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[297-version-negotiation] -ssl_conf = 297-version-negotiation-ssl - -[297-version-negotiation-ssl] -server = 297-version-negotiation-server -client = 297-version-negotiation-client - -[297-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[297-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-297] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[298-version-negotiation] -ssl_conf = 298-version-negotiation-ssl - -[298-version-negotiation-ssl] -server = 298-version-negotiation-server -client = 298-version-negotiation-client - -[298-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[298-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-298] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[299-version-negotiation] -ssl_conf = 299-version-negotiation-ssl - -[299-version-negotiation-ssl] -server = 299-version-negotiation-server -client = 299-version-negotiation-client - -[299-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[299-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-299] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[300-version-negotiation] -ssl_conf = 300-version-negotiation-ssl - -[300-version-negotiation-ssl] -server = 300-version-negotiation-server -client = 300-version-negotiation-client - -[300-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[300-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-300] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[301-version-negotiation] -ssl_conf = 301-version-negotiation-ssl - -[301-version-negotiation-ssl] -server = 301-version-negotiation-server -client = 301-version-negotiation-client - -[301-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[301-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-301] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[302-version-negotiation] -ssl_conf = 302-version-negotiation-ssl - -[302-version-negotiation-ssl] -server = 302-version-negotiation-server -client = 302-version-negotiation-client - -[302-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[302-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-302] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[303-version-negotiation] -ssl_conf = 303-version-negotiation-ssl - -[303-version-negotiation-ssl] -server = 303-version-negotiation-server -client = 303-version-negotiation-client - -[303-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[303-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-303] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[304-version-negotiation] -ssl_conf = 304-version-negotiation-ssl - -[304-version-negotiation-ssl] -server = 304-version-negotiation-server -client = 304-version-negotiation-client - -[304-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[304-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-304] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[305-version-negotiation] -ssl_conf = 305-version-negotiation-ssl - -[305-version-negotiation-ssl] -server = 305-version-negotiation-server -client = 305-version-negotiation-client - -[305-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[305-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-305] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[306-version-negotiation] -ssl_conf = 306-version-negotiation-ssl - -[306-version-negotiation-ssl] -server = 306-version-negotiation-server -client = 306-version-negotiation-client - -[306-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[306-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-306] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[307-version-negotiation] -ssl_conf = 307-version-negotiation-ssl - -[307-version-negotiation-ssl] -server = 307-version-negotiation-server -client = 307-version-negotiation-client - -[307-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[307-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-307] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[308-version-negotiation] -ssl_conf = 308-version-negotiation-ssl - -[308-version-negotiation-ssl] -server = 308-version-negotiation-server -client = 308-version-negotiation-client - -[308-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[308-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-308] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[309-version-negotiation] -ssl_conf = 309-version-negotiation-ssl - -[309-version-negotiation-ssl] -server = 309-version-negotiation-server -client = 309-version-negotiation-client - -[309-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[309-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-309] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[310-version-negotiation] -ssl_conf = 310-version-negotiation-ssl - -[310-version-negotiation-ssl] -server = 310-version-negotiation-server -client = 310-version-negotiation-client - -[310-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[310-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-310] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[311-version-negotiation] -ssl_conf = 311-version-negotiation-ssl - -[311-version-negotiation-ssl] -server = 311-version-negotiation-server -client = 311-version-negotiation-client - -[311-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[311-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = SSLv3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-311] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[312-version-negotiation] -ssl_conf = 312-version-negotiation-ssl - -[312-version-negotiation-ssl] -server = 312-version-negotiation-server -client = 312-version-negotiation-client - -[312-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[312-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-312] -ExpectedResult = ServerFail - - -# =========================================================== - -[313-version-negotiation] -ssl_conf = 313-version-negotiation-ssl - -[313-version-negotiation-ssl] -server = 313-version-negotiation-server -client = 313-version-negotiation-client - -[313-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[313-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-313] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[314-version-negotiation] -ssl_conf = 314-version-negotiation-ssl - -[314-version-negotiation-ssl] -server = 314-version-negotiation-server -client = 314-version-negotiation-client - -[314-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[314-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-314] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[315-version-negotiation] -ssl_conf = 315-version-negotiation-ssl - -[315-version-negotiation-ssl] -server = 315-version-negotiation-server -client = 315-version-negotiation-client - -[315-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[315-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-315] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[316-version-negotiation] -ssl_conf = 316-version-negotiation-ssl - -[316-version-negotiation-ssl] -server = 316-version-negotiation-server -client = 316-version-negotiation-client - -[316-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[316-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-316] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[317-version-negotiation] -ssl_conf = 317-version-negotiation-ssl - -[317-version-negotiation-ssl] -server = 317-version-negotiation-server -client = 317-version-negotiation-client - -[317-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[317-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-317] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[318-version-negotiation] -ssl_conf = 318-version-negotiation-ssl - -[318-version-negotiation-ssl] -server = 318-version-negotiation-server -client = 318-version-negotiation-client - -[318-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[318-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-318] -ExpectedResult = ServerFail - - -# =========================================================== - -[319-version-negotiation] -ssl_conf = 319-version-negotiation-ssl - -[319-version-negotiation-ssl] -server = 319-version-negotiation-server -client = 319-version-negotiation-client - -[319-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[319-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-319] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[320-version-negotiation] -ssl_conf = 320-version-negotiation-ssl - -[320-version-negotiation-ssl] -server = 320-version-negotiation-server -client = 320-version-negotiation-client - -[320-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[320-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-320] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[321-version-negotiation] -ssl_conf = 321-version-negotiation-ssl - -[321-version-negotiation-ssl] -server = 321-version-negotiation-server -client = 321-version-negotiation-client - -[321-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[321-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-321] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[322-version-negotiation] -ssl_conf = 322-version-negotiation-ssl - -[322-version-negotiation-ssl] -server = 322-version-negotiation-server -client = 322-version-negotiation-client - -[322-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[322-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-322] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[323-version-negotiation] -ssl_conf = 323-version-negotiation-ssl - -[323-version-negotiation-ssl] -server = 323-version-negotiation-server -client = 323-version-negotiation-client - -[323-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[323-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-323] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[324-version-negotiation] -ssl_conf = 324-version-negotiation-ssl - -[324-version-negotiation-ssl] -server = 324-version-negotiation-server -client = 324-version-negotiation-client - -[324-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[324-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-324] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[325-version-negotiation] -ssl_conf = 325-version-negotiation-ssl - -[325-version-negotiation-ssl] -server = 325-version-negotiation-server -client = 325-version-negotiation-client - -[325-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[325-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-325] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[326-version-negotiation] -ssl_conf = 326-version-negotiation-ssl - -[326-version-negotiation-ssl] -server = 326-version-negotiation-server -client = 326-version-negotiation-client - -[326-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[326-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-326] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[327-version-negotiation] -ssl_conf = 327-version-negotiation-ssl - -[327-version-negotiation-ssl] -server = 327-version-negotiation-server -client = 327-version-negotiation-client - -[327-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[327-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-327] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[328-version-negotiation] -ssl_conf = 328-version-negotiation-ssl - -[328-version-negotiation-ssl] -server = 328-version-negotiation-server -client = 328-version-negotiation-client - -[328-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[328-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-328] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[329-version-negotiation] -ssl_conf = 329-version-negotiation-ssl - -[329-version-negotiation-ssl] -server = 329-version-negotiation-server -client = 329-version-negotiation-client - -[329-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[329-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-329] -ExpectedResult = ServerFail - - -# =========================================================== - -[330-version-negotiation] -ssl_conf = 330-version-negotiation-ssl - -[330-version-negotiation-ssl] -server = 330-version-negotiation-server -client = 330-version-negotiation-client - -[330-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[330-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-330] -ExpectedResult = ServerFail - - -# =========================================================== - -[331-version-negotiation] -ssl_conf = 331-version-negotiation-ssl - -[331-version-negotiation-ssl] -server = 331-version-negotiation-server -client = 331-version-negotiation-client - -[331-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[331-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-331] -ExpectedResult = ServerFail - - -# =========================================================== - -[332-version-negotiation] -ssl_conf = 332-version-negotiation-ssl - -[332-version-negotiation-ssl] -server = 332-version-negotiation-server -client = 332-version-negotiation-client - -[332-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[332-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-332] -ExpectedResult = ServerFail - - -# =========================================================== - -[333-version-negotiation] -ssl_conf = 333-version-negotiation-ssl - -[333-version-negotiation-ssl] -server = 333-version-negotiation-server -client = 333-version-negotiation-client - -[333-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[333-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-333] -ExpectedResult = ServerFail - - -# =========================================================== - -[334-version-negotiation] -ssl_conf = 334-version-negotiation-ssl - -[334-version-negotiation-ssl] -server = 334-version-negotiation-server -client = 334-version-negotiation-client - -[334-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[334-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-334] -ExpectedResult = ServerFail - - -# =========================================================== - -[335-version-negotiation] -ssl_conf = 335-version-negotiation-ssl - -[335-version-negotiation-ssl] -server = 335-version-negotiation-server -client = 335-version-negotiation-client - -[335-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[335-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-335] -ExpectedResult = ServerFail - - -# =========================================================== - -[336-version-negotiation] -ssl_conf = 336-version-negotiation-ssl - -[336-version-negotiation-ssl] -server = 336-version-negotiation-server -client = 336-version-negotiation-client - -[336-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[336-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-336] -ExpectedResult = ServerFail - - -# =========================================================== - -[337-version-negotiation] -ssl_conf = 337-version-negotiation-ssl - -[337-version-negotiation-ssl] -server = 337-version-negotiation-server -client = 337-version-negotiation-client - -[337-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[337-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-337] -ExpectedResult = ServerFail - - -# =========================================================== - -[338-version-negotiation] -ssl_conf = 338-version-negotiation-ssl - -[338-version-negotiation-ssl] -server = 338-version-negotiation-server -client = 338-version-negotiation-client - -[338-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[338-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-338] -ExpectedResult = ServerFail - - -# =========================================================== - -[339-version-negotiation] -ssl_conf = 339-version-negotiation-ssl - -[339-version-negotiation-ssl] -server = 339-version-negotiation-server -client = 339-version-negotiation-client - -[339-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[339-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-339] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[340-version-negotiation] -ssl_conf = 340-version-negotiation-ssl - -[340-version-negotiation-ssl] -server = 340-version-negotiation-server -client = 340-version-negotiation-client - -[340-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[340-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-340] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[341-version-negotiation] -ssl_conf = 341-version-negotiation-ssl - -[341-version-negotiation-ssl] -server = 341-version-negotiation-server -client = 341-version-negotiation-client - -[341-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[341-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-341] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[342-version-negotiation] -ssl_conf = 342-version-negotiation-ssl - -[342-version-negotiation-ssl] -server = 342-version-negotiation-server -client = 342-version-negotiation-client - -[342-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[342-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-342] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[343-version-negotiation] -ssl_conf = 343-version-negotiation-ssl - -[343-version-negotiation-ssl] -server = 343-version-negotiation-server -client = 343-version-negotiation-client - -[343-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[343-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-343] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[344-version-negotiation] -ssl_conf = 344-version-negotiation-ssl - -[344-version-negotiation-ssl] -server = 344-version-negotiation-server -client = 344-version-negotiation-client - -[344-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[344-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-344] -ExpectedResult = ServerFail - - -# =========================================================== - -[345-version-negotiation] -ssl_conf = 345-version-negotiation-ssl - -[345-version-negotiation-ssl] -server = 345-version-negotiation-server -client = 345-version-negotiation-client - -[345-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[345-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-345] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[346-version-negotiation] -ssl_conf = 346-version-negotiation-ssl - -[346-version-negotiation-ssl] -server = 346-version-negotiation-server -client = 346-version-negotiation-client - -[346-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[346-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-346] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[347-version-negotiation] -ssl_conf = 347-version-negotiation-ssl - -[347-version-negotiation-ssl] -server = 347-version-negotiation-server -client = 347-version-negotiation-client - -[347-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[347-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-347] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[348-version-negotiation] -ssl_conf = 348-version-negotiation-ssl - -[348-version-negotiation-ssl] -server = 348-version-negotiation-server -client = 348-version-negotiation-client - -[348-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[348-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-348] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[349-version-negotiation] -ssl_conf = 349-version-negotiation-ssl - -[349-version-negotiation-ssl] -server = 349-version-negotiation-server -client = 349-version-negotiation-client - -[349-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[349-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-349] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[350-version-negotiation] -ssl_conf = 350-version-negotiation-ssl - -[350-version-negotiation-ssl] -server = 350-version-negotiation-server -client = 350-version-negotiation-client - -[350-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[350-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-350] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[351-version-negotiation] -ssl_conf = 351-version-negotiation-ssl - -[351-version-negotiation-ssl] -server = 351-version-negotiation-server -client = 351-version-negotiation-client - -[351-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[351-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-351] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[352-version-negotiation] -ssl_conf = 352-version-negotiation-ssl - -[352-version-negotiation-ssl] -server = 352-version-negotiation-server -client = 352-version-negotiation-client - -[352-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[352-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-352] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[353-version-negotiation] -ssl_conf = 353-version-negotiation-ssl - -[353-version-negotiation-ssl] -server = 353-version-negotiation-server -client = 353-version-negotiation-client - -[353-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[353-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-353] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[354-version-negotiation] -ssl_conf = 354-version-negotiation-ssl - -[354-version-negotiation-ssl] -server = 354-version-negotiation-server -client = 354-version-negotiation-client - -[354-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[354-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-354] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[355-version-negotiation] -ssl_conf = 355-version-negotiation-ssl - -[355-version-negotiation-ssl] -server = 355-version-negotiation-server -client = 355-version-negotiation-client - -[355-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[355-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-355] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[356-version-negotiation] -ssl_conf = 356-version-negotiation-ssl - -[356-version-negotiation-ssl] -server = 356-version-negotiation-server -client = 356-version-negotiation-client - -[356-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[356-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-356] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[357-version-negotiation] -ssl_conf = 357-version-negotiation-ssl - -[357-version-negotiation-ssl] -server = 357-version-negotiation-server -client = 357-version-negotiation-client - -[357-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[357-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-357] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[358-version-negotiation] -ssl_conf = 358-version-negotiation-ssl - -[358-version-negotiation-ssl] -server = 358-version-negotiation-server -client = 358-version-negotiation-client - -[358-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[358-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-358] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[359-version-negotiation] -ssl_conf = 359-version-negotiation-ssl - -[359-version-negotiation-ssl] -server = 359-version-negotiation-server -client = 359-version-negotiation-client - -[359-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[359-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-359] -ExpectedResult = ServerFail - - -# =========================================================== - -[360-version-negotiation] -ssl_conf = 360-version-negotiation-ssl - -[360-version-negotiation-ssl] -server = 360-version-negotiation-server -client = 360-version-negotiation-client - -[360-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[360-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-360] -ExpectedResult = ServerFail - - -# =========================================================== - -[361-version-negotiation] -ssl_conf = 361-version-negotiation-ssl - -[361-version-negotiation-ssl] -server = 361-version-negotiation-server -client = 361-version-negotiation-client - -[361-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[361-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-361] -ExpectedResult = ServerFail - - -# =========================================================== - -[362-version-negotiation] -ssl_conf = 362-version-negotiation-ssl - -[362-version-negotiation-ssl] -server = 362-version-negotiation-server -client = 362-version-negotiation-client - -[362-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[362-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-362] -ExpectedResult = ServerFail - - -# =========================================================== - -[363-version-negotiation] -ssl_conf = 363-version-negotiation-ssl - -[363-version-negotiation-ssl] -server = 363-version-negotiation-server -client = 363-version-negotiation-client - -[363-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[363-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-363] -ExpectedResult = ServerFail - - -# =========================================================== - -[364-version-negotiation] -ssl_conf = 364-version-negotiation-ssl - -[364-version-negotiation-ssl] -server = 364-version-negotiation-server -client = 364-version-negotiation-client - -[364-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[364-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-364] -ExpectedResult = ServerFail - - -# =========================================================== - -[365-version-negotiation] -ssl_conf = 365-version-negotiation-ssl - -[365-version-negotiation-ssl] -server = 365-version-negotiation-server -client = 365-version-negotiation-client - -[365-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[365-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-365] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[366-version-negotiation] -ssl_conf = 366-version-negotiation-ssl - -[366-version-negotiation-ssl] -server = 366-version-negotiation-server -client = 366-version-negotiation-client - -[366-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[366-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-366] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[367-version-negotiation] -ssl_conf = 367-version-negotiation-ssl - -[367-version-negotiation-ssl] -server = 367-version-negotiation-server -client = 367-version-negotiation-client - -[367-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[367-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-367] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[368-version-negotiation] -ssl_conf = 368-version-negotiation-ssl - -[368-version-negotiation-ssl] -server = 368-version-negotiation-server -client = 368-version-negotiation-client - -[368-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[368-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-368] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[369-version-negotiation] -ssl_conf = 369-version-negotiation-ssl - -[369-version-negotiation-ssl] -server = 369-version-negotiation-server -client = 369-version-negotiation-client - -[369-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[369-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-369] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[370-version-negotiation] -ssl_conf = 370-version-negotiation-ssl - -[370-version-negotiation-ssl] -server = 370-version-negotiation-server -client = 370-version-negotiation-client - -[370-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[370-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-370] -ExpectedResult = ServerFail - - -# =========================================================== - -[371-version-negotiation] -ssl_conf = 371-version-negotiation-ssl - -[371-version-negotiation-ssl] -server = 371-version-negotiation-server -client = 371-version-negotiation-client - -[371-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[371-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-371] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[372-version-negotiation] -ssl_conf = 372-version-negotiation-ssl - -[372-version-negotiation-ssl] -server = 372-version-negotiation-server -client = 372-version-negotiation-client - -[372-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[372-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-372] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[373-version-negotiation] -ssl_conf = 373-version-negotiation-ssl - -[373-version-negotiation-ssl] -server = 373-version-negotiation-server -client = 373-version-negotiation-client - -[373-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[373-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-373] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[374-version-negotiation] -ssl_conf = 374-version-negotiation-ssl - -[374-version-negotiation-ssl] -server = 374-version-negotiation-server -client = 374-version-negotiation-client - -[374-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[374-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-374] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[375-version-negotiation] -ssl_conf = 375-version-negotiation-ssl - -[375-version-negotiation-ssl] -server = 375-version-negotiation-server -client = 375-version-negotiation-client - -[375-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[375-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-375] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[376-version-negotiation] -ssl_conf = 376-version-negotiation-ssl - -[376-version-negotiation-ssl] -server = 376-version-negotiation-server -client = 376-version-negotiation-client - -[376-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[376-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-376] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[377-version-negotiation] -ssl_conf = 377-version-negotiation-ssl - -[377-version-negotiation-ssl] -server = 377-version-negotiation-server -client = 377-version-negotiation-client - -[377-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[377-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-377] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[378-version-negotiation] -ssl_conf = 378-version-negotiation-ssl - -[378-version-negotiation-ssl] -server = 378-version-negotiation-server -client = 378-version-negotiation-client - -[378-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[378-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-378] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[379-version-negotiation] -ssl_conf = 379-version-negotiation-ssl - -[379-version-negotiation-ssl] -server = 379-version-negotiation-server -client = 379-version-negotiation-client - -[379-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[379-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-379] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[380-version-negotiation] -ssl_conf = 380-version-negotiation-ssl - -[380-version-negotiation-ssl] -server = 380-version-negotiation-server -client = 380-version-negotiation-client - -[380-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[380-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-380] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[381-version-negotiation] -ssl_conf = 381-version-negotiation-ssl - -[381-version-negotiation-ssl] -server = 381-version-negotiation-server -client = 381-version-negotiation-client - -[381-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[381-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-381] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[382-version-negotiation] -ssl_conf = 382-version-negotiation-ssl - -[382-version-negotiation-ssl] -server = 382-version-negotiation-server -client = 382-version-negotiation-client - -[382-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[382-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-382] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[383-version-negotiation] -ssl_conf = 383-version-negotiation-ssl - -[383-version-negotiation-ssl] -server = 383-version-negotiation-server -client = 383-version-negotiation-client - -[383-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[383-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-383] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[384-version-negotiation] -ssl_conf = 384-version-negotiation-ssl - -[384-version-negotiation-ssl] -server = 384-version-negotiation-server -client = 384-version-negotiation-client - -[384-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[384-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-384] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[385-version-negotiation] -ssl_conf = 385-version-negotiation-ssl - -[385-version-negotiation-ssl] -server = 385-version-negotiation-server -client = 385-version-negotiation-client - -[385-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[385-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-385] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[386-version-negotiation] -ssl_conf = 386-version-negotiation-ssl - -[386-version-negotiation-ssl] -server = 386-version-negotiation-server -client = 386-version-negotiation-client - -[386-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[386-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-386] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[387-version-negotiation] -ssl_conf = 387-version-negotiation-ssl - -[387-version-negotiation-ssl] -server = 387-version-negotiation-server -client = 387-version-negotiation-client - -[387-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[387-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-387] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[388-version-negotiation] -ssl_conf = 388-version-negotiation-ssl - -[388-version-negotiation-ssl] -server = 388-version-negotiation-server -client = 388-version-negotiation-client - -[388-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[388-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-388] -ExpectedResult = ServerFail - - -# =========================================================== - -[389-version-negotiation] -ssl_conf = 389-version-negotiation-ssl - -[389-version-negotiation-ssl] -server = 389-version-negotiation-server -client = 389-version-negotiation-client - -[389-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[389-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-389] -ExpectedResult = ServerFail - - -# =========================================================== - -[390-version-negotiation] -ssl_conf = 390-version-negotiation-ssl - -[390-version-negotiation-ssl] -server = 390-version-negotiation-server -client = 390-version-negotiation-client - -[390-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[390-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-390] -ExpectedResult = ServerFail - - -# =========================================================== - -[391-version-negotiation] -ssl_conf = 391-version-negotiation-ssl - -[391-version-negotiation-ssl] -server = 391-version-negotiation-server -client = 391-version-negotiation-client - -[391-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[391-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-391] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[392-version-negotiation] -ssl_conf = 392-version-negotiation-ssl - -[392-version-negotiation-ssl] -server = 392-version-negotiation-server -client = 392-version-negotiation-client - -[392-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[392-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-392] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[393-version-negotiation] -ssl_conf = 393-version-negotiation-ssl - -[393-version-negotiation-ssl] -server = 393-version-negotiation-server -client = 393-version-negotiation-client - -[393-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[393-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-393] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[394-version-negotiation] -ssl_conf = 394-version-negotiation-ssl - -[394-version-negotiation-ssl] -server = 394-version-negotiation-server -client = 394-version-negotiation-client - -[394-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[394-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-394] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[395-version-negotiation] -ssl_conf = 395-version-negotiation-ssl - -[395-version-negotiation-ssl] -server = 395-version-negotiation-server -client = 395-version-negotiation-client - -[395-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[395-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-395] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[396-version-negotiation] -ssl_conf = 396-version-negotiation-ssl - -[396-version-negotiation-ssl] -server = 396-version-negotiation-server -client = 396-version-negotiation-client - -[396-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[396-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-396] -ExpectedResult = ServerFail - - -# =========================================================== - -[397-version-negotiation] -ssl_conf = 397-version-negotiation-ssl - -[397-version-negotiation-ssl] -server = 397-version-negotiation-server -client = 397-version-negotiation-client - -[397-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[397-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-397] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[398-version-negotiation] -ssl_conf = 398-version-negotiation-ssl - -[398-version-negotiation-ssl] -server = 398-version-negotiation-server -client = 398-version-negotiation-client - -[398-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[398-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-398] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[399-version-negotiation] -ssl_conf = 399-version-negotiation-ssl - -[399-version-negotiation-ssl] -server = 399-version-negotiation-server -client = 399-version-negotiation-client - -[399-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[399-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-399] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[400-version-negotiation] -ssl_conf = 400-version-negotiation-ssl - -[400-version-negotiation-ssl] -server = 400-version-negotiation-server -client = 400-version-negotiation-client - -[400-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[400-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-400] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[401-version-negotiation] -ssl_conf = 401-version-negotiation-ssl - -[401-version-negotiation-ssl] -server = 401-version-negotiation-server -client = 401-version-negotiation-client - -[401-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[401-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-401] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[402-version-negotiation] -ssl_conf = 402-version-negotiation-ssl - -[402-version-negotiation-ssl] -server = 402-version-negotiation-server -client = 402-version-negotiation-client - -[402-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[402-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-402] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[403-version-negotiation] -ssl_conf = 403-version-negotiation-ssl - -[403-version-negotiation-ssl] -server = 403-version-negotiation-server -client = 403-version-negotiation-client - -[403-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[403-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-403] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[404-version-negotiation] -ssl_conf = 404-version-negotiation-ssl - -[404-version-negotiation-ssl] -server = 404-version-negotiation-server -client = 404-version-negotiation-client - -[404-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[404-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-404] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[405-version-negotiation] -ssl_conf = 405-version-negotiation-ssl - -[405-version-negotiation-ssl] -server = 405-version-negotiation-server -client = 405-version-negotiation-client - -[405-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[405-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-405] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[406-version-negotiation] -ssl_conf = 406-version-negotiation-ssl - -[406-version-negotiation-ssl] -server = 406-version-negotiation-server -client = 406-version-negotiation-client - -[406-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[406-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-406] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[407-version-negotiation] -ssl_conf = 407-version-negotiation-ssl - -[407-version-negotiation-ssl] -server = 407-version-negotiation-server -client = 407-version-negotiation-client - -[407-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[407-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-407] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[408-version-negotiation] -ssl_conf = 408-version-negotiation-ssl - -[408-version-negotiation-ssl] -server = 408-version-negotiation-server -client = 408-version-negotiation-client - -[408-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[408-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-408] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[409-version-negotiation] -ssl_conf = 409-version-negotiation-ssl - -[409-version-negotiation-ssl] -server = 409-version-negotiation-server -client = 409-version-negotiation-client - -[409-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[409-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-409] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[410-version-negotiation] -ssl_conf = 410-version-negotiation-ssl - -[410-version-negotiation-ssl] -server = 410-version-negotiation-server -client = 410-version-negotiation-client - -[410-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[410-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-410] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[411-version-negotiation] -ssl_conf = 411-version-negotiation-ssl - -[411-version-negotiation-ssl] -server = 411-version-negotiation-server -client = 411-version-negotiation-client - -[411-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[411-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-411] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[412-version-negotiation] -ssl_conf = 412-version-negotiation-ssl - -[412-version-negotiation-ssl] -server = 412-version-negotiation-server -client = 412-version-negotiation-client - -[412-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[412-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-412] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[413-version-negotiation] -ssl_conf = 413-version-negotiation-ssl - -[413-version-negotiation-ssl] -server = 413-version-negotiation-server -client = 413-version-negotiation-client - -[413-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[413-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-413] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[414-version-negotiation] -ssl_conf = 414-version-negotiation-ssl - -[414-version-negotiation-ssl] -server = 414-version-negotiation-server -client = 414-version-negotiation-client - -[414-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[414-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-414] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[415-version-negotiation] -ssl_conf = 415-version-negotiation-ssl - -[415-version-negotiation-ssl] -server = 415-version-negotiation-server -client = 415-version-negotiation-client - -[415-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[415-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-415] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[416-version-negotiation] -ssl_conf = 416-version-negotiation-ssl - -[416-version-negotiation-ssl] -server = 416-version-negotiation-server -client = 416-version-negotiation-client - -[416-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[416-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-416] -ExpectedResult = ServerFail - - -# =========================================================== - -[417-version-negotiation] -ssl_conf = 417-version-negotiation-ssl - -[417-version-negotiation-ssl] -server = 417-version-negotiation-server -client = 417-version-negotiation-client - -[417-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[417-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-417] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[418-version-negotiation] -ssl_conf = 418-version-negotiation-ssl - -[418-version-negotiation-ssl] -server = 418-version-negotiation-server -client = 418-version-negotiation-client - -[418-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[418-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-418] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[419-version-negotiation] -ssl_conf = 419-version-negotiation-ssl - -[419-version-negotiation-ssl] -server = 419-version-negotiation-server -client = 419-version-negotiation-client - -[419-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[419-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-419] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[420-version-negotiation] -ssl_conf = 420-version-negotiation-ssl - -[420-version-negotiation-ssl] -server = 420-version-negotiation-server -client = 420-version-negotiation-client - -[420-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[420-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-420] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[421-version-negotiation] -ssl_conf = 421-version-negotiation-ssl - -[421-version-negotiation-ssl] -server = 421-version-negotiation-server -client = 421-version-negotiation-client - -[421-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[421-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-421] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[422-version-negotiation] -ssl_conf = 422-version-negotiation-ssl - -[422-version-negotiation-ssl] -server = 422-version-negotiation-server -client = 422-version-negotiation-client - -[422-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[422-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-422] -ExpectedResult = ServerFail - - -# =========================================================== - -[423-version-negotiation] -ssl_conf = 423-version-negotiation-ssl - -[423-version-negotiation-ssl] -server = 423-version-negotiation-server -client = 423-version-negotiation-client - -[423-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[423-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-423] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[424-version-negotiation] -ssl_conf = 424-version-negotiation-ssl - -[424-version-negotiation-ssl] -server = 424-version-negotiation-server -client = 424-version-negotiation-client - -[424-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[424-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-424] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[425-version-negotiation] -ssl_conf = 425-version-negotiation-ssl - -[425-version-negotiation-ssl] -server = 425-version-negotiation-server -client = 425-version-negotiation-client - -[425-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[425-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-425] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[426-version-negotiation] -ssl_conf = 426-version-negotiation-ssl - -[426-version-negotiation-ssl] -server = 426-version-negotiation-server -client = 426-version-negotiation-client - -[426-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[426-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-426] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[427-version-negotiation] -ssl_conf = 427-version-negotiation-ssl - -[427-version-negotiation-ssl] -server = 427-version-negotiation-server -client = 427-version-negotiation-client - -[427-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[427-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-427] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[428-version-negotiation] -ssl_conf = 428-version-negotiation-ssl - -[428-version-negotiation-ssl] -server = 428-version-negotiation-server -client = 428-version-negotiation-client - -[428-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[428-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-428] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[429-version-negotiation] -ssl_conf = 429-version-negotiation-ssl - -[429-version-negotiation-ssl] -server = 429-version-negotiation-server -client = 429-version-negotiation-client - -[429-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[429-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-429] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[430-version-negotiation] -ssl_conf = 430-version-negotiation-ssl - -[430-version-negotiation-ssl] -server = 430-version-negotiation-server -client = 430-version-negotiation-client - -[430-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[430-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-430] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[431-version-negotiation] -ssl_conf = 431-version-negotiation-ssl - -[431-version-negotiation-ssl] -server = 431-version-negotiation-server -client = 431-version-negotiation-client - -[431-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[431-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-431] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[432-version-negotiation] -ssl_conf = 432-version-negotiation-ssl - -[432-version-negotiation-ssl] -server = 432-version-negotiation-server -client = 432-version-negotiation-client - -[432-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[432-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-432] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[433-version-negotiation] -ssl_conf = 433-version-negotiation-ssl - -[433-version-negotiation-ssl] -server = 433-version-negotiation-server -client = 433-version-negotiation-client - -[433-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[433-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-433] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[434-version-negotiation] -ssl_conf = 434-version-negotiation-ssl - -[434-version-negotiation-ssl] -server = 434-version-negotiation-server -client = 434-version-negotiation-client - -[434-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[434-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-434] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[435-version-negotiation] -ssl_conf = 435-version-negotiation-ssl - -[435-version-negotiation-ssl] -server = 435-version-negotiation-server -client = 435-version-negotiation-client - -[435-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[435-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-435] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[436-version-negotiation] -ssl_conf = 436-version-negotiation-ssl - -[436-version-negotiation-ssl] -server = 436-version-negotiation-server -client = 436-version-negotiation-client - -[436-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[436-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-436] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[437-version-negotiation] -ssl_conf = 437-version-negotiation-ssl - -[437-version-negotiation-ssl] -server = 437-version-negotiation-server -client = 437-version-negotiation-client - -[437-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[437-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-437] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[438-version-negotiation] -ssl_conf = 438-version-negotiation-ssl - -[438-version-negotiation-ssl] -server = 438-version-negotiation-server -client = 438-version-negotiation-client - -[438-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[438-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-438] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[439-version-negotiation] -ssl_conf = 439-version-negotiation-ssl - -[439-version-negotiation-ssl] -server = 439-version-negotiation-server -client = 439-version-negotiation-client - -[439-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[439-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-439] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[440-version-negotiation] -ssl_conf = 440-version-negotiation-ssl - -[440-version-negotiation-ssl] -server = 440-version-negotiation-server -client = 440-version-negotiation-client - -[440-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[440-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-440] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[441-version-negotiation] -ssl_conf = 441-version-negotiation-ssl - -[441-version-negotiation-ssl] -server = 441-version-negotiation-server -client = 441-version-negotiation-client - -[441-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[441-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-441] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[442-version-negotiation] -ssl_conf = 442-version-negotiation-ssl - -[442-version-negotiation-ssl] -server = 442-version-negotiation-server -client = 442-version-negotiation-client - -[442-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[442-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-442] -ExpectedResult = ServerFail - - -# =========================================================== - -[443-version-negotiation] -ssl_conf = 443-version-negotiation-ssl - -[443-version-negotiation-ssl] -server = 443-version-negotiation-server -client = 443-version-negotiation-client - -[443-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[443-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-443] -ExpectedResult = ClientFail - - -# =========================================================== - -[444-version-negotiation] -ssl_conf = 444-version-negotiation-ssl - -[444-version-negotiation-ssl] -server = 444-version-negotiation-server -client = 444-version-negotiation-client - -[444-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[444-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-444] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[445-version-negotiation] -ssl_conf = 445-version-negotiation-ssl - -[445-version-negotiation-ssl] -server = 445-version-negotiation-server -client = 445-version-negotiation-client - -[445-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[445-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-445] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[446-version-negotiation] -ssl_conf = 446-version-negotiation-ssl - -[446-version-negotiation-ssl] -server = 446-version-negotiation-server -client = 446-version-negotiation-client - -[446-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[446-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-446] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[447-version-negotiation] -ssl_conf = 447-version-negotiation-ssl - -[447-version-negotiation-ssl] -server = 447-version-negotiation-server -client = 447-version-negotiation-client - -[447-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[447-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-447] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[448-version-negotiation] -ssl_conf = 448-version-negotiation-ssl - -[448-version-negotiation-ssl] -server = 448-version-negotiation-server -client = 448-version-negotiation-client - -[448-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[448-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-448] -ExpectedResult = ServerFail - - -# =========================================================== - -[449-version-negotiation] -ssl_conf = 449-version-negotiation-ssl - -[449-version-negotiation-ssl] -server = 449-version-negotiation-server -client = 449-version-negotiation-client - -[449-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[449-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-449] -ExpectedResult = ClientFail - - -# =========================================================== - -[450-version-negotiation] -ssl_conf = 450-version-negotiation-ssl - -[450-version-negotiation-ssl] -server = 450-version-negotiation-server -client = 450-version-negotiation-client - -[450-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[450-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-450] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[451-version-negotiation] -ssl_conf = 451-version-negotiation-ssl - -[451-version-negotiation-ssl] -server = 451-version-negotiation-server -client = 451-version-negotiation-client - -[451-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[451-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-451] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[452-version-negotiation] -ssl_conf = 452-version-negotiation-ssl - -[452-version-negotiation-ssl] -server = 452-version-negotiation-server -client = 452-version-negotiation-client - -[452-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[452-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-452] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[453-version-negotiation] -ssl_conf = 453-version-negotiation-ssl - -[453-version-negotiation-ssl] -server = 453-version-negotiation-server -client = 453-version-negotiation-client - -[453-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[453-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-453] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[454-version-negotiation] -ssl_conf = 454-version-negotiation-ssl - -[454-version-negotiation-ssl] -server = 454-version-negotiation-server -client = 454-version-negotiation-client - -[454-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[454-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-454] -ExpectedResult = ClientFail - - -# =========================================================== - -[455-version-negotiation] -ssl_conf = 455-version-negotiation-ssl - -[455-version-negotiation-ssl] -server = 455-version-negotiation-server -client = 455-version-negotiation-client - -[455-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[455-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-455] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[456-version-negotiation] -ssl_conf = 456-version-negotiation-ssl - -[456-version-negotiation-ssl] -server = 456-version-negotiation-server -client = 456-version-negotiation-client - -[456-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[456-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-456] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[457-version-negotiation] -ssl_conf = 457-version-negotiation-ssl - -[457-version-negotiation-ssl] -server = 457-version-negotiation-server -client = 457-version-negotiation-client - -[457-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[457-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-457] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[458-version-negotiation] -ssl_conf = 458-version-negotiation-ssl - -[458-version-negotiation-ssl] -server = 458-version-negotiation-server -client = 458-version-negotiation-client - -[458-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[458-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-458] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[459-version-negotiation] -ssl_conf = 459-version-negotiation-ssl - -[459-version-negotiation-ssl] -server = 459-version-negotiation-server -client = 459-version-negotiation-client - -[459-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[459-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-459] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[460-version-negotiation] -ssl_conf = 460-version-negotiation-ssl - -[460-version-negotiation-ssl] -server = 460-version-negotiation-server -client = 460-version-negotiation-client - -[460-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[460-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-460] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[461-version-negotiation] -ssl_conf = 461-version-negotiation-ssl - -[461-version-negotiation-ssl] -server = 461-version-negotiation-server -client = 461-version-negotiation-client - -[461-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[461-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-461] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[462-version-negotiation] -ssl_conf = 462-version-negotiation-ssl - -[462-version-negotiation-ssl] -server = 462-version-negotiation-server -client = 462-version-negotiation-client - -[462-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[462-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-462] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[463-version-negotiation] -ssl_conf = 463-version-negotiation-ssl - -[463-version-negotiation-ssl] -server = 463-version-negotiation-server -client = 463-version-negotiation-client - -[463-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[463-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-463] -ExpectedResult = ServerFail - - -# =========================================================== - -[464-version-negotiation] -ssl_conf = 464-version-negotiation-ssl - -[464-version-negotiation-ssl] -server = 464-version-negotiation-server -client = 464-version-negotiation-client - -[464-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[464-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-464] -ExpectedResult = ServerFail - - -# =========================================================== - -[465-version-negotiation] -ssl_conf = 465-version-negotiation-ssl - -[465-version-negotiation-ssl] -server = 465-version-negotiation-server -client = 465-version-negotiation-client - -[465-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[465-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-465] -ExpectedResult = ServerFail - - -# =========================================================== - -[466-version-negotiation] -ssl_conf = 466-version-negotiation-ssl - -[466-version-negotiation-ssl] -server = 466-version-negotiation-server -client = 466-version-negotiation-client - -[466-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[466-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-466] -ExpectedResult = ServerFail - - -# =========================================================== - -[467-version-negotiation] -ssl_conf = 467-version-negotiation-ssl - -[467-version-negotiation-ssl] -server = 467-version-negotiation-server -client = 467-version-negotiation-client - -[467-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[467-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-467] -ExpectedResult = ServerFail - - -# =========================================================== - -[468-version-negotiation] -ssl_conf = 468-version-negotiation-ssl - -[468-version-negotiation-ssl] -server = 468-version-negotiation-server -client = 468-version-negotiation-client - -[468-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[468-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-468] -ExpectedResult = ServerFail - - -# =========================================================== - -[469-version-negotiation] -ssl_conf = 469-version-negotiation-ssl - -[469-version-negotiation-ssl] -server = 469-version-negotiation-server -client = 469-version-negotiation-client - -[469-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[469-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-469] -ExpectedResult = ClientFail - - -# =========================================================== - -[470-version-negotiation] -ssl_conf = 470-version-negotiation-ssl - -[470-version-negotiation-ssl] -server = 470-version-negotiation-server -client = 470-version-negotiation-client - -[470-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[470-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-470] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[471-version-negotiation] -ssl_conf = 471-version-negotiation-ssl - -[471-version-negotiation-ssl] -server = 471-version-negotiation-server -client = 471-version-negotiation-client - -[471-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[471-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-471] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[472-version-negotiation] -ssl_conf = 472-version-negotiation-ssl - -[472-version-negotiation-ssl] -server = 472-version-negotiation-server -client = 472-version-negotiation-client - -[472-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[472-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-472] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[473-version-negotiation] -ssl_conf = 473-version-negotiation-ssl - -[473-version-negotiation-ssl] -server = 473-version-negotiation-server -client = 473-version-negotiation-client - -[473-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[473-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-473] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[474-version-negotiation] -ssl_conf = 474-version-negotiation-ssl - -[474-version-negotiation-ssl] -server = 474-version-negotiation-server -client = 474-version-negotiation-client - -[474-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[474-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-474] -ExpectedResult = ServerFail - - -# =========================================================== - -[475-version-negotiation] -ssl_conf = 475-version-negotiation-ssl - -[475-version-negotiation-ssl] -server = 475-version-negotiation-server -client = 475-version-negotiation-client - -[475-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[475-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-475] -ExpectedResult = ClientFail - - -# =========================================================== - -[476-version-negotiation] -ssl_conf = 476-version-negotiation-ssl - -[476-version-negotiation-ssl] -server = 476-version-negotiation-server -client = 476-version-negotiation-client - -[476-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[476-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-476] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[477-version-negotiation] -ssl_conf = 477-version-negotiation-ssl - -[477-version-negotiation-ssl] -server = 477-version-negotiation-server -client = 477-version-negotiation-client - -[477-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[477-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-477] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[478-version-negotiation] -ssl_conf = 478-version-negotiation-ssl - -[478-version-negotiation-ssl] -server = 478-version-negotiation-server -client = 478-version-negotiation-client - -[478-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[478-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-478] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[479-version-negotiation] -ssl_conf = 479-version-negotiation-ssl - -[479-version-negotiation-ssl] -server = 479-version-negotiation-server -client = 479-version-negotiation-client - -[479-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[479-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-479] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[480-version-negotiation] -ssl_conf = 480-version-negotiation-ssl - -[480-version-negotiation-ssl] -server = 480-version-negotiation-server -client = 480-version-negotiation-client - -[480-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[480-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-480] -ExpectedResult = ClientFail - - -# =========================================================== - -[481-version-negotiation] -ssl_conf = 481-version-negotiation-ssl - -[481-version-negotiation-ssl] -server = 481-version-negotiation-server -client = 481-version-negotiation-client - -[481-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[481-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-481] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[482-version-negotiation] -ssl_conf = 482-version-negotiation-ssl - -[482-version-negotiation-ssl] -server = 482-version-negotiation-server -client = 482-version-negotiation-client - -[482-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[482-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-482] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[483-version-negotiation] -ssl_conf = 483-version-negotiation-ssl - -[483-version-negotiation-ssl] -server = 483-version-negotiation-server -client = 483-version-negotiation-client - -[483-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[483-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-483] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[484-version-negotiation] -ssl_conf = 484-version-negotiation-ssl - -[484-version-negotiation-ssl] -server = 484-version-negotiation-server -client = 484-version-negotiation-client - -[484-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[484-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-484] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[485-version-negotiation] -ssl_conf = 485-version-negotiation-ssl - -[485-version-negotiation-ssl] -server = 485-version-negotiation-server -client = 485-version-negotiation-client - -[485-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[485-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-485] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[486-version-negotiation] -ssl_conf = 486-version-negotiation-ssl - -[486-version-negotiation-ssl] -server = 486-version-negotiation-server -client = 486-version-negotiation-client - -[486-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[486-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-486] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[487-version-negotiation] -ssl_conf = 487-version-negotiation-ssl - -[487-version-negotiation-ssl] -server = 487-version-negotiation-server -client = 487-version-negotiation-client - -[487-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[487-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-487] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[488-version-negotiation] -ssl_conf = 488-version-negotiation-ssl - -[488-version-negotiation-ssl] -server = 488-version-negotiation-server -client = 488-version-negotiation-client - -[488-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[488-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-488] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[489-version-negotiation] -ssl_conf = 489-version-negotiation-ssl - -[489-version-negotiation-ssl] -server = 489-version-negotiation-server -client = 489-version-negotiation-client - -[489-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[489-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-489] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[490-version-negotiation] -ssl_conf = 490-version-negotiation-ssl - -[490-version-negotiation-ssl] -server = 490-version-negotiation-server -client = 490-version-negotiation-client - -[490-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[490-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-490] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[491-version-negotiation] -ssl_conf = 491-version-negotiation-ssl - -[491-version-negotiation-ssl] -server = 491-version-negotiation-server -client = 491-version-negotiation-client - -[491-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[491-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-491] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[492-version-negotiation] -ssl_conf = 492-version-negotiation-ssl - -[492-version-negotiation-ssl] -server = 492-version-negotiation-server -client = 492-version-negotiation-client - -[492-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[492-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-492] -ExpectedResult = ServerFail - - -# =========================================================== - -[493-version-negotiation] -ssl_conf = 493-version-negotiation-ssl - -[493-version-negotiation-ssl] -server = 493-version-negotiation-server -client = 493-version-negotiation-client - -[493-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[493-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-493] -ExpectedResult = ServerFail - - -# =========================================================== - -[494-version-negotiation] -ssl_conf = 494-version-negotiation-ssl - -[494-version-negotiation-ssl] -server = 494-version-negotiation-server -client = 494-version-negotiation-client - -[494-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[494-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-494] -ExpectedResult = ServerFail - - -# =========================================================== - -[495-version-negotiation] -ssl_conf = 495-version-negotiation-ssl - -[495-version-negotiation-ssl] -server = 495-version-negotiation-server -client = 495-version-negotiation-client - -[495-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[495-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-495] -ExpectedResult = ServerFail - - -# =========================================================== - -[496-version-negotiation] -ssl_conf = 496-version-negotiation-ssl - -[496-version-negotiation-ssl] -server = 496-version-negotiation-server -client = 496-version-negotiation-client - -[496-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[496-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-496] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[497-version-negotiation] -ssl_conf = 497-version-negotiation-ssl - -[497-version-negotiation-ssl] -server = 497-version-negotiation-server -client = 497-version-negotiation-client - -[497-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[497-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-497] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[498-version-negotiation] -ssl_conf = 498-version-negotiation-ssl - -[498-version-negotiation-ssl] -server = 498-version-negotiation-server -client = 498-version-negotiation-client - -[498-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[498-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-498] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[499-version-negotiation] -ssl_conf = 499-version-negotiation-ssl - -[499-version-negotiation-ssl] -server = 499-version-negotiation-server -client = 499-version-negotiation-client - -[499-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[499-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-499] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[500-version-negotiation] -ssl_conf = 500-version-negotiation-ssl - -[500-version-negotiation-ssl] -server = 500-version-negotiation-server -client = 500-version-negotiation-client - -[500-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[500-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-500] -ExpectedResult = ServerFail - - -# =========================================================== - -[501-version-negotiation] -ssl_conf = 501-version-negotiation-ssl - -[501-version-negotiation-ssl] -server = 501-version-negotiation-server -client = 501-version-negotiation-client - -[501-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[501-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-501] -ExpectedResult = ServerFail - - -# =========================================================== - -[502-version-negotiation] -ssl_conf = 502-version-negotiation-ssl - -[502-version-negotiation-ssl] -server = 502-version-negotiation-server -client = 502-version-negotiation-client - -[502-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[502-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-502] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[503-version-negotiation] -ssl_conf = 503-version-negotiation-ssl - -[503-version-negotiation-ssl] -server = 503-version-negotiation-server -client = 503-version-negotiation-client - -[503-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[503-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-503] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[504-version-negotiation] -ssl_conf = 504-version-negotiation-ssl - -[504-version-negotiation-ssl] -server = 504-version-negotiation-server -client = 504-version-negotiation-client - -[504-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[504-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-504] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[505-version-negotiation] -ssl_conf = 505-version-negotiation-ssl - -[505-version-negotiation-ssl] -server = 505-version-negotiation-server -client = 505-version-negotiation-client - -[505-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[505-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-505] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[506-version-negotiation] -ssl_conf = 506-version-negotiation-ssl - -[506-version-negotiation-ssl] -server = 506-version-negotiation-server -client = 506-version-negotiation-client - -[506-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[506-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-506] -ExpectedResult = ServerFail - - -# =========================================================== - -[507-version-negotiation] -ssl_conf = 507-version-negotiation-ssl - -[507-version-negotiation-ssl] -server = 507-version-negotiation-server -client = 507-version-negotiation-client - -[507-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[507-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-507] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[508-version-negotiation] -ssl_conf = 508-version-negotiation-ssl - -[508-version-negotiation-ssl] -server = 508-version-negotiation-server -client = 508-version-negotiation-client - -[508-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[508-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-508] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[509-version-negotiation] -ssl_conf = 509-version-negotiation-ssl - -[509-version-negotiation-ssl] -server = 509-version-negotiation-server -client = 509-version-negotiation-client - -[509-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[509-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-509] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[510-version-negotiation] -ssl_conf = 510-version-negotiation-ssl - -[510-version-negotiation-ssl] -server = 510-version-negotiation-server -client = 510-version-negotiation-client - -[510-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[510-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-510] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[511-version-negotiation] -ssl_conf = 511-version-negotiation-ssl - -[511-version-negotiation-ssl] -server = 511-version-negotiation-server -client = 511-version-negotiation-client - -[511-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[511-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-511] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[512-version-negotiation] -ssl_conf = 512-version-negotiation-ssl - -[512-version-negotiation-ssl] -server = 512-version-negotiation-server -client = 512-version-negotiation-client - -[512-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[512-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-512] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[513-version-negotiation] -ssl_conf = 513-version-negotiation-ssl - -[513-version-negotiation-ssl] -server = 513-version-negotiation-server -client = 513-version-negotiation-client - -[513-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[513-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-513] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[514-version-negotiation] -ssl_conf = 514-version-negotiation-ssl - -[514-version-negotiation-ssl] -server = 514-version-negotiation-server -client = 514-version-negotiation-client - -[514-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[514-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-514] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[515-version-negotiation] -ssl_conf = 515-version-negotiation-ssl - -[515-version-negotiation-ssl] -server = 515-version-negotiation-server -client = 515-version-negotiation-client - -[515-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[515-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-515] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[516-version-negotiation] -ssl_conf = 516-version-negotiation-ssl - -[516-version-negotiation-ssl] -server = 516-version-negotiation-server -client = 516-version-negotiation-client - -[516-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[516-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-516] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[517-version-negotiation] -ssl_conf = 517-version-negotiation-ssl - -[517-version-negotiation-ssl] -server = 517-version-negotiation-server -client = 517-version-negotiation-client - -[517-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[517-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-517] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[518-version-negotiation] -ssl_conf = 518-version-negotiation-ssl - -[518-version-negotiation-ssl] -server = 518-version-negotiation-server -client = 518-version-negotiation-client - -[518-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[518-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-518] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[519-version-negotiation] -ssl_conf = 519-version-negotiation-ssl - -[519-version-negotiation-ssl] -server = 519-version-negotiation-server -client = 519-version-negotiation-client - -[519-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[519-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-519] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[520-version-negotiation] -ssl_conf = 520-version-negotiation-ssl - -[520-version-negotiation-ssl] -server = 520-version-negotiation-server -client = 520-version-negotiation-client - -[520-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[520-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-520] -ExpectedResult = ServerFail - - -# =========================================================== - -[521-version-negotiation] -ssl_conf = 521-version-negotiation-ssl - -[521-version-negotiation-ssl] -server = 521-version-negotiation-server -client = 521-version-negotiation-client - -[521-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[521-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-521] -ExpectedResult = ServerFail - - -# =========================================================== - -[522-version-negotiation] -ssl_conf = 522-version-negotiation-ssl - -[522-version-negotiation-ssl] -server = 522-version-negotiation-server -client = 522-version-negotiation-client - -[522-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[522-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-522] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[523-version-negotiation] -ssl_conf = 523-version-negotiation-ssl - -[523-version-negotiation-ssl] -server = 523-version-negotiation-server -client = 523-version-negotiation-client - -[523-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[523-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-523] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[524-version-negotiation] -ssl_conf = 524-version-negotiation-ssl - -[524-version-negotiation-ssl] -server = 524-version-negotiation-server -client = 524-version-negotiation-client - -[524-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[524-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-524] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[525-version-negotiation] -ssl_conf = 525-version-negotiation-ssl - -[525-version-negotiation-ssl] -server = 525-version-negotiation-server -client = 525-version-negotiation-client - -[525-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[525-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-525] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[526-version-negotiation] -ssl_conf = 526-version-negotiation-ssl - -[526-version-negotiation-ssl] -server = 526-version-negotiation-server -client = 526-version-negotiation-client - -[526-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[526-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-526] -ExpectedResult = ServerFail - - -# =========================================================== - -[527-version-negotiation] -ssl_conf = 527-version-negotiation-ssl - -[527-version-negotiation-ssl] -server = 527-version-negotiation-server -client = 527-version-negotiation-client - -[527-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[527-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-527] -ExpectedResult = ServerFail - - -# =========================================================== - -[528-version-negotiation] -ssl_conf = 528-version-negotiation-ssl - -[528-version-negotiation-ssl] -server = 528-version-negotiation-server -client = 528-version-negotiation-client - -[528-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[528-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-528] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[529-version-negotiation] -ssl_conf = 529-version-negotiation-ssl - -[529-version-negotiation-ssl] -server = 529-version-negotiation-server -client = 529-version-negotiation-client - -[529-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[529-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-529] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[530-version-negotiation] -ssl_conf = 530-version-negotiation-ssl - -[530-version-negotiation-ssl] -server = 530-version-negotiation-server -client = 530-version-negotiation-client - -[530-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[530-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-530] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[531-version-negotiation] -ssl_conf = 531-version-negotiation-ssl - -[531-version-negotiation-ssl] -server = 531-version-negotiation-server -client = 531-version-negotiation-client - -[531-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[531-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-531] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[532-version-negotiation] -ssl_conf = 532-version-negotiation-ssl - -[532-version-negotiation-ssl] -server = 532-version-negotiation-server -client = 532-version-negotiation-client - -[532-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[532-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-532] -ExpectedResult = ServerFail - - -# =========================================================== - -[533-version-negotiation] -ssl_conf = 533-version-negotiation-ssl - -[533-version-negotiation-ssl] -server = 533-version-negotiation-server -client = 533-version-negotiation-client - -[533-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[533-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-533] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[534-version-negotiation] -ssl_conf = 534-version-negotiation-ssl - -[534-version-negotiation-ssl] -server = 534-version-negotiation-server -client = 534-version-negotiation-client - -[534-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[534-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-534] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[535-version-negotiation] -ssl_conf = 535-version-negotiation-ssl - -[535-version-negotiation-ssl] -server = 535-version-negotiation-server -client = 535-version-negotiation-client - -[535-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[535-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-535] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[536-version-negotiation] -ssl_conf = 536-version-negotiation-ssl - -[536-version-negotiation-ssl] -server = 536-version-negotiation-server -client = 536-version-negotiation-client - -[536-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[536-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-536] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[537-version-negotiation] -ssl_conf = 537-version-negotiation-ssl - -[537-version-negotiation-ssl] -server = 537-version-negotiation-server -client = 537-version-negotiation-client - -[537-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[537-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-537] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[538-version-negotiation] -ssl_conf = 538-version-negotiation-ssl - -[538-version-negotiation-ssl] -server = 538-version-negotiation-server -client = 538-version-negotiation-client - -[538-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[538-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-538] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[539-version-negotiation] -ssl_conf = 539-version-negotiation-ssl - -[539-version-negotiation-ssl] -server = 539-version-negotiation-server -client = 539-version-negotiation-client - -[539-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[539-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-539] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[540-version-negotiation] -ssl_conf = 540-version-negotiation-ssl - -[540-version-negotiation-ssl] -server = 540-version-negotiation-server -client = 540-version-negotiation-client - -[540-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[540-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-540] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[541-version-negotiation] -ssl_conf = 541-version-negotiation-ssl - -[541-version-negotiation-ssl] -server = 541-version-negotiation-server -client = 541-version-negotiation-client - -[541-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[541-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-541] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[542-version-negotiation] -ssl_conf = 542-version-negotiation-ssl - -[542-version-negotiation-ssl] -server = 542-version-negotiation-server -client = 542-version-negotiation-client - -[542-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[542-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-542] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[543-version-negotiation] -ssl_conf = 543-version-negotiation-ssl - -[543-version-negotiation-ssl] -server = 543-version-negotiation-server -client = 543-version-negotiation-client - -[543-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[543-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-543] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[544-version-negotiation] -ssl_conf = 544-version-negotiation-ssl - -[544-version-negotiation-ssl] -server = 544-version-negotiation-server -client = 544-version-negotiation-client - -[544-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[544-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-544] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[545-version-negotiation] -ssl_conf = 545-version-negotiation-ssl - -[545-version-negotiation-ssl] -server = 545-version-negotiation-server -client = 545-version-negotiation-client - -[545-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[545-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-545] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[546-version-negotiation] -ssl_conf = 546-version-negotiation-ssl - -[546-version-negotiation-ssl] -server = 546-version-negotiation-server -client = 546-version-negotiation-client - -[546-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[546-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-546] -ExpectedResult = ServerFail - - -# =========================================================== - -[547-version-negotiation] -ssl_conf = 547-version-negotiation-ssl - -[547-version-negotiation-ssl] -server = 547-version-negotiation-server -client = 547-version-negotiation-client - -[547-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[547-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-547] -ExpectedResult = ClientFail - - -# =========================================================== - -[548-version-negotiation] -ssl_conf = 548-version-negotiation-ssl - -[548-version-negotiation-ssl] -server = 548-version-negotiation-server -client = 548-version-negotiation-client - -[548-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[548-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-548] -ExpectedResult = ClientFail - - -# =========================================================== - -[549-version-negotiation] -ssl_conf = 549-version-negotiation-ssl - -[549-version-negotiation-ssl] -server = 549-version-negotiation-server -client = 549-version-negotiation-client - -[549-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[549-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-549] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[550-version-negotiation] -ssl_conf = 550-version-negotiation-ssl - -[550-version-negotiation-ssl] -server = 550-version-negotiation-server -client = 550-version-negotiation-client - -[550-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[550-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-550] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[551-version-negotiation] -ssl_conf = 551-version-negotiation-ssl - -[551-version-negotiation-ssl] -server = 551-version-negotiation-server -client = 551-version-negotiation-client - -[551-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[551-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-551] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[552-version-negotiation] -ssl_conf = 552-version-negotiation-ssl - -[552-version-negotiation-ssl] -server = 552-version-negotiation-server -client = 552-version-negotiation-client - -[552-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[552-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-552] -ExpectedResult = ServerFail - - -# =========================================================== - -[553-version-negotiation] -ssl_conf = 553-version-negotiation-ssl - -[553-version-negotiation-ssl] -server = 553-version-negotiation-server -client = 553-version-negotiation-client - -[553-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[553-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-553] -ExpectedResult = ClientFail - - -# =========================================================== - -[554-version-negotiation] -ssl_conf = 554-version-negotiation-ssl - -[554-version-negotiation-ssl] -server = 554-version-negotiation-server -client = 554-version-negotiation-client - -[554-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[554-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-554] -ExpectedResult = ClientFail - - -# =========================================================== - -[555-version-negotiation] -ssl_conf = 555-version-negotiation-ssl - -[555-version-negotiation-ssl] -server = 555-version-negotiation-server -client = 555-version-negotiation-client - -[555-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[555-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-555] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[556-version-negotiation] -ssl_conf = 556-version-negotiation-ssl - -[556-version-negotiation-ssl] -server = 556-version-negotiation-server -client = 556-version-negotiation-client - -[556-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[556-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-556] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[557-version-negotiation] -ssl_conf = 557-version-negotiation-ssl - -[557-version-negotiation-ssl] -server = 557-version-negotiation-server -client = 557-version-negotiation-client - -[557-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[557-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-557] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[558-version-negotiation] -ssl_conf = 558-version-negotiation-ssl - -[558-version-negotiation-ssl] -server = 558-version-negotiation-server -client = 558-version-negotiation-client - -[558-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[558-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-558] -ExpectedResult = ClientFail - - -# =========================================================== - -[559-version-negotiation] -ssl_conf = 559-version-negotiation-ssl - -[559-version-negotiation-ssl] -server = 559-version-negotiation-server -client = 559-version-negotiation-client - -[559-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[559-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-559] -ExpectedResult = ClientFail - - -# =========================================================== - -[560-version-negotiation] -ssl_conf = 560-version-negotiation-ssl - -[560-version-negotiation-ssl] -server = 560-version-negotiation-server -client = 560-version-negotiation-client - -[560-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[560-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-560] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[561-version-negotiation] -ssl_conf = 561-version-negotiation-ssl - -[561-version-negotiation-ssl] -server = 561-version-negotiation-server -client = 561-version-negotiation-client - -[561-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[561-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-561] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[562-version-negotiation] -ssl_conf = 562-version-negotiation-ssl - -[562-version-negotiation-ssl] -server = 562-version-negotiation-server -client = 562-version-negotiation-client - -[562-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[562-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-562] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[563-version-negotiation] -ssl_conf = 563-version-negotiation-ssl - -[563-version-negotiation-ssl] -server = 563-version-negotiation-server -client = 563-version-negotiation-client - -[563-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[563-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-563] -ExpectedResult = ClientFail - - -# =========================================================== - -[564-version-negotiation] -ssl_conf = 564-version-negotiation-ssl - -[564-version-negotiation-ssl] -server = 564-version-negotiation-server -client = 564-version-negotiation-client - -[564-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[564-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-564] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[565-version-negotiation] -ssl_conf = 565-version-negotiation-ssl - -[565-version-negotiation-ssl] -server = 565-version-negotiation-server -client = 565-version-negotiation-client - -[565-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[565-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-565] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[566-version-negotiation] -ssl_conf = 566-version-negotiation-ssl - -[566-version-negotiation-ssl] -server = 566-version-negotiation-server -client = 566-version-negotiation-client - -[566-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[566-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-566] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[567-version-negotiation] -ssl_conf = 567-version-negotiation-ssl - -[567-version-negotiation-ssl] -server = 567-version-negotiation-server -client = 567-version-negotiation-client - -[567-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[567-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-567] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[568-version-negotiation] -ssl_conf = 568-version-negotiation-ssl - -[568-version-negotiation-ssl] -server = 568-version-negotiation-server -client = 568-version-negotiation-client - -[568-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[568-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-568] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[569-version-negotiation] -ssl_conf = 569-version-negotiation-ssl - -[569-version-negotiation-ssl] -server = 569-version-negotiation-server -client = 569-version-negotiation-client - -[569-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[569-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-569] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[570-version-negotiation] -ssl_conf = 570-version-negotiation-ssl - -[570-version-negotiation-ssl] -server = 570-version-negotiation-server -client = 570-version-negotiation-client - -[570-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[570-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-570] -ExpectedResult = ServerFail - - -# =========================================================== - -[571-version-negotiation] -ssl_conf = 571-version-negotiation-ssl - -[571-version-negotiation-ssl] -server = 571-version-negotiation-server -client = 571-version-negotiation-client - -[571-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[571-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-571] -ExpectedResult = ServerFail - - -# =========================================================== - -[572-version-negotiation] -ssl_conf = 572-version-negotiation-ssl - -[572-version-negotiation-ssl] -server = 572-version-negotiation-server -client = 572-version-negotiation-client - -[572-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[572-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-572] -ExpectedResult = ServerFail - - -# =========================================================== - -[573-version-negotiation] -ssl_conf = 573-version-negotiation-ssl - -[573-version-negotiation-ssl] -server = 573-version-negotiation-server -client = 573-version-negotiation-client - -[573-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[573-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-573] -ExpectedResult = ServerFail - - -# =========================================================== - -[574-version-negotiation] -ssl_conf = 574-version-negotiation-ssl - -[574-version-negotiation-ssl] -server = 574-version-negotiation-server -client = 574-version-negotiation-client - -[574-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[574-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-574] -ExpectedResult = ServerFail - - -# =========================================================== - -[575-version-negotiation] -ssl_conf = 575-version-negotiation-ssl - -[575-version-negotiation-ssl] -server = 575-version-negotiation-server -client = 575-version-negotiation-client - -[575-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[575-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-575] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[576-version-negotiation] -ssl_conf = 576-version-negotiation-ssl - -[576-version-negotiation-ssl] -server = 576-version-negotiation-server -client = 576-version-negotiation-client - -[576-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[576-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-576] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[577-version-negotiation] -ssl_conf = 577-version-negotiation-ssl - -[577-version-negotiation-ssl] -server = 577-version-negotiation-server -client = 577-version-negotiation-client - -[577-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[577-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-577] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[578-version-negotiation] -ssl_conf = 578-version-negotiation-ssl - -[578-version-negotiation-ssl] -server = 578-version-negotiation-server -client = 578-version-negotiation-client - -[578-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[578-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-578] -ExpectedResult = ServerFail - - -# =========================================================== - -[579-version-negotiation] -ssl_conf = 579-version-negotiation-ssl - -[579-version-negotiation-ssl] -server = 579-version-negotiation-server -client = 579-version-negotiation-client - -[579-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[579-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-579] -ExpectedResult = ServerFail - - -# =========================================================== - -[580-version-negotiation] -ssl_conf = 580-version-negotiation-ssl - -[580-version-negotiation-ssl] -server = 580-version-negotiation-server -client = 580-version-negotiation-client - -[580-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[580-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-580] -ExpectedResult = ServerFail - - -# =========================================================== - -[581-version-negotiation] -ssl_conf = 581-version-negotiation-ssl - -[581-version-negotiation-ssl] -server = 581-version-negotiation-server -client = 581-version-negotiation-client - -[581-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[581-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-581] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[582-version-negotiation] -ssl_conf = 582-version-negotiation-ssl - -[582-version-negotiation-ssl] -server = 582-version-negotiation-server -client = 582-version-negotiation-client - -[582-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[582-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-582] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[583-version-negotiation] -ssl_conf = 583-version-negotiation-ssl - -[583-version-negotiation-ssl] -server = 583-version-negotiation-server -client = 583-version-negotiation-client - -[583-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[583-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-583] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[584-version-negotiation] -ssl_conf = 584-version-negotiation-ssl - -[584-version-negotiation-ssl] -server = 584-version-negotiation-server -client = 584-version-negotiation-client - -[584-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[584-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-584] -ExpectedResult = ServerFail - - -# =========================================================== - -[585-version-negotiation] -ssl_conf = 585-version-negotiation-ssl - -[585-version-negotiation-ssl] -server = 585-version-negotiation-server -client = 585-version-negotiation-client - -[585-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[585-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-585] -ExpectedResult = ServerFail - - -# =========================================================== - -[586-version-negotiation] -ssl_conf = 586-version-negotiation-ssl - -[586-version-negotiation-ssl] -server = 586-version-negotiation-server -client = 586-version-negotiation-client - -[586-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[586-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-586] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[587-version-negotiation] -ssl_conf = 587-version-negotiation-ssl - -[587-version-negotiation-ssl] -server = 587-version-negotiation-server -client = 587-version-negotiation-client - -[587-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[587-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-587] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[588-version-negotiation] -ssl_conf = 588-version-negotiation-ssl - -[588-version-negotiation-ssl] -server = 588-version-negotiation-server -client = 588-version-negotiation-client - -[588-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[588-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-588] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[589-version-negotiation] -ssl_conf = 589-version-negotiation-ssl - -[589-version-negotiation-ssl] -server = 589-version-negotiation-server -client = 589-version-negotiation-client - -[589-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[589-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-589] -ExpectedResult = ServerFail - - -# =========================================================== - -[590-version-negotiation] -ssl_conf = 590-version-negotiation-ssl - -[590-version-negotiation-ssl] -server = 590-version-negotiation-server -client = 590-version-negotiation-client - -[590-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[590-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-590] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[591-version-negotiation] -ssl_conf = 591-version-negotiation-ssl - -[591-version-negotiation-ssl] -server = 591-version-negotiation-server -client = 591-version-negotiation-client - -[591-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[591-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-591] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[592-version-negotiation] -ssl_conf = 592-version-negotiation-ssl - -[592-version-negotiation-ssl] -server = 592-version-negotiation-server -client = 592-version-negotiation-client - -[592-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[592-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-592] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[593-version-negotiation] -ssl_conf = 593-version-negotiation-ssl - -[593-version-negotiation-ssl] -server = 593-version-negotiation-server -client = 593-version-negotiation-client - -[593-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[593-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-593] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[594-version-negotiation] -ssl_conf = 594-version-negotiation-ssl - -[594-version-negotiation-ssl] -server = 594-version-negotiation-server -client = 594-version-negotiation-client - -[594-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[594-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-594] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[595-version-negotiation] -ssl_conf = 595-version-negotiation-ssl - -[595-version-negotiation-ssl] -server = 595-version-negotiation-server -client = 595-version-negotiation-client - -[595-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[595-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-595] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[596-version-negotiation] -ssl_conf = 596-version-negotiation-ssl - -[596-version-negotiation-ssl] -server = 596-version-negotiation-server -client = 596-version-negotiation-client - -[596-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[596-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-596] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[597-version-negotiation] -ssl_conf = 597-version-negotiation-ssl - -[597-version-negotiation-ssl] -server = 597-version-negotiation-server -client = 597-version-negotiation-client - -[597-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[597-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-597] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[598-version-negotiation] -ssl_conf = 598-version-negotiation-ssl - -[598-version-negotiation-ssl] -server = 598-version-negotiation-server -client = 598-version-negotiation-client - -[598-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[598-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-598] -ExpectedResult = ServerFail - - -# =========================================================== - -[599-version-negotiation] -ssl_conf = 599-version-negotiation-ssl - -[599-version-negotiation-ssl] -server = 599-version-negotiation-server -client = 599-version-negotiation-client - -[599-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[599-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-599] -ExpectedResult = ServerFail - - -# =========================================================== - -[600-version-negotiation] -ssl_conf = 600-version-negotiation-ssl - -[600-version-negotiation-ssl] -server = 600-version-negotiation-server -client = 600-version-negotiation-client - -[600-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[600-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-600] -ExpectedResult = ServerFail - - -# =========================================================== - -[601-version-negotiation] -ssl_conf = 601-version-negotiation-ssl - -[601-version-negotiation-ssl] -server = 601-version-negotiation-server -client = 601-version-negotiation-client - -[601-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[601-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-601] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[602-version-negotiation] -ssl_conf = 602-version-negotiation-ssl - -[602-version-negotiation-ssl] -server = 602-version-negotiation-server -client = 602-version-negotiation-client - -[602-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[602-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-602] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[603-version-negotiation] -ssl_conf = 603-version-negotiation-ssl - -[603-version-negotiation-ssl] -server = 603-version-negotiation-server -client = 603-version-negotiation-client - -[603-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[603-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-603] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[604-version-negotiation] -ssl_conf = 604-version-negotiation-ssl - -[604-version-negotiation-ssl] -server = 604-version-negotiation-server -client = 604-version-negotiation-client - -[604-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[604-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-604] -ExpectedResult = ServerFail - - -# =========================================================== - -[605-version-negotiation] -ssl_conf = 605-version-negotiation-ssl - -[605-version-negotiation-ssl] -server = 605-version-negotiation-server -client = 605-version-negotiation-client - -[605-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[605-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-605] -ExpectedResult = ServerFail - - -# =========================================================== - -[606-version-negotiation] -ssl_conf = 606-version-negotiation-ssl - -[606-version-negotiation-ssl] -server = 606-version-negotiation-server -client = 606-version-negotiation-client - -[606-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[606-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-606] -ExpectedResult = ServerFail - - -# =========================================================== - -[607-version-negotiation] -ssl_conf = 607-version-negotiation-ssl - -[607-version-negotiation-ssl] -server = 607-version-negotiation-server -client = 607-version-negotiation-client - -[607-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[607-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-607] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[608-version-negotiation] -ssl_conf = 608-version-negotiation-ssl - -[608-version-negotiation-ssl] -server = 608-version-negotiation-server -client = 608-version-negotiation-client - -[608-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[608-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-608] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[609-version-negotiation] -ssl_conf = 609-version-negotiation-ssl - -[609-version-negotiation-ssl] -server = 609-version-negotiation-server -client = 609-version-negotiation-client - -[609-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[609-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-609] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[610-version-negotiation] -ssl_conf = 610-version-negotiation-ssl - -[610-version-negotiation-ssl] -server = 610-version-negotiation-server -client = 610-version-negotiation-client - -[610-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[610-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-610] -ExpectedResult = ServerFail - - -# =========================================================== - -[611-version-negotiation] -ssl_conf = 611-version-negotiation-ssl - -[611-version-negotiation-ssl] -server = 611-version-negotiation-server -client = 611-version-negotiation-client - -[611-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[611-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-611] -ExpectedResult = ServerFail - - -# =========================================================== - -[612-version-negotiation] -ssl_conf = 612-version-negotiation-ssl - -[612-version-negotiation-ssl] -server = 612-version-negotiation-server -client = 612-version-negotiation-client - -[612-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[612-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-612] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[613-version-negotiation] -ssl_conf = 613-version-negotiation-ssl - -[613-version-negotiation-ssl] -server = 613-version-negotiation-server -client = 613-version-negotiation-client - -[613-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[613-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-613] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[614-version-negotiation] -ssl_conf = 614-version-negotiation-ssl - -[614-version-negotiation-ssl] -server = 614-version-negotiation-server -client = 614-version-negotiation-client - -[614-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[614-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-614] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[615-version-negotiation] -ssl_conf = 615-version-negotiation-ssl - -[615-version-negotiation-ssl] -server = 615-version-negotiation-server -client = 615-version-negotiation-client - -[615-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[615-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-615] -ExpectedResult = ServerFail - - -# =========================================================== - -[616-version-negotiation] -ssl_conf = 616-version-negotiation-ssl - -[616-version-negotiation-ssl] -server = 616-version-negotiation-server -client = 616-version-negotiation-client - -[616-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[616-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-616] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[617-version-negotiation] -ssl_conf = 617-version-negotiation-ssl - -[617-version-negotiation-ssl] -server = 617-version-negotiation-server -client = 617-version-negotiation-client - -[617-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[617-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-617] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[618-version-negotiation] -ssl_conf = 618-version-negotiation-ssl - -[618-version-negotiation-ssl] -server = 618-version-negotiation-server -client = 618-version-negotiation-client - -[618-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[618-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-618] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[619-version-negotiation] -ssl_conf = 619-version-negotiation-ssl - -[619-version-negotiation-ssl] -server = 619-version-negotiation-server -client = 619-version-negotiation-client - -[619-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[619-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-619] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[620-version-negotiation] -ssl_conf = 620-version-negotiation-ssl - -[620-version-negotiation-ssl] -server = 620-version-negotiation-server -client = 620-version-negotiation-client - -[620-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[620-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-620] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[621-version-negotiation] -ssl_conf = 621-version-negotiation-ssl - -[621-version-negotiation-ssl] -server = 621-version-negotiation-server -client = 621-version-negotiation-client - -[621-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[621-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-621] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[622-version-negotiation] -ssl_conf = 622-version-negotiation-ssl - -[622-version-negotiation-ssl] -server = 622-version-negotiation-server -client = 622-version-negotiation-client - -[622-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[622-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-622] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[623-version-negotiation] -ssl_conf = 623-version-negotiation-ssl - -[623-version-negotiation-ssl] -server = 623-version-negotiation-server -client = 623-version-negotiation-client - -[623-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[623-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-623] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[624-version-negotiation] -ssl_conf = 624-version-negotiation-ssl - -[624-version-negotiation-ssl] -server = 624-version-negotiation-server -client = 624-version-negotiation-client - -[624-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[624-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-624] -ExpectedResult = ServerFail - - -# =========================================================== - -[625-version-negotiation] -ssl_conf = 625-version-negotiation-ssl - -[625-version-negotiation-ssl] -server = 625-version-negotiation-server -client = 625-version-negotiation-client - -[625-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[625-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-625] -ExpectedResult = ServerFail - - -# =========================================================== - -[626-version-negotiation] -ssl_conf = 626-version-negotiation-ssl - -[626-version-negotiation-ssl] -server = 626-version-negotiation-server -client = 626-version-negotiation-client - -[626-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[626-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-626] -ExpectedResult = ServerFail - - -# =========================================================== - -[627-version-negotiation] -ssl_conf = 627-version-negotiation-ssl - -[627-version-negotiation-ssl] -server = 627-version-negotiation-server -client = 627-version-negotiation-client - -[627-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[627-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-627] -ExpectedResult = ServerFail - - -# =========================================================== - -[628-version-negotiation] -ssl_conf = 628-version-negotiation-ssl - -[628-version-negotiation-ssl] -server = 628-version-negotiation-server -client = 628-version-negotiation-client - -[628-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[628-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-628] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[629-version-negotiation] -ssl_conf = 629-version-negotiation-ssl - -[629-version-negotiation-ssl] -server = 629-version-negotiation-server -client = 629-version-negotiation-client - -[629-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[629-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-629] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[630-version-negotiation] -ssl_conf = 630-version-negotiation-ssl - -[630-version-negotiation-ssl] -server = 630-version-negotiation-server -client = 630-version-negotiation-client - -[630-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[630-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-630] -ExpectedResult = ServerFail - - -# =========================================================== - -[631-version-negotiation] -ssl_conf = 631-version-negotiation-ssl - -[631-version-negotiation-ssl] -server = 631-version-negotiation-server -client = 631-version-negotiation-client - -[631-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[631-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-631] -ExpectedResult = ServerFail - - -# =========================================================== - -[632-version-negotiation] -ssl_conf = 632-version-negotiation-ssl - -[632-version-negotiation-ssl] -server = 632-version-negotiation-server -client = 632-version-negotiation-client - -[632-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[632-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-632] -ExpectedResult = ServerFail - - -# =========================================================== - -[633-version-negotiation] -ssl_conf = 633-version-negotiation-ssl - -[633-version-negotiation-ssl] -server = 633-version-negotiation-server -client = 633-version-negotiation-client - -[633-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[633-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-633] -ExpectedResult = ServerFail - - -# =========================================================== - -[634-version-negotiation] -ssl_conf = 634-version-negotiation-ssl - -[634-version-negotiation-ssl] -server = 634-version-negotiation-server -client = 634-version-negotiation-client - -[634-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[634-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-634] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[635-version-negotiation] -ssl_conf = 635-version-negotiation-ssl - -[635-version-negotiation-ssl] -server = 635-version-negotiation-server -client = 635-version-negotiation-client - -[635-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[635-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-635] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[636-version-negotiation] -ssl_conf = 636-version-negotiation-ssl - -[636-version-negotiation-ssl] -server = 636-version-negotiation-server -client = 636-version-negotiation-client - -[636-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[636-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-636] -ExpectedResult = ServerFail - - -# =========================================================== - -[637-version-negotiation] -ssl_conf = 637-version-negotiation-ssl - -[637-version-negotiation-ssl] -server = 637-version-negotiation-server -client = 637-version-negotiation-client - -[637-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[637-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-637] -ExpectedResult = ServerFail - - -# =========================================================== - -[638-version-negotiation] -ssl_conf = 638-version-negotiation-ssl - -[638-version-negotiation-ssl] -server = 638-version-negotiation-server -client = 638-version-negotiation-client - -[638-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[638-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-638] -ExpectedResult = ServerFail - - -# =========================================================== - -[639-version-negotiation] -ssl_conf = 639-version-negotiation-ssl - -[639-version-negotiation-ssl] -server = 639-version-negotiation-server -client = 639-version-negotiation-client - -[639-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[639-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-639] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[640-version-negotiation] -ssl_conf = 640-version-negotiation-ssl - -[640-version-negotiation-ssl] -server = 640-version-negotiation-server -client = 640-version-negotiation-client - -[640-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[640-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-640] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[641-version-negotiation] -ssl_conf = 641-version-negotiation-ssl - -[641-version-negotiation-ssl] -server = 641-version-negotiation-server -client = 641-version-negotiation-client - -[641-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[641-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-641] -ExpectedResult = ServerFail - - -# =========================================================== - -[642-version-negotiation] -ssl_conf = 642-version-negotiation-ssl - -[642-version-negotiation-ssl] -server = 642-version-negotiation-server -client = 642-version-negotiation-client - -[642-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[642-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-642] -ExpectedResult = ServerFail - - -# =========================================================== - -[643-version-negotiation] -ssl_conf = 643-version-negotiation-ssl - -[643-version-negotiation-ssl] -server = 643-version-negotiation-server -client = 643-version-negotiation-client - -[643-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[643-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-643] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[644-version-negotiation] -ssl_conf = 644-version-negotiation-ssl - -[644-version-negotiation-ssl] -server = 644-version-negotiation-server -client = 644-version-negotiation-client - -[644-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[644-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-644] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[645-version-negotiation] -ssl_conf = 645-version-negotiation-ssl - -[645-version-negotiation-ssl] -server = 645-version-negotiation-server -client = 645-version-negotiation-client - -[645-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[645-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-645] -ExpectedResult = ServerFail - - -# =========================================================== - -[646-version-negotiation] -ssl_conf = 646-version-negotiation-ssl - -[646-version-negotiation-ssl] -server = 646-version-negotiation-server -client = 646-version-negotiation-client - -[646-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[646-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-646] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[647-version-negotiation] -ssl_conf = 647-version-negotiation-ssl - -[647-version-negotiation-ssl] -server = 647-version-negotiation-server -client = 647-version-negotiation-client - -[647-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[647-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-647] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[648-version-negotiation] -ssl_conf = 648-version-negotiation-ssl - -[648-version-negotiation-ssl] -server = 648-version-negotiation-server -client = 648-version-negotiation-client - -[648-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[648-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-648] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[649-version-negotiation] -ssl_conf = 649-version-negotiation-ssl - -[649-version-negotiation-ssl] -server = 649-version-negotiation-server -client = 649-version-negotiation-client - -[649-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[649-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-649] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[650-version-negotiation] -ssl_conf = 650-version-negotiation-ssl - -[650-version-negotiation-ssl] -server = 650-version-negotiation-server -client = 650-version-negotiation-client - -[650-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[650-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-650] -ExpectedResult = ServerFail - - -# =========================================================== - -[651-version-negotiation] -ssl_conf = 651-version-negotiation-ssl - -[651-version-negotiation-ssl] -server = 651-version-negotiation-server -client = 651-version-negotiation-client - -[651-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[651-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-651] -ExpectedResult = ServerFail - - -# =========================================================== - -[652-version-negotiation] -ssl_conf = 652-version-negotiation-ssl - -[652-version-negotiation-ssl] -server = 652-version-negotiation-server -client = 652-version-negotiation-client - -[652-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[652-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-652] -ExpectedResult = ServerFail - - -# =========================================================== - -[653-version-negotiation] -ssl_conf = 653-version-negotiation-ssl - -[653-version-negotiation-ssl] -server = 653-version-negotiation-server -client = 653-version-negotiation-client - -[653-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[653-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-653] -ExpectedResult = ServerFail - - -# =========================================================== - -[654-version-negotiation] -ssl_conf = 654-version-negotiation-ssl - -[654-version-negotiation-ssl] -server = 654-version-negotiation-server -client = 654-version-negotiation-client - -[654-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[654-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-654] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[655-version-negotiation] -ssl_conf = 655-version-negotiation-ssl - -[655-version-negotiation-ssl] -server = 655-version-negotiation-server -client = 655-version-negotiation-client - -[655-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[655-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-655] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[656-version-negotiation] -ssl_conf = 656-version-negotiation-ssl - -[656-version-negotiation-ssl] -server = 656-version-negotiation-server -client = 656-version-negotiation-client - -[656-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[656-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-656] -ExpectedResult = ServerFail - - -# =========================================================== - -[657-version-negotiation] -ssl_conf = 657-version-negotiation-ssl - -[657-version-negotiation-ssl] -server = 657-version-negotiation-server -client = 657-version-negotiation-client - -[657-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[657-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-657] -ExpectedResult = ServerFail - - -# =========================================================== - -[658-version-negotiation] -ssl_conf = 658-version-negotiation-ssl - -[658-version-negotiation-ssl] -server = 658-version-negotiation-server -client = 658-version-negotiation-client - -[658-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[658-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-658] -ExpectedResult = ServerFail - - -# =========================================================== - -[659-version-negotiation] -ssl_conf = 659-version-negotiation-ssl - -[659-version-negotiation-ssl] -server = 659-version-negotiation-server -client = 659-version-negotiation-client - -[659-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[659-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-659] -ExpectedResult = ServerFail - - -# =========================================================== - -[660-version-negotiation] -ssl_conf = 660-version-negotiation-ssl - -[660-version-negotiation-ssl] -server = 660-version-negotiation-server -client = 660-version-negotiation-client - -[660-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[660-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-660] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[661-version-negotiation] -ssl_conf = 661-version-negotiation-ssl - -[661-version-negotiation-ssl] -server = 661-version-negotiation-server -client = 661-version-negotiation-client - -[661-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[661-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-661] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[662-version-negotiation] -ssl_conf = 662-version-negotiation-ssl - -[662-version-negotiation-ssl] -server = 662-version-negotiation-server -client = 662-version-negotiation-client - -[662-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[662-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-662] -ExpectedResult = ServerFail - - -# =========================================================== - -[663-version-negotiation] -ssl_conf = 663-version-negotiation-ssl - -[663-version-negotiation-ssl] -server = 663-version-negotiation-server -client = 663-version-negotiation-client - -[663-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[663-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-663] -ExpectedResult = ServerFail - - -# =========================================================== - -[664-version-negotiation] -ssl_conf = 664-version-negotiation-ssl - -[664-version-negotiation-ssl] -server = 664-version-negotiation-server -client = 664-version-negotiation-client - -[664-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[664-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-664] -ExpectedResult = ServerFail - - -# =========================================================== - -[665-version-negotiation] -ssl_conf = 665-version-negotiation-ssl - -[665-version-negotiation-ssl] -server = 665-version-negotiation-server -client = 665-version-negotiation-client - -[665-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[665-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-665] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[666-version-negotiation] -ssl_conf = 666-version-negotiation-ssl - -[666-version-negotiation-ssl] -server = 666-version-negotiation-server -client = 666-version-negotiation-client - -[666-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[666-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-666] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[667-version-negotiation] -ssl_conf = 667-version-negotiation-ssl - -[667-version-negotiation-ssl] -server = 667-version-negotiation-server -client = 667-version-negotiation-client - -[667-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[667-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-667] -ExpectedResult = ServerFail - - -# =========================================================== - -[668-version-negotiation] -ssl_conf = 668-version-negotiation-ssl - -[668-version-negotiation-ssl] -server = 668-version-negotiation-server -client = 668-version-negotiation-client - -[668-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[668-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-668] -ExpectedResult = ServerFail - - -# =========================================================== - -[669-version-negotiation] -ssl_conf = 669-version-negotiation-ssl - -[669-version-negotiation-ssl] -server = 669-version-negotiation-server -client = 669-version-negotiation-client - -[669-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[669-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-669] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[670-version-negotiation] -ssl_conf = 670-version-negotiation-ssl - -[670-version-negotiation-ssl] -server = 670-version-negotiation-server -client = 670-version-negotiation-client - -[670-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[670-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-670] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[671-version-negotiation] -ssl_conf = 671-version-negotiation-ssl - -[671-version-negotiation-ssl] -server = 671-version-negotiation-server -client = 671-version-negotiation-client - -[671-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[671-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-671] -ExpectedResult = ServerFail - - -# =========================================================== - -[672-version-negotiation] -ssl_conf = 672-version-negotiation-ssl - -[672-version-negotiation-ssl] -server = 672-version-negotiation-server -client = 672-version-negotiation-client - -[672-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[672-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-672] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[673-version-negotiation] -ssl_conf = 673-version-negotiation-ssl - -[673-version-negotiation-ssl] -server = 673-version-negotiation-server -client = 673-version-negotiation-client - -[673-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[673-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-673] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[674-version-negotiation] -ssl_conf = 674-version-negotiation-ssl - -[674-version-negotiation-ssl] -server = 674-version-negotiation-server -client = 674-version-negotiation-client - -[674-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[674-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-674] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[675-version-negotiation] -ssl_conf = 675-version-negotiation-ssl - -[675-version-negotiation-ssl] -server = 675-version-negotiation-server -client = 675-version-negotiation-client - -[675-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[675-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-675] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[676-ciphersuite-sanity-check-client] -ssl_conf = 676-ciphersuite-sanity-check-client-ssl - -[676-ciphersuite-sanity-check-client-ssl] -server = 676-ciphersuite-sanity-check-client-server -client = 676-ciphersuite-sanity-check-client-client - -[676-ciphersuite-sanity-check-client-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[676-ciphersuite-sanity-check-client-client] -CipherString = AES128-SHA -Ciphersuites = -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-676] -ExpectedResult = ClientFail - - -# =========================================================== - -[677-ciphersuite-sanity-check-server] -ssl_conf = 677-ciphersuite-sanity-check-server-ssl - -[677-ciphersuite-sanity-check-server-ssl] -server = 677-ciphersuite-sanity-check-server-server -client = 677-ciphersuite-sanity-check-server-client - -[677-ciphersuite-sanity-check-server-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = AES128-SHA -Ciphersuites = -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[677-ciphersuite-sanity-check-server-client] -CipherString = AES128-SHA -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-677] -ExpectedResult = ServerFail - - diff --git a/test/ssl-tests/02-protocol-version.conf.in b/test/ssl-tests/02-protocol-version.conf.in deleted file mode 100644 index a6799df0ac..0000000000 --- a/test/ssl-tests/02-protocol-version.conf.in +++ /dev/null @@ -1,19 +0,0 @@ -# -*- mode: perl; -*- -# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -## Test TLS version negotiation - -package ssltests; - -use strict; -use warnings; - -use protocol_version; - -our @tests = generate_version_tests("TLS"); diff --git a/test/ssl-tests/03-custom_verify.cnf b/test/ssl-tests/03-custom_verify.cnf new file mode 100644 index 0000000000..8dca715e74 --- /dev/null +++ b/test/ssl-tests/03-custom_verify.cnf @@ -0,0 +1,238 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 9 + +test-0 = 0-verify-success +test-1 = 1-verify-custom-reject +test-2 = 2-verify-custom-allow +test-3 = 3-noverify-success +test-4 = 4-noverify-ignore-custom-reject +test-5 = 5-noverify-accept-custom-allow +test-6 = 6-verify-fail-no-root +test-7 = 7-verify-custom-success-no-root +test-8 = 8-verify-custom-fail-no-root +# =========================================================== + +[0-verify-success] +ssl_conf = 0-verify-success-ssl + +[0-verify-success-ssl] +server = 0-verify-success-server +client = 0-verify-success-client + +[0-verify-success-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-verify-success-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success + + +# =========================================================== + +[1-verify-custom-reject] +ssl_conf = 1-verify-custom-reject-ssl + +[1-verify-custom-reject-ssl] +server = 1-verify-custom-reject-server +client = 1-verify-custom-reject-client + +[1-verify-custom-reject-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-verify-custom-reject-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedClientAlert = HandshakeFailure +ExpectedResult = ClientFail +client = 1-verify-custom-reject-client-extra + +[1-verify-custom-reject-client-extra] +VerifyCallback = RejectAll + + +# =========================================================== + +[2-verify-custom-allow] +ssl_conf = 2-verify-custom-allow-ssl + +[2-verify-custom-allow-ssl] +server = 2-verify-custom-allow-server +client = 2-verify-custom-allow-client + +[2-verify-custom-allow-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-verify-custom-allow-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success +client = 2-verify-custom-allow-client-extra + +[2-verify-custom-allow-client-extra] +VerifyCallback = AcceptAll + + +# =========================================================== + +[3-noverify-success] +ssl_conf = 3-noverify-success-ssl + +[3-noverify-success-ssl] +server = 3-noverify-success-server +client = 3-noverify-success-client + +[3-noverify-success-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-noverify-success-client] +CipherString = DEFAULT + +[test-3] +ExpectedResult = Success + + +# =========================================================== + +[4-noverify-ignore-custom-reject] +ssl_conf = 4-noverify-ignore-custom-reject-ssl + +[4-noverify-ignore-custom-reject-ssl] +server = 4-noverify-ignore-custom-reject-server +client = 4-noverify-ignore-custom-reject-client + +[4-noverify-ignore-custom-reject-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-noverify-ignore-custom-reject-client] +CipherString = DEFAULT + +[test-4] +ExpectedResult = Success +client = 4-noverify-ignore-custom-reject-client-extra + +[4-noverify-ignore-custom-reject-client-extra] +VerifyCallback = RejectAll + + +# =========================================================== + +[5-noverify-accept-custom-allow] +ssl_conf = 5-noverify-accept-custom-allow-ssl + +[5-noverify-accept-custom-allow-ssl] +server = 5-noverify-accept-custom-allow-server +client = 5-noverify-accept-custom-allow-client + +[5-noverify-accept-custom-allow-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-noverify-accept-custom-allow-client] +CipherString = DEFAULT + +[test-5] +ExpectedResult = Success +client = 5-noverify-accept-custom-allow-client-extra + +[5-noverify-accept-custom-allow-client-extra] +VerifyCallback = AcceptAll + + +# =========================================================== + +[6-verify-fail-no-root] +ssl_conf = 6-verify-fail-no-root-ssl + +[6-verify-fail-no-root-ssl] +server = 6-verify-fail-no-root-server +client = 6-verify-fail-no-root-client + +[6-verify-fail-no-root-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-verify-fail-no-root-client] +CipherString = DEFAULT +VerifyMode = Peer + +[test-6] +ExpectedClientAlert = UnknownCA +ExpectedResult = ClientFail + + +# =========================================================== + +[7-verify-custom-success-no-root] +ssl_conf = 7-verify-custom-success-no-root-ssl + +[7-verify-custom-success-no-root-ssl] +server = 7-verify-custom-success-no-root-server +client = 7-verify-custom-success-no-root-client + +[7-verify-custom-success-no-root-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-verify-custom-success-no-root-client] +CipherString = DEFAULT +VerifyMode = Peer + +[test-7] +ExpectedResult = Success +client = 7-verify-custom-success-no-root-client-extra + +[7-verify-custom-success-no-root-client-extra] +VerifyCallback = AcceptAll + + +# =========================================================== + +[8-verify-custom-fail-no-root] +ssl_conf = 8-verify-custom-fail-no-root-ssl + +[8-verify-custom-fail-no-root-ssl] +server = 8-verify-custom-fail-no-root-server +client = 8-verify-custom-fail-no-root-client + +[8-verify-custom-fail-no-root-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-verify-custom-fail-no-root-client] +CipherString = DEFAULT +VerifyMode = Peer + +[test-8] +ExpectedClientAlert = HandshakeFailure +ExpectedResult = ClientFail +client = 8-verify-custom-fail-no-root-client-extra + +[8-verify-custom-fail-no-root-client-extra] +VerifyCallback = RejectAll + + diff --git a/test/ssl-tests/03-custom_verify.cnf.in b/test/ssl-tests/03-custom_verify.cnf.in new file mode 100644 index 0000000000..b3b16c95db --- /dev/null +++ b/test/ssl-tests/03-custom_verify.cnf.in @@ -0,0 +1,145 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## SSL test configurations + +package ssltests; + +our @tests = ( + + # Sanity-check that verification indeed succeeds without the + # restrictive callback. + { + name => "verify-success", + server => { }, + client => { }, + test => { "ExpectedResult" => "Success" }, + }, + + # Same test as above but with a custom callback that always fails. + { + name => "verify-custom-reject", + server => { }, + client => { + extra => { + "VerifyCallback" => "RejectAll", + }, + }, + test => { + "ExpectedResult" => "ClientFail", + "ExpectedClientAlert" => "HandshakeFailure", + }, + }, + + # Same test as above but with a custom callback that always succeeds. + { + name => "verify-custom-allow", + server => { }, + client => { + extra => { + "VerifyCallback" => "AcceptAll", + }, + }, + test => { + "ExpectedResult" => "Success", + }, + }, + + # Sanity-check that verification indeed succeeds if peer verification + # is not requested. + { + name => "noverify-success", + server => { }, + client => { + "VerifyMode" => undef, + "VerifyCAFile" => undef, + }, + test => { "ExpectedResult" => "Success" }, + }, + + # Same test as above but with a custom callback that always fails. + # The callback return has no impact on handshake success in this mode. + { + name => "noverify-ignore-custom-reject", + server => { }, + client => { + "VerifyMode" => undef, + "VerifyCAFile" => undef, + extra => { + "VerifyCallback" => "RejectAll", + }, + }, + test => { + "ExpectedResult" => "Success", + }, + }, + + # Same test as above but with a custom callback that always succeeds. + # The callback return has no impact on handshake success in this mode. + { + name => "noverify-accept-custom-allow", + server => { }, + client => { + "VerifyMode" => undef, + "VerifyCAFile" => undef, + extra => { + "VerifyCallback" => "AcceptAll", + }, + }, + test => { + "ExpectedResult" => "Success", + }, + }, + + # Sanity-check that verification indeed fails without the + # permissive callback. + { + name => "verify-fail-no-root", + server => { }, + client => { + # Don't set up the client root file. + "VerifyCAFile" => undef, + }, + test => { + "ExpectedResult" => "ClientFail", + "ExpectedClientAlert" => "UnknownCA", + }, + }, + + # Same test as above but with a custom callback that always succeeds. + { + name => "verify-custom-success-no-root", + server => { }, + client => { + "VerifyCAFile" => undef, + extra => { + "VerifyCallback" => "AcceptAll", + }, + }, + test => { + "ExpectedResult" => "Success" + }, + }, + + # Same test as above but with a custom callback that always fails. + { + name => "verify-custom-fail-no-root", + server => { }, + client => { + "VerifyCAFile" => undef, + extra => { + "VerifyCallback" => "RejectAll", + }, + }, + test => { + "ExpectedResult" => "ClientFail", + "ExpectedClientAlert" => "HandshakeFailure", + }, + }, +); diff --git a/test/ssl-tests/03-custom_verify.conf b/test/ssl-tests/03-custom_verify.conf deleted file mode 100644 index 8dca715e74..0000000000 --- a/test/ssl-tests/03-custom_verify.conf +++ /dev/null @@ -1,238 +0,0 @@ -# Generated with generate_ssl_tests.pl - -num_tests = 9 - -test-0 = 0-verify-success -test-1 = 1-verify-custom-reject -test-2 = 2-verify-custom-allow -test-3 = 3-noverify-success -test-4 = 4-noverify-ignore-custom-reject -test-5 = 5-noverify-accept-custom-allow -test-6 = 6-verify-fail-no-root -test-7 = 7-verify-custom-success-no-root -test-8 = 8-verify-custom-fail-no-root -# =========================================================== - -[0-verify-success] -ssl_conf = 0-verify-success-ssl - -[0-verify-success-ssl] -server = 0-verify-success-server -client = 0-verify-success-client - -[0-verify-success-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[0-verify-success-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-0] -ExpectedResult = Success - - -# =========================================================== - -[1-verify-custom-reject] -ssl_conf = 1-verify-custom-reject-ssl - -[1-verify-custom-reject-ssl] -server = 1-verify-custom-reject-server -client = 1-verify-custom-reject-client - -[1-verify-custom-reject-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[1-verify-custom-reject-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-1] -ExpectedClientAlert = HandshakeFailure -ExpectedResult = ClientFail -client = 1-verify-custom-reject-client-extra - -[1-verify-custom-reject-client-extra] -VerifyCallback = RejectAll - - -# =========================================================== - -[2-verify-custom-allow] -ssl_conf = 2-verify-custom-allow-ssl - -[2-verify-custom-allow-ssl] -server = 2-verify-custom-allow-server -client = 2-verify-custom-allow-client - -[2-verify-custom-allow-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[2-verify-custom-allow-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-2] -ExpectedResult = Success -client = 2-verify-custom-allow-client-extra - -[2-verify-custom-allow-client-extra] -VerifyCallback = AcceptAll - - -# =========================================================== - -[3-noverify-success] -ssl_conf = 3-noverify-success-ssl - -[3-noverify-success-ssl] -server = 3-noverify-success-server -client = 3-noverify-success-client - -[3-noverify-success-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[3-noverify-success-client] -CipherString = DEFAULT - -[test-3] -ExpectedResult = Success - - -# =========================================================== - -[4-noverify-ignore-custom-reject] -ssl_conf = 4-noverify-ignore-custom-reject-ssl - -[4-noverify-ignore-custom-reject-ssl] -server = 4-noverify-ignore-custom-reject-server -client = 4-noverify-ignore-custom-reject-client - -[4-noverify-ignore-custom-reject-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[4-noverify-ignore-custom-reject-client] -CipherString = DEFAULT - -[test-4] -ExpectedResult = Success -client = 4-noverify-ignore-custom-reject-client-extra - -[4-noverify-ignore-custom-reject-client-extra] -VerifyCallback = RejectAll - - -# =========================================================== - -[5-noverify-accept-custom-allow] -ssl_conf = 5-noverify-accept-custom-allow-ssl - -[5-noverify-accept-custom-allow-ssl] -server = 5-noverify-accept-custom-allow-server -client = 5-noverify-accept-custom-allow-client - -[5-noverify-accept-custom-allow-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[5-noverify-accept-custom-allow-client] -CipherString = DEFAULT - -[test-5] -ExpectedResult = Success -client = 5-noverify-accept-custom-allow-client-extra - -[5-noverify-accept-custom-allow-client-extra] -VerifyCallback = AcceptAll - - -# =========================================================== - -[6-verify-fail-no-root] -ssl_conf = 6-verify-fail-no-root-ssl - -[6-verify-fail-no-root-ssl] -server = 6-verify-fail-no-root-server -client = 6-verify-fail-no-root-client - -[6-verify-fail-no-root-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[6-verify-fail-no-root-client] -CipherString = DEFAULT -VerifyMode = Peer - -[test-6] -ExpectedClientAlert = UnknownCA -ExpectedResult = ClientFail - - -# =========================================================== - -[7-verify-custom-success-no-root] -ssl_conf = 7-verify-custom-success-no-root-ssl - -[7-verify-custom-success-no-root-ssl] -server = 7-verify-custom-success-no-root-server -client = 7-verify-custom-success-no-root-client - -[7-verify-custom-success-no-root-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[7-verify-custom-success-no-root-client] -CipherString = DEFAULT -VerifyMode = Peer - -[test-7] -ExpectedResult = Success -client = 7-verify-custom-success-no-root-client-extra - -[7-verify-custom-success-no-root-client-extra] -VerifyCallback = AcceptAll - - -# =========================================================== - -[8-verify-custom-fail-no-root] -ssl_conf = 8-verify-custom-fail-no-root-ssl - -[8-verify-custom-fail-no-root-ssl] -server = 8-verify-custom-fail-no-root-server -client = 8-verify-custom-fail-no-root-client - -[8-verify-custom-fail-no-root-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[8-verify-custom-fail-no-root-client] -CipherString = DEFAULT -VerifyMode = Peer - -[test-8] -ExpectedClientAlert = HandshakeFailure -ExpectedResult = ClientFail -client = 8-verify-custom-fail-no-root-client-extra - -[8-verify-custom-fail-no-root-client-extra] -VerifyCallback = RejectAll - - diff --git a/test/ssl-tests/03-custom_verify.conf.in b/test/ssl-tests/03-custom_verify.conf.in deleted file mode 100644 index b3b16c95db..0000000000 --- a/test/ssl-tests/03-custom_verify.conf.in +++ /dev/null @@ -1,145 +0,0 @@ -# -*- mode: perl; -*- -# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -## SSL test configurations - -package ssltests; - -our @tests = ( - - # Sanity-check that verification indeed succeeds without the - # restrictive callback. - { - name => "verify-success", - server => { }, - client => { }, - test => { "ExpectedResult" => "Success" }, - }, - - # Same test as above but with a custom callback that always fails. - { - name => "verify-custom-reject", - server => { }, - client => { - extra => { - "VerifyCallback" => "RejectAll", - }, - }, - test => { - "ExpectedResult" => "ClientFail", - "ExpectedClientAlert" => "HandshakeFailure", - }, - }, - - # Same test as above but with a custom callback that always succeeds. - { - name => "verify-custom-allow", - server => { }, - client => { - extra => { - "VerifyCallback" => "AcceptAll", - }, - }, - test => { - "ExpectedResult" => "Success", - }, - }, - - # Sanity-check that verification indeed succeeds if peer verification - # is not requested. - { - name => "noverify-success", - server => { }, - client => { - "VerifyMode" => undef, - "VerifyCAFile" => undef, - }, - test => { "ExpectedResult" => "Success" }, - }, - - # Same test as above but with a custom callback that always fails. - # The callback return has no impact on handshake success in this mode. - { - name => "noverify-ignore-custom-reject", - server => { }, - client => { - "VerifyMode" => undef, - "VerifyCAFile" => undef, - extra => { - "VerifyCallback" => "RejectAll", - }, - }, - test => { - "ExpectedResult" => "Success", - }, - }, - - # Same test as above but with a custom callback that always succeeds. - # The callback return has no impact on handshake success in this mode. - { - name => "noverify-accept-custom-allow", - server => { }, - client => { - "VerifyMode" => undef, - "VerifyCAFile" => undef, - extra => { - "VerifyCallback" => "AcceptAll", - }, - }, - test => { - "ExpectedResult" => "Success", - }, - }, - - # Sanity-check that verification indeed fails without the - # permissive callback. - { - name => "verify-fail-no-root", - server => { }, - client => { - # Don't set up the client root file. - "VerifyCAFile" => undef, - }, - test => { - "ExpectedResult" => "ClientFail", - "ExpectedClientAlert" => "UnknownCA", - }, - }, - - # Same test as above but with a custom callback that always succeeds. - { - name => "verify-custom-success-no-root", - server => { }, - client => { - "VerifyCAFile" => undef, - extra => { - "VerifyCallback" => "AcceptAll", - }, - }, - test => { - "ExpectedResult" => "Success" - }, - }, - - # Same test as above but with a custom callback that always fails. - { - name => "verify-custom-fail-no-root", - server => { }, - client => { - "VerifyCAFile" => undef, - extra => { - "VerifyCallback" => "RejectAll", - }, - }, - test => { - "ExpectedResult" => "ClientFail", - "ExpectedClientAlert" => "HandshakeFailure", - }, - }, -); diff --git a/test/ssl-tests/04-client_auth.cnf b/test/ssl-tests/04-client_auth.cnf new file mode 100644 index 0000000000..8debb66fd0 --- /dev/null +++ b/test/ssl-tests/04-client_auth.cnf @@ -0,0 +1,1132 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 36 + +test-0 = 0-server-auth-flex +test-1 = 1-client-auth-flex-request +test-2 = 2-client-auth-flex-require-fail +test-3 = 3-client-auth-flex-require +test-4 = 4-client-auth-flex-require-non-empty-names +test-5 = 5-client-auth-flex-noroot +test-6 = 6-server-auth-TLSv1 +test-7 = 7-client-auth-TLSv1-request +test-8 = 8-client-auth-TLSv1-require-fail +test-9 = 9-client-auth-TLSv1-require +test-10 = 10-client-auth-TLSv1-require-non-empty-names +test-11 = 11-client-auth-TLSv1-noroot +test-12 = 12-server-auth-TLSv1.1 +test-13 = 13-client-auth-TLSv1.1-request +test-14 = 14-client-auth-TLSv1.1-require-fail +test-15 = 15-client-auth-TLSv1.1-require +test-16 = 16-client-auth-TLSv1.1-require-non-empty-names +test-17 = 17-client-auth-TLSv1.1-noroot +test-18 = 18-server-auth-TLSv1.2 +test-19 = 19-client-auth-TLSv1.2-request +test-20 = 20-client-auth-TLSv1.2-require-fail +test-21 = 21-client-auth-TLSv1.2-require +test-22 = 22-client-auth-TLSv1.2-require-non-empty-names +test-23 = 23-client-auth-TLSv1.2-noroot +test-24 = 24-server-auth-DTLSv1 +test-25 = 25-client-auth-DTLSv1-request +test-26 = 26-client-auth-DTLSv1-require-fail +test-27 = 27-client-auth-DTLSv1-require +test-28 = 28-client-auth-DTLSv1-require-non-empty-names +test-29 = 29-client-auth-DTLSv1-noroot +test-30 = 30-server-auth-DTLSv1.2 +test-31 = 31-client-auth-DTLSv1.2-request +test-32 = 32-client-auth-DTLSv1.2-require-fail +test-33 = 33-client-auth-DTLSv1.2-require +test-34 = 34-client-auth-DTLSv1.2-require-non-empty-names +test-35 = 35-client-auth-DTLSv1.2-noroot +# =========================================================== + +[0-server-auth-flex] +ssl_conf = 0-server-auth-flex-ssl + +[0-server-auth-flex-ssl] +server = 0-server-auth-flex-server +client = 0-server-auth-flex-client + +[0-server-auth-flex-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-server-auth-flex-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success + + +# =========================================================== + +[1-client-auth-flex-request] +ssl_conf = 1-client-auth-flex-request-ssl + +[1-client-auth-flex-request-ssl] +server = 1-client-auth-flex-request-server +client = 1-client-auth-flex-request-client + +[1-client-auth-flex-request-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Request + +[1-client-auth-flex-request-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success + + +# =========================================================== + +[2-client-auth-flex-require-fail] +ssl_conf = 2-client-auth-flex-require-fail-ssl + +[2-client-auth-flex-require-fail-ssl] +server = 2-client-auth-flex-require-fail-server +client = 2-client-auth-flex-require-fail-client + +[2-client-auth-flex-require-fail-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[2-client-auth-flex-require-fail-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = ServerFail +ExpectedServerAlert = CertificateRequired + + +# =========================================================== + +[3-client-auth-flex-require] +ssl_conf = 3-client-auth-flex-require-ssl + +[3-client-auth-flex-require-ssl] +server = 3-client-auth-flex-require-server +client = 3-client-auth-flex-require-client + +[3-client-auth-flex-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[3-client-auth-flex-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedClientCANames = empty +ExpectedClientCertType = RSA +ExpectedResult = Success + + +# =========================================================== + +[4-client-auth-flex-require-non-empty-names] +ssl_conf = 4-client-auth-flex-require-non-empty-names-ssl + +[4-client-auth-flex-require-non-empty-names-ssl] +server = 4-client-auth-flex-require-non-empty-names-server +client = 4-client-auth-flex-require-non-empty-names-client + +[4-client-auth-flex-require-non-empty-names-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[4-client-auth-flex-require-non-empty-names-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedClientCertType = RSA +ExpectedResult = Success + + +# =========================================================== + +[5-client-auth-flex-noroot] +ssl_conf = 5-client-auth-flex-noroot-ssl + +[5-client-auth-flex-noroot-ssl] +server = 5-client-auth-flex-noroot-server +client = 5-client-auth-flex-noroot-client + +[5-client-auth-flex-noroot-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Require + +[5-client-auth-flex-noroot-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA + + +# =========================================================== + +[6-server-auth-TLSv1] +ssl_conf = 6-server-auth-TLSv1-ssl + +[6-server-auth-TLSv1-ssl] +server = 6-server-auth-TLSv1-server +client = 6-server-auth-TLSv1-client + +[6-server-auth-TLSv1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-server-auth-TLSv1-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = Success + + +# =========================================================== + +[7-client-auth-TLSv1-request] +ssl_conf = 7-client-auth-TLSv1-request-ssl + +[7-client-auth-TLSv1-request-ssl] +server = 7-client-auth-TLSv1-request-server +client = 7-client-auth-TLSv1-request-client + +[7-client-auth-TLSv1-request-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Request + +[7-client-auth-TLSv1-request-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = Success + + +# =========================================================== + +[8-client-auth-TLSv1-require-fail] +ssl_conf = 8-client-auth-TLSv1-require-fail-ssl + +[8-client-auth-TLSv1-require-fail-ssl] +server = 8-client-auth-TLSv1-require-fail-server +client = 8-client-auth-TLSv1-require-fail-client + +[8-client-auth-TLSv1-require-fail-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[8-client-auth-TLSv1-require-fail-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedResult = ServerFail +ExpectedServerAlert = HandshakeFailure + + +# =========================================================== + +[9-client-auth-TLSv1-require] +ssl_conf = 9-client-auth-TLSv1-require-ssl + +[9-client-auth-TLSv1-require-ssl] +server = 9-client-auth-TLSv1-require-server +client = 9-client-auth-TLSv1-require-client + +[9-client-auth-TLSv1-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[9-client-auth-TLSv1-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedClientCANames = empty +ExpectedClientCertType = RSA +ExpectedResult = Success + + +# =========================================================== + +[10-client-auth-TLSv1-require-non-empty-names] +ssl_conf = 10-client-auth-TLSv1-require-non-empty-names-ssl + +[10-client-auth-TLSv1-require-non-empty-names-ssl] +server = 10-client-auth-TLSv1-require-non-empty-names-server +client = 10-client-auth-TLSv1-require-non-empty-names-client + +[10-client-auth-TLSv1-require-non-empty-names-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[10-client-auth-TLSv1-require-non-empty-names-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedClientCertType = RSA +ExpectedResult = Success + + +# =========================================================== + +[11-client-auth-TLSv1-noroot] +ssl_conf = 11-client-auth-TLSv1-noroot-ssl + +[11-client-auth-TLSv1-noroot-ssl] +server = 11-client-auth-TLSv1-noroot-server +client = 11-client-auth-TLSv1-noroot-client + +[11-client-auth-TLSv1-noroot-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Require + +[11-client-auth-TLSv1-noroot-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA + + +# =========================================================== + +[12-server-auth-TLSv1.1] +ssl_conf = 12-server-auth-TLSv1.1-ssl + +[12-server-auth-TLSv1.1-ssl] +server = 12-server-auth-TLSv1.1-server +client = 12-server-auth-TLSv1.1-client + +[12-server-auth-TLSv1.1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-server-auth-TLSv1.1-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedResult = Success + + +# =========================================================== + +[13-client-auth-TLSv1.1-request] +ssl_conf = 13-client-auth-TLSv1.1-request-ssl + +[13-client-auth-TLSv1.1-request-ssl] +server = 13-client-auth-TLSv1.1-request-server +client = 13-client-auth-TLSv1.1-request-client + +[13-client-auth-TLSv1.1-request-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Request + +[13-client-auth-TLSv1.1-request-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedResult = Success + + +# =========================================================== + +[14-client-auth-TLSv1.1-require-fail] +ssl_conf = 14-client-auth-TLSv1.1-require-fail-ssl + +[14-client-auth-TLSv1.1-require-fail-ssl] +server = 14-client-auth-TLSv1.1-require-fail-server +client = 14-client-auth-TLSv1.1-require-fail-client + +[14-client-auth-TLSv1.1-require-fail-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[14-client-auth-TLSv1.1-require-fail-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedResult = ServerFail +ExpectedServerAlert = HandshakeFailure + + +# =========================================================== + +[15-client-auth-TLSv1.1-require] +ssl_conf = 15-client-auth-TLSv1.1-require-ssl + +[15-client-auth-TLSv1.1-require-ssl] +server = 15-client-auth-TLSv1.1-require-server +client = 15-client-auth-TLSv1.1-require-client + +[15-client-auth-TLSv1.1-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[15-client-auth-TLSv1.1-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedClientCANames = empty +ExpectedClientCertType = RSA +ExpectedResult = Success + + +# =========================================================== + +[16-client-auth-TLSv1.1-require-non-empty-names] +ssl_conf = 16-client-auth-TLSv1.1-require-non-empty-names-ssl + +[16-client-auth-TLSv1.1-require-non-empty-names-ssl] +server = 16-client-auth-TLSv1.1-require-non-empty-names-server +client = 16-client-auth-TLSv1.1-require-non-empty-names-client + +[16-client-auth-TLSv1.1-require-non-empty-names-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[16-client-auth-TLSv1.1-require-non-empty-names-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedClientCertType = RSA +ExpectedResult = Success + + +# =========================================================== + +[17-client-auth-TLSv1.1-noroot] +ssl_conf = 17-client-auth-TLSv1.1-noroot-ssl + +[17-client-auth-TLSv1.1-noroot-ssl] +server = 17-client-auth-TLSv1.1-noroot-server +client = 17-client-auth-TLSv1.1-noroot-client + +[17-client-auth-TLSv1.1-noroot-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Require + +[17-client-auth-TLSv1.1-noroot-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-17] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA + + +# =========================================================== + +[18-server-auth-TLSv1.2] +ssl_conf = 18-server-auth-TLSv1.2-ssl + +[18-server-auth-TLSv1.2-ssl] +server = 18-server-auth-TLSv1.2-server +client = 18-server-auth-TLSv1.2-client + +[18-server-auth-TLSv1.2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-server-auth-TLSv1.2-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-18] +ExpectedResult = Success + + +# =========================================================== + +[19-client-auth-TLSv1.2-request] +ssl_conf = 19-client-auth-TLSv1.2-request-ssl + +[19-client-auth-TLSv1.2-request-ssl] +server = 19-client-auth-TLSv1.2-request-server +client = 19-client-auth-TLSv1.2-request-client + +[19-client-auth-TLSv1.2-request-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Request + +[19-client-auth-TLSv1.2-request-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-19] +ExpectedResult = Success + + +# =========================================================== + +[20-client-auth-TLSv1.2-require-fail] +ssl_conf = 20-client-auth-TLSv1.2-require-fail-ssl + +[20-client-auth-TLSv1.2-require-fail-ssl] +server = 20-client-auth-TLSv1.2-require-fail-server +client = 20-client-auth-TLSv1.2-require-fail-client + +[20-client-auth-TLSv1.2-require-fail-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[20-client-auth-TLSv1.2-require-fail-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-20] +ExpectedResult = ServerFail +ExpectedServerAlert = HandshakeFailure + + +# =========================================================== + +[21-client-auth-TLSv1.2-require] +ssl_conf = 21-client-auth-TLSv1.2-require-ssl + +[21-client-auth-TLSv1.2-require-ssl] +server = 21-client-auth-TLSv1.2-require-server +client = 21-client-auth-TLSv1.2-require-client + +[21-client-auth-TLSv1.2-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientSignatureAlgorithms = SHA256+RSA +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[21-client-auth-TLSv1.2-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-21] +ExpectedClientCANames = empty +ExpectedClientCertType = RSA +ExpectedClientSignHash = SHA256 +ExpectedClientSignType = RSA +ExpectedResult = Success + + +# =========================================================== + +[22-client-auth-TLSv1.2-require-non-empty-names] +ssl_conf = 22-client-auth-TLSv1.2-require-non-empty-names-ssl + +[22-client-auth-TLSv1.2-require-non-empty-names-ssl] +server = 22-client-auth-TLSv1.2-require-non-empty-names-server +client = 22-client-auth-TLSv1.2-require-non-empty-names-client + +[22-client-auth-TLSv1.2-require-non-empty-names-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ClientSignatureAlgorithms = SHA256+RSA +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[22-client-auth-TLSv1.2-require-non-empty-names-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-22] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedClientCertType = RSA +ExpectedClientSignHash = SHA256 +ExpectedClientSignType = RSA +ExpectedResult = Success + + +# =========================================================== + +[23-client-auth-TLSv1.2-noroot] +ssl_conf = 23-client-auth-TLSv1.2-noroot-ssl + +[23-client-auth-TLSv1.2-noroot-ssl] +server = 23-client-auth-TLSv1.2-noroot-server +client = 23-client-auth-TLSv1.2-noroot-client + +[23-client-auth-TLSv1.2-noroot-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Require + +[23-client-auth-TLSv1.2-noroot-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-23] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA + + +# =========================================================== + +[24-server-auth-DTLSv1] +ssl_conf = 24-server-auth-DTLSv1-ssl + +[24-server-auth-DTLSv1-ssl] +server = 24-server-auth-DTLSv1-server +client = 24-server-auth-DTLSv1-client + +[24-server-auth-DTLSv1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[24-server-auth-DTLSv1-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-24] +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[25-client-auth-DTLSv1-request] +ssl_conf = 25-client-auth-DTLSv1-request-ssl + +[25-client-auth-DTLSv1-request-ssl] +server = 25-client-auth-DTLSv1-request-server +client = 25-client-auth-DTLSv1-request-client + +[25-client-auth-DTLSv1-request-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Request + +[25-client-auth-DTLSv1-request-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-25] +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[26-client-auth-DTLSv1-require-fail] +ssl_conf = 26-client-auth-DTLSv1-require-fail-ssl + +[26-client-auth-DTLSv1-require-fail-ssl] +server = 26-client-auth-DTLSv1-require-fail-server +client = 26-client-auth-DTLSv1-require-fail-client + +[26-client-auth-DTLSv1-require-fail-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[26-client-auth-DTLSv1-require-fail-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-26] +ExpectedResult = ServerFail +ExpectedServerAlert = HandshakeFailure +Method = DTLS + + +# =========================================================== + +[27-client-auth-DTLSv1-require] +ssl_conf = 27-client-auth-DTLSv1-require-ssl + +[27-client-auth-DTLSv1-require-ssl] +server = 27-client-auth-DTLSv1-require-server +client = 27-client-auth-DTLSv1-require-client + +[27-client-auth-DTLSv1-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[27-client-auth-DTLSv1-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-27] +ExpectedClientCANames = empty +ExpectedClientCertType = RSA +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[28-client-auth-DTLSv1-require-non-empty-names] +ssl_conf = 28-client-auth-DTLSv1-require-non-empty-names-ssl + +[28-client-auth-DTLSv1-require-non-empty-names-ssl] +server = 28-client-auth-DTLSv1-require-non-empty-names-server +client = 28-client-auth-DTLSv1-require-non-empty-names-client + +[28-client-auth-DTLSv1-require-non-empty-names-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[28-client-auth-DTLSv1-require-non-empty-names-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-28] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedClientCertType = RSA +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[29-client-auth-DTLSv1-noroot] +ssl_conf = 29-client-auth-DTLSv1-noroot-ssl + +[29-client-auth-DTLSv1-noroot-ssl] +server = 29-client-auth-DTLSv1-noroot-server +client = 29-client-auth-DTLSv1-noroot-client + +[29-client-auth-DTLSv1-noroot-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Require + +[29-client-auth-DTLSv1-noroot-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-29] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA +Method = DTLS + + +# =========================================================== + +[30-server-auth-DTLSv1.2] +ssl_conf = 30-server-auth-DTLSv1.2-ssl + +[30-server-auth-DTLSv1.2-ssl] +server = 30-server-auth-DTLSv1.2-server +client = 30-server-auth-DTLSv1.2-client + +[30-server-auth-DTLSv1.2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[30-server-auth-DTLSv1.2-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-30] +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[31-client-auth-DTLSv1.2-request] +ssl_conf = 31-client-auth-DTLSv1.2-request-ssl + +[31-client-auth-DTLSv1.2-request-ssl] +server = 31-client-auth-DTLSv1.2-request-server +client = 31-client-auth-DTLSv1.2-request-client + +[31-client-auth-DTLSv1.2-request-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Request + +[31-client-auth-DTLSv1.2-request-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-31] +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[32-client-auth-DTLSv1.2-require-fail] +ssl_conf = 32-client-auth-DTLSv1.2-require-fail-ssl + +[32-client-auth-DTLSv1.2-require-fail-ssl] +server = 32-client-auth-DTLSv1.2-require-fail-server +client = 32-client-auth-DTLSv1.2-require-fail-client + +[32-client-auth-DTLSv1.2-require-fail-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[32-client-auth-DTLSv1.2-require-fail-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-32] +ExpectedResult = ServerFail +ExpectedServerAlert = HandshakeFailure +Method = DTLS + + +# =========================================================== + +[33-client-auth-DTLSv1.2-require] +ssl_conf = 33-client-auth-DTLSv1.2-require-ssl + +[33-client-auth-DTLSv1.2-require-ssl] +server = 33-client-auth-DTLSv1.2-require-server +client = 33-client-auth-DTLSv1.2-require-client + +[33-client-auth-DTLSv1.2-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[33-client-auth-DTLSv1.2-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-33] +ExpectedClientCANames = empty +ExpectedClientCertType = RSA +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[34-client-auth-DTLSv1.2-require-non-empty-names] +ssl_conf = 34-client-auth-DTLSv1.2-require-non-empty-names-ssl + +[34-client-auth-DTLSv1.2-require-non-empty-names-ssl] +server = 34-client-auth-DTLSv1.2-require-non-empty-names-server +client = 34-client-auth-DTLSv1.2-require-non-empty-names-client + +[34-client-auth-DTLSv1.2-require-non-empty-names-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[34-client-auth-DTLSv1.2-require-non-empty-names-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-34] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedClientCertType = RSA +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[35-client-auth-DTLSv1.2-noroot] +ssl_conf = 35-client-auth-DTLSv1.2-noroot-ssl + +[35-client-auth-DTLSv1.2-noroot-ssl] +server = 35-client-auth-DTLSv1.2-noroot-server +client = 35-client-auth-DTLSv1.2-noroot-client + +[35-client-auth-DTLSv1.2-noroot-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Require + +[35-client-auth-DTLSv1.2-noroot-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-35] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA +Method = DTLS + + diff --git a/test/ssl-tests/04-client_auth.cnf.in b/test/ssl-tests/04-client_auth.cnf.in new file mode 100644 index 0000000000..b9c014d2c0 --- /dev/null +++ b/test/ssl-tests/04-client_auth.cnf.in @@ -0,0 +1,196 @@ +# -*- mode: perl; -*- + +## SSL test configurations + +package ssltests; + +use strict; +use warnings; + +use OpenSSL::Test; +use OpenSSL::Test::Utils qw(anydisabled disabled); +setup("no_test_here"); + +# We test version-flexible negotiation (undef) and each protocol version. +my @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "DTLSv1", "DTLSv1.2"); + +my @is_disabled = (0); +push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2", "dtls1", "dtls1_2"); + +our @tests = (); + +sub generate_tests() { + foreach (0..$#protocols) { + my $protocol = $protocols[$_]; + my $protocol_name = $protocol || "flex"; + my $caalert; + my $method; + my $sctpenabled = 0; + if (!$is_disabled[$_]) { + if ($protocol_name eq "SSLv3") { + $caalert = "BadCertificate"; + } else { + $caalert = "UnknownCA"; + } + if ($protocol_name =~ m/^DTLS/) { + $method = "DTLS"; + $sctpenabled = 1 if !disabled("sctp"); + } + my $clihash; + my $clisigtype; + my $clisigalgs; + # TODO(TLS1.3) add TLSv1.3 versions + if ($protocol_name eq "TLSv1.2") { + $clihash = "SHA256"; + $clisigtype = "RSA"; + $clisigalgs = "SHA256+RSA"; + } + for (my $sctp = 0; $sctp <= $sctpenabled; $sctp++) { + # Sanity-check simple handshake. + push @tests, { + name => "server-auth-${protocol_name}" + .($sctp ? "-sctp" : ""), + server => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol + }, + client => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol + }, + test => { + "ExpectedResult" => "Success", + "Method" => $method, + }, + }; + $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; + + # Handshake with client cert requested but not required or received. + push @tests, { + name => "client-auth-${protocol_name}-request" + .($sctp ? "-sctp" : ""), + server => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "VerifyMode" => "Request" + }, + client => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol + }, + test => { + "ExpectedResult" => "Success", + "Method" => $method, + }, + }; + $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; + + # Handshake with client cert required but not present. + push @tests, { + name => "client-auth-${protocol_name}-require-fail" + .($sctp ? "-sctp" : ""), + server => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require", + }, + client => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol + }, + test => { + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => + ($protocol_name eq "flex" && !disabled("tls1_3")) + ? "CertificateRequired" : "HandshakeFailure", + "Method" => $method, + }, + }; + $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; + + # Successful handshake with client authentication. + push @tests, { + name => "client-auth-${protocol_name}-require" + .($sctp ? "-sctp" : ""), + server => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "ClientSignatureAlgorithms" => $clisigalgs, + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Request", + }, + client => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "ExpectedResult" => "Success", + "ExpectedClientCertType" => "RSA", + "ExpectedClientSignType" => $clisigtype, + "ExpectedClientSignHash" => $clihash, + "ExpectedClientCANames" => "empty", + "Method" => $method, + }, + }; + $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; + + # Successful handshake with client authentication non-empty names + push @tests, { + name => "client-auth-${protocol_name}-require-non-empty-names" + .($sctp ? "-sctp" : ""), + server => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "ClientSignatureAlgorithms" => $clisigalgs, + "ClientCAFile" => test_pem("root-cert.pem"), + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Request", + }, + client => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "ExpectedResult" => "Success", + "ExpectedClientCertType" => "RSA", + "ExpectedClientSignType" => $clisigtype, + "ExpectedClientSignHash" => $clihash, + "ExpectedClientCANames" => test_pem("root-cert.pem"), + "Method" => $method, + }, + }; + $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; + + # Handshake with client authentication but without the root certificate. + push @tests, { + name => "client-auth-${protocol_name}-noroot" + .($sctp ? "-sctp" : ""), + server => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "VerifyMode" => "Require", + }, + client => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => $caalert, + "Method" => $method, + }, + }; + $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; + } + } + } +} + +generate_tests(); diff --git a/test/ssl-tests/04-client_auth.conf b/test/ssl-tests/04-client_auth.conf deleted file mode 100644 index 8debb66fd0..0000000000 --- a/test/ssl-tests/04-client_auth.conf +++ /dev/null @@ -1,1132 +0,0 @@ -# Generated with generate_ssl_tests.pl - -num_tests = 36 - -test-0 = 0-server-auth-flex -test-1 = 1-client-auth-flex-request -test-2 = 2-client-auth-flex-require-fail -test-3 = 3-client-auth-flex-require -test-4 = 4-client-auth-flex-require-non-empty-names -test-5 = 5-client-auth-flex-noroot -test-6 = 6-server-auth-TLSv1 -test-7 = 7-client-auth-TLSv1-request -test-8 = 8-client-auth-TLSv1-require-fail -test-9 = 9-client-auth-TLSv1-require -test-10 = 10-client-auth-TLSv1-require-non-empty-names -test-11 = 11-client-auth-TLSv1-noroot -test-12 = 12-server-auth-TLSv1.1 -test-13 = 13-client-auth-TLSv1.1-request -test-14 = 14-client-auth-TLSv1.1-require-fail -test-15 = 15-client-auth-TLSv1.1-require -test-16 = 16-client-auth-TLSv1.1-require-non-empty-names -test-17 = 17-client-auth-TLSv1.1-noroot -test-18 = 18-server-auth-TLSv1.2 -test-19 = 19-client-auth-TLSv1.2-request -test-20 = 20-client-auth-TLSv1.2-require-fail -test-21 = 21-client-auth-TLSv1.2-require -test-22 = 22-client-auth-TLSv1.2-require-non-empty-names -test-23 = 23-client-auth-TLSv1.2-noroot -test-24 = 24-server-auth-DTLSv1 -test-25 = 25-client-auth-DTLSv1-request -test-26 = 26-client-auth-DTLSv1-require-fail -test-27 = 27-client-auth-DTLSv1-require -test-28 = 28-client-auth-DTLSv1-require-non-empty-names -test-29 = 29-client-auth-DTLSv1-noroot -test-30 = 30-server-auth-DTLSv1.2 -test-31 = 31-client-auth-DTLSv1.2-request -test-32 = 32-client-auth-DTLSv1.2-require-fail -test-33 = 33-client-auth-DTLSv1.2-require -test-34 = 34-client-auth-DTLSv1.2-require-non-empty-names -test-35 = 35-client-auth-DTLSv1.2-noroot -# =========================================================== - -[0-server-auth-flex] -ssl_conf = 0-server-auth-flex-ssl - -[0-server-auth-flex-ssl] -server = 0-server-auth-flex-server -client = 0-server-auth-flex-client - -[0-server-auth-flex-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[0-server-auth-flex-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-0] -ExpectedResult = Success - - -# =========================================================== - -[1-client-auth-flex-request] -ssl_conf = 1-client-auth-flex-request-ssl - -[1-client-auth-flex-request-ssl] -server = 1-client-auth-flex-request-server -client = 1-client-auth-flex-request-client - -[1-client-auth-flex-request-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyMode = Request - -[1-client-auth-flex-request-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-1] -ExpectedResult = Success - - -# =========================================================== - -[2-client-auth-flex-require-fail] -ssl_conf = 2-client-auth-flex-require-fail-ssl - -[2-client-auth-flex-require-fail-ssl] -server = 2-client-auth-flex-require-fail-server -client = 2-client-auth-flex-require-fail-client - -[2-client-auth-flex-require-fail-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyMode = Require - -[2-client-auth-flex-require-fail-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-2] -ExpectedResult = ServerFail -ExpectedServerAlert = CertificateRequired - - -# =========================================================== - -[3-client-auth-flex-require] -ssl_conf = 3-client-auth-flex-require-ssl - -[3-client-auth-flex-require-ssl] -server = 3-client-auth-flex-require-server -client = 3-client-auth-flex-require-client - -[3-client-auth-flex-require-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyMode = Request - -[3-client-auth-flex-require-client] -Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-3] -ExpectedClientCANames = empty -ExpectedClientCertType = RSA -ExpectedResult = Success - - -# =========================================================== - -[4-client-auth-flex-require-non-empty-names] -ssl_conf = 4-client-auth-flex-require-non-empty-names-ssl - -[4-client-auth-flex-require-non-empty-names-ssl] -server = 4-client-auth-flex-require-non-empty-names-server -client = 4-client-auth-flex-require-non-empty-names-client - -[4-client-auth-flex-require-non-empty-names-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyMode = Request - -[4-client-auth-flex-require-non-empty-names-client] -Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-4] -ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem -ExpectedClientCertType = RSA -ExpectedResult = Success - - -# =========================================================== - -[5-client-auth-flex-noroot] -ssl_conf = 5-client-auth-flex-noroot-ssl - -[5-client-auth-flex-noroot-ssl] -server = 5-client-auth-flex-noroot-server -client = 5-client-auth-flex-noroot-client - -[5-client-auth-flex-noroot-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyMode = Require - -[5-client-auth-flex-noroot-client] -Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-5] -ExpectedResult = ServerFail -ExpectedServerAlert = UnknownCA - - -# =========================================================== - -[6-server-auth-TLSv1] -ssl_conf = 6-server-auth-TLSv1-ssl - -[6-server-auth-TLSv1-ssl] -server = 6-server-auth-TLSv1-server -client = 6-server-auth-TLSv1-client - -[6-server-auth-TLSv1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[6-server-auth-TLSv1-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-6] -ExpectedResult = Success - - -# =========================================================== - -[7-client-auth-TLSv1-request] -ssl_conf = 7-client-auth-TLSv1-request-ssl - -[7-client-auth-TLSv1-request-ssl] -server = 7-client-auth-TLSv1-request-server -client = 7-client-auth-TLSv1-request-client - -[7-client-auth-TLSv1-request-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyMode = Request - -[7-client-auth-TLSv1-request-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-7] -ExpectedResult = Success - - -# =========================================================== - -[8-client-auth-TLSv1-require-fail] -ssl_conf = 8-client-auth-TLSv1-require-fail-ssl - -[8-client-auth-TLSv1-require-fail-ssl] -server = 8-client-auth-TLSv1-require-fail-server -client = 8-client-auth-TLSv1-require-fail-client - -[8-client-auth-TLSv1-require-fail-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyMode = Require - -[8-client-auth-TLSv1-require-fail-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-8] -ExpectedResult = ServerFail -ExpectedServerAlert = HandshakeFailure - - -# =========================================================== - -[9-client-auth-TLSv1-require] -ssl_conf = 9-client-auth-TLSv1-require-ssl - -[9-client-auth-TLSv1-require-ssl] -server = 9-client-auth-TLSv1-require-server -client = 9-client-auth-TLSv1-require-client - -[9-client-auth-TLSv1-require-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyMode = Request - -[9-client-auth-TLSv1-require-client] -Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-9] -ExpectedClientCANames = empty -ExpectedClientCertType = RSA -ExpectedResult = Success - - -# =========================================================== - -[10-client-auth-TLSv1-require-non-empty-names] -ssl_conf = 10-client-auth-TLSv1-require-non-empty-names-ssl - -[10-client-auth-TLSv1-require-non-empty-names-ssl] -server = 10-client-auth-TLSv1-require-non-empty-names-server -client = 10-client-auth-TLSv1-require-non-empty-names-client - -[10-client-auth-TLSv1-require-non-empty-names-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyMode = Request - -[10-client-auth-TLSv1-require-non-empty-names-client] -Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-10] -ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem -ExpectedClientCertType = RSA -ExpectedResult = Success - - -# =========================================================== - -[11-client-auth-TLSv1-noroot] -ssl_conf = 11-client-auth-TLSv1-noroot-ssl - -[11-client-auth-TLSv1-noroot-ssl] -server = 11-client-auth-TLSv1-noroot-server -client = 11-client-auth-TLSv1-noroot-client - -[11-client-auth-TLSv1-noroot-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyMode = Require - -[11-client-auth-TLSv1-noroot-client] -Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-11] -ExpectedResult = ServerFail -ExpectedServerAlert = UnknownCA - - -# =========================================================== - -[12-server-auth-TLSv1.1] -ssl_conf = 12-server-auth-TLSv1.1-ssl - -[12-server-auth-TLSv1.1-ssl] -server = 12-server-auth-TLSv1.1-server -client = 12-server-auth-TLSv1.1-client - -[12-server-auth-TLSv1.1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[12-server-auth-TLSv1.1-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-12] -ExpectedResult = Success - - -# =========================================================== - -[13-client-auth-TLSv1.1-request] -ssl_conf = 13-client-auth-TLSv1.1-request-ssl - -[13-client-auth-TLSv1.1-request-ssl] -server = 13-client-auth-TLSv1.1-request-server -client = 13-client-auth-TLSv1.1-request-client - -[13-client-auth-TLSv1.1-request-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyMode = Request - -[13-client-auth-TLSv1.1-request-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-13] -ExpectedResult = Success - - -# =========================================================== - -[14-client-auth-TLSv1.1-require-fail] -ssl_conf = 14-client-auth-TLSv1.1-require-fail-ssl - -[14-client-auth-TLSv1.1-require-fail-ssl] -server = 14-client-auth-TLSv1.1-require-fail-server -client = 14-client-auth-TLSv1.1-require-fail-client - -[14-client-auth-TLSv1.1-require-fail-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyMode = Require - -[14-client-auth-TLSv1.1-require-fail-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-14] -ExpectedResult = ServerFail -ExpectedServerAlert = HandshakeFailure - - -# =========================================================== - -[15-client-auth-TLSv1.1-require] -ssl_conf = 15-client-auth-TLSv1.1-require-ssl - -[15-client-auth-TLSv1.1-require-ssl] -server = 15-client-auth-TLSv1.1-require-server -client = 15-client-auth-TLSv1.1-require-client - -[15-client-auth-TLSv1.1-require-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyMode = Request - -[15-client-auth-TLSv1.1-require-client] -Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-15] -ExpectedClientCANames = empty -ExpectedClientCertType = RSA -ExpectedResult = Success - - -# =========================================================== - -[16-client-auth-TLSv1.1-require-non-empty-names] -ssl_conf = 16-client-auth-TLSv1.1-require-non-empty-names-ssl - -[16-client-auth-TLSv1.1-require-non-empty-names-ssl] -server = 16-client-auth-TLSv1.1-require-non-empty-names-server -client = 16-client-auth-TLSv1.1-require-non-empty-names-client - -[16-client-auth-TLSv1.1-require-non-empty-names-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyMode = Request - -[16-client-auth-TLSv1.1-require-non-empty-names-client] -Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-16] -ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem -ExpectedClientCertType = RSA -ExpectedResult = Success - - -# =========================================================== - -[17-client-auth-TLSv1.1-noroot] -ssl_conf = 17-client-auth-TLSv1.1-noroot-ssl - -[17-client-auth-TLSv1.1-noroot-ssl] -server = 17-client-auth-TLSv1.1-noroot-server -client = 17-client-auth-TLSv1.1-noroot-client - -[17-client-auth-TLSv1.1-noroot-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyMode = Require - -[17-client-auth-TLSv1.1-noroot-client] -Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-17] -ExpectedResult = ServerFail -ExpectedServerAlert = UnknownCA - - -# =========================================================== - -[18-server-auth-TLSv1.2] -ssl_conf = 18-server-auth-TLSv1.2-ssl - -[18-server-auth-TLSv1.2-ssl] -server = 18-server-auth-TLSv1.2-server -client = 18-server-auth-TLSv1.2-client - -[18-server-auth-TLSv1.2-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[18-server-auth-TLSv1.2-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-18] -ExpectedResult = Success - - -# =========================================================== - -[19-client-auth-TLSv1.2-request] -ssl_conf = 19-client-auth-TLSv1.2-request-ssl - -[19-client-auth-TLSv1.2-request-ssl] -server = 19-client-auth-TLSv1.2-request-server -client = 19-client-auth-TLSv1.2-request-client - -[19-client-auth-TLSv1.2-request-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyMode = Request - -[19-client-auth-TLSv1.2-request-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-19] -ExpectedResult = Success - - -# =========================================================== - -[20-client-auth-TLSv1.2-require-fail] -ssl_conf = 20-client-auth-TLSv1.2-require-fail-ssl - -[20-client-auth-TLSv1.2-require-fail-ssl] -server = 20-client-auth-TLSv1.2-require-fail-server -client = 20-client-auth-TLSv1.2-require-fail-client - -[20-client-auth-TLSv1.2-require-fail-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyMode = Require - -[20-client-auth-TLSv1.2-require-fail-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-20] -ExpectedResult = ServerFail -ExpectedServerAlert = HandshakeFailure - - -# =========================================================== - -[21-client-auth-TLSv1.2-require] -ssl_conf = 21-client-auth-TLSv1.2-require-ssl - -[21-client-auth-TLSv1.2-require-ssl] -server = 21-client-auth-TLSv1.2-require-server -client = 21-client-auth-TLSv1.2-require-client - -[21-client-auth-TLSv1.2-require-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ClientSignatureAlgorithms = SHA256+RSA -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyMode = Request - -[21-client-auth-TLSv1.2-require-client] -Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-21] -ExpectedClientCANames = empty -ExpectedClientCertType = RSA -ExpectedClientSignHash = SHA256 -ExpectedClientSignType = RSA -ExpectedResult = Success - - -# =========================================================== - -[22-client-auth-TLSv1.2-require-non-empty-names] -ssl_conf = 22-client-auth-TLSv1.2-require-non-empty-names-ssl - -[22-client-auth-TLSv1.2-require-non-empty-names-ssl] -server = 22-client-auth-TLSv1.2-require-non-empty-names-server -client = 22-client-auth-TLSv1.2-require-non-empty-names-client - -[22-client-auth-TLSv1.2-require-non-empty-names-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -ClientSignatureAlgorithms = SHA256+RSA -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyMode = Request - -[22-client-auth-TLSv1.2-require-non-empty-names-client] -Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-22] -ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem -ExpectedClientCertType = RSA -ExpectedClientSignHash = SHA256 -ExpectedClientSignType = RSA -ExpectedResult = Success - - -# =========================================================== - -[23-client-auth-TLSv1.2-noroot] -ssl_conf = 23-client-auth-TLSv1.2-noroot-ssl - -[23-client-auth-TLSv1.2-noroot-ssl] -server = 23-client-auth-TLSv1.2-noroot-server -client = 23-client-auth-TLSv1.2-noroot-client - -[23-client-auth-TLSv1.2-noroot-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyMode = Require - -[23-client-auth-TLSv1.2-noroot-client] -Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-23] -ExpectedResult = ServerFail -ExpectedServerAlert = UnknownCA - - -# =========================================================== - -[24-server-auth-DTLSv1] -ssl_conf = 24-server-auth-DTLSv1-ssl - -[24-server-auth-DTLSv1-ssl] -server = 24-server-auth-DTLSv1-server -client = 24-server-auth-DTLSv1-client - -[24-server-auth-DTLSv1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1 -MinProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[24-server-auth-DTLSv1-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1 -MinProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-24] -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[25-client-auth-DTLSv1-request] -ssl_conf = 25-client-auth-DTLSv1-request-ssl - -[25-client-auth-DTLSv1-request-ssl] -server = 25-client-auth-DTLSv1-request-server -client = 25-client-auth-DTLSv1-request-client - -[25-client-auth-DTLSv1-request-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1 -MinProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyMode = Request - -[25-client-auth-DTLSv1-request-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1 -MinProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-25] -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[26-client-auth-DTLSv1-require-fail] -ssl_conf = 26-client-auth-DTLSv1-require-fail-ssl - -[26-client-auth-DTLSv1-require-fail-ssl] -server = 26-client-auth-DTLSv1-require-fail-server -client = 26-client-auth-DTLSv1-require-fail-client - -[26-client-auth-DTLSv1-require-fail-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1 -MinProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyMode = Require - -[26-client-auth-DTLSv1-require-fail-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1 -MinProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-26] -ExpectedResult = ServerFail -ExpectedServerAlert = HandshakeFailure -Method = DTLS - - -# =========================================================== - -[27-client-auth-DTLSv1-require] -ssl_conf = 27-client-auth-DTLSv1-require-ssl - -[27-client-auth-DTLSv1-require-ssl] -server = 27-client-auth-DTLSv1-require-server -client = 27-client-auth-DTLSv1-require-client - -[27-client-auth-DTLSv1-require-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1 -MinProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyMode = Request - -[27-client-auth-DTLSv1-require-client] -Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1 -MinProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-27] -ExpectedClientCANames = empty -ExpectedClientCertType = RSA -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[28-client-auth-DTLSv1-require-non-empty-names] -ssl_conf = 28-client-auth-DTLSv1-require-non-empty-names-ssl - -[28-client-auth-DTLSv1-require-non-empty-names-ssl] -server = 28-client-auth-DTLSv1-require-non-empty-names-server -client = 28-client-auth-DTLSv1-require-non-empty-names-client - -[28-client-auth-DTLSv1-require-non-empty-names-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -MaxProtocol = DTLSv1 -MinProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyMode = Request - -[28-client-auth-DTLSv1-require-non-empty-names-client] -Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1 -MinProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-28] -ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem -ExpectedClientCertType = RSA -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[29-client-auth-DTLSv1-noroot] -ssl_conf = 29-client-auth-DTLSv1-noroot-ssl - -[29-client-auth-DTLSv1-noroot-ssl] -server = 29-client-auth-DTLSv1-noroot-server -client = 29-client-auth-DTLSv1-noroot-client - -[29-client-auth-DTLSv1-noroot-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1 -MinProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyMode = Require - -[29-client-auth-DTLSv1-noroot-client] -Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1 -MinProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-29] -ExpectedResult = ServerFail -ExpectedServerAlert = UnknownCA -Method = DTLS - - -# =========================================================== - -[30-server-auth-DTLSv1.2] -ssl_conf = 30-server-auth-DTLSv1.2-ssl - -[30-server-auth-DTLSv1.2-ssl] -server = 30-server-auth-DTLSv1.2-server -client = 30-server-auth-DTLSv1.2-client - -[30-server-auth-DTLSv1.2-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[30-server-auth-DTLSv1.2-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-30] -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[31-client-auth-DTLSv1.2-request] -ssl_conf = 31-client-auth-DTLSv1.2-request-ssl - -[31-client-auth-DTLSv1.2-request-ssl] -server = 31-client-auth-DTLSv1.2-request-server -client = 31-client-auth-DTLSv1.2-request-client - -[31-client-auth-DTLSv1.2-request-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyMode = Request - -[31-client-auth-DTLSv1.2-request-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-31] -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[32-client-auth-DTLSv1.2-require-fail] -ssl_conf = 32-client-auth-DTLSv1.2-require-fail-ssl - -[32-client-auth-DTLSv1.2-require-fail-ssl] -server = 32-client-auth-DTLSv1.2-require-fail-server -client = 32-client-auth-DTLSv1.2-require-fail-client - -[32-client-auth-DTLSv1.2-require-fail-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyMode = Require - -[32-client-auth-DTLSv1.2-require-fail-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-32] -ExpectedResult = ServerFail -ExpectedServerAlert = HandshakeFailure -Method = DTLS - - -# =========================================================== - -[33-client-auth-DTLSv1.2-require] -ssl_conf = 33-client-auth-DTLSv1.2-require-ssl - -[33-client-auth-DTLSv1.2-require-ssl] -server = 33-client-auth-DTLSv1.2-require-server -client = 33-client-auth-DTLSv1.2-require-client - -[33-client-auth-DTLSv1.2-require-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyMode = Request - -[33-client-auth-DTLSv1.2-require-client] -Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-33] -ExpectedClientCANames = empty -ExpectedClientCertType = RSA -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[34-client-auth-DTLSv1.2-require-non-empty-names] -ssl_conf = 34-client-auth-DTLSv1.2-require-non-empty-names-ssl - -[34-client-auth-DTLSv1.2-require-non-empty-names-ssl] -server = 34-client-auth-DTLSv1.2-require-non-empty-names-server -client = 34-client-auth-DTLSv1.2-require-non-empty-names-client - -[34-client-auth-DTLSv1.2-require-non-empty-names-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyMode = Request - -[34-client-auth-DTLSv1.2-require-non-empty-names-client] -Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-34] -ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem -ExpectedClientCertType = RSA -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[35-client-auth-DTLSv1.2-noroot] -ssl_conf = 35-client-auth-DTLSv1.2-noroot-ssl - -[35-client-auth-DTLSv1.2-noroot-ssl] -server = 35-client-auth-DTLSv1.2-noroot-server -client = 35-client-auth-DTLSv1.2-noroot-client - -[35-client-auth-DTLSv1.2-noroot-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyMode = Require - -[35-client-auth-DTLSv1.2-noroot-client] -Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-35] -ExpectedResult = ServerFail -ExpectedServerAlert = UnknownCA -Method = DTLS - - diff --git a/test/ssl-tests/04-client_auth.conf.in b/test/ssl-tests/04-client_auth.conf.in deleted file mode 100644 index b9c014d2c0..0000000000 --- a/test/ssl-tests/04-client_auth.conf.in +++ /dev/null @@ -1,196 +0,0 @@ -# -*- mode: perl; -*- - -## SSL test configurations - -package ssltests; - -use strict; -use warnings; - -use OpenSSL::Test; -use OpenSSL::Test::Utils qw(anydisabled disabled); -setup("no_test_here"); - -# We test version-flexible negotiation (undef) and each protocol version. -my @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "DTLSv1", "DTLSv1.2"); - -my @is_disabled = (0); -push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2", "dtls1", "dtls1_2"); - -our @tests = (); - -sub generate_tests() { - foreach (0..$#protocols) { - my $protocol = $protocols[$_]; - my $protocol_name = $protocol || "flex"; - my $caalert; - my $method; - my $sctpenabled = 0; - if (!$is_disabled[$_]) { - if ($protocol_name eq "SSLv3") { - $caalert = "BadCertificate"; - } else { - $caalert = "UnknownCA"; - } - if ($protocol_name =~ m/^DTLS/) { - $method = "DTLS"; - $sctpenabled = 1 if !disabled("sctp"); - } - my $clihash; - my $clisigtype; - my $clisigalgs; - # TODO(TLS1.3) add TLSv1.3 versions - if ($protocol_name eq "TLSv1.2") { - $clihash = "SHA256"; - $clisigtype = "RSA"; - $clisigalgs = "SHA256+RSA"; - } - for (my $sctp = 0; $sctp <= $sctpenabled; $sctp++) { - # Sanity-check simple handshake. - push @tests, { - name => "server-auth-${protocol_name}" - .($sctp ? "-sctp" : ""), - server => { - "MinProtocol" => $protocol, - "MaxProtocol" => $protocol - }, - client => { - "MinProtocol" => $protocol, - "MaxProtocol" => $protocol - }, - test => { - "ExpectedResult" => "Success", - "Method" => $method, - }, - }; - $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; - - # Handshake with client cert requested but not required or received. - push @tests, { - name => "client-auth-${protocol_name}-request" - .($sctp ? "-sctp" : ""), - server => { - "MinProtocol" => $protocol, - "MaxProtocol" => $protocol, - "VerifyMode" => "Request" - }, - client => { - "MinProtocol" => $protocol, - "MaxProtocol" => $protocol - }, - test => { - "ExpectedResult" => "Success", - "Method" => $method, - }, - }; - $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; - - # Handshake with client cert required but not present. - push @tests, { - name => "client-auth-${protocol_name}-require-fail" - .($sctp ? "-sctp" : ""), - server => { - "MinProtocol" => $protocol, - "MaxProtocol" => $protocol, - "VerifyCAFile" => test_pem("root-cert.pem"), - "VerifyMode" => "Require", - }, - client => { - "MinProtocol" => $protocol, - "MaxProtocol" => $protocol - }, - test => { - "ExpectedResult" => "ServerFail", - "ExpectedServerAlert" => - ($protocol_name eq "flex" && !disabled("tls1_3")) - ? "CertificateRequired" : "HandshakeFailure", - "Method" => $method, - }, - }; - $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; - - # Successful handshake with client authentication. - push @tests, { - name => "client-auth-${protocol_name}-require" - .($sctp ? "-sctp" : ""), - server => { - "MinProtocol" => $protocol, - "MaxProtocol" => $protocol, - "ClientSignatureAlgorithms" => $clisigalgs, - "VerifyCAFile" => test_pem("root-cert.pem"), - "VerifyMode" => "Request", - }, - client => { - "MinProtocol" => $protocol, - "MaxProtocol" => $protocol, - "Certificate" => test_pem("ee-client-chain.pem"), - "PrivateKey" => test_pem("ee-key.pem"), - }, - test => { - "ExpectedResult" => "Success", - "ExpectedClientCertType" => "RSA", - "ExpectedClientSignType" => $clisigtype, - "ExpectedClientSignHash" => $clihash, - "ExpectedClientCANames" => "empty", - "Method" => $method, - }, - }; - $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; - - # Successful handshake with client authentication non-empty names - push @tests, { - name => "client-auth-${protocol_name}-require-non-empty-names" - .($sctp ? "-sctp" : ""), - server => { - "MinProtocol" => $protocol, - "MaxProtocol" => $protocol, - "ClientSignatureAlgorithms" => $clisigalgs, - "ClientCAFile" => test_pem("root-cert.pem"), - "VerifyCAFile" => test_pem("root-cert.pem"), - "VerifyMode" => "Request", - }, - client => { - "MinProtocol" => $protocol, - "MaxProtocol" => $protocol, - "Certificate" => test_pem("ee-client-chain.pem"), - "PrivateKey" => test_pem("ee-key.pem"), - }, - test => { - "ExpectedResult" => "Success", - "ExpectedClientCertType" => "RSA", - "ExpectedClientSignType" => $clisigtype, - "ExpectedClientSignHash" => $clihash, - "ExpectedClientCANames" => test_pem("root-cert.pem"), - "Method" => $method, - }, - }; - $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; - - # Handshake with client authentication but without the root certificate. - push @tests, { - name => "client-auth-${protocol_name}-noroot" - .($sctp ? "-sctp" : ""), - server => { - "MinProtocol" => $protocol, - "MaxProtocol" => $protocol, - "VerifyMode" => "Require", - }, - client => { - "MinProtocol" => $protocol, - "MaxProtocol" => $protocol, - "Certificate" => test_pem("ee-client-chain.pem"), - "PrivateKey" => test_pem("ee-key.pem"), - }, - test => { - "ExpectedResult" => "ServerFail", - "ExpectedServerAlert" => $caalert, - "Method" => $method, - }, - }; - $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; - } - } - } -} - -generate_tests(); diff --git a/test/ssl-tests/05-sni.cnf b/test/ssl-tests/05-sni.cnf new file mode 100644 index 0000000000..a6c7f43911 --- /dev/null +++ b/test/ssl-tests/05-sni.cnf @@ -0,0 +1,308 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 9 + +test-0 = 0-SNI-switch-context +test-1 = 1-SNI-keep-context +test-2 = 2-SNI-no-server-support +test-3 = 3-SNI-no-client-support +test-4 = 4-SNI-bad-sni-ignore-mismatch +test-5 = 5-SNI-bad-sni-reject-mismatch +test-6 = 6-SNI-bad-clienthello-sni-ignore-mismatch +test-7 = 7-SNI-bad-clienthello-sni-reject-mismatch +test-8 = 8-SNI-clienthello-disable-v12 +# =========================================================== + +[0-SNI-switch-context] +ssl_conf = 0-SNI-switch-context-ssl + +[0-SNI-switch-context-ssl] +server = 0-SNI-switch-context-server +client = 0-SNI-switch-context-client +server2 = 0-SNI-switch-context-server + +[0-SNI-switch-context-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-SNI-switch-context-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +ExpectedServerName = server2 +server = 0-SNI-switch-context-server-extra +server2 = 0-SNI-switch-context-server-extra +client = 0-SNI-switch-context-client-extra + +[0-SNI-switch-context-server-extra] +ServerNameCallback = IgnoreMismatch + +[0-SNI-switch-context-client-extra] +ServerName = server2 + + +# =========================================================== + +[1-SNI-keep-context] +ssl_conf = 1-SNI-keep-context-ssl + +[1-SNI-keep-context-ssl] +server = 1-SNI-keep-context-server +client = 1-SNI-keep-context-client +server2 = 1-SNI-keep-context-server + +[1-SNI-keep-context-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-SNI-keep-context-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success +ExpectedServerName = server1 +server = 1-SNI-keep-context-server-extra +server2 = 1-SNI-keep-context-server-extra +client = 1-SNI-keep-context-client-extra + +[1-SNI-keep-context-server-extra] +ServerNameCallback = IgnoreMismatch + +[1-SNI-keep-context-client-extra] +ServerName = server1 + + +# =========================================================== + +[2-SNI-no-server-support] +ssl_conf = 2-SNI-no-server-support-ssl + +[2-SNI-no-server-support-ssl] +server = 2-SNI-no-server-support-server +client = 2-SNI-no-server-support-client + +[2-SNI-no-server-support-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-SNI-no-server-support-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success +client = 2-SNI-no-server-support-client-extra + +[2-SNI-no-server-support-client-extra] +ServerName = server1 + + +# =========================================================== + +[3-SNI-no-client-support] +ssl_conf = 3-SNI-no-client-support-ssl + +[3-SNI-no-client-support-ssl] +server = 3-SNI-no-client-support-server +client = 3-SNI-no-client-support-client +server2 = 3-SNI-no-client-support-server + +[3-SNI-no-client-support-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-SNI-no-client-support-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +ExpectedServerName = server1 +server = 3-SNI-no-client-support-server-extra +server2 = 3-SNI-no-client-support-server-extra + +[3-SNI-no-client-support-server-extra] +ServerNameCallback = IgnoreMismatch + + +# =========================================================== + +[4-SNI-bad-sni-ignore-mismatch] +ssl_conf = 4-SNI-bad-sni-ignore-mismatch-ssl + +[4-SNI-bad-sni-ignore-mismatch-ssl] +server = 4-SNI-bad-sni-ignore-mismatch-server +client = 4-SNI-bad-sni-ignore-mismatch-client +server2 = 4-SNI-bad-sni-ignore-mismatch-server + +[4-SNI-bad-sni-ignore-mismatch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-SNI-bad-sni-ignore-mismatch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success +ExpectedServerName = server1 +server = 4-SNI-bad-sni-ignore-mismatch-server-extra +server2 = 4-SNI-bad-sni-ignore-mismatch-server-extra +client = 4-SNI-bad-sni-ignore-mismatch-client-extra + +[4-SNI-bad-sni-ignore-mismatch-server-extra] +ServerNameCallback = IgnoreMismatch + +[4-SNI-bad-sni-ignore-mismatch-client-extra] +ServerName = invalid + + +# =========================================================== + +[5-SNI-bad-sni-reject-mismatch] +ssl_conf = 5-SNI-bad-sni-reject-mismatch-ssl + +[5-SNI-bad-sni-reject-mismatch-ssl] +server = 5-SNI-bad-sni-reject-mismatch-server +client = 5-SNI-bad-sni-reject-mismatch-client +server2 = 5-SNI-bad-sni-reject-mismatch-server + +[5-SNI-bad-sni-reject-mismatch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-SNI-bad-sni-reject-mismatch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = ServerFail +ExpectedServerAlert = UnrecognizedName +server = 5-SNI-bad-sni-reject-mismatch-server-extra +server2 = 5-SNI-bad-sni-reject-mismatch-server-extra +client = 5-SNI-bad-sni-reject-mismatch-client-extra + +[5-SNI-bad-sni-reject-mismatch-server-extra] +ServerNameCallback = RejectMismatch + +[5-SNI-bad-sni-reject-mismatch-client-extra] +ServerName = invalid + + +# =========================================================== + +[6-SNI-bad-clienthello-sni-ignore-mismatch] +ssl_conf = 6-SNI-bad-clienthello-sni-ignore-mismatch-ssl + +[6-SNI-bad-clienthello-sni-ignore-mismatch-ssl] +server = 6-SNI-bad-clienthello-sni-ignore-mismatch-server +client = 6-SNI-bad-clienthello-sni-ignore-mismatch-client +server2 = 6-SNI-bad-clienthello-sni-ignore-mismatch-server + +[6-SNI-bad-clienthello-sni-ignore-mismatch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-SNI-bad-clienthello-sni-ignore-mismatch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = Success +ExpectedServerName = server1 +server = 6-SNI-bad-clienthello-sni-ignore-mismatch-server-extra +server2 = 6-SNI-bad-clienthello-sni-ignore-mismatch-server-extra +client = 6-SNI-bad-clienthello-sni-ignore-mismatch-client-extra + +[6-SNI-bad-clienthello-sni-ignore-mismatch-server-extra] +ServerNameCallback = ClientHelloIgnoreMismatch + +[6-SNI-bad-clienthello-sni-ignore-mismatch-client-extra] +ServerName = invalid + + +# =========================================================== + +[7-SNI-bad-clienthello-sni-reject-mismatch] +ssl_conf = 7-SNI-bad-clienthello-sni-reject-mismatch-ssl + +[7-SNI-bad-clienthello-sni-reject-mismatch-ssl] +server = 7-SNI-bad-clienthello-sni-reject-mismatch-server +client = 7-SNI-bad-clienthello-sni-reject-mismatch-client +server2 = 7-SNI-bad-clienthello-sni-reject-mismatch-server + +[7-SNI-bad-clienthello-sni-reject-mismatch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-SNI-bad-clienthello-sni-reject-mismatch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = ServerFail +ExpectedServerAlert = UnrecognizedName +server = 7-SNI-bad-clienthello-sni-reject-mismatch-server-extra +server2 = 7-SNI-bad-clienthello-sni-reject-mismatch-server-extra +client = 7-SNI-bad-clienthello-sni-reject-mismatch-client-extra + +[7-SNI-bad-clienthello-sni-reject-mismatch-server-extra] +ServerNameCallback = ClientHelloRejectMismatch + +[7-SNI-bad-clienthello-sni-reject-mismatch-client-extra] +ServerName = invalid + + +# =========================================================== + +[8-SNI-clienthello-disable-v12] +ssl_conf = 8-SNI-clienthello-disable-v12-ssl + +[8-SNI-clienthello-disable-v12-ssl] +server = 8-SNI-clienthello-disable-v12-server +client = 8-SNI-clienthello-disable-v12-client +server2 = 8-SNI-clienthello-disable-v12-server + +[8-SNI-clienthello-disable-v12-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-SNI-clienthello-disable-v12-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedProtocol = TLSv1.1 +ExpectedServerName = server2 +server = 8-SNI-clienthello-disable-v12-server-extra +server2 = 8-SNI-clienthello-disable-v12-server-extra +client = 8-SNI-clienthello-disable-v12-client-extra + +[8-SNI-clienthello-disable-v12-server-extra] +ServerNameCallback = ClientHelloNoV12 + +[8-SNI-clienthello-disable-v12-client-extra] +ServerName = server2 + + diff --git a/test/ssl-tests/05-sni.cnf.in b/test/ssl-tests/05-sni.cnf.in new file mode 100644 index 0000000000..6651899618 --- /dev/null +++ b/test/ssl-tests/05-sni.cnf.in @@ -0,0 +1,169 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## SSL test configurations + +use strict; +use warnings; + +package ssltests; +use OpenSSL::Test::Utils; + +our @tests = ( + { + name => "SNI-switch-context", + server => { + extra => { + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + client => { + extra => { + "ServerName" => "server2", + }, + }, + test => { + "ExpectedServerName" => "server2", + "ExpectedResult" => "Success" + }, + }, + { + name => "SNI-keep-context", + server => { + extra => { + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + client => { + extra => { + "ServerName" => "server1", + }, + }, + test => { + "ExpectedServerName" => "server1", + "ExpectedResult" => "Success" + }, + }, + { + name => "SNI-no-server-support", + server => { }, + client => { + extra => { + "ServerName" => "server1", + }, + }, + test => { "ExpectedResult" => "Success" }, + }, + { + name => "SNI-no-client-support", + server => { + extra => { + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + client => { }, + test => { + # We expect that the callback is still called + # to let the application decide whether they tolerate + # missing SNI (as our test callback does). + "ExpectedServerName" => "server1", + "ExpectedResult" => "Success" + }, + }, + { + name => "SNI-bad-sni-ignore-mismatch", + server => { + extra => { + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + client => { + extra => { + "ServerName" => "invalid", + }, + }, + test => { + "ExpectedServerName" => "server1", + "ExpectedResult" => "Success" + }, + }, + { + name => "SNI-bad-sni-reject-mismatch", + server => { + extra => { + "ServerNameCallback" => "RejectMismatch", + }, + }, + client => { + extra => { + "ServerName" => "invalid", + }, + }, + test => { + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => "UnrecognizedName" + }, + }, + { + name => "SNI-bad-clienthello-sni-ignore-mismatch", + server => { + extra => { + "ServerNameCallback" => "ClientHelloIgnoreMismatch", + }, + }, + client => { + extra => { + "ServerName" => "invalid", + }, + }, + test => { + "ExpectedServerName" => "server1", + "ExpectedResult" => "Success" + }, + }, + { + name => "SNI-bad-clienthello-sni-reject-mismatch", + server => { + extra => { + "ServerNameCallback" => "ClientHelloRejectMismatch", + }, + }, + client => { + extra => { + "ServerName" => "invalid", + }, + }, + test => { + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => "UnrecognizedName" + }, + }, +); + +our @tests_tls_1_1 = ( + { + name => "SNI-clienthello-disable-v12", + server => { + extra => { + "ServerNameCallback" => "ClientHelloNoV12", + }, + }, + client => { + extra => { + "ServerName" => "server2", + }, + }, + test => { + "ExpectedProtocol" => "TLSv1.1", + "ExpectedServerName" => "server2", + }, + }, +); + +push @tests, @tests_tls_1_1 unless disabled("tls1_1"); diff --git a/test/ssl-tests/05-sni.conf b/test/ssl-tests/05-sni.conf deleted file mode 100644 index a6c7f43911..0000000000 --- a/test/ssl-tests/05-sni.conf +++ /dev/null @@ -1,308 +0,0 @@ -# Generated with generate_ssl_tests.pl - -num_tests = 9 - -test-0 = 0-SNI-switch-context -test-1 = 1-SNI-keep-context -test-2 = 2-SNI-no-server-support -test-3 = 3-SNI-no-client-support -test-4 = 4-SNI-bad-sni-ignore-mismatch -test-5 = 5-SNI-bad-sni-reject-mismatch -test-6 = 6-SNI-bad-clienthello-sni-ignore-mismatch -test-7 = 7-SNI-bad-clienthello-sni-reject-mismatch -test-8 = 8-SNI-clienthello-disable-v12 -# =========================================================== - -[0-SNI-switch-context] -ssl_conf = 0-SNI-switch-context-ssl - -[0-SNI-switch-context-ssl] -server = 0-SNI-switch-context-server -client = 0-SNI-switch-context-client -server2 = 0-SNI-switch-context-server - -[0-SNI-switch-context-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[0-SNI-switch-context-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-0] -ExpectedResult = Success -ExpectedServerName = server2 -server = 0-SNI-switch-context-server-extra -server2 = 0-SNI-switch-context-server-extra -client = 0-SNI-switch-context-client-extra - -[0-SNI-switch-context-server-extra] -ServerNameCallback = IgnoreMismatch - -[0-SNI-switch-context-client-extra] -ServerName = server2 - - -# =========================================================== - -[1-SNI-keep-context] -ssl_conf = 1-SNI-keep-context-ssl - -[1-SNI-keep-context-ssl] -server = 1-SNI-keep-context-server -client = 1-SNI-keep-context-client -server2 = 1-SNI-keep-context-server - -[1-SNI-keep-context-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[1-SNI-keep-context-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-1] -ExpectedResult = Success -ExpectedServerName = server1 -server = 1-SNI-keep-context-server-extra -server2 = 1-SNI-keep-context-server-extra -client = 1-SNI-keep-context-client-extra - -[1-SNI-keep-context-server-extra] -ServerNameCallback = IgnoreMismatch - -[1-SNI-keep-context-client-extra] -ServerName = server1 - - -# =========================================================== - -[2-SNI-no-server-support] -ssl_conf = 2-SNI-no-server-support-ssl - -[2-SNI-no-server-support-ssl] -server = 2-SNI-no-server-support-server -client = 2-SNI-no-server-support-client - -[2-SNI-no-server-support-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[2-SNI-no-server-support-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-2] -ExpectedResult = Success -client = 2-SNI-no-server-support-client-extra - -[2-SNI-no-server-support-client-extra] -ServerName = server1 - - -# =========================================================== - -[3-SNI-no-client-support] -ssl_conf = 3-SNI-no-client-support-ssl - -[3-SNI-no-client-support-ssl] -server = 3-SNI-no-client-support-server -client = 3-SNI-no-client-support-client -server2 = 3-SNI-no-client-support-server - -[3-SNI-no-client-support-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[3-SNI-no-client-support-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-3] -ExpectedResult = Success -ExpectedServerName = server1 -server = 3-SNI-no-client-support-server-extra -server2 = 3-SNI-no-client-support-server-extra - -[3-SNI-no-client-support-server-extra] -ServerNameCallback = IgnoreMismatch - - -# =========================================================== - -[4-SNI-bad-sni-ignore-mismatch] -ssl_conf = 4-SNI-bad-sni-ignore-mismatch-ssl - -[4-SNI-bad-sni-ignore-mismatch-ssl] -server = 4-SNI-bad-sni-ignore-mismatch-server -client = 4-SNI-bad-sni-ignore-mismatch-client -server2 = 4-SNI-bad-sni-ignore-mismatch-server - -[4-SNI-bad-sni-ignore-mismatch-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[4-SNI-bad-sni-ignore-mismatch-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-4] -ExpectedResult = Success -ExpectedServerName = server1 -server = 4-SNI-bad-sni-ignore-mismatch-server-extra -server2 = 4-SNI-bad-sni-ignore-mismatch-server-extra -client = 4-SNI-bad-sni-ignore-mismatch-client-extra - -[4-SNI-bad-sni-ignore-mismatch-server-extra] -ServerNameCallback = IgnoreMismatch - -[4-SNI-bad-sni-ignore-mismatch-client-extra] -ServerName = invalid - - -# =========================================================== - -[5-SNI-bad-sni-reject-mismatch] -ssl_conf = 5-SNI-bad-sni-reject-mismatch-ssl - -[5-SNI-bad-sni-reject-mismatch-ssl] -server = 5-SNI-bad-sni-reject-mismatch-server -client = 5-SNI-bad-sni-reject-mismatch-client -server2 = 5-SNI-bad-sni-reject-mismatch-server - -[5-SNI-bad-sni-reject-mismatch-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[5-SNI-bad-sni-reject-mismatch-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-5] -ExpectedResult = ServerFail -ExpectedServerAlert = UnrecognizedName -server = 5-SNI-bad-sni-reject-mismatch-server-extra -server2 = 5-SNI-bad-sni-reject-mismatch-server-extra -client = 5-SNI-bad-sni-reject-mismatch-client-extra - -[5-SNI-bad-sni-reject-mismatch-server-extra] -ServerNameCallback = RejectMismatch - -[5-SNI-bad-sni-reject-mismatch-client-extra] -ServerName = invalid - - -# =========================================================== - -[6-SNI-bad-clienthello-sni-ignore-mismatch] -ssl_conf = 6-SNI-bad-clienthello-sni-ignore-mismatch-ssl - -[6-SNI-bad-clienthello-sni-ignore-mismatch-ssl] -server = 6-SNI-bad-clienthello-sni-ignore-mismatch-server -client = 6-SNI-bad-clienthello-sni-ignore-mismatch-client -server2 = 6-SNI-bad-clienthello-sni-ignore-mismatch-server - -[6-SNI-bad-clienthello-sni-ignore-mismatch-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[6-SNI-bad-clienthello-sni-ignore-mismatch-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-6] -ExpectedResult = Success -ExpectedServerName = server1 -server = 6-SNI-bad-clienthello-sni-ignore-mismatch-server-extra -server2 = 6-SNI-bad-clienthello-sni-ignore-mismatch-server-extra -client = 6-SNI-bad-clienthello-sni-ignore-mismatch-client-extra - -[6-SNI-bad-clienthello-sni-ignore-mismatch-server-extra] -ServerNameCallback = ClientHelloIgnoreMismatch - -[6-SNI-bad-clienthello-sni-ignore-mismatch-client-extra] -ServerName = invalid - - -# =========================================================== - -[7-SNI-bad-clienthello-sni-reject-mismatch] -ssl_conf = 7-SNI-bad-clienthello-sni-reject-mismatch-ssl - -[7-SNI-bad-clienthello-sni-reject-mismatch-ssl] -server = 7-SNI-bad-clienthello-sni-reject-mismatch-server -client = 7-SNI-bad-clienthello-sni-reject-mismatch-client -server2 = 7-SNI-bad-clienthello-sni-reject-mismatch-server - -[7-SNI-bad-clienthello-sni-reject-mismatch-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[7-SNI-bad-clienthello-sni-reject-mismatch-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-7] -ExpectedResult = ServerFail -ExpectedServerAlert = UnrecognizedName -server = 7-SNI-bad-clienthello-sni-reject-mismatch-server-extra -server2 = 7-SNI-bad-clienthello-sni-reject-mismatch-server-extra -client = 7-SNI-bad-clienthello-sni-reject-mismatch-client-extra - -[7-SNI-bad-clienthello-sni-reject-mismatch-server-extra] -ServerNameCallback = ClientHelloRejectMismatch - -[7-SNI-bad-clienthello-sni-reject-mismatch-client-extra] -ServerName = invalid - - -# =========================================================== - -[8-SNI-clienthello-disable-v12] -ssl_conf = 8-SNI-clienthello-disable-v12-ssl - -[8-SNI-clienthello-disable-v12-ssl] -server = 8-SNI-clienthello-disable-v12-server -client = 8-SNI-clienthello-disable-v12-client -server2 = 8-SNI-clienthello-disable-v12-server - -[8-SNI-clienthello-disable-v12-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[8-SNI-clienthello-disable-v12-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-8] -ExpectedProtocol = TLSv1.1 -ExpectedServerName = server2 -server = 8-SNI-clienthello-disable-v12-server-extra -server2 = 8-SNI-clienthello-disable-v12-server-extra -client = 8-SNI-clienthello-disable-v12-client-extra - -[8-SNI-clienthello-disable-v12-server-extra] -ServerNameCallback = ClientHelloNoV12 - -[8-SNI-clienthello-disable-v12-client-extra] -ServerName = server2 - - diff --git a/test/ssl-tests/05-sni.conf.in b/test/ssl-tests/05-sni.conf.in deleted file mode 100644 index 6651899618..0000000000 --- a/test/ssl-tests/05-sni.conf.in +++ /dev/null @@ -1,169 +0,0 @@ -# -*- mode: perl; -*- -# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -## SSL test configurations - -use strict; -use warnings; - -package ssltests; -use OpenSSL::Test::Utils; - -our @tests = ( - { - name => "SNI-switch-context", - server => { - extra => { - "ServerNameCallback" => "IgnoreMismatch", - }, - }, - client => { - extra => { - "ServerName" => "server2", - }, - }, - test => { - "ExpectedServerName" => "server2", - "ExpectedResult" => "Success" - }, - }, - { - name => "SNI-keep-context", - server => { - extra => { - "ServerNameCallback" => "IgnoreMismatch", - }, - }, - client => { - extra => { - "ServerName" => "server1", - }, - }, - test => { - "ExpectedServerName" => "server1", - "ExpectedResult" => "Success" - }, - }, - { - name => "SNI-no-server-support", - server => { }, - client => { - extra => { - "ServerName" => "server1", - }, - }, - test => { "ExpectedResult" => "Success" }, - }, - { - name => "SNI-no-client-support", - server => { - extra => { - "ServerNameCallback" => "IgnoreMismatch", - }, - }, - client => { }, - test => { - # We expect that the callback is still called - # to let the application decide whether they tolerate - # missing SNI (as our test callback does). - "ExpectedServerName" => "server1", - "ExpectedResult" => "Success" - }, - }, - { - name => "SNI-bad-sni-ignore-mismatch", - server => { - extra => { - "ServerNameCallback" => "IgnoreMismatch", - }, - }, - client => { - extra => { - "ServerName" => "invalid", - }, - }, - test => { - "ExpectedServerName" => "server1", - "ExpectedResult" => "Success" - }, - }, - { - name => "SNI-bad-sni-reject-mismatch", - server => { - extra => { - "ServerNameCallback" => "RejectMismatch", - }, - }, - client => { - extra => { - "ServerName" => "invalid", - }, - }, - test => { - "ExpectedResult" => "ServerFail", - "ExpectedServerAlert" => "UnrecognizedName" - }, - }, - { - name => "SNI-bad-clienthello-sni-ignore-mismatch", - server => { - extra => { - "ServerNameCallback" => "ClientHelloIgnoreMismatch", - }, - }, - client => { - extra => { - "ServerName" => "invalid", - }, - }, - test => { - "ExpectedServerName" => "server1", - "ExpectedResult" => "Success" - }, - }, - { - name => "SNI-bad-clienthello-sni-reject-mismatch", - server => { - extra => { - "ServerNameCallback" => "ClientHelloRejectMismatch", - }, - }, - client => { - extra => { - "ServerName" => "invalid", - }, - }, - test => { - "ExpectedResult" => "ServerFail", - "ExpectedServerAlert" => "UnrecognizedName" - }, - }, -); - -our @tests_tls_1_1 = ( - { - name => "SNI-clienthello-disable-v12", - server => { - extra => { - "ServerNameCallback" => "ClientHelloNoV12", - }, - }, - client => { - extra => { - "ServerName" => "server2", - }, - }, - test => { - "ExpectedProtocol" => "TLSv1.1", - "ExpectedServerName" => "server2", - }, - }, -); - -push @tests, @tests_tls_1_1 unless disabled("tls1_1"); diff --git a/test/ssl-tests/06-sni-ticket.cnf b/test/ssl-tests/06-sni-ticket.cnf new file mode 100644 index 0000000000..a3a9c78f06 --- /dev/null +++ b/test/ssl-tests/06-sni-ticket.cnf @@ -0,0 +1,767 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 17 + +test-0 = 0-sni-session-ticket +test-1 = 1-sni-session-ticket +test-2 = 2-sni-session-ticket +test-3 = 3-sni-session-ticket +test-4 = 4-sni-session-ticket +test-5 = 5-sni-session-ticket +test-6 = 6-sni-session-ticket +test-7 = 7-sni-session-ticket +test-8 = 8-sni-session-ticket +test-9 = 9-sni-session-ticket +test-10 = 10-sni-session-ticket +test-11 = 11-sni-session-ticket +test-12 = 12-sni-session-ticket +test-13 = 13-sni-session-ticket +test-14 = 14-sni-session-ticket +test-15 = 15-sni-session-ticket +test-16 = 16-sni-session-ticket +# =========================================================== + +[0-sni-session-ticket] +ssl_conf = 0-sni-session-ticket-ssl + +[0-sni-session-ticket-ssl] +server = 0-sni-session-ticket-server +client = 0-sni-session-ticket-client +server2 = 0-sni-session-ticket-server2 + +[0-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-sni-session-ticket-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +SessionTicketExpected = No +server = 0-sni-session-ticket-server-extra +client = 0-sni-session-ticket-client-extra + +[0-sni-session-ticket-server-extra] +BrokenSessionTicket = Yes + +[0-sni-session-ticket-client-extra] +ServerName = server1 + + +# =========================================================== + +[1-sni-session-ticket] +ssl_conf = 1-sni-session-ticket-ssl + +[1-sni-session-ticket-ssl] +server = 1-sni-session-ticket-server +client = 1-sni-session-ticket-client +server2 = 1-sni-session-ticket-server2 + +[1-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-sni-session-ticket-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success +ExpectedServerName = server1 +SessionIdExpected = Yes +SessionTicketExpected = Yes +server = 1-sni-session-ticket-server-extra +client = 1-sni-session-ticket-client-extra + +[1-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[1-sni-session-ticket-client-extra] +ServerName = server1 + + +# =========================================================== + +[2-sni-session-ticket] +ssl_conf = 2-sni-session-ticket-ssl + +[2-sni-session-ticket-ssl] +server = 2-sni-session-ticket-server +client = 2-sni-session-ticket-client +server2 = 2-sni-session-ticket-server2 + +[2-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-sni-session-ticket-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success +ExpectedServerName = server2 +SessionIdExpected = Yes +SessionTicketExpected = Yes +server = 2-sni-session-ticket-server-extra +client = 2-sni-session-ticket-client-extra + +[2-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[2-sni-session-ticket-client-extra] +ServerName = server2 + + +# =========================================================== + +[3-sni-session-ticket] +ssl_conf = 3-sni-session-ticket-ssl + +[3-sni-session-ticket-ssl] +server = 3-sni-session-ticket-server +client = 3-sni-session-ticket-client +server2 = 3-sni-session-ticket-server2 + +[3-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-sni-session-ticket-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +ExpectedServerName = server1 +SessionIdExpected = Yes +SessionTicketExpected = Yes +server = 3-sni-session-ticket-server-extra +client = 3-sni-session-ticket-client-extra + +[3-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[3-sni-session-ticket-client-extra] +ServerName = server1 + + +# =========================================================== + +[4-sni-session-ticket] +ssl_conf = 4-sni-session-ticket-ssl + +[4-sni-session-ticket-ssl] +server = 4-sni-session-ticket-server +client = 4-sni-session-ticket-client +server2 = 4-sni-session-ticket-server2 + +[4-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-sni-session-ticket-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success +ExpectedServerName = server2 +SessionIdExpected = Yes +SessionTicketExpected = No +server = 4-sni-session-ticket-server-extra +client = 4-sni-session-ticket-client-extra + +[4-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[4-sni-session-ticket-client-extra] +ServerName = server2 + + +# =========================================================== + +[5-sni-session-ticket] +ssl_conf = 5-sni-session-ticket-ssl + +[5-sni-session-ticket-ssl] +server = 5-sni-session-ticket-server +client = 5-sni-session-ticket-client +server2 = 5-sni-session-ticket-server2 + +[5-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-sni-session-ticket-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = Success +ExpectedServerName = server1 +SessionIdExpected = Yes +SessionTicketExpected = No +server = 5-sni-session-ticket-server-extra +client = 5-sni-session-ticket-client-extra + +[5-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[5-sni-session-ticket-client-extra] +ServerName = server1 + + +# =========================================================== + +[6-sni-session-ticket] +ssl_conf = 6-sni-session-ticket-ssl + +[6-sni-session-ticket-ssl] +server = 6-sni-session-ticket-server +client = 6-sni-session-ticket-client +server2 = 6-sni-session-ticket-server2 + +[6-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-sni-session-ticket-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = Success +ExpectedServerName = server2 +SessionIdExpected = Yes +SessionTicketExpected = No +server = 6-sni-session-ticket-server-extra +client = 6-sni-session-ticket-client-extra + +[6-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[6-sni-session-ticket-client-extra] +ServerName = server2 + + +# =========================================================== + +[7-sni-session-ticket] +ssl_conf = 7-sni-session-ticket-ssl + +[7-sni-session-ticket-ssl] +server = 7-sni-session-ticket-server +client = 7-sni-session-ticket-client +server2 = 7-sni-session-ticket-server2 + +[7-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-sni-session-ticket-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = Success +ExpectedServerName = server1 +SessionIdExpected = Yes +SessionTicketExpected = No +server = 7-sni-session-ticket-server-extra +client = 7-sni-session-ticket-client-extra + +[7-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[7-sni-session-ticket-client-extra] +ServerName = server1 + + +# =========================================================== + +[8-sni-session-ticket] +ssl_conf = 8-sni-session-ticket-ssl + +[8-sni-session-ticket-ssl] +server = 8-sni-session-ticket-server +client = 8-sni-session-ticket-client +server2 = 8-sni-session-ticket-server2 + +[8-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-sni-session-ticket-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedResult = Success +ExpectedServerName = server2 +SessionIdExpected = Yes +SessionTicketExpected = No +server = 8-sni-session-ticket-server-extra +client = 8-sni-session-ticket-client-extra + +[8-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[8-sni-session-ticket-client-extra] +ServerName = server2 + + +# =========================================================== + +[9-sni-session-ticket] +ssl_conf = 9-sni-session-ticket-ssl + +[9-sni-session-ticket-ssl] +server = 9-sni-session-ticket-server +client = 9-sni-session-ticket-client +server2 = 9-sni-session-ticket-server2 + +[9-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-sni-session-ticket-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = -SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedResult = Success +ExpectedServerName = server1 +SessionIdExpected = Yes +SessionTicketExpected = No +server = 9-sni-session-ticket-server-extra +client = 9-sni-session-ticket-client-extra + +[9-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[9-sni-session-ticket-client-extra] +ServerName = server1 + + +# =========================================================== + +[10-sni-session-ticket] +ssl_conf = 10-sni-session-ticket-ssl + +[10-sni-session-ticket-ssl] +server = 10-sni-session-ticket-server +client = 10-sni-session-ticket-client +server2 = 10-sni-session-ticket-server2 + +[10-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-sni-session-ticket-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = -SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedResult = Success +ExpectedServerName = server2 +SessionIdExpected = Yes +SessionTicketExpected = No +server = 10-sni-session-ticket-server-extra +client = 10-sni-session-ticket-client-extra + +[10-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[10-sni-session-ticket-client-extra] +ServerName = server2 + + +# =========================================================== + +[11-sni-session-ticket] +ssl_conf = 11-sni-session-ticket-ssl + +[11-sni-session-ticket-ssl] +server = 11-sni-session-ticket-server +client = 11-sni-session-ticket-client +server2 = 11-sni-session-ticket-server2 + +[11-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-sni-session-ticket-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = -SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedResult = Success +ExpectedServerName = server1 +SessionIdExpected = Yes +SessionTicketExpected = No +server = 11-sni-session-ticket-server-extra +client = 11-sni-session-ticket-client-extra + +[11-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[11-sni-session-ticket-client-extra] +ServerName = server1 + + +# =========================================================== + +[12-sni-session-ticket] +ssl_conf = 12-sni-session-ticket-ssl + +[12-sni-session-ticket-ssl] +server = 12-sni-session-ticket-server +client = 12-sni-session-ticket-client +server2 = 12-sni-session-ticket-server2 + +[12-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-sni-session-ticket-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = -SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedResult = Success +ExpectedServerName = server2 +SessionIdExpected = Yes +SessionTicketExpected = No +server = 12-sni-session-ticket-server-extra +client = 12-sni-session-ticket-client-extra + +[12-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[12-sni-session-ticket-client-extra] +ServerName = server2 + + +# =========================================================== + +[13-sni-session-ticket] +ssl_conf = 13-sni-session-ticket-ssl + +[13-sni-session-ticket-ssl] +server = 13-sni-session-ticket-server +client = 13-sni-session-ticket-client +server2 = 13-sni-session-ticket-server2 + +[13-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-sni-session-ticket-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = -SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedResult = Success +ExpectedServerName = server1 +SessionIdExpected = Yes +SessionTicketExpected = No +server = 13-sni-session-ticket-server-extra +client = 13-sni-session-ticket-client-extra + +[13-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[13-sni-session-ticket-client-extra] +ServerName = server1 + + +# =========================================================== + +[14-sni-session-ticket] +ssl_conf = 14-sni-session-ticket-ssl + +[14-sni-session-ticket-ssl] +server = 14-sni-session-ticket-server +client = 14-sni-session-ticket-client +server2 = 14-sni-session-ticket-server2 + +[14-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-sni-session-ticket-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = -SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedResult = Success +ExpectedServerName = server2 +SessionIdExpected = Yes +SessionTicketExpected = No +server = 14-sni-session-ticket-server-extra +client = 14-sni-session-ticket-client-extra + +[14-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[14-sni-session-ticket-client-extra] +ServerName = server2 + + +# =========================================================== + +[15-sni-session-ticket] +ssl_conf = 15-sni-session-ticket-ssl + +[15-sni-session-ticket-ssl] +server = 15-sni-session-ticket-server +client = 15-sni-session-ticket-client +server2 = 15-sni-session-ticket-server2 + +[15-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-sni-session-ticket-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = -SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedResult = Success +ExpectedServerName = server1 +SessionIdExpected = Yes +SessionTicketExpected = No +server = 15-sni-session-ticket-server-extra +client = 15-sni-session-ticket-client-extra + +[15-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[15-sni-session-ticket-client-extra] +ServerName = server1 + + +# =========================================================== + +[16-sni-session-ticket] +ssl_conf = 16-sni-session-ticket-ssl + +[16-sni-session-ticket-ssl] +server = 16-sni-session-ticket-server +client = 16-sni-session-ticket-client +server2 = 16-sni-session-ticket-server2 + +[16-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-sni-session-ticket-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = -SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +ExpectedResult = Success +ExpectedServerName = server2 +SessionIdExpected = Yes +SessionTicketExpected = No +server = 16-sni-session-ticket-server-extra +client = 16-sni-session-ticket-client-extra + +[16-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[16-sni-session-ticket-client-extra] +ServerName = server2 + + diff --git a/test/ssl-tests/06-sni-ticket.cnf.in b/test/ssl-tests/06-sni-ticket.cnf.in new file mode 100644 index 0000000000..6a22afcdde --- /dev/null +++ b/test/ssl-tests/06-sni-ticket.cnf.in @@ -0,0 +1,101 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test SNI/Session tickets + +use strict; +use warnings; + +package ssltests; + + +our @tests = (); + +#Note: MaxProtocol is set to TLSv1.2 as session tickets work differently in +#TLSv1.3. +sub generate_tests() { + foreach my $c ("SessionTicket", "-SessionTicket") { + foreach my $s1 ("SessionTicket", "-SessionTicket") { + foreach my $s2 ("SessionTicket", "-SessionTicket") { + foreach my $n ("server1", "server2") { + my $ticket_result = expected_result($c, $s1, $s2, $n); + my $session_id_result = "Yes"; # always, even with a ticket + push @tests, { + "name" => "sni-session-ticket", + "client" => { + "Options" => $c, + "extra" => { + "ServerName" => $n, + }, + "MaxProtocol" => "TLSv1.2" + }, + "server" => { + "Options" => $s1, + "extra" => { + # We don't test mismatch here. + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + "server2" => { + "Options" => $s2, + }, + "test" => { + "ExpectedServerName" => $n, + "ExpectedResult" => "Success", + "SessionIdExpected" => $session_id_result, + "SessionTicketExpected" => $ticket_result, + } + }; + } + } + } + } +} + +# If the client has session tickets disabled, then No support +# If the server initial_ctx has session tickets disabled, then No support +# If SNI is in use, then if the "switched-to" context has session tickets disabled, +# then No support +sub expected_result { + my ($c, $s1, $s2, $n) = @_; + + return "No" if $c eq "-SessionTicket"; + return "No" if $s1 eq "-SessionTicket"; + return "No" if ($s2 eq "-SessionTicket" && $n eq "server2"); + + return "Yes"; + +} + +# Add a "Broken" case. +push @tests, { + "name" => "sni-session-ticket", + "client" => { + "MaxProtocol" => "TLSv1.2", + "Options" => "SessionTicket", + "extra" => { + "ServerName" => "server1", + } + }, + "server" => { + "Options" => "SessionTicket", + "extra" => { + "BrokenSessionTicket" => "Yes", + }, + }, + "server2" => { + "Options" => "SessionTicket", + }, + "test" => { + "ExpectedResult" => "Success", + "SessionTicketExpected" => "No", + } +}; + +generate_tests(); diff --git a/test/ssl-tests/06-sni-ticket.conf b/test/ssl-tests/06-sni-ticket.conf deleted file mode 100644 index a3a9c78f06..0000000000 --- a/test/ssl-tests/06-sni-ticket.conf +++ /dev/null @@ -1,767 +0,0 @@ -# Generated with generate_ssl_tests.pl - -num_tests = 17 - -test-0 = 0-sni-session-ticket -test-1 = 1-sni-session-ticket -test-2 = 2-sni-session-ticket -test-3 = 3-sni-session-ticket -test-4 = 4-sni-session-ticket -test-5 = 5-sni-session-ticket -test-6 = 6-sni-session-ticket -test-7 = 7-sni-session-ticket -test-8 = 8-sni-session-ticket -test-9 = 9-sni-session-ticket -test-10 = 10-sni-session-ticket -test-11 = 11-sni-session-ticket -test-12 = 12-sni-session-ticket -test-13 = 13-sni-session-ticket -test-14 = 14-sni-session-ticket -test-15 = 15-sni-session-ticket -test-16 = 16-sni-session-ticket -# =========================================================== - -[0-sni-session-ticket] -ssl_conf = 0-sni-session-ticket-ssl - -[0-sni-session-ticket-ssl] -server = 0-sni-session-ticket-server -client = 0-sni-session-ticket-client -server2 = 0-sni-session-ticket-server2 - -[0-sni-session-ticket-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[0-sni-session-ticket-server2] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[0-sni-session-ticket-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -Options = SessionTicket -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-0] -ExpectedResult = Success -SessionTicketExpected = No -server = 0-sni-session-ticket-server-extra -client = 0-sni-session-ticket-client-extra - -[0-sni-session-ticket-server-extra] -BrokenSessionTicket = Yes - -[0-sni-session-ticket-client-extra] -ServerName = server1 - - -# =========================================================== - -[1-sni-session-ticket] -ssl_conf = 1-sni-session-ticket-ssl - -[1-sni-session-ticket-ssl] -server = 1-sni-session-ticket-server -client = 1-sni-session-ticket-client -server2 = 1-sni-session-ticket-server2 - -[1-sni-session-ticket-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[1-sni-session-ticket-server2] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[1-sni-session-ticket-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -Options = SessionTicket -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-1] -ExpectedResult = Success -ExpectedServerName = server1 -SessionIdExpected = Yes -SessionTicketExpected = Yes -server = 1-sni-session-ticket-server-extra -client = 1-sni-session-ticket-client-extra - -[1-sni-session-ticket-server-extra] -ServerNameCallback = IgnoreMismatch - -[1-sni-session-ticket-client-extra] -ServerName = server1 - - -# =========================================================== - -[2-sni-session-ticket] -ssl_conf = 2-sni-session-ticket-ssl - -[2-sni-session-ticket-ssl] -server = 2-sni-session-ticket-server -client = 2-sni-session-ticket-client -server2 = 2-sni-session-ticket-server2 - -[2-sni-session-ticket-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[2-sni-session-ticket-server2] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[2-sni-session-ticket-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -Options = SessionTicket -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-2] -ExpectedResult = Success -ExpectedServerName = server2 -SessionIdExpected = Yes -SessionTicketExpected = Yes -server = 2-sni-session-ticket-server-extra -client = 2-sni-session-ticket-client-extra - -[2-sni-session-ticket-server-extra] -ServerNameCallback = IgnoreMismatch - -[2-sni-session-ticket-client-extra] -ServerName = server2 - - -# =========================================================== - -[3-sni-session-ticket] -ssl_conf = 3-sni-session-ticket-ssl - -[3-sni-session-ticket-ssl] -server = 3-sni-session-ticket-server -client = 3-sni-session-ticket-client -server2 = 3-sni-session-ticket-server2 - -[3-sni-session-ticket-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[3-sni-session-ticket-server2] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[3-sni-session-ticket-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -Options = SessionTicket -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-3] -ExpectedResult = Success -ExpectedServerName = server1 -SessionIdExpected = Yes -SessionTicketExpected = Yes -server = 3-sni-session-ticket-server-extra -client = 3-sni-session-ticket-client-extra - -[3-sni-session-ticket-server-extra] -ServerNameCallback = IgnoreMismatch - -[3-sni-session-ticket-client-extra] -ServerName = server1 - - -# =========================================================== - -[4-sni-session-ticket] -ssl_conf = 4-sni-session-ticket-ssl - -[4-sni-session-ticket-ssl] -server = 4-sni-session-ticket-server -client = 4-sni-session-ticket-client -server2 = 4-sni-session-ticket-server2 - -[4-sni-session-ticket-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[4-sni-session-ticket-server2] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[4-sni-session-ticket-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -Options = SessionTicket -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-4] -ExpectedResult = Success -ExpectedServerName = server2 -SessionIdExpected = Yes -SessionTicketExpected = No -server = 4-sni-session-ticket-server-extra -client = 4-sni-session-ticket-client-extra - -[4-sni-session-ticket-server-extra] -ServerNameCallback = IgnoreMismatch - -[4-sni-session-ticket-client-extra] -ServerName = server2 - - -# =========================================================== - -[5-sni-session-ticket] -ssl_conf = 5-sni-session-ticket-ssl - -[5-sni-session-ticket-ssl] -server = 5-sni-session-ticket-server -client = 5-sni-session-ticket-client -server2 = 5-sni-session-ticket-server2 - -[5-sni-session-ticket-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[5-sni-session-ticket-server2] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[5-sni-session-ticket-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -Options = SessionTicket -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-5] -ExpectedResult = Success -ExpectedServerName = server1 -SessionIdExpected = Yes -SessionTicketExpected = No -server = 5-sni-session-ticket-server-extra -client = 5-sni-session-ticket-client-extra - -[5-sni-session-ticket-server-extra] -ServerNameCallback = IgnoreMismatch - -[5-sni-session-ticket-client-extra] -ServerName = server1 - - -# =========================================================== - -[6-sni-session-ticket] -ssl_conf = 6-sni-session-ticket-ssl - -[6-sni-session-ticket-ssl] -server = 6-sni-session-ticket-server -client = 6-sni-session-ticket-client -server2 = 6-sni-session-ticket-server2 - -[6-sni-session-ticket-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[6-sni-session-ticket-server2] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[6-sni-session-ticket-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -Options = SessionTicket -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-6] -ExpectedResult = Success -ExpectedServerName = server2 -SessionIdExpected = Yes -SessionTicketExpected = No -server = 6-sni-session-ticket-server-extra -client = 6-sni-session-ticket-client-extra - -[6-sni-session-ticket-server-extra] -ServerNameCallback = IgnoreMismatch - -[6-sni-session-ticket-client-extra] -ServerName = server2 - - -# =========================================================== - -[7-sni-session-ticket] -ssl_conf = 7-sni-session-ticket-ssl - -[7-sni-session-ticket-ssl] -server = 7-sni-session-ticket-server -client = 7-sni-session-ticket-client -server2 = 7-sni-session-ticket-server2 - -[7-sni-session-ticket-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[7-sni-session-ticket-server2] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[7-sni-session-ticket-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -Options = SessionTicket -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-7] -ExpectedResult = Success -ExpectedServerName = server1 -SessionIdExpected = Yes -SessionTicketExpected = No -server = 7-sni-session-ticket-server-extra -client = 7-sni-session-ticket-client-extra - -[7-sni-session-ticket-server-extra] -ServerNameCallback = IgnoreMismatch - -[7-sni-session-ticket-client-extra] -ServerName = server1 - - -# =========================================================== - -[8-sni-session-ticket] -ssl_conf = 8-sni-session-ticket-ssl - -[8-sni-session-ticket-ssl] -server = 8-sni-session-ticket-server -client = 8-sni-session-ticket-client -server2 = 8-sni-session-ticket-server2 - -[8-sni-session-ticket-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[8-sni-session-ticket-server2] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[8-sni-session-ticket-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -Options = SessionTicket -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-8] -ExpectedResult = Success -ExpectedServerName = server2 -SessionIdExpected = Yes -SessionTicketExpected = No -server = 8-sni-session-ticket-server-extra -client = 8-sni-session-ticket-client-extra - -[8-sni-session-ticket-server-extra] -ServerNameCallback = IgnoreMismatch - -[8-sni-session-ticket-client-extra] -ServerName = server2 - - -# =========================================================== - -[9-sni-session-ticket] -ssl_conf = 9-sni-session-ticket-ssl - -[9-sni-session-ticket-ssl] -server = 9-sni-session-ticket-server -client = 9-sni-session-ticket-client -server2 = 9-sni-session-ticket-server2 - -[9-sni-session-ticket-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[9-sni-session-ticket-server2] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[9-sni-session-ticket-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -Options = -SessionTicket -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-9] -ExpectedResult = Success -ExpectedServerName = server1 -SessionIdExpected = Yes -SessionTicketExpected = No -server = 9-sni-session-ticket-server-extra -client = 9-sni-session-ticket-client-extra - -[9-sni-session-ticket-server-extra] -ServerNameCallback = IgnoreMismatch - -[9-sni-session-ticket-client-extra] -ServerName = server1 - - -# =========================================================== - -[10-sni-session-ticket] -ssl_conf = 10-sni-session-ticket-ssl - -[10-sni-session-ticket-ssl] -server = 10-sni-session-ticket-server -client = 10-sni-session-ticket-client -server2 = 10-sni-session-ticket-server2 - -[10-sni-session-ticket-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[10-sni-session-ticket-server2] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[10-sni-session-ticket-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -Options = -SessionTicket -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-10] -ExpectedResult = Success -ExpectedServerName = server2 -SessionIdExpected = Yes -SessionTicketExpected = No -server = 10-sni-session-ticket-server-extra -client = 10-sni-session-ticket-client-extra - -[10-sni-session-ticket-server-extra] -ServerNameCallback = IgnoreMismatch - -[10-sni-session-ticket-client-extra] -ServerName = server2 - - -# =========================================================== - -[11-sni-session-ticket] -ssl_conf = 11-sni-session-ticket-ssl - -[11-sni-session-ticket-ssl] -server = 11-sni-session-ticket-server -client = 11-sni-session-ticket-client -server2 = 11-sni-session-ticket-server2 - -[11-sni-session-ticket-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[11-sni-session-ticket-server2] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[11-sni-session-ticket-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -Options = -SessionTicket -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-11] -ExpectedResult = Success -ExpectedServerName = server1 -SessionIdExpected = Yes -SessionTicketExpected = No -server = 11-sni-session-ticket-server-extra -client = 11-sni-session-ticket-client-extra - -[11-sni-session-ticket-server-extra] -ServerNameCallback = IgnoreMismatch - -[11-sni-session-ticket-client-extra] -ServerName = server1 - - -# =========================================================== - -[12-sni-session-ticket] -ssl_conf = 12-sni-session-ticket-ssl - -[12-sni-session-ticket-ssl] -server = 12-sni-session-ticket-server -client = 12-sni-session-ticket-client -server2 = 12-sni-session-ticket-server2 - -[12-sni-session-ticket-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[12-sni-session-ticket-server2] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[12-sni-session-ticket-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -Options = -SessionTicket -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-12] -ExpectedResult = Success -ExpectedServerName = server2 -SessionIdExpected = Yes -SessionTicketExpected = No -server = 12-sni-session-ticket-server-extra -client = 12-sni-session-ticket-client-extra - -[12-sni-session-ticket-server-extra] -ServerNameCallback = IgnoreMismatch - -[12-sni-session-ticket-client-extra] -ServerName = server2 - - -# =========================================================== - -[13-sni-session-ticket] -ssl_conf = 13-sni-session-ticket-ssl - -[13-sni-session-ticket-ssl] -server = 13-sni-session-ticket-server -client = 13-sni-session-ticket-client -server2 = 13-sni-session-ticket-server2 - -[13-sni-session-ticket-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[13-sni-session-ticket-server2] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[13-sni-session-ticket-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -Options = -SessionTicket -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-13] -ExpectedResult = Success -ExpectedServerName = server1 -SessionIdExpected = Yes -SessionTicketExpected = No -server = 13-sni-session-ticket-server-extra -client = 13-sni-session-ticket-client-extra - -[13-sni-session-ticket-server-extra] -ServerNameCallback = IgnoreMismatch - -[13-sni-session-ticket-client-extra] -ServerName = server1 - - -# =========================================================== - -[14-sni-session-ticket] -ssl_conf = 14-sni-session-ticket-ssl - -[14-sni-session-ticket-ssl] -server = 14-sni-session-ticket-server -client = 14-sni-session-ticket-client -server2 = 14-sni-session-ticket-server2 - -[14-sni-session-ticket-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[14-sni-session-ticket-server2] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[14-sni-session-ticket-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -Options = -SessionTicket -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-14] -ExpectedResult = Success -ExpectedServerName = server2 -SessionIdExpected = Yes -SessionTicketExpected = No -server = 14-sni-session-ticket-server-extra -client = 14-sni-session-ticket-client-extra - -[14-sni-session-ticket-server-extra] -ServerNameCallback = IgnoreMismatch - -[14-sni-session-ticket-client-extra] -ServerName = server2 - - -# =========================================================== - -[15-sni-session-ticket] -ssl_conf = 15-sni-session-ticket-ssl - -[15-sni-session-ticket-ssl] -server = 15-sni-session-ticket-server -client = 15-sni-session-ticket-client -server2 = 15-sni-session-ticket-server2 - -[15-sni-session-ticket-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[15-sni-session-ticket-server2] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[15-sni-session-ticket-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -Options = -SessionTicket -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-15] -ExpectedResult = Success -ExpectedServerName = server1 -SessionIdExpected = Yes -SessionTicketExpected = No -server = 15-sni-session-ticket-server-extra -client = 15-sni-session-ticket-client-extra - -[15-sni-session-ticket-server-extra] -ServerNameCallback = IgnoreMismatch - -[15-sni-session-ticket-client-extra] -ServerName = server1 - - -# =========================================================== - -[16-sni-session-ticket] -ssl_conf = 16-sni-session-ticket-ssl - -[16-sni-session-ticket-ssl] -server = 16-sni-session-ticket-server -client = 16-sni-session-ticket-client -server2 = 16-sni-session-ticket-server2 - -[16-sni-session-ticket-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[16-sni-session-ticket-server2] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[16-sni-session-ticket-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -Options = -SessionTicket -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-16] -ExpectedResult = Success -ExpectedServerName = server2 -SessionIdExpected = Yes -SessionTicketExpected = No -server = 16-sni-session-ticket-server-extra -client = 16-sni-session-ticket-client-extra - -[16-sni-session-ticket-server-extra] -ServerNameCallback = IgnoreMismatch - -[16-sni-session-ticket-client-extra] -ServerName = server2 - - diff --git a/test/ssl-tests/06-sni-ticket.conf.in b/test/ssl-tests/06-sni-ticket.conf.in deleted file mode 100644 index 6a22afcdde..0000000000 --- a/test/ssl-tests/06-sni-ticket.conf.in +++ /dev/null @@ -1,101 +0,0 @@ -# -*- mode: perl; -*- -# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -## Test SNI/Session tickets - -use strict; -use warnings; - -package ssltests; - - -our @tests = (); - -#Note: MaxProtocol is set to TLSv1.2 as session tickets work differently in -#TLSv1.3. -sub generate_tests() { - foreach my $c ("SessionTicket", "-SessionTicket") { - foreach my $s1 ("SessionTicket", "-SessionTicket") { - foreach my $s2 ("SessionTicket", "-SessionTicket") { - foreach my $n ("server1", "server2") { - my $ticket_result = expected_result($c, $s1, $s2, $n); - my $session_id_result = "Yes"; # always, even with a ticket - push @tests, { - "name" => "sni-session-ticket", - "client" => { - "Options" => $c, - "extra" => { - "ServerName" => $n, - }, - "MaxProtocol" => "TLSv1.2" - }, - "server" => { - "Options" => $s1, - "extra" => { - # We don't test mismatch here. - "ServerNameCallback" => "IgnoreMismatch", - }, - }, - "server2" => { - "Options" => $s2, - }, - "test" => { - "ExpectedServerName" => $n, - "ExpectedResult" => "Success", - "SessionIdExpected" => $session_id_result, - "SessionTicketExpected" => $ticket_result, - } - }; - } - } - } - } -} - -# If the client has session tickets disabled, then No support -# If the server initial_ctx has session tickets disabled, then No support -# If SNI is in use, then if the "switched-to" context has session tickets disabled, -# then No support -sub expected_result { - my ($c, $s1, $s2, $n) = @_; - - return "No" if $c eq "-SessionTicket"; - return "No" if $s1 eq "-SessionTicket"; - return "No" if ($s2 eq "-SessionTicket" && $n eq "server2"); - - return "Yes"; - -} - -# Add a "Broken" case. -push @tests, { - "name" => "sni-session-ticket", - "client" => { - "MaxProtocol" => "TLSv1.2", - "Options" => "SessionTicket", - "extra" => { - "ServerName" => "server1", - } - }, - "server" => { - "Options" => "SessionTicket", - "extra" => { - "BrokenSessionTicket" => "Yes", - }, - }, - "server2" => { - "Options" => "SessionTicket", - }, - "test" => { - "ExpectedResult" => "Success", - "SessionTicketExpected" => "No", - } -}; - -generate_tests(); diff --git a/test/ssl-tests/07-dtls-protocol-version.cnf b/test/ssl-tests/07-dtls-protocol-version.cnf new file mode 100644 index 0000000000..3304a3bbaa --- /dev/null +++ b/test/ssl-tests/07-dtls-protocol-version.cnf @@ -0,0 +1,1820 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 64 + +test-0 = 0-version-negotiation +test-1 = 1-version-negotiation +test-2 = 2-version-negotiation +test-3 = 3-version-negotiation +test-4 = 4-version-negotiation +test-5 = 5-version-negotiation +test-6 = 6-version-negotiation +test-7 = 7-version-negotiation +test-8 = 8-version-negotiation +test-9 = 9-version-negotiation +test-10 = 10-version-negotiation +test-11 = 11-version-negotiation +test-12 = 12-version-negotiation +test-13 = 13-version-negotiation +test-14 = 14-version-negotiation +test-15 = 15-version-negotiation +test-16 = 16-version-negotiation +test-17 = 17-version-negotiation +test-18 = 18-version-negotiation +test-19 = 19-version-negotiation +test-20 = 20-version-negotiation +test-21 = 21-version-negotiation +test-22 = 22-version-negotiation +test-23 = 23-version-negotiation +test-24 = 24-version-negotiation +test-25 = 25-version-negotiation +test-26 = 26-version-negotiation +test-27 = 27-version-negotiation +test-28 = 28-version-negotiation +test-29 = 29-version-negotiation +test-30 = 30-version-negotiation +test-31 = 31-version-negotiation +test-32 = 32-version-negotiation +test-33 = 33-version-negotiation +test-34 = 34-version-negotiation +test-35 = 35-version-negotiation +test-36 = 36-version-negotiation +test-37 = 37-version-negotiation +test-38 = 38-version-negotiation +test-39 = 39-version-negotiation +test-40 = 40-version-negotiation +test-41 = 41-version-negotiation +test-42 = 42-version-negotiation +test-43 = 43-version-negotiation +test-44 = 44-version-negotiation +test-45 = 45-version-negotiation +test-46 = 46-version-negotiation +test-47 = 47-version-negotiation +test-48 = 48-version-negotiation +test-49 = 49-version-negotiation +test-50 = 50-version-negotiation +test-51 = 51-version-negotiation +test-52 = 52-version-negotiation +test-53 = 53-version-negotiation +test-54 = 54-version-negotiation +test-55 = 55-version-negotiation +test-56 = 56-version-negotiation +test-57 = 57-version-negotiation +test-58 = 58-version-negotiation +test-59 = 59-version-negotiation +test-60 = 60-version-negotiation +test-61 = 61-version-negotiation +test-62 = 62-version-negotiation +test-63 = 63-version-negotiation +# =========================================================== + +[0-version-negotiation] +ssl_conf = 0-version-negotiation-ssl + +[0-version-negotiation-ssl] +server = 0-version-negotiation-server +client = 0-version-negotiation-client + +[0-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[1-version-negotiation] +ssl_conf = 1-version-negotiation-ssl + +[1-version-negotiation-ssl] +server = 1-version-negotiation-server +client = 1-version-negotiation-client + +[1-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[2-version-negotiation] +ssl_conf = 2-version-negotiation-ssl + +[2-version-negotiation-ssl] +server = 2-version-negotiation-server +client = 2-version-negotiation-client + +[2-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[3-version-negotiation] +ssl_conf = 3-version-negotiation-ssl + +[3-version-negotiation-ssl] +server = 3-version-negotiation-server +client = 3-version-negotiation-client + +[3-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[4-version-negotiation] +ssl_conf = 4-version-negotiation-ssl + +[4-version-negotiation-ssl] +server = 4-version-negotiation-server +client = 4-version-negotiation-client + +[4-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[5-version-negotiation] +ssl_conf = 5-version-negotiation-ssl + +[5-version-negotiation-ssl] +server = 5-version-negotiation-server +client = 5-version-negotiation-client + +[5-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[6-version-negotiation] +ssl_conf = 6-version-negotiation-ssl + +[6-version-negotiation-ssl] +server = 6-version-negotiation-server +client = 6-version-negotiation-client + +[6-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = ServerFail +Method = DTLS + + +# =========================================================== + +[7-version-negotiation] +ssl_conf = 7-version-negotiation-ssl + +[7-version-negotiation-ssl] +server = 7-version-negotiation-server +client = 7-version-negotiation-client + +[7-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = ServerFail +Method = DTLS + + +# =========================================================== + +[8-version-negotiation] +ssl_conf = 8-version-negotiation-ssl + +[8-version-negotiation-ssl] +server = 8-version-negotiation-server +client = 8-version-negotiation-client + +[8-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[9-version-negotiation] +ssl_conf = 9-version-negotiation-ssl + +[9-version-negotiation-ssl] +server = 9-version-negotiation-server +client = 9-version-negotiation-client + +[9-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[10-version-negotiation] +ssl_conf = 10-version-negotiation-ssl + +[10-version-negotiation-ssl] +server = 10-version-negotiation-server +client = 10-version-negotiation-client + +[10-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[11-version-negotiation] +ssl_conf = 11-version-negotiation-ssl + +[11-version-negotiation-ssl] +server = 11-version-negotiation-server +client = 11-version-negotiation-client + +[11-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[12-version-negotiation] +ssl_conf = 12-version-negotiation-ssl + +[12-version-negotiation-ssl] +server = 12-version-negotiation-server +client = 12-version-negotiation-client + +[12-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[13-version-negotiation] +ssl_conf = 13-version-negotiation-ssl + +[13-version-negotiation-ssl] +server = 13-version-negotiation-server +client = 13-version-negotiation-client + +[13-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[14-version-negotiation] +ssl_conf = 14-version-negotiation-ssl + +[14-version-negotiation-ssl] +server = 14-version-negotiation-server +client = 14-version-negotiation-client + +[14-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[15-version-negotiation] +ssl_conf = 15-version-negotiation-ssl + +[15-version-negotiation-ssl] +server = 15-version-negotiation-server +client = 15-version-negotiation-client + +[15-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[16-version-negotiation] +ssl_conf = 16-version-negotiation-ssl + +[16-version-negotiation-ssl] +server = 16-version-negotiation-server +client = 16-version-negotiation-client + +[16-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[17-version-negotiation] +ssl_conf = 17-version-negotiation-ssl + +[17-version-negotiation-ssl] +server = 17-version-negotiation-server +client = 17-version-negotiation-client + +[17-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[17-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-17] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[18-version-negotiation] +ssl_conf = 18-version-negotiation-ssl + +[18-version-negotiation-ssl] +server = 18-version-negotiation-server +client = 18-version-negotiation-client + +[18-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-18] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[19-version-negotiation] +ssl_conf = 19-version-negotiation-ssl + +[19-version-negotiation-ssl] +server = 19-version-negotiation-server +client = 19-version-negotiation-client + +[19-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-19] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[20-version-negotiation] +ssl_conf = 20-version-negotiation-ssl + +[20-version-negotiation-ssl] +server = 20-version-negotiation-server +client = 20-version-negotiation-client + +[20-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[20-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-20] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[21-version-negotiation] +ssl_conf = 21-version-negotiation-ssl + +[21-version-negotiation-ssl] +server = 21-version-negotiation-server +client = 21-version-negotiation-client + +[21-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[21-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-21] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[22-version-negotiation] +ssl_conf = 22-version-negotiation-ssl + +[22-version-negotiation-ssl] +server = 22-version-negotiation-server +client = 22-version-negotiation-client + +[22-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[22-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-22] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[23-version-negotiation] +ssl_conf = 23-version-negotiation-ssl + +[23-version-negotiation-ssl] +server = 23-version-negotiation-server +client = 23-version-negotiation-client + +[23-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[23-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-23] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[24-version-negotiation] +ssl_conf = 24-version-negotiation-ssl + +[24-version-negotiation-ssl] +server = 24-version-negotiation-server +client = 24-version-negotiation-client + +[24-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[24-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-24] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[25-version-negotiation] +ssl_conf = 25-version-negotiation-ssl + +[25-version-negotiation-ssl] +server = 25-version-negotiation-server +client = 25-version-negotiation-client + +[25-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[25-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-25] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[26-version-negotiation] +ssl_conf = 26-version-negotiation-ssl + +[26-version-negotiation-ssl] +server = 26-version-negotiation-server +client = 26-version-negotiation-client + +[26-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[26-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-26] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[27-version-negotiation] +ssl_conf = 27-version-negotiation-ssl + +[27-version-negotiation-ssl] +server = 27-version-negotiation-server +client = 27-version-negotiation-client + +[27-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[27-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-27] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[28-version-negotiation] +ssl_conf = 28-version-negotiation-ssl + +[28-version-negotiation-ssl] +server = 28-version-negotiation-server +client = 28-version-negotiation-client + +[28-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[28-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-28] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[29-version-negotiation] +ssl_conf = 29-version-negotiation-ssl + +[29-version-negotiation-ssl] +server = 29-version-negotiation-server +client = 29-version-negotiation-client + +[29-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[29-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-29] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[30-version-negotiation] +ssl_conf = 30-version-negotiation-ssl + +[30-version-negotiation-ssl] +server = 30-version-negotiation-server +client = 30-version-negotiation-client + +[30-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[30-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-30] +ExpectedResult = ServerFail +Method = DTLS + + +# =========================================================== + +[31-version-negotiation] +ssl_conf = 31-version-negotiation-ssl + +[31-version-negotiation-ssl] +server = 31-version-negotiation-server +client = 31-version-negotiation-client + +[31-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[31-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-31] +ExpectedResult = ServerFail +Method = DTLS + + +# =========================================================== + +[32-version-negotiation] +ssl_conf = 32-version-negotiation-ssl + +[32-version-negotiation-ssl] +server = 32-version-negotiation-server +client = 32-version-negotiation-client + +[32-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[32-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-32] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[33-version-negotiation] +ssl_conf = 33-version-negotiation-ssl + +[33-version-negotiation-ssl] +server = 33-version-negotiation-server +client = 33-version-negotiation-client + +[33-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[33-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-33] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[34-version-negotiation] +ssl_conf = 34-version-negotiation-ssl + +[34-version-negotiation-ssl] +server = 34-version-negotiation-server +client = 34-version-negotiation-client + +[34-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[34-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-34] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[35-version-negotiation] +ssl_conf = 35-version-negotiation-ssl + +[35-version-negotiation-ssl] +server = 35-version-negotiation-server +client = 35-version-negotiation-client + +[35-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[35-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-35] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[36-version-negotiation] +ssl_conf = 36-version-negotiation-ssl + +[36-version-negotiation-ssl] +server = 36-version-negotiation-server +client = 36-version-negotiation-client + +[36-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[36-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-36] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[37-version-negotiation] +ssl_conf = 37-version-negotiation-ssl + +[37-version-negotiation-ssl] +server = 37-version-negotiation-server +client = 37-version-negotiation-client + +[37-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[37-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-37] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[38-version-negotiation] +ssl_conf = 38-version-negotiation-ssl + +[38-version-negotiation-ssl] +server = 38-version-negotiation-server +client = 38-version-negotiation-client + +[38-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[38-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-38] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[39-version-negotiation] +ssl_conf = 39-version-negotiation-ssl + +[39-version-negotiation-ssl] +server = 39-version-negotiation-server +client = 39-version-negotiation-client + +[39-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[39-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-39] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[40-version-negotiation] +ssl_conf = 40-version-negotiation-ssl + +[40-version-negotiation-ssl] +server = 40-version-negotiation-server +client = 40-version-negotiation-client + +[40-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[40-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-40] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[41-version-negotiation] +ssl_conf = 41-version-negotiation-ssl + +[41-version-negotiation-ssl] +server = 41-version-negotiation-server +client = 41-version-negotiation-client + +[41-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[41-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-41] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[42-version-negotiation] +ssl_conf = 42-version-negotiation-ssl + +[42-version-negotiation-ssl] +server = 42-version-negotiation-server +client = 42-version-negotiation-client + +[42-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[42-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-42] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[43-version-negotiation] +ssl_conf = 43-version-negotiation-ssl + +[43-version-negotiation-ssl] +server = 43-version-negotiation-server +client = 43-version-negotiation-client + +[43-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[43-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-43] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[44-version-negotiation] +ssl_conf = 44-version-negotiation-ssl + +[44-version-negotiation-ssl] +server = 44-version-negotiation-server +client = 44-version-negotiation-client + +[44-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[44-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-44] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[45-version-negotiation] +ssl_conf = 45-version-negotiation-ssl + +[45-version-negotiation-ssl] +server = 45-version-negotiation-server +client = 45-version-negotiation-client + +[45-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[45-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-45] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[46-version-negotiation] +ssl_conf = 46-version-negotiation-ssl + +[46-version-negotiation-ssl] +server = 46-version-negotiation-server +client = 46-version-negotiation-client + +[46-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[46-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-46] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[47-version-negotiation] +ssl_conf = 47-version-negotiation-ssl + +[47-version-negotiation-ssl] +server = 47-version-negotiation-server +client = 47-version-negotiation-client + +[47-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[47-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-47] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[48-version-negotiation] +ssl_conf = 48-version-negotiation-ssl + +[48-version-negotiation-ssl] +server = 48-version-negotiation-server +client = 48-version-negotiation-client + +[48-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[48-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-48] +ExpectedResult = ClientFail +Method = DTLS + + +# =========================================================== + +[49-version-negotiation] +ssl_conf = 49-version-negotiation-ssl + +[49-version-negotiation-ssl] +server = 49-version-negotiation-server +client = 49-version-negotiation-client + +[49-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[49-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-49] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[50-version-negotiation] +ssl_conf = 50-version-negotiation-ssl + +[50-version-negotiation-ssl] +server = 50-version-negotiation-server +client = 50-version-negotiation-client + +[50-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[50-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-50] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[51-version-negotiation] +ssl_conf = 51-version-negotiation-ssl + +[51-version-negotiation-ssl] +server = 51-version-negotiation-server +client = 51-version-negotiation-client + +[51-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[51-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-51] +ExpectedResult = ClientFail +Method = DTLS + + +# =========================================================== + +[52-version-negotiation] +ssl_conf = 52-version-negotiation-ssl + +[52-version-negotiation-ssl] +server = 52-version-negotiation-server +client = 52-version-negotiation-client + +[52-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[52-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-52] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[53-version-negotiation] +ssl_conf = 53-version-negotiation-ssl + +[53-version-negotiation-ssl] +server = 53-version-negotiation-server +client = 53-version-negotiation-client + +[53-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[53-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-53] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[54-version-negotiation] +ssl_conf = 54-version-negotiation-ssl + +[54-version-negotiation-ssl] +server = 54-version-negotiation-server +client = 54-version-negotiation-client + +[54-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[54-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-54] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[55-version-negotiation] +ssl_conf = 55-version-negotiation-ssl + +[55-version-negotiation-ssl] +server = 55-version-negotiation-server +client = 55-version-negotiation-client + +[55-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[55-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-55] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[56-version-negotiation] +ssl_conf = 56-version-negotiation-ssl + +[56-version-negotiation-ssl] +server = 56-version-negotiation-server +client = 56-version-negotiation-client + +[56-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[56-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-56] +ExpectedResult = ClientFail +Method = DTLS + + +# =========================================================== + +[57-version-negotiation] +ssl_conf = 57-version-negotiation-ssl + +[57-version-negotiation-ssl] +server = 57-version-negotiation-server +client = 57-version-negotiation-client + +[57-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[57-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-57] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[58-version-negotiation] +ssl_conf = 58-version-negotiation-ssl + +[58-version-negotiation-ssl] +server = 58-version-negotiation-server +client = 58-version-negotiation-client + +[58-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[58-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-58] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[59-version-negotiation] +ssl_conf = 59-version-negotiation-ssl + +[59-version-negotiation-ssl] +server = 59-version-negotiation-server +client = 59-version-negotiation-client + +[59-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[59-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-59] +ExpectedResult = ClientFail +Method = DTLS + + +# =========================================================== + +[60-version-negotiation] +ssl_conf = 60-version-negotiation-ssl + +[60-version-negotiation-ssl] +server = 60-version-negotiation-server +client = 60-version-negotiation-client + +[60-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[60-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-60] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[61-version-negotiation] +ssl_conf = 61-version-negotiation-ssl + +[61-version-negotiation-ssl] +server = 61-version-negotiation-server +client = 61-version-negotiation-client + +[61-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[61-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-61] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[62-version-negotiation] +ssl_conf = 62-version-negotiation-ssl + +[62-version-negotiation-ssl] +server = 62-version-negotiation-server +client = 62-version-negotiation-client + +[62-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[62-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-62] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[63-version-negotiation] +ssl_conf = 63-version-negotiation-ssl + +[63-version-negotiation-ssl] +server = 63-version-negotiation-server +client = 63-version-negotiation-client + +[63-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[63-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-63] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + diff --git a/test/ssl-tests/07-dtls-protocol-version.cnf.in b/test/ssl-tests/07-dtls-protocol-version.cnf.in new file mode 100644 index 0000000000..2a53433b68 --- /dev/null +++ b/test/ssl-tests/07-dtls-protocol-version.cnf.in @@ -0,0 +1,19 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test DTLS version negotiation + +package ssltests; + +use strict; +use warnings; + +use protocol_version; + +our @tests = generate_version_tests("DTLS"); diff --git a/test/ssl-tests/07-dtls-protocol-version.conf b/test/ssl-tests/07-dtls-protocol-version.conf deleted file mode 100644 index 3304a3bbaa..0000000000 --- a/test/ssl-tests/07-dtls-protocol-version.conf +++ /dev/null @@ -1,1820 +0,0 @@ -# Generated with generate_ssl_tests.pl - -num_tests = 64 - -test-0 = 0-version-negotiation -test-1 = 1-version-negotiation -test-2 = 2-version-negotiation -test-3 = 3-version-negotiation -test-4 = 4-version-negotiation -test-5 = 5-version-negotiation -test-6 = 6-version-negotiation -test-7 = 7-version-negotiation -test-8 = 8-version-negotiation -test-9 = 9-version-negotiation -test-10 = 10-version-negotiation -test-11 = 11-version-negotiation -test-12 = 12-version-negotiation -test-13 = 13-version-negotiation -test-14 = 14-version-negotiation -test-15 = 15-version-negotiation -test-16 = 16-version-negotiation -test-17 = 17-version-negotiation -test-18 = 18-version-negotiation -test-19 = 19-version-negotiation -test-20 = 20-version-negotiation -test-21 = 21-version-negotiation -test-22 = 22-version-negotiation -test-23 = 23-version-negotiation -test-24 = 24-version-negotiation -test-25 = 25-version-negotiation -test-26 = 26-version-negotiation -test-27 = 27-version-negotiation -test-28 = 28-version-negotiation -test-29 = 29-version-negotiation -test-30 = 30-version-negotiation -test-31 = 31-version-negotiation -test-32 = 32-version-negotiation -test-33 = 33-version-negotiation -test-34 = 34-version-negotiation -test-35 = 35-version-negotiation -test-36 = 36-version-negotiation -test-37 = 37-version-negotiation -test-38 = 38-version-negotiation -test-39 = 39-version-negotiation -test-40 = 40-version-negotiation -test-41 = 41-version-negotiation -test-42 = 42-version-negotiation -test-43 = 43-version-negotiation -test-44 = 44-version-negotiation -test-45 = 45-version-negotiation -test-46 = 46-version-negotiation -test-47 = 47-version-negotiation -test-48 = 48-version-negotiation -test-49 = 49-version-negotiation -test-50 = 50-version-negotiation -test-51 = 51-version-negotiation -test-52 = 52-version-negotiation -test-53 = 53-version-negotiation -test-54 = 54-version-negotiation -test-55 = 55-version-negotiation -test-56 = 56-version-negotiation -test-57 = 57-version-negotiation -test-58 = 58-version-negotiation -test-59 = 59-version-negotiation -test-60 = 60-version-negotiation -test-61 = 61-version-negotiation -test-62 = 62-version-negotiation -test-63 = 63-version-negotiation -# =========================================================== - -[0-version-negotiation] -ssl_conf = 0-version-negotiation-ssl - -[0-version-negotiation-ssl] -server = 0-version-negotiation-server -client = 0-version-negotiation-client - -[0-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[0-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-0] -ExpectedProtocol = DTLSv1 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[1-version-negotiation] -ssl_conf = 1-version-negotiation-ssl - -[1-version-negotiation-ssl] -server = 1-version-negotiation-server -client = 1-version-negotiation-client - -[1-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[1-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-1] -ExpectedProtocol = DTLSv1 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[2-version-negotiation] -ssl_conf = 2-version-negotiation-ssl - -[2-version-negotiation-ssl] -server = 2-version-negotiation-server -client = 2-version-negotiation-client - -[2-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[2-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-2] -ExpectedProtocol = DTLSv1 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[3-version-negotiation] -ssl_conf = 3-version-negotiation-ssl - -[3-version-negotiation-ssl] -server = 3-version-negotiation-server -client = 3-version-negotiation-client - -[3-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1 -MinProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[3-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-3] -ExpectedProtocol = DTLSv1 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[4-version-negotiation] -ssl_conf = 4-version-negotiation-ssl - -[4-version-negotiation-ssl] -server = 4-version-negotiation-server -client = 4-version-negotiation-client - -[4-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[4-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-4] -ExpectedProtocol = DTLSv1 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[5-version-negotiation] -ssl_conf = 5-version-negotiation-ssl - -[5-version-negotiation-ssl] -server = 5-version-negotiation-server -client = 5-version-negotiation-client - -[5-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[5-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-5] -ExpectedProtocol = DTLSv1 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[6-version-negotiation] -ssl_conf = 6-version-negotiation-ssl - -[6-version-negotiation-ssl] -server = 6-version-negotiation-server -client = 6-version-negotiation-client - -[6-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[6-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-6] -ExpectedResult = ServerFail -Method = DTLS - - -# =========================================================== - -[7-version-negotiation] -ssl_conf = 7-version-negotiation-ssl - -[7-version-negotiation-ssl] -server = 7-version-negotiation-server -client = 7-version-negotiation-client - -[7-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = DTLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[7-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-7] -ExpectedResult = ServerFail -Method = DTLS - - -# =========================================================== - -[8-version-negotiation] -ssl_conf = 8-version-negotiation-ssl - -[8-version-negotiation-ssl] -server = 8-version-negotiation-server -client = 8-version-negotiation-client - -[8-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[8-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-8] -ExpectedProtocol = DTLSv1 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[9-version-negotiation] -ssl_conf = 9-version-negotiation-ssl - -[9-version-negotiation-ssl] -server = 9-version-negotiation-server -client = 9-version-negotiation-client - -[9-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[9-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-9] -ExpectedProtocol = DTLSv1.2 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[10-version-negotiation] -ssl_conf = 10-version-negotiation-ssl - -[10-version-negotiation-ssl] -server = 10-version-negotiation-server -client = 10-version-negotiation-client - -[10-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[10-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-10] -ExpectedProtocol = DTLSv1.2 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[11-version-negotiation] -ssl_conf = 11-version-negotiation-ssl - -[11-version-negotiation-ssl] -server = 11-version-negotiation-server -client = 11-version-negotiation-client - -[11-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1 -MinProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[11-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-11] -ExpectedProtocol = DTLSv1 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[12-version-negotiation] -ssl_conf = 12-version-negotiation-ssl - -[12-version-negotiation-ssl] -server = 12-version-negotiation-server -client = 12-version-negotiation-client - -[12-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[12-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-12] -ExpectedProtocol = DTLSv1.2 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[13-version-negotiation] -ssl_conf = 13-version-negotiation-ssl - -[13-version-negotiation-ssl] -server = 13-version-negotiation-server -client = 13-version-negotiation-client - -[13-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[13-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-13] -ExpectedProtocol = DTLSv1.2 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[14-version-negotiation] -ssl_conf = 14-version-negotiation-ssl - -[14-version-negotiation-ssl] -server = 14-version-negotiation-server -client = 14-version-negotiation-client - -[14-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[14-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-14] -ExpectedProtocol = DTLSv1.2 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[15-version-negotiation] -ssl_conf = 15-version-negotiation-ssl - -[15-version-negotiation-ssl] -server = 15-version-negotiation-server -client = 15-version-negotiation-client - -[15-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = DTLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[15-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-15] -ExpectedProtocol = DTLSv1.2 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[16-version-negotiation] -ssl_conf = 16-version-negotiation-ssl - -[16-version-negotiation-ssl] -server = 16-version-negotiation-server -client = 16-version-negotiation-client - -[16-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[16-version-negotiation-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-16] -ExpectedProtocol = DTLSv1 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[17-version-negotiation] -ssl_conf = 17-version-negotiation-ssl - -[17-version-negotiation-ssl] -server = 17-version-negotiation-server -client = 17-version-negotiation-client - -[17-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[17-version-negotiation-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-17] -ExpectedProtocol = DTLSv1.2 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[18-version-negotiation] -ssl_conf = 18-version-negotiation-ssl - -[18-version-negotiation-ssl] -server = 18-version-negotiation-server -client = 18-version-negotiation-client - -[18-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[18-version-negotiation-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-18] -ExpectedProtocol = DTLSv1.2 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[19-version-negotiation] -ssl_conf = 19-version-negotiation-ssl - -[19-version-negotiation-ssl] -server = 19-version-negotiation-server -client = 19-version-negotiation-client - -[19-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1 -MinProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[19-version-negotiation-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-19] -ExpectedProtocol = DTLSv1 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[20-version-negotiation] -ssl_conf = 20-version-negotiation-ssl - -[20-version-negotiation-ssl] -server = 20-version-negotiation-server -client = 20-version-negotiation-client - -[20-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[20-version-negotiation-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-20] -ExpectedProtocol = DTLSv1.2 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[21-version-negotiation] -ssl_conf = 21-version-negotiation-ssl - -[21-version-negotiation-ssl] -server = 21-version-negotiation-server -client = 21-version-negotiation-client - -[21-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[21-version-negotiation-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-21] -ExpectedProtocol = DTLSv1.2 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[22-version-negotiation] -ssl_conf = 22-version-negotiation-ssl - -[22-version-negotiation-ssl] -server = 22-version-negotiation-server -client = 22-version-negotiation-client - -[22-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[22-version-negotiation-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-22] -ExpectedProtocol = DTLSv1.2 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[23-version-negotiation] -ssl_conf = 23-version-negotiation-ssl - -[23-version-negotiation-ssl] -server = 23-version-negotiation-server -client = 23-version-negotiation-client - -[23-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = DTLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[23-version-negotiation-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-23] -ExpectedProtocol = DTLSv1.2 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[24-version-negotiation] -ssl_conf = 24-version-negotiation-ssl - -[24-version-negotiation-ssl] -server = 24-version-negotiation-server -client = 24-version-negotiation-client - -[24-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[24-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1 -MinProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-24] -ExpectedProtocol = DTLSv1 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[25-version-negotiation] -ssl_conf = 25-version-negotiation-ssl - -[25-version-negotiation-ssl] -server = 25-version-negotiation-server -client = 25-version-negotiation-client - -[25-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[25-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1 -MinProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-25] -ExpectedProtocol = DTLSv1 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[26-version-negotiation] -ssl_conf = 26-version-negotiation-ssl - -[26-version-negotiation-ssl] -server = 26-version-negotiation-server -client = 26-version-negotiation-client - -[26-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[26-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1 -MinProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-26] -ExpectedProtocol = DTLSv1 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[27-version-negotiation] -ssl_conf = 27-version-negotiation-ssl - -[27-version-negotiation-ssl] -server = 27-version-negotiation-server -client = 27-version-negotiation-client - -[27-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1 -MinProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[27-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1 -MinProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-27] -ExpectedProtocol = DTLSv1 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[28-version-negotiation] -ssl_conf = 28-version-negotiation-ssl - -[28-version-negotiation-ssl] -server = 28-version-negotiation-server -client = 28-version-negotiation-client - -[28-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[28-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1 -MinProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-28] -ExpectedProtocol = DTLSv1 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[29-version-negotiation] -ssl_conf = 29-version-negotiation-ssl - -[29-version-negotiation-ssl] -server = 29-version-negotiation-server -client = 29-version-negotiation-client - -[29-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[29-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1 -MinProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-29] -ExpectedProtocol = DTLSv1 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[30-version-negotiation] -ssl_conf = 30-version-negotiation-ssl - -[30-version-negotiation-ssl] -server = 30-version-negotiation-server -client = 30-version-negotiation-client - -[30-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[30-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1 -MinProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-30] -ExpectedResult = ServerFail -Method = DTLS - - -# =========================================================== - -[31-version-negotiation] -ssl_conf = 31-version-negotiation-ssl - -[31-version-negotiation-ssl] -server = 31-version-negotiation-server -client = 31-version-negotiation-client - -[31-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = DTLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[31-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1 -MinProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-31] -ExpectedResult = ServerFail -Method = DTLS - - -# =========================================================== - -[32-version-negotiation] -ssl_conf = 32-version-negotiation-ssl - -[32-version-negotiation-ssl] -server = 32-version-negotiation-server -client = 32-version-negotiation-client - -[32-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[32-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-32] -ExpectedProtocol = DTLSv1 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[33-version-negotiation] -ssl_conf = 33-version-negotiation-ssl - -[33-version-negotiation-ssl] -server = 33-version-negotiation-server -client = 33-version-negotiation-client - -[33-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[33-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-33] -ExpectedProtocol = DTLSv1.2 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[34-version-negotiation] -ssl_conf = 34-version-negotiation-ssl - -[34-version-negotiation-ssl] -server = 34-version-negotiation-server -client = 34-version-negotiation-client - -[34-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[34-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-34] -ExpectedProtocol = DTLSv1.2 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[35-version-negotiation] -ssl_conf = 35-version-negotiation-ssl - -[35-version-negotiation-ssl] -server = 35-version-negotiation-server -client = 35-version-negotiation-client - -[35-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1 -MinProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[35-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-35] -ExpectedProtocol = DTLSv1 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[36-version-negotiation] -ssl_conf = 36-version-negotiation-ssl - -[36-version-negotiation-ssl] -server = 36-version-negotiation-server -client = 36-version-negotiation-client - -[36-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[36-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-36] -ExpectedProtocol = DTLSv1.2 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[37-version-negotiation] -ssl_conf = 37-version-negotiation-ssl - -[37-version-negotiation-ssl] -server = 37-version-negotiation-server -client = 37-version-negotiation-client - -[37-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[37-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-37] -ExpectedProtocol = DTLSv1.2 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[38-version-negotiation] -ssl_conf = 38-version-negotiation-ssl - -[38-version-negotiation-ssl] -server = 38-version-negotiation-server -client = 38-version-negotiation-client - -[38-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[38-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-38] -ExpectedProtocol = DTLSv1.2 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[39-version-negotiation] -ssl_conf = 39-version-negotiation-ssl - -[39-version-negotiation-ssl] -server = 39-version-negotiation-server -client = 39-version-negotiation-client - -[39-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = DTLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[39-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-39] -ExpectedProtocol = DTLSv1.2 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[40-version-negotiation] -ssl_conf = 40-version-negotiation-ssl - -[40-version-negotiation-ssl] -server = 40-version-negotiation-server -client = 40-version-negotiation-client - -[40-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[40-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-40] -ExpectedProtocol = DTLSv1 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[41-version-negotiation] -ssl_conf = 41-version-negotiation-ssl - -[41-version-negotiation-ssl] -server = 41-version-negotiation-server -client = 41-version-negotiation-client - -[41-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[41-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-41] -ExpectedProtocol = DTLSv1.2 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[42-version-negotiation] -ssl_conf = 42-version-negotiation-ssl - -[42-version-negotiation-ssl] -server = 42-version-negotiation-server -client = 42-version-negotiation-client - -[42-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[42-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-42] -ExpectedProtocol = DTLSv1.2 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[43-version-negotiation] -ssl_conf = 43-version-negotiation-ssl - -[43-version-negotiation-ssl] -server = 43-version-negotiation-server -client = 43-version-negotiation-client - -[43-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1 -MinProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[43-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-43] -ExpectedProtocol = DTLSv1 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[44-version-negotiation] -ssl_conf = 44-version-negotiation-ssl - -[44-version-negotiation-ssl] -server = 44-version-negotiation-server -client = 44-version-negotiation-client - -[44-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[44-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-44] -ExpectedProtocol = DTLSv1.2 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[45-version-negotiation] -ssl_conf = 45-version-negotiation-ssl - -[45-version-negotiation-ssl] -server = 45-version-negotiation-server -client = 45-version-negotiation-client - -[45-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[45-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-45] -ExpectedProtocol = DTLSv1.2 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[46-version-negotiation] -ssl_conf = 46-version-negotiation-ssl - -[46-version-negotiation-ssl] -server = 46-version-negotiation-server -client = 46-version-negotiation-client - -[46-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[46-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-46] -ExpectedProtocol = DTLSv1.2 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[47-version-negotiation] -ssl_conf = 47-version-negotiation-ssl - -[47-version-negotiation-ssl] -server = 47-version-negotiation-server -client = 47-version-negotiation-client - -[47-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = DTLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[47-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-47] -ExpectedProtocol = DTLSv1.2 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[48-version-negotiation] -ssl_conf = 48-version-negotiation-ssl - -[48-version-negotiation-ssl] -server = 48-version-negotiation-server -client = 48-version-negotiation-client - -[48-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[48-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-48] -ExpectedResult = ClientFail -Method = DTLS - - -# =========================================================== - -[49-version-negotiation] -ssl_conf = 49-version-negotiation-ssl - -[49-version-negotiation-ssl] -server = 49-version-negotiation-server -client = 49-version-negotiation-client - -[49-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[49-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-49] -ExpectedProtocol = DTLSv1.2 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[50-version-negotiation] -ssl_conf = 50-version-negotiation-ssl - -[50-version-negotiation-ssl] -server = 50-version-negotiation-server -client = 50-version-negotiation-client - -[50-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[50-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-50] -ExpectedProtocol = DTLSv1.2 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[51-version-negotiation] -ssl_conf = 51-version-negotiation-ssl - -[51-version-negotiation-ssl] -server = 51-version-negotiation-server -client = 51-version-negotiation-client - -[51-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1 -MinProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[51-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-51] -ExpectedResult = ClientFail -Method = DTLS - - -# =========================================================== - -[52-version-negotiation] -ssl_conf = 52-version-negotiation-ssl - -[52-version-negotiation-ssl] -server = 52-version-negotiation-server -client = 52-version-negotiation-client - -[52-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[52-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-52] -ExpectedProtocol = DTLSv1.2 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[53-version-negotiation] -ssl_conf = 53-version-negotiation-ssl - -[53-version-negotiation-ssl] -server = 53-version-negotiation-server -client = 53-version-negotiation-client - -[53-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[53-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-53] -ExpectedProtocol = DTLSv1.2 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[54-version-negotiation] -ssl_conf = 54-version-negotiation-ssl - -[54-version-negotiation-ssl] -server = 54-version-negotiation-server -client = 54-version-negotiation-client - -[54-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[54-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-54] -ExpectedProtocol = DTLSv1.2 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[55-version-negotiation] -ssl_conf = 55-version-negotiation-ssl - -[55-version-negotiation-ssl] -server = 55-version-negotiation-server -client = 55-version-negotiation-client - -[55-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = DTLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[55-version-negotiation-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-55] -ExpectedProtocol = DTLSv1.2 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[56-version-negotiation] -ssl_conf = 56-version-negotiation-ssl - -[56-version-negotiation-ssl] -server = 56-version-negotiation-server -client = 56-version-negotiation-client - -[56-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[56-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = DTLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-56] -ExpectedResult = ClientFail -Method = DTLS - - -# =========================================================== - -[57-version-negotiation] -ssl_conf = 57-version-negotiation-ssl - -[57-version-negotiation-ssl] -server = 57-version-negotiation-server -client = 57-version-negotiation-client - -[57-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[57-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = DTLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-57] -ExpectedProtocol = DTLSv1.2 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[58-version-negotiation] -ssl_conf = 58-version-negotiation-ssl - -[58-version-negotiation-ssl] -server = 58-version-negotiation-server -client = 58-version-negotiation-client - -[58-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[58-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = DTLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-58] -ExpectedProtocol = DTLSv1.2 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[59-version-negotiation] -ssl_conf = 59-version-negotiation-ssl - -[59-version-negotiation-ssl] -server = 59-version-negotiation-server -client = 59-version-negotiation-client - -[59-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1 -MinProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[59-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = DTLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-59] -ExpectedResult = ClientFail -Method = DTLS - - -# =========================================================== - -[60-version-negotiation] -ssl_conf = 60-version-negotiation-ssl - -[60-version-negotiation-ssl] -server = 60-version-negotiation-server -client = 60-version-negotiation-client - -[60-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[60-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = DTLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-60] -ExpectedProtocol = DTLSv1.2 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[61-version-negotiation] -ssl_conf = 61-version-negotiation-ssl - -[61-version-negotiation-ssl] -server = 61-version-negotiation-server -client = 61-version-negotiation-client - -[61-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = DTLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[61-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = DTLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-61] -ExpectedProtocol = DTLSv1.2 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[62-version-negotiation] -ssl_conf = 62-version-negotiation-ssl - -[62-version-negotiation-ssl] -server = 62-version-negotiation-server -client = 62-version-negotiation-client - -[62-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[62-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = DTLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-62] -ExpectedProtocol = DTLSv1.2 -ExpectedResult = Success -Method = DTLS - - -# =========================================================== - -[63-version-negotiation] -ssl_conf = 63-version-negotiation-ssl - -[63-version-negotiation-ssl] -server = 63-version-negotiation-server -client = 63-version-negotiation-client - -[63-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MinProtocol = DTLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[63-version-negotiation-client] -CipherString = DEFAULT -MinProtocol = DTLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-63] -ExpectedProtocol = DTLSv1.2 -ExpectedResult = Success -Method = DTLS - - diff --git a/test/ssl-tests/07-dtls-protocol-version.conf.in b/test/ssl-tests/07-dtls-protocol-version.conf.in deleted file mode 100644 index 2a53433b68..0000000000 --- a/test/ssl-tests/07-dtls-protocol-version.conf.in +++ /dev/null @@ -1,19 +0,0 @@ -# -*- mode: perl; -*- -# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -## Test DTLS version negotiation - -package ssltests; - -use strict; -use warnings; - -use protocol_version; - -our @tests = generate_version_tests("DTLS"); diff --git a/test/ssl-tests/08-npn.cnf b/test/ssl-tests/08-npn.cnf new file mode 100644 index 0000000000..f38b3f6975 --- /dev/null +++ b/test/ssl-tests/08-npn.cnf @@ -0,0 +1,816 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 20 + +test-0 = 0-npn-simple +test-1 = 1-npn-client-finds-match +test-2 = 2-npn-client-honours-server-pref +test-3 = 3-npn-client-first-pref-on-mismatch +test-4 = 4-npn-no-server-support +test-5 = 5-npn-no-client-support +test-6 = 6-npn-with-sni-no-context-switch +test-7 = 7-npn-with-sni-context-switch +test-8 = 8-npn-selected-sni-server-supports-npn +test-9 = 9-npn-selected-sni-server-does-not-support-npn +test-10 = 10-alpn-preferred-over-npn +test-11 = 11-sni-npn-preferred-over-alpn +test-12 = 12-npn-simple-resumption +test-13 = 13-npn-server-switch-resumption +test-14 = 14-npn-client-switch-resumption +test-15 = 15-npn-client-first-pref-on-mismatch-resumption +test-16 = 16-npn-no-server-support-resumption +test-17 = 17-npn-no-client-support-resumption +test-18 = 18-alpn-preferred-over-npn-resumption +test-19 = 19-npn-used-if-alpn-not-supported-resumption +# =========================================================== + +[0-npn-simple] +ssl_conf = 0-npn-simple-ssl + +[0-npn-simple-ssl] +server = 0-npn-simple-server +client = 0-npn-simple-client + +[0-npn-simple-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-npn-simple-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedNPNProtocol = foo +server = 0-npn-simple-server-extra +client = 0-npn-simple-client-extra + +[0-npn-simple-server-extra] +NPNProtocols = foo + +[0-npn-simple-client-extra] +NPNProtocols = foo + + +# =========================================================== + +[1-npn-client-finds-match] +ssl_conf = 1-npn-client-finds-match-ssl + +[1-npn-client-finds-match-ssl] +server = 1-npn-client-finds-match-server +client = 1-npn-client-finds-match-client + +[1-npn-client-finds-match-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-npn-client-finds-match-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedNPNProtocol = bar +server = 1-npn-client-finds-match-server-extra +client = 1-npn-client-finds-match-client-extra + +[1-npn-client-finds-match-server-extra] +NPNProtocols = baz,bar + +[1-npn-client-finds-match-client-extra] +NPNProtocols = foo,bar + + +# =========================================================== + +[2-npn-client-honours-server-pref] +ssl_conf = 2-npn-client-honours-server-pref-ssl + +[2-npn-client-honours-server-pref-ssl] +server = 2-npn-client-honours-server-pref-server +client = 2-npn-client-honours-server-pref-client + +[2-npn-client-honours-server-pref-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-npn-client-honours-server-pref-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedNPNProtocol = bar +server = 2-npn-client-honours-server-pref-server-extra +client = 2-npn-client-honours-server-pref-client-extra + +[2-npn-client-honours-server-pref-server-extra] +NPNProtocols = bar,foo + +[2-npn-client-honours-server-pref-client-extra] +NPNProtocols = foo,bar + + +# =========================================================== + +[3-npn-client-first-pref-on-mismatch] +ssl_conf = 3-npn-client-first-pref-on-mismatch-ssl + +[3-npn-client-first-pref-on-mismatch-ssl] +server = 3-npn-client-first-pref-on-mismatch-server +client = 3-npn-client-first-pref-on-mismatch-client + +[3-npn-client-first-pref-on-mismatch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-npn-client-first-pref-on-mismatch-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedNPNProtocol = foo +server = 3-npn-client-first-pref-on-mismatch-server-extra +client = 3-npn-client-first-pref-on-mismatch-client-extra + +[3-npn-client-first-pref-on-mismatch-server-extra] +NPNProtocols = baz + +[3-npn-client-first-pref-on-mismatch-client-extra] +NPNProtocols = foo,bar + + +# =========================================================== + +[4-npn-no-server-support] +ssl_conf = 4-npn-no-server-support-ssl + +[4-npn-no-server-support-ssl] +server = 4-npn-no-server-support-server +client = 4-npn-no-server-support-client + +[4-npn-no-server-support-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-npn-no-server-support-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +client = 4-npn-no-server-support-client-extra + +[4-npn-no-server-support-client-extra] +NPNProtocols = foo + + +# =========================================================== + +[5-npn-no-client-support] +ssl_conf = 5-npn-no-client-support-ssl + +[5-npn-no-client-support-ssl] +server = 5-npn-no-client-support-server +client = 5-npn-no-client-support-client + +[5-npn-no-client-support-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-npn-no-client-support-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +server = 5-npn-no-client-support-server-extra + +[5-npn-no-client-support-server-extra] +NPNProtocols = foo + + +# =========================================================== + +[6-npn-with-sni-no-context-switch] +ssl_conf = 6-npn-with-sni-no-context-switch-ssl + +[6-npn-with-sni-no-context-switch-ssl] +server = 6-npn-with-sni-no-context-switch-server +client = 6-npn-with-sni-no-context-switch-client +server2 = 6-npn-with-sni-no-context-switch-server2 + +[6-npn-with-sni-no-context-switch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-npn-with-sni-no-context-switch-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-npn-with-sni-no-context-switch-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedNPNProtocol = foo +ExpectedServerName = server1 +server = 6-npn-with-sni-no-context-switch-server-extra +server2 = 6-npn-with-sni-no-context-switch-server2-extra +client = 6-npn-with-sni-no-context-switch-client-extra + +[6-npn-with-sni-no-context-switch-server-extra] +NPNProtocols = foo +ServerNameCallback = IgnoreMismatch + +[6-npn-with-sni-no-context-switch-server2-extra] +NPNProtocols = bar + +[6-npn-with-sni-no-context-switch-client-extra] +NPNProtocols = foo,bar +ServerName = server1 + + +# =========================================================== + +[7-npn-with-sni-context-switch] +ssl_conf = 7-npn-with-sni-context-switch-ssl + +[7-npn-with-sni-context-switch-ssl] +server = 7-npn-with-sni-context-switch-server +client = 7-npn-with-sni-context-switch-client +server2 = 7-npn-with-sni-context-switch-server2 + +[7-npn-with-sni-context-switch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-npn-with-sni-context-switch-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-npn-with-sni-context-switch-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedNPNProtocol = bar +ExpectedServerName = server2 +server = 7-npn-with-sni-context-switch-server-extra +server2 = 7-npn-with-sni-context-switch-server2-extra +client = 7-npn-with-sni-context-switch-client-extra + +[7-npn-with-sni-context-switch-server-extra] +NPNProtocols = foo +ServerNameCallback = IgnoreMismatch + +[7-npn-with-sni-context-switch-server2-extra] +NPNProtocols = bar + +[7-npn-with-sni-context-switch-client-extra] +NPNProtocols = foo,bar +ServerName = server2 + + +# =========================================================== + +[8-npn-selected-sni-server-supports-npn] +ssl_conf = 8-npn-selected-sni-server-supports-npn-ssl + +[8-npn-selected-sni-server-supports-npn-ssl] +server = 8-npn-selected-sni-server-supports-npn-server +client = 8-npn-selected-sni-server-supports-npn-client +server2 = 8-npn-selected-sni-server-supports-npn-server2 + +[8-npn-selected-sni-server-supports-npn-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-npn-selected-sni-server-supports-npn-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-npn-selected-sni-server-supports-npn-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedNPNProtocol = bar +ExpectedServerName = server2 +server = 8-npn-selected-sni-server-supports-npn-server-extra +server2 = 8-npn-selected-sni-server-supports-npn-server2-extra +client = 8-npn-selected-sni-server-supports-npn-client-extra + +[8-npn-selected-sni-server-supports-npn-server-extra] +ServerNameCallback = IgnoreMismatch + +[8-npn-selected-sni-server-supports-npn-server2-extra] +NPNProtocols = bar + +[8-npn-selected-sni-server-supports-npn-client-extra] +NPNProtocols = foo,bar +ServerName = server2 + + +# =========================================================== + +[9-npn-selected-sni-server-does-not-support-npn] +ssl_conf = 9-npn-selected-sni-server-does-not-support-npn-ssl + +[9-npn-selected-sni-server-does-not-support-npn-ssl] +server = 9-npn-selected-sni-server-does-not-support-npn-server +client = 9-npn-selected-sni-server-does-not-support-npn-client +server2 = 9-npn-selected-sni-server-does-not-support-npn-server2 + +[9-npn-selected-sni-server-does-not-support-npn-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-npn-selected-sni-server-does-not-support-npn-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-npn-selected-sni-server-does-not-support-npn-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedServerName = server2 +server = 9-npn-selected-sni-server-does-not-support-npn-server-extra +client = 9-npn-selected-sni-server-does-not-support-npn-client-extra + +[9-npn-selected-sni-server-does-not-support-npn-server-extra] +NPNProtocols = bar +ServerNameCallback = IgnoreMismatch + +[9-npn-selected-sni-server-does-not-support-npn-client-extra] +NPNProtocols = foo,bar +ServerName = server2 + + +# =========================================================== + +[10-alpn-preferred-over-npn] +ssl_conf = 10-alpn-preferred-over-npn-ssl + +[10-alpn-preferred-over-npn-ssl] +server = 10-alpn-preferred-over-npn-server +client = 10-alpn-preferred-over-npn-client + +[10-alpn-preferred-over-npn-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-alpn-preferred-over-npn-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedALPNProtocol = foo +server = 10-alpn-preferred-over-npn-server-extra +client = 10-alpn-preferred-over-npn-client-extra + +[10-alpn-preferred-over-npn-server-extra] +ALPNProtocols = foo +NPNProtocols = bar + +[10-alpn-preferred-over-npn-client-extra] +ALPNProtocols = foo +NPNProtocols = bar + + +# =========================================================== + +[11-sni-npn-preferred-over-alpn] +ssl_conf = 11-sni-npn-preferred-over-alpn-ssl + +[11-sni-npn-preferred-over-alpn-ssl] +server = 11-sni-npn-preferred-over-alpn-server +client = 11-sni-npn-preferred-over-alpn-client +server2 = 11-sni-npn-preferred-over-alpn-server2 + +[11-sni-npn-preferred-over-alpn-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-sni-npn-preferred-over-alpn-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-sni-npn-preferred-over-alpn-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedNPNProtocol = bar +ExpectedServerName = server2 +server = 11-sni-npn-preferred-over-alpn-server-extra +server2 = 11-sni-npn-preferred-over-alpn-server2-extra +client = 11-sni-npn-preferred-over-alpn-client-extra + +[11-sni-npn-preferred-over-alpn-server-extra] +ALPNProtocols = foo +ServerNameCallback = IgnoreMismatch + +[11-sni-npn-preferred-over-alpn-server2-extra] +NPNProtocols = bar + +[11-sni-npn-preferred-over-alpn-client-extra] +ALPNProtocols = foo +NPNProtocols = bar +ServerName = server2 + + +# =========================================================== + +[12-npn-simple-resumption] +ssl_conf = 12-npn-simple-resumption-ssl + +[12-npn-simple-resumption-ssl] +server = 12-npn-simple-resumption-server +client = 12-npn-simple-resumption-client +resume-server = 12-npn-simple-resumption-server +resume-client = 12-npn-simple-resumption-client + +[12-npn-simple-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-npn-simple-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedNPNProtocol = foo +HandshakeMode = Resume +ResumptionExpected = Yes +server = 12-npn-simple-resumption-server-extra +resume-server = 12-npn-simple-resumption-server-extra +client = 12-npn-simple-resumption-client-extra +resume-client = 12-npn-simple-resumption-client-extra + +[12-npn-simple-resumption-server-extra] +NPNProtocols = foo + +[12-npn-simple-resumption-client-extra] +NPNProtocols = foo + + +# =========================================================== + +[13-npn-server-switch-resumption] +ssl_conf = 13-npn-server-switch-resumption-ssl + +[13-npn-server-switch-resumption-ssl] +server = 13-npn-server-switch-resumption-server +client = 13-npn-server-switch-resumption-client +resume-server = 13-npn-server-switch-resumption-resume-server +resume-client = 13-npn-server-switch-resumption-client + +[13-npn-server-switch-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-npn-server-switch-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-npn-server-switch-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedNPNProtocol = baz +HandshakeMode = Resume +ResumptionExpected = Yes +server = 13-npn-server-switch-resumption-server-extra +resume-server = 13-npn-server-switch-resumption-resume-server-extra +client = 13-npn-server-switch-resumption-client-extra +resume-client = 13-npn-server-switch-resumption-client-extra + +[13-npn-server-switch-resumption-server-extra] +NPNProtocols = bar,foo + +[13-npn-server-switch-resumption-resume-server-extra] +NPNProtocols = baz,foo + +[13-npn-server-switch-resumption-client-extra] +NPNProtocols = foo,bar,baz + + +# =========================================================== + +[14-npn-client-switch-resumption] +ssl_conf = 14-npn-client-switch-resumption-ssl + +[14-npn-client-switch-resumption-ssl] +server = 14-npn-client-switch-resumption-server +client = 14-npn-client-switch-resumption-client +resume-server = 14-npn-client-switch-resumption-server +resume-client = 14-npn-client-switch-resumption-resume-client + +[14-npn-client-switch-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-npn-client-switch-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[14-npn-client-switch-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedNPNProtocol = bar +HandshakeMode = Resume +ResumptionExpected = Yes +server = 14-npn-client-switch-resumption-server-extra +resume-server = 14-npn-client-switch-resumption-server-extra +client = 14-npn-client-switch-resumption-client-extra +resume-client = 14-npn-client-switch-resumption-resume-client-extra + +[14-npn-client-switch-resumption-server-extra] +NPNProtocols = foo,bar,baz + +[14-npn-client-switch-resumption-client-extra] +NPNProtocols = foo,baz + +[14-npn-client-switch-resumption-resume-client-extra] +NPNProtocols = bar,baz + + +# =========================================================== + +[15-npn-client-first-pref-on-mismatch-resumption] +ssl_conf = 15-npn-client-first-pref-on-mismatch-resumption-ssl + +[15-npn-client-first-pref-on-mismatch-resumption-ssl] +server = 15-npn-client-first-pref-on-mismatch-resumption-server +client = 15-npn-client-first-pref-on-mismatch-resumption-client +resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server +resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client + +[15-npn-client-first-pref-on-mismatch-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-npn-client-first-pref-on-mismatch-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-npn-client-first-pref-on-mismatch-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedNPNProtocol = foo +HandshakeMode = Resume +ResumptionExpected = Yes +server = 15-npn-client-first-pref-on-mismatch-resumption-server-extra +resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra +client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra +resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra + +[15-npn-client-first-pref-on-mismatch-resumption-server-extra] +NPNProtocols = bar + +[15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra] +NPNProtocols = baz + +[15-npn-client-first-pref-on-mismatch-resumption-client-extra] +NPNProtocols = foo,bar + + +# =========================================================== + +[16-npn-no-server-support-resumption] +ssl_conf = 16-npn-no-server-support-resumption-ssl + +[16-npn-no-server-support-resumption-ssl] +server = 16-npn-no-server-support-resumption-server +client = 16-npn-no-server-support-resumption-client +resume-server = 16-npn-no-server-support-resumption-resume-server +resume-client = 16-npn-no-server-support-resumption-client + +[16-npn-no-server-support-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-npn-no-server-support-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-npn-no-server-support-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +HandshakeMode = Resume +ResumptionExpected = Yes +server = 16-npn-no-server-support-resumption-server-extra +client = 16-npn-no-server-support-resumption-client-extra +resume-client = 16-npn-no-server-support-resumption-client-extra + +[16-npn-no-server-support-resumption-server-extra] +NPNProtocols = foo + +[16-npn-no-server-support-resumption-client-extra] +NPNProtocols = foo + + +# =========================================================== + +[17-npn-no-client-support-resumption] +ssl_conf = 17-npn-no-client-support-resumption-ssl + +[17-npn-no-client-support-resumption-ssl] +server = 17-npn-no-client-support-resumption-server +client = 17-npn-no-client-support-resumption-client +resume-server = 17-npn-no-client-support-resumption-server +resume-client = 17-npn-no-client-support-resumption-resume-client + +[17-npn-no-client-support-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[17-npn-no-client-support-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[17-npn-no-client-support-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-17] +HandshakeMode = Resume +ResumptionExpected = Yes +server = 17-npn-no-client-support-resumption-server-extra +resume-server = 17-npn-no-client-support-resumption-server-extra +client = 17-npn-no-client-support-resumption-client-extra + +[17-npn-no-client-support-resumption-server-extra] +NPNProtocols = foo + +[17-npn-no-client-support-resumption-client-extra] +NPNProtocols = foo + + +# =========================================================== + +[18-alpn-preferred-over-npn-resumption] +ssl_conf = 18-alpn-preferred-over-npn-resumption-ssl + +[18-alpn-preferred-over-npn-resumption-ssl] +server = 18-alpn-preferred-over-npn-resumption-server +client = 18-alpn-preferred-over-npn-resumption-client +resume-server = 18-alpn-preferred-over-npn-resumption-resume-server +resume-client = 18-alpn-preferred-over-npn-resumption-client + +[18-alpn-preferred-over-npn-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-alpn-preferred-over-npn-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-alpn-preferred-over-npn-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-18] +ExpectedALPNProtocol = foo +HandshakeMode = Resume +ResumptionExpected = Yes +server = 18-alpn-preferred-over-npn-resumption-server-extra +resume-server = 18-alpn-preferred-over-npn-resumption-resume-server-extra +client = 18-alpn-preferred-over-npn-resumption-client-extra +resume-client = 18-alpn-preferred-over-npn-resumption-client-extra + +[18-alpn-preferred-over-npn-resumption-server-extra] +NPNProtocols = bar + +[18-alpn-preferred-over-npn-resumption-resume-server-extra] +ALPNProtocols = foo +NPNProtocols = baz + +[18-alpn-preferred-over-npn-resumption-client-extra] +ALPNProtocols = foo +NPNProtocols = bar,baz + + +# =========================================================== + +[19-npn-used-if-alpn-not-supported-resumption] +ssl_conf = 19-npn-used-if-alpn-not-supported-resumption-ssl + +[19-npn-used-if-alpn-not-supported-resumption-ssl] +server = 19-npn-used-if-alpn-not-supported-resumption-server +client = 19-npn-used-if-alpn-not-supported-resumption-client +resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server +resume-client = 19-npn-used-if-alpn-not-supported-resumption-client + +[19-npn-used-if-alpn-not-supported-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-npn-used-if-alpn-not-supported-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-npn-used-if-alpn-not-supported-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-19] +ExpectedNPNProtocol = baz +HandshakeMode = Resume +ResumptionExpected = Yes +server = 19-npn-used-if-alpn-not-supported-resumption-server-extra +resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server-extra +client = 19-npn-used-if-alpn-not-supported-resumption-client-extra +resume-client = 19-npn-used-if-alpn-not-supported-resumption-client-extra + +[19-npn-used-if-alpn-not-supported-resumption-server-extra] +ALPNProtocols = foo +NPNProtocols = bar + +[19-npn-used-if-alpn-not-supported-resumption-resume-server-extra] +NPNProtocols = baz + +[19-npn-used-if-alpn-not-supported-resumption-client-extra] +ALPNProtocols = foo +NPNProtocols = bar,baz + + diff --git a/test/ssl-tests/08-npn.cnf.in b/test/ssl-tests/08-npn.cnf.in new file mode 100644 index 0000000000..aec6b7ad4d --- /dev/null +++ b/test/ssl-tests/08-npn.cnf.in @@ -0,0 +1,443 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test NPN. Note that NPN is only supported up to TLSv1.2 + +use strict; +use warnings; + +package ssltests; + +our @tests = ( + { + name => "npn-simple", + server => { + extra => { + "NPNProtocols" => "foo", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedNPNProtocol" => "foo", + }, + }, + { + name => "npn-client-finds-match", + server => { + extra => { + "NPNProtocols" => "baz,bar", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedNPNProtocol" => "bar", + }, + }, + { + name => "npn-client-honours-server-pref", + server => { + extra => { + "NPNProtocols" => "bar,foo", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedNPNProtocol" => "bar", + }, + }, + { + name => "npn-client-first-pref-on-mismatch", + server => { + extra => { + "NPNProtocols" => "baz", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedNPNProtocol" => "foo", + }, + }, + { + name => "npn-no-server-support", + server => {}, + client => { + extra => { + "NPNProtocols" => "foo", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedNPNProtocol" => undef, + }, + }, + { + name => "npn-no-client-support", + server => { + extra => { + "NPNProtocols" => "foo", + }, + }, + client => { + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedNPNProtocol" => undef, + }, + }, + { + name => "npn-with-sni-no-context-switch", + server => { + extra => { + "NPNProtocols" => "foo", + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { + extra => { + "NPNProtocols" => "bar", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + "ServerName" => "server1", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedServerName" => "server1", + "ExpectedNPNProtocol" => "foo", + }, + }, + { + name => "npn-with-sni-context-switch", + server => { + extra => { + "NPNProtocols" => "foo", + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { + extra => { + "NPNProtocols" => "bar", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + "ServerName" => "server2", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedServerName" => "server2", + "ExpectedNPNProtocol" => "bar", + }, + }, + { + name => "npn-selected-sni-server-supports-npn", + server => { + extra => { + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { + extra => { + "NPNProtocols" => "bar", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + "ServerName" => "server2", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedServerName" => "server2", + "ExpectedNPNProtocol" => "bar", + }, + }, + { + name => "npn-selected-sni-server-does-not-support-npn", + server => { + extra => { + "NPNProtocols" => "bar", + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + "ServerName" => "server2", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedServerName" => "server2", + "ExpectedNPNProtocol" => undef, + }, + }, + { + name => "alpn-preferred-over-npn", + server => { + extra => { + "ALPNProtocols" => "foo", + "NPNProtocols" => "bar", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo", + "NPNProtocols" => "bar", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedALPNProtocol" => "foo", + "ExpectedNPNProtocol" => undef, + }, + }, + { + name => "sni-npn-preferred-over-alpn", + server => { + extra => { + "ServerNameCallback" => "IgnoreMismatch", + "ALPNProtocols" => "foo", + }, + }, + server2 => { + extra => { + "NPNProtocols" => "bar", + }, + }, + client => { + extra => { + "ServerName" => "server2", + "ALPNProtocols" => "foo", + "NPNProtocols" => "bar", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedALPNProtocol" => undef, + "ExpectedNPNProtocol" => "bar", + "ExpectedServerName" => "server2", + }, + }, + { + name => "npn-simple-resumption", + server => { + extra => { + "NPNProtocols" => "foo", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedNPNProtocol" => "foo", + }, + }, + { + name => "npn-server-switch-resumption", + server => { + extra => { + "NPNProtocols" => "bar,foo", + }, + }, + resume_server => { + extra => { + "NPNProtocols" => "baz,foo", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar,baz", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedNPNProtocol" => "baz", + }, + }, + { + name => "npn-client-switch-resumption", + server => { + extra => { + "NPNProtocols" => "foo,bar,baz", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,baz", + }, + "MaxProtocol" => "TLSv1.2" + }, + resume_client => { + extra => { + "NPNProtocols" => "bar,baz", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedNPNProtocol" => "bar", + }, + }, + { + name => "npn-client-first-pref-on-mismatch-resumption", + server => { + extra => { + "NPNProtocols" => "bar", + }, + }, + resume_server => { + extra => { + "NPNProtocols" => "baz", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedNPNProtocol" => "foo", + }, + }, + { + name => "npn-no-server-support-resumption", + server => { + extra => { + "NPNProtocols" => "foo", + }, + }, + resume_server => { }, + client => { + extra => { + "NPNProtocols" => "foo", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedNPNProtocol" => undef, + }, + }, + { + name => "npn-no-client-support-resumption", + server => { + extra => { + "NPNProtocols" => "foo", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo", + }, + "MaxProtocol" => "TLSv1.2" + }, + resume_client => { + "MaxProtocol" => "TLSv1.2" + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedNPNProtocol" => undef, + }, + }, + { + name => "alpn-preferred-over-npn-resumption", + server => { + extra => { + "NPNProtocols" => "bar", + }, + }, + resume_server => { + extra => { + "ALPNProtocols" => "foo", + "NPNProtocols" => "baz", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo", + "NPNProtocols" => "bar,baz", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedALPNProtocol" => "foo", + "ExpectedNPNProtocol" => undef, + }, + }, + { + name => "npn-used-if-alpn-not-supported-resumption", + server => { + extra => { + "ALPNProtocols" => "foo", + "NPNProtocols" => "bar", + }, + }, + resume_server => { + extra => { + "NPNProtocols" => "baz", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo", + "NPNProtocols" => "bar,baz", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedALPNProtocol" => undef, + "ExpectedNPNProtocol" => "baz", + }, + }, +); diff --git a/test/ssl-tests/08-npn.conf b/test/ssl-tests/08-npn.conf deleted file mode 100644 index f38b3f6975..0000000000 --- a/test/ssl-tests/08-npn.conf +++ /dev/null @@ -1,816 +0,0 @@ -# Generated with generate_ssl_tests.pl - -num_tests = 20 - -test-0 = 0-npn-simple -test-1 = 1-npn-client-finds-match -test-2 = 2-npn-client-honours-server-pref -test-3 = 3-npn-client-first-pref-on-mismatch -test-4 = 4-npn-no-server-support -test-5 = 5-npn-no-client-support -test-6 = 6-npn-with-sni-no-context-switch -test-7 = 7-npn-with-sni-context-switch -test-8 = 8-npn-selected-sni-server-supports-npn -test-9 = 9-npn-selected-sni-server-does-not-support-npn -test-10 = 10-alpn-preferred-over-npn -test-11 = 11-sni-npn-preferred-over-alpn -test-12 = 12-npn-simple-resumption -test-13 = 13-npn-server-switch-resumption -test-14 = 14-npn-client-switch-resumption -test-15 = 15-npn-client-first-pref-on-mismatch-resumption -test-16 = 16-npn-no-server-support-resumption -test-17 = 17-npn-no-client-support-resumption -test-18 = 18-alpn-preferred-over-npn-resumption -test-19 = 19-npn-used-if-alpn-not-supported-resumption -# =========================================================== - -[0-npn-simple] -ssl_conf = 0-npn-simple-ssl - -[0-npn-simple-ssl] -server = 0-npn-simple-server -client = 0-npn-simple-client - -[0-npn-simple-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[0-npn-simple-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-0] -ExpectedNPNProtocol = foo -server = 0-npn-simple-server-extra -client = 0-npn-simple-client-extra - -[0-npn-simple-server-extra] -NPNProtocols = foo - -[0-npn-simple-client-extra] -NPNProtocols = foo - - -# =========================================================== - -[1-npn-client-finds-match] -ssl_conf = 1-npn-client-finds-match-ssl - -[1-npn-client-finds-match-ssl] -server = 1-npn-client-finds-match-server -client = 1-npn-client-finds-match-client - -[1-npn-client-finds-match-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[1-npn-client-finds-match-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-1] -ExpectedNPNProtocol = bar -server = 1-npn-client-finds-match-server-extra -client = 1-npn-client-finds-match-client-extra - -[1-npn-client-finds-match-server-extra] -NPNProtocols = baz,bar - -[1-npn-client-finds-match-client-extra] -NPNProtocols = foo,bar - - -# =========================================================== - -[2-npn-client-honours-server-pref] -ssl_conf = 2-npn-client-honours-server-pref-ssl - -[2-npn-client-honours-server-pref-ssl] -server = 2-npn-client-honours-server-pref-server -client = 2-npn-client-honours-server-pref-client - -[2-npn-client-honours-server-pref-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[2-npn-client-honours-server-pref-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-2] -ExpectedNPNProtocol = bar -server = 2-npn-client-honours-server-pref-server-extra -client = 2-npn-client-honours-server-pref-client-extra - -[2-npn-client-honours-server-pref-server-extra] -NPNProtocols = bar,foo - -[2-npn-client-honours-server-pref-client-extra] -NPNProtocols = foo,bar - - -# =========================================================== - -[3-npn-client-first-pref-on-mismatch] -ssl_conf = 3-npn-client-first-pref-on-mismatch-ssl - -[3-npn-client-first-pref-on-mismatch-ssl] -server = 3-npn-client-first-pref-on-mismatch-server -client = 3-npn-client-first-pref-on-mismatch-client - -[3-npn-client-first-pref-on-mismatch-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[3-npn-client-first-pref-on-mismatch-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-3] -ExpectedNPNProtocol = foo -server = 3-npn-client-first-pref-on-mismatch-server-extra -client = 3-npn-client-first-pref-on-mismatch-client-extra - -[3-npn-client-first-pref-on-mismatch-server-extra] -NPNProtocols = baz - -[3-npn-client-first-pref-on-mismatch-client-extra] -NPNProtocols = foo,bar - - -# =========================================================== - -[4-npn-no-server-support] -ssl_conf = 4-npn-no-server-support-ssl - -[4-npn-no-server-support-ssl] -server = 4-npn-no-server-support-server -client = 4-npn-no-server-support-client - -[4-npn-no-server-support-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[4-npn-no-server-support-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-4] -client = 4-npn-no-server-support-client-extra - -[4-npn-no-server-support-client-extra] -NPNProtocols = foo - - -# =========================================================== - -[5-npn-no-client-support] -ssl_conf = 5-npn-no-client-support-ssl - -[5-npn-no-client-support-ssl] -server = 5-npn-no-client-support-server -client = 5-npn-no-client-support-client - -[5-npn-no-client-support-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[5-npn-no-client-support-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-5] -server = 5-npn-no-client-support-server-extra - -[5-npn-no-client-support-server-extra] -NPNProtocols = foo - - -# =========================================================== - -[6-npn-with-sni-no-context-switch] -ssl_conf = 6-npn-with-sni-no-context-switch-ssl - -[6-npn-with-sni-no-context-switch-ssl] -server = 6-npn-with-sni-no-context-switch-server -client = 6-npn-with-sni-no-context-switch-client -server2 = 6-npn-with-sni-no-context-switch-server2 - -[6-npn-with-sni-no-context-switch-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[6-npn-with-sni-no-context-switch-server2] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[6-npn-with-sni-no-context-switch-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-6] -ExpectedNPNProtocol = foo -ExpectedServerName = server1 -server = 6-npn-with-sni-no-context-switch-server-extra -server2 = 6-npn-with-sni-no-context-switch-server2-extra -client = 6-npn-with-sni-no-context-switch-client-extra - -[6-npn-with-sni-no-context-switch-server-extra] -NPNProtocols = foo -ServerNameCallback = IgnoreMismatch - -[6-npn-with-sni-no-context-switch-server2-extra] -NPNProtocols = bar - -[6-npn-with-sni-no-context-switch-client-extra] -NPNProtocols = foo,bar -ServerName = server1 - - -# =========================================================== - -[7-npn-with-sni-context-switch] -ssl_conf = 7-npn-with-sni-context-switch-ssl - -[7-npn-with-sni-context-switch-ssl] -server = 7-npn-with-sni-context-switch-server -client = 7-npn-with-sni-context-switch-client -server2 = 7-npn-with-sni-context-switch-server2 - -[7-npn-with-sni-context-switch-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[7-npn-with-sni-context-switch-server2] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[7-npn-with-sni-context-switch-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-7] -ExpectedNPNProtocol = bar -ExpectedServerName = server2 -server = 7-npn-with-sni-context-switch-server-extra -server2 = 7-npn-with-sni-context-switch-server2-extra -client = 7-npn-with-sni-context-switch-client-extra - -[7-npn-with-sni-context-switch-server-extra] -NPNProtocols = foo -ServerNameCallback = IgnoreMismatch - -[7-npn-with-sni-context-switch-server2-extra] -NPNProtocols = bar - -[7-npn-with-sni-context-switch-client-extra] -NPNProtocols = foo,bar -ServerName = server2 - - -# =========================================================== - -[8-npn-selected-sni-server-supports-npn] -ssl_conf = 8-npn-selected-sni-server-supports-npn-ssl - -[8-npn-selected-sni-server-supports-npn-ssl] -server = 8-npn-selected-sni-server-supports-npn-server -client = 8-npn-selected-sni-server-supports-npn-client -server2 = 8-npn-selected-sni-server-supports-npn-server2 - -[8-npn-selected-sni-server-supports-npn-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[8-npn-selected-sni-server-supports-npn-server2] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[8-npn-selected-sni-server-supports-npn-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-8] -ExpectedNPNProtocol = bar -ExpectedServerName = server2 -server = 8-npn-selected-sni-server-supports-npn-server-extra -server2 = 8-npn-selected-sni-server-supports-npn-server2-extra -client = 8-npn-selected-sni-server-supports-npn-client-extra - -[8-npn-selected-sni-server-supports-npn-server-extra] -ServerNameCallback = IgnoreMismatch - -[8-npn-selected-sni-server-supports-npn-server2-extra] -NPNProtocols = bar - -[8-npn-selected-sni-server-supports-npn-client-extra] -NPNProtocols = foo,bar -ServerName = server2 - - -# =========================================================== - -[9-npn-selected-sni-server-does-not-support-npn] -ssl_conf = 9-npn-selected-sni-server-does-not-support-npn-ssl - -[9-npn-selected-sni-server-does-not-support-npn-ssl] -server = 9-npn-selected-sni-server-does-not-support-npn-server -client = 9-npn-selected-sni-server-does-not-support-npn-client -server2 = 9-npn-selected-sni-server-does-not-support-npn-server2 - -[9-npn-selected-sni-server-does-not-support-npn-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[9-npn-selected-sni-server-does-not-support-npn-server2] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[9-npn-selected-sni-server-does-not-support-npn-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-9] -ExpectedServerName = server2 -server = 9-npn-selected-sni-server-does-not-support-npn-server-extra -client = 9-npn-selected-sni-server-does-not-support-npn-client-extra - -[9-npn-selected-sni-server-does-not-support-npn-server-extra] -NPNProtocols = bar -ServerNameCallback = IgnoreMismatch - -[9-npn-selected-sni-server-does-not-support-npn-client-extra] -NPNProtocols = foo,bar -ServerName = server2 - - -# =========================================================== - -[10-alpn-preferred-over-npn] -ssl_conf = 10-alpn-preferred-over-npn-ssl - -[10-alpn-preferred-over-npn-ssl] -server = 10-alpn-preferred-over-npn-server -client = 10-alpn-preferred-over-npn-client - -[10-alpn-preferred-over-npn-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[10-alpn-preferred-over-npn-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-10] -ExpectedALPNProtocol = foo -server = 10-alpn-preferred-over-npn-server-extra -client = 10-alpn-preferred-over-npn-client-extra - -[10-alpn-preferred-over-npn-server-extra] -ALPNProtocols = foo -NPNProtocols = bar - -[10-alpn-preferred-over-npn-client-extra] -ALPNProtocols = foo -NPNProtocols = bar - - -# =========================================================== - -[11-sni-npn-preferred-over-alpn] -ssl_conf = 11-sni-npn-preferred-over-alpn-ssl - -[11-sni-npn-preferred-over-alpn-ssl] -server = 11-sni-npn-preferred-over-alpn-server -client = 11-sni-npn-preferred-over-alpn-client -server2 = 11-sni-npn-preferred-over-alpn-server2 - -[11-sni-npn-preferred-over-alpn-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[11-sni-npn-preferred-over-alpn-server2] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[11-sni-npn-preferred-over-alpn-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-11] -ExpectedNPNProtocol = bar -ExpectedServerName = server2 -server = 11-sni-npn-preferred-over-alpn-server-extra -server2 = 11-sni-npn-preferred-over-alpn-server2-extra -client = 11-sni-npn-preferred-over-alpn-client-extra - -[11-sni-npn-preferred-over-alpn-server-extra] -ALPNProtocols = foo -ServerNameCallback = IgnoreMismatch - -[11-sni-npn-preferred-over-alpn-server2-extra] -NPNProtocols = bar - -[11-sni-npn-preferred-over-alpn-client-extra] -ALPNProtocols = foo -NPNProtocols = bar -ServerName = server2 - - -# =========================================================== - -[12-npn-simple-resumption] -ssl_conf = 12-npn-simple-resumption-ssl - -[12-npn-simple-resumption-ssl] -server = 12-npn-simple-resumption-server -client = 12-npn-simple-resumption-client -resume-server = 12-npn-simple-resumption-server -resume-client = 12-npn-simple-resumption-client - -[12-npn-simple-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[12-npn-simple-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-12] -ExpectedNPNProtocol = foo -HandshakeMode = Resume -ResumptionExpected = Yes -server = 12-npn-simple-resumption-server-extra -resume-server = 12-npn-simple-resumption-server-extra -client = 12-npn-simple-resumption-client-extra -resume-client = 12-npn-simple-resumption-client-extra - -[12-npn-simple-resumption-server-extra] -NPNProtocols = foo - -[12-npn-simple-resumption-client-extra] -NPNProtocols = foo - - -# =========================================================== - -[13-npn-server-switch-resumption] -ssl_conf = 13-npn-server-switch-resumption-ssl - -[13-npn-server-switch-resumption-ssl] -server = 13-npn-server-switch-resumption-server -client = 13-npn-server-switch-resumption-client -resume-server = 13-npn-server-switch-resumption-resume-server -resume-client = 13-npn-server-switch-resumption-client - -[13-npn-server-switch-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[13-npn-server-switch-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[13-npn-server-switch-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-13] -ExpectedNPNProtocol = baz -HandshakeMode = Resume -ResumptionExpected = Yes -server = 13-npn-server-switch-resumption-server-extra -resume-server = 13-npn-server-switch-resumption-resume-server-extra -client = 13-npn-server-switch-resumption-client-extra -resume-client = 13-npn-server-switch-resumption-client-extra - -[13-npn-server-switch-resumption-server-extra] -NPNProtocols = bar,foo - -[13-npn-server-switch-resumption-resume-server-extra] -NPNProtocols = baz,foo - -[13-npn-server-switch-resumption-client-extra] -NPNProtocols = foo,bar,baz - - -# =========================================================== - -[14-npn-client-switch-resumption] -ssl_conf = 14-npn-client-switch-resumption-ssl - -[14-npn-client-switch-resumption-ssl] -server = 14-npn-client-switch-resumption-server -client = 14-npn-client-switch-resumption-client -resume-server = 14-npn-client-switch-resumption-server -resume-client = 14-npn-client-switch-resumption-resume-client - -[14-npn-client-switch-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[14-npn-client-switch-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[14-npn-client-switch-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-14] -ExpectedNPNProtocol = bar -HandshakeMode = Resume -ResumptionExpected = Yes -server = 14-npn-client-switch-resumption-server-extra -resume-server = 14-npn-client-switch-resumption-server-extra -client = 14-npn-client-switch-resumption-client-extra -resume-client = 14-npn-client-switch-resumption-resume-client-extra - -[14-npn-client-switch-resumption-server-extra] -NPNProtocols = foo,bar,baz - -[14-npn-client-switch-resumption-client-extra] -NPNProtocols = foo,baz - -[14-npn-client-switch-resumption-resume-client-extra] -NPNProtocols = bar,baz - - -# =========================================================== - -[15-npn-client-first-pref-on-mismatch-resumption] -ssl_conf = 15-npn-client-first-pref-on-mismatch-resumption-ssl - -[15-npn-client-first-pref-on-mismatch-resumption-ssl] -server = 15-npn-client-first-pref-on-mismatch-resumption-server -client = 15-npn-client-first-pref-on-mismatch-resumption-client -resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server -resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client - -[15-npn-client-first-pref-on-mismatch-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[15-npn-client-first-pref-on-mismatch-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[15-npn-client-first-pref-on-mismatch-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-15] -ExpectedNPNProtocol = foo -HandshakeMode = Resume -ResumptionExpected = Yes -server = 15-npn-client-first-pref-on-mismatch-resumption-server-extra -resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra -client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra -resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra - -[15-npn-client-first-pref-on-mismatch-resumption-server-extra] -NPNProtocols = bar - -[15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra] -NPNProtocols = baz - -[15-npn-client-first-pref-on-mismatch-resumption-client-extra] -NPNProtocols = foo,bar - - -# =========================================================== - -[16-npn-no-server-support-resumption] -ssl_conf = 16-npn-no-server-support-resumption-ssl - -[16-npn-no-server-support-resumption-ssl] -server = 16-npn-no-server-support-resumption-server -client = 16-npn-no-server-support-resumption-client -resume-server = 16-npn-no-server-support-resumption-resume-server -resume-client = 16-npn-no-server-support-resumption-client - -[16-npn-no-server-support-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[16-npn-no-server-support-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[16-npn-no-server-support-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-16] -HandshakeMode = Resume -ResumptionExpected = Yes -server = 16-npn-no-server-support-resumption-server-extra -client = 16-npn-no-server-support-resumption-client-extra -resume-client = 16-npn-no-server-support-resumption-client-extra - -[16-npn-no-server-support-resumption-server-extra] -NPNProtocols = foo - -[16-npn-no-server-support-resumption-client-extra] -NPNProtocols = foo - - -# =========================================================== - -[17-npn-no-client-support-resumption] -ssl_conf = 17-npn-no-client-support-resumption-ssl - -[17-npn-no-client-support-resumption-ssl] -server = 17-npn-no-client-support-resumption-server -client = 17-npn-no-client-support-resumption-client -resume-server = 17-npn-no-client-support-resumption-server -resume-client = 17-npn-no-client-support-resumption-resume-client - -[17-npn-no-client-support-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[17-npn-no-client-support-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[17-npn-no-client-support-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-17] -HandshakeMode = Resume -ResumptionExpected = Yes -server = 17-npn-no-client-support-resumption-server-extra -resume-server = 17-npn-no-client-support-resumption-server-extra -client = 17-npn-no-client-support-resumption-client-extra - -[17-npn-no-client-support-resumption-server-extra] -NPNProtocols = foo - -[17-npn-no-client-support-resumption-client-extra] -NPNProtocols = foo - - -# =========================================================== - -[18-alpn-preferred-over-npn-resumption] -ssl_conf = 18-alpn-preferred-over-npn-resumption-ssl - -[18-alpn-preferred-over-npn-resumption-ssl] -server = 18-alpn-preferred-over-npn-resumption-server -client = 18-alpn-preferred-over-npn-resumption-client -resume-server = 18-alpn-preferred-over-npn-resumption-resume-server -resume-client = 18-alpn-preferred-over-npn-resumption-client - -[18-alpn-preferred-over-npn-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[18-alpn-preferred-over-npn-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[18-alpn-preferred-over-npn-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-18] -ExpectedALPNProtocol = foo -HandshakeMode = Resume -ResumptionExpected = Yes -server = 18-alpn-preferred-over-npn-resumption-server-extra -resume-server = 18-alpn-preferred-over-npn-resumption-resume-server-extra -client = 18-alpn-preferred-over-npn-resumption-client-extra -resume-client = 18-alpn-preferred-over-npn-resumption-client-extra - -[18-alpn-preferred-over-npn-resumption-server-extra] -NPNProtocols = bar - -[18-alpn-preferred-over-npn-resumption-resume-server-extra] -ALPNProtocols = foo -NPNProtocols = baz - -[18-alpn-preferred-over-npn-resumption-client-extra] -ALPNProtocols = foo -NPNProtocols = bar,baz - - -# =========================================================== - -[19-npn-used-if-alpn-not-supported-resumption] -ssl_conf = 19-npn-used-if-alpn-not-supported-resumption-ssl - -[19-npn-used-if-alpn-not-supported-resumption-ssl] -server = 19-npn-used-if-alpn-not-supported-resumption-server -client = 19-npn-used-if-alpn-not-supported-resumption-client -resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server -resume-client = 19-npn-used-if-alpn-not-supported-resumption-client - -[19-npn-used-if-alpn-not-supported-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[19-npn-used-if-alpn-not-supported-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[19-npn-used-if-alpn-not-supported-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-19] -ExpectedNPNProtocol = baz -HandshakeMode = Resume -ResumptionExpected = Yes -server = 19-npn-used-if-alpn-not-supported-resumption-server-extra -resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server-extra -client = 19-npn-used-if-alpn-not-supported-resumption-client-extra -resume-client = 19-npn-used-if-alpn-not-supported-resumption-client-extra - -[19-npn-used-if-alpn-not-supported-resumption-server-extra] -ALPNProtocols = foo -NPNProtocols = bar - -[19-npn-used-if-alpn-not-supported-resumption-resume-server-extra] -NPNProtocols = baz - -[19-npn-used-if-alpn-not-supported-resumption-client-extra] -ALPNProtocols = foo -NPNProtocols = bar,baz - - diff --git a/test/ssl-tests/08-npn.conf.in b/test/ssl-tests/08-npn.conf.in deleted file mode 100644 index aec6b7ad4d..0000000000 --- a/test/ssl-tests/08-npn.conf.in +++ /dev/null @@ -1,443 +0,0 @@ -# -*- mode: perl; -*- -# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -## Test NPN. Note that NPN is only supported up to TLSv1.2 - -use strict; -use warnings; - -package ssltests; - -our @tests = ( - { - name => "npn-simple", - server => { - extra => { - "NPNProtocols" => "foo", - }, - }, - client => { - extra => { - "NPNProtocols" => "foo", - }, - "MaxProtocol" => "TLSv1.2" - }, - test => { - "ExpectedNPNProtocol" => "foo", - }, - }, - { - name => "npn-client-finds-match", - server => { - extra => { - "NPNProtocols" => "baz,bar", - }, - }, - client => { - extra => { - "NPNProtocols" => "foo,bar", - }, - "MaxProtocol" => "TLSv1.2" - }, - test => { - "ExpectedNPNProtocol" => "bar", - }, - }, - { - name => "npn-client-honours-server-pref", - server => { - extra => { - "NPNProtocols" => "bar,foo", - }, - }, - client => { - extra => { - "NPNProtocols" => "foo,bar", - }, - "MaxProtocol" => "TLSv1.2" - }, - test => { - "ExpectedNPNProtocol" => "bar", - }, - }, - { - name => "npn-client-first-pref-on-mismatch", - server => { - extra => { - "NPNProtocols" => "baz", - }, - }, - client => { - extra => { - "NPNProtocols" => "foo,bar", - }, - "MaxProtocol" => "TLSv1.2" - }, - test => { - "ExpectedNPNProtocol" => "foo", - }, - }, - { - name => "npn-no-server-support", - server => {}, - client => { - extra => { - "NPNProtocols" => "foo", - }, - "MaxProtocol" => "TLSv1.2" - }, - test => { - "ExpectedNPNProtocol" => undef, - }, - }, - { - name => "npn-no-client-support", - server => { - extra => { - "NPNProtocols" => "foo", - }, - }, - client => { - "MaxProtocol" => "TLSv1.2" - }, - test => { - "ExpectedNPNProtocol" => undef, - }, - }, - { - name => "npn-with-sni-no-context-switch", - server => { - extra => { - "NPNProtocols" => "foo", - "ServerNameCallback" => "IgnoreMismatch", - }, - }, - server2 => { - extra => { - "NPNProtocols" => "bar", - }, - }, - client => { - extra => { - "NPNProtocols" => "foo,bar", - "ServerName" => "server1", - }, - "MaxProtocol" => "TLSv1.2" - }, - test => { - "ExpectedServerName" => "server1", - "ExpectedNPNProtocol" => "foo", - }, - }, - { - name => "npn-with-sni-context-switch", - server => { - extra => { - "NPNProtocols" => "foo", - "ServerNameCallback" => "IgnoreMismatch", - }, - }, - server2 => { - extra => { - "NPNProtocols" => "bar", - }, - }, - client => { - extra => { - "NPNProtocols" => "foo,bar", - "ServerName" => "server2", - }, - "MaxProtocol" => "TLSv1.2" - }, - test => { - "ExpectedServerName" => "server2", - "ExpectedNPNProtocol" => "bar", - }, - }, - { - name => "npn-selected-sni-server-supports-npn", - server => { - extra => { - "ServerNameCallback" => "IgnoreMismatch", - }, - }, - server2 => { - extra => { - "NPNProtocols" => "bar", - }, - }, - client => { - extra => { - "NPNProtocols" => "foo,bar", - "ServerName" => "server2", - }, - "MaxProtocol" => "TLSv1.2" - }, - test => { - "ExpectedServerName" => "server2", - "ExpectedNPNProtocol" => "bar", - }, - }, - { - name => "npn-selected-sni-server-does-not-support-npn", - server => { - extra => { - "NPNProtocols" => "bar", - "ServerNameCallback" => "IgnoreMismatch", - }, - }, - server2 => { }, - client => { - extra => { - "NPNProtocols" => "foo,bar", - "ServerName" => "server2", - }, - "MaxProtocol" => "TLSv1.2" - }, - test => { - "ExpectedServerName" => "server2", - "ExpectedNPNProtocol" => undef, - }, - }, - { - name => "alpn-preferred-over-npn", - server => { - extra => { - "ALPNProtocols" => "foo", - "NPNProtocols" => "bar", - }, - }, - client => { - extra => { - "ALPNProtocols" => "foo", - "NPNProtocols" => "bar", - }, - "MaxProtocol" => "TLSv1.2" - }, - test => { - "ExpectedALPNProtocol" => "foo", - "ExpectedNPNProtocol" => undef, - }, - }, - { - name => "sni-npn-preferred-over-alpn", - server => { - extra => { - "ServerNameCallback" => "IgnoreMismatch", - "ALPNProtocols" => "foo", - }, - }, - server2 => { - extra => { - "NPNProtocols" => "bar", - }, - }, - client => { - extra => { - "ServerName" => "server2", - "ALPNProtocols" => "foo", - "NPNProtocols" => "bar", - }, - "MaxProtocol" => "TLSv1.2" - }, - test => { - "ExpectedALPNProtocol" => undef, - "ExpectedNPNProtocol" => "bar", - "ExpectedServerName" => "server2", - }, - }, - { - name => "npn-simple-resumption", - server => { - extra => { - "NPNProtocols" => "foo", - }, - }, - client => { - extra => { - "NPNProtocols" => "foo", - }, - "MaxProtocol" => "TLSv1.2" - }, - test => { - "HandshakeMode" => "Resume", - "ResumptionExpected" => "Yes", - "ExpectedNPNProtocol" => "foo", - }, - }, - { - name => "npn-server-switch-resumption", - server => { - extra => { - "NPNProtocols" => "bar,foo", - }, - }, - resume_server => { - extra => { - "NPNProtocols" => "baz,foo", - }, - }, - client => { - extra => { - "NPNProtocols" => "foo,bar,baz", - }, - "MaxProtocol" => "TLSv1.2" - }, - test => { - "HandshakeMode" => "Resume", - "ResumptionExpected" => "Yes", - "ExpectedNPNProtocol" => "baz", - }, - }, - { - name => "npn-client-switch-resumption", - server => { - extra => { - "NPNProtocols" => "foo,bar,baz", - }, - }, - client => { - extra => { - "NPNProtocols" => "foo,baz", - }, - "MaxProtocol" => "TLSv1.2" - }, - resume_client => { - extra => { - "NPNProtocols" => "bar,baz", - }, - "MaxProtocol" => "TLSv1.2" - }, - test => { - "HandshakeMode" => "Resume", - "ResumptionExpected" => "Yes", - "ExpectedNPNProtocol" => "bar", - }, - }, - { - name => "npn-client-first-pref-on-mismatch-resumption", - server => { - extra => { - "NPNProtocols" => "bar", - }, - }, - resume_server => { - extra => { - "NPNProtocols" => "baz", - }, - }, - client => { - extra => { - "NPNProtocols" => "foo,bar", - }, - "MaxProtocol" => "TLSv1.2" - }, - test => { - "HandshakeMode" => "Resume", - "ResumptionExpected" => "Yes", - "ExpectedNPNProtocol" => "foo", - }, - }, - { - name => "npn-no-server-support-resumption", - server => { - extra => { - "NPNProtocols" => "foo", - }, - }, - resume_server => { }, - client => { - extra => { - "NPNProtocols" => "foo", - }, - "MaxProtocol" => "TLSv1.2" - }, - test => { - "HandshakeMode" => "Resume", - "ResumptionExpected" => "Yes", - "ExpectedNPNProtocol" => undef, - }, - }, - { - name => "npn-no-client-support-resumption", - server => { - extra => { - "NPNProtocols" => "foo", - }, - }, - client => { - extra => { - "NPNProtocols" => "foo", - }, - "MaxProtocol" => "TLSv1.2" - }, - resume_client => { - "MaxProtocol" => "TLSv1.2" - }, - test => { - "HandshakeMode" => "Resume", - "ResumptionExpected" => "Yes", - "ExpectedNPNProtocol" => undef, - }, - }, - { - name => "alpn-preferred-over-npn-resumption", - server => { - extra => { - "NPNProtocols" => "bar", - }, - }, - resume_server => { - extra => { - "ALPNProtocols" => "foo", - "NPNProtocols" => "baz", - }, - }, - client => { - extra => { - "ALPNProtocols" => "foo", - "NPNProtocols" => "bar,baz", - }, - "MaxProtocol" => "TLSv1.2" - }, - test => { - "HandshakeMode" => "Resume", - "ResumptionExpected" => "Yes", - "ExpectedALPNProtocol" => "foo", - "ExpectedNPNProtocol" => undef, - }, - }, - { - name => "npn-used-if-alpn-not-supported-resumption", - server => { - extra => { - "ALPNProtocols" => "foo", - "NPNProtocols" => "bar", - }, - }, - resume_server => { - extra => { - "NPNProtocols" => "baz", - }, - }, - client => { - extra => { - "ALPNProtocols" => "foo", - "NPNProtocols" => "bar,baz", - }, - "MaxProtocol" => "TLSv1.2" - }, - test => { - "HandshakeMode" => "Resume", - "ResumptionExpected" => "Yes", - "ExpectedALPNProtocol" => undef, - "ExpectedNPNProtocol" => "baz", - }, - }, -); diff --git a/test/ssl-tests/09-alpn.cnf b/test/ssl-tests/09-alpn.cnf new file mode 100644 index 0000000000..e7e6cb9534 --- /dev/null +++ b/test/ssl-tests/09-alpn.cnf @@ -0,0 +1,619 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 16 + +test-0 = 0-alpn-simple +test-1 = 1-alpn-server-finds-match +test-2 = 2-alpn-server-honours-server-pref +test-3 = 3-alpn-alert-on-mismatch +test-4 = 4-alpn-no-server-support +test-5 = 5-alpn-no-client-support +test-6 = 6-alpn-with-sni-no-context-switch +test-7 = 7-alpn-with-sni-context-switch +test-8 = 8-alpn-selected-sni-server-supports-alpn +test-9 = 9-alpn-selected-sni-server-does-not-support-alpn +test-10 = 10-alpn-simple-resumption +test-11 = 11-alpn-server-switch-resumption +test-12 = 12-alpn-client-switch-resumption +test-13 = 13-alpn-alert-on-mismatch-resumption +test-14 = 14-alpn-no-server-support-resumption +test-15 = 15-alpn-no-client-support-resumption +# =========================================================== + +[0-alpn-simple] +ssl_conf = 0-alpn-simple-ssl + +[0-alpn-simple-ssl] +server = 0-alpn-simple-server +client = 0-alpn-simple-client + +[0-alpn-simple-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-alpn-simple-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedALPNProtocol = foo +server = 0-alpn-simple-server-extra +client = 0-alpn-simple-client-extra + +[0-alpn-simple-server-extra] +ALPNProtocols = foo + +[0-alpn-simple-client-extra] +ALPNProtocols = foo + + +# =========================================================== + +[1-alpn-server-finds-match] +ssl_conf = 1-alpn-server-finds-match-ssl + +[1-alpn-server-finds-match-ssl] +server = 1-alpn-server-finds-match-server +client = 1-alpn-server-finds-match-client + +[1-alpn-server-finds-match-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-alpn-server-finds-match-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedALPNProtocol = bar +server = 1-alpn-server-finds-match-server-extra +client = 1-alpn-server-finds-match-client-extra + +[1-alpn-server-finds-match-server-extra] +ALPNProtocols = baz,bar + +[1-alpn-server-finds-match-client-extra] +ALPNProtocols = foo,bar + + +# =========================================================== + +[2-alpn-server-honours-server-pref] +ssl_conf = 2-alpn-server-honours-server-pref-ssl + +[2-alpn-server-honours-server-pref-ssl] +server = 2-alpn-server-honours-server-pref-server +client = 2-alpn-server-honours-server-pref-client + +[2-alpn-server-honours-server-pref-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-alpn-server-honours-server-pref-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedALPNProtocol = bar +server = 2-alpn-server-honours-server-pref-server-extra +client = 2-alpn-server-honours-server-pref-client-extra + +[2-alpn-server-honours-server-pref-server-extra] +ALPNProtocols = bar,foo + +[2-alpn-server-honours-server-pref-client-extra] +ALPNProtocols = foo,bar + + +# =========================================================== + +[3-alpn-alert-on-mismatch] +ssl_conf = 3-alpn-alert-on-mismatch-ssl + +[3-alpn-alert-on-mismatch-ssl] +server = 3-alpn-alert-on-mismatch-server +client = 3-alpn-alert-on-mismatch-client + +[3-alpn-alert-on-mismatch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-alpn-alert-on-mismatch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = ServerFail +ExpectedServerAlert = NoApplicationProtocol +server = 3-alpn-alert-on-mismatch-server-extra +client = 3-alpn-alert-on-mismatch-client-extra + +[3-alpn-alert-on-mismatch-server-extra] +ALPNProtocols = baz + +[3-alpn-alert-on-mismatch-client-extra] +ALPNProtocols = foo,bar + + +# =========================================================== + +[4-alpn-no-server-support] +ssl_conf = 4-alpn-no-server-support-ssl + +[4-alpn-no-server-support-ssl] +server = 4-alpn-no-server-support-server +client = 4-alpn-no-server-support-client + +[4-alpn-no-server-support-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-alpn-no-server-support-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +client = 4-alpn-no-server-support-client-extra + +[4-alpn-no-server-support-client-extra] +ALPNProtocols = foo + + +# =========================================================== + +[5-alpn-no-client-support] +ssl_conf = 5-alpn-no-client-support-ssl + +[5-alpn-no-client-support-ssl] +server = 5-alpn-no-client-support-server +client = 5-alpn-no-client-support-client + +[5-alpn-no-client-support-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-alpn-no-client-support-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +server = 5-alpn-no-client-support-server-extra + +[5-alpn-no-client-support-server-extra] +ALPNProtocols = foo + + +# =========================================================== + +[6-alpn-with-sni-no-context-switch] +ssl_conf = 6-alpn-with-sni-no-context-switch-ssl + +[6-alpn-with-sni-no-context-switch-ssl] +server = 6-alpn-with-sni-no-context-switch-server +client = 6-alpn-with-sni-no-context-switch-client +server2 = 6-alpn-with-sni-no-context-switch-server2 + +[6-alpn-with-sni-no-context-switch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-alpn-with-sni-no-context-switch-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-alpn-with-sni-no-context-switch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedALPNProtocol = foo +ExpectedServerName = server1 +server = 6-alpn-with-sni-no-context-switch-server-extra +server2 = 6-alpn-with-sni-no-context-switch-server2-extra +client = 6-alpn-with-sni-no-context-switch-client-extra + +[6-alpn-with-sni-no-context-switch-server-extra] +ALPNProtocols = foo +ServerNameCallback = IgnoreMismatch + +[6-alpn-with-sni-no-context-switch-server2-extra] +ALPNProtocols = bar + +[6-alpn-with-sni-no-context-switch-client-extra] +ALPNProtocols = foo,bar +ServerName = server1 + + +# =========================================================== + +[7-alpn-with-sni-context-switch] +ssl_conf = 7-alpn-with-sni-context-switch-ssl + +[7-alpn-with-sni-context-switch-ssl] +server = 7-alpn-with-sni-context-switch-server +client = 7-alpn-with-sni-context-switch-client +server2 = 7-alpn-with-sni-context-switch-server2 + +[7-alpn-with-sni-context-switch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-alpn-with-sni-context-switch-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-alpn-with-sni-context-switch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedALPNProtocol = bar +ExpectedServerName = server2 +server = 7-alpn-with-sni-context-switch-server-extra +server2 = 7-alpn-with-sni-context-switch-server2-extra +client = 7-alpn-with-sni-context-switch-client-extra + +[7-alpn-with-sni-context-switch-server-extra] +ALPNProtocols = foo +ServerNameCallback = IgnoreMismatch + +[7-alpn-with-sni-context-switch-server2-extra] +ALPNProtocols = bar + +[7-alpn-with-sni-context-switch-client-extra] +ALPNProtocols = foo,bar +ServerName = server2 + + +# =========================================================== + +[8-alpn-selected-sni-server-supports-alpn] +ssl_conf = 8-alpn-selected-sni-server-supports-alpn-ssl + +[8-alpn-selected-sni-server-supports-alpn-ssl] +server = 8-alpn-selected-sni-server-supports-alpn-server +client = 8-alpn-selected-sni-server-supports-alpn-client +server2 = 8-alpn-selected-sni-server-supports-alpn-server2 + +[8-alpn-selected-sni-server-supports-alpn-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-alpn-selected-sni-server-supports-alpn-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-alpn-selected-sni-server-supports-alpn-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedALPNProtocol = bar +ExpectedServerName = server2 +server = 8-alpn-selected-sni-server-supports-alpn-server-extra +server2 = 8-alpn-selected-sni-server-supports-alpn-server2-extra +client = 8-alpn-selected-sni-server-supports-alpn-client-extra + +[8-alpn-selected-sni-server-supports-alpn-server-extra] +ServerNameCallback = IgnoreMismatch + +[8-alpn-selected-sni-server-supports-alpn-server2-extra] +ALPNProtocols = bar + +[8-alpn-selected-sni-server-supports-alpn-client-extra] +ALPNProtocols = foo,bar +ServerName = server2 + + +# =========================================================== + +[9-alpn-selected-sni-server-does-not-support-alpn] +ssl_conf = 9-alpn-selected-sni-server-does-not-support-alpn-ssl + +[9-alpn-selected-sni-server-does-not-support-alpn-ssl] +server = 9-alpn-selected-sni-server-does-not-support-alpn-server +client = 9-alpn-selected-sni-server-does-not-support-alpn-client +server2 = 9-alpn-selected-sni-server-does-not-support-alpn-server2 + +[9-alpn-selected-sni-server-does-not-support-alpn-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-alpn-selected-sni-server-does-not-support-alpn-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-alpn-selected-sni-server-does-not-support-alpn-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedServerName = server2 +server = 9-alpn-selected-sni-server-does-not-support-alpn-server-extra +client = 9-alpn-selected-sni-server-does-not-support-alpn-client-extra + +[9-alpn-selected-sni-server-does-not-support-alpn-server-extra] +ALPNProtocols = bar +ServerNameCallback = IgnoreMismatch + +[9-alpn-selected-sni-server-does-not-support-alpn-client-extra] +ALPNProtocols = foo,bar +ServerName = server2 + + +# =========================================================== + +[10-alpn-simple-resumption] +ssl_conf = 10-alpn-simple-resumption-ssl + +[10-alpn-simple-resumption-ssl] +server = 10-alpn-simple-resumption-server +client = 10-alpn-simple-resumption-client +resume-server = 10-alpn-simple-resumption-server +resume-client = 10-alpn-simple-resumption-client + +[10-alpn-simple-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-alpn-simple-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedALPNProtocol = foo +HandshakeMode = Resume +ResumptionExpected = Yes +server = 10-alpn-simple-resumption-server-extra +resume-server = 10-alpn-simple-resumption-server-extra +client = 10-alpn-simple-resumption-client-extra +resume-client = 10-alpn-simple-resumption-client-extra + +[10-alpn-simple-resumption-server-extra] +ALPNProtocols = foo + +[10-alpn-simple-resumption-client-extra] +ALPNProtocols = foo + + +# =========================================================== + +[11-alpn-server-switch-resumption] +ssl_conf = 11-alpn-server-switch-resumption-ssl + +[11-alpn-server-switch-resumption-ssl] +server = 11-alpn-server-switch-resumption-server +client = 11-alpn-server-switch-resumption-client +resume-server = 11-alpn-server-switch-resumption-resume-server +resume-client = 11-alpn-server-switch-resumption-client + +[11-alpn-server-switch-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-alpn-server-switch-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-alpn-server-switch-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedALPNProtocol = baz +HandshakeMode = Resume +ResumptionExpected = Yes +server = 11-alpn-server-switch-resumption-server-extra +resume-server = 11-alpn-server-switch-resumption-resume-server-extra +client = 11-alpn-server-switch-resumption-client-extra +resume-client = 11-alpn-server-switch-resumption-client-extra + +[11-alpn-server-switch-resumption-server-extra] +ALPNProtocols = bar,foo + +[11-alpn-server-switch-resumption-resume-server-extra] +ALPNProtocols = baz,foo + +[11-alpn-server-switch-resumption-client-extra] +ALPNProtocols = foo,bar,baz + + +# =========================================================== + +[12-alpn-client-switch-resumption] +ssl_conf = 12-alpn-client-switch-resumption-ssl + +[12-alpn-client-switch-resumption-ssl] +server = 12-alpn-client-switch-resumption-server +client = 12-alpn-client-switch-resumption-client +resume-server = 12-alpn-client-switch-resumption-server +resume-client = 12-alpn-client-switch-resumption-resume-client + +[12-alpn-client-switch-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-alpn-client-switch-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[12-alpn-client-switch-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedALPNProtocol = bar +HandshakeMode = Resume +ResumptionExpected = Yes +server = 12-alpn-client-switch-resumption-server-extra +resume-server = 12-alpn-client-switch-resumption-server-extra +client = 12-alpn-client-switch-resumption-client-extra +resume-client = 12-alpn-client-switch-resumption-resume-client-extra + +[12-alpn-client-switch-resumption-server-extra] +ALPNProtocols = foo,bar,baz + +[12-alpn-client-switch-resumption-client-extra] +ALPNProtocols = foo,baz + +[12-alpn-client-switch-resumption-resume-client-extra] +ALPNProtocols = bar,baz + + +# =========================================================== + +[13-alpn-alert-on-mismatch-resumption] +ssl_conf = 13-alpn-alert-on-mismatch-resumption-ssl + +[13-alpn-alert-on-mismatch-resumption-ssl] +server = 13-alpn-alert-on-mismatch-resumption-server +client = 13-alpn-alert-on-mismatch-resumption-client +resume-server = 13-alpn-alert-on-mismatch-resumption-resume-server +resume-client = 13-alpn-alert-on-mismatch-resumption-client + +[13-alpn-alert-on-mismatch-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-alpn-alert-on-mismatch-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-alpn-alert-on-mismatch-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedResult = ServerFail +ExpectedServerAlert = NoApplicationProtocol +HandshakeMode = Resume +server = 13-alpn-alert-on-mismatch-resumption-server-extra +resume-server = 13-alpn-alert-on-mismatch-resumption-resume-server-extra +client = 13-alpn-alert-on-mismatch-resumption-client-extra +resume-client = 13-alpn-alert-on-mismatch-resumption-client-extra + +[13-alpn-alert-on-mismatch-resumption-server-extra] +ALPNProtocols = bar + +[13-alpn-alert-on-mismatch-resumption-resume-server-extra] +ALPNProtocols = baz + +[13-alpn-alert-on-mismatch-resumption-client-extra] +ALPNProtocols = foo,bar + + +# =========================================================== + +[14-alpn-no-server-support-resumption] +ssl_conf = 14-alpn-no-server-support-resumption-ssl + +[14-alpn-no-server-support-resumption-ssl] +server = 14-alpn-no-server-support-resumption-server +client = 14-alpn-no-server-support-resumption-client +resume-server = 14-alpn-no-server-support-resumption-resume-server +resume-client = 14-alpn-no-server-support-resumption-client + +[14-alpn-no-server-support-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-alpn-no-server-support-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-alpn-no-server-support-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +HandshakeMode = Resume +ResumptionExpected = Yes +server = 14-alpn-no-server-support-resumption-server-extra +client = 14-alpn-no-server-support-resumption-client-extra +resume-client = 14-alpn-no-server-support-resumption-client-extra + +[14-alpn-no-server-support-resumption-server-extra] +ALPNProtocols = foo + +[14-alpn-no-server-support-resumption-client-extra] +ALPNProtocols = foo + + +# =========================================================== + +[15-alpn-no-client-support-resumption] +ssl_conf = 15-alpn-no-client-support-resumption-ssl + +[15-alpn-no-client-support-resumption-ssl] +server = 15-alpn-no-client-support-resumption-server +client = 15-alpn-no-client-support-resumption-client +resume-server = 15-alpn-no-client-support-resumption-server +resume-client = 15-alpn-no-client-support-resumption-resume-client + +[15-alpn-no-client-support-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-alpn-no-client-support-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[15-alpn-no-client-support-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +HandshakeMode = Resume +ResumptionExpected = Yes +server = 15-alpn-no-client-support-resumption-server-extra +resume-server = 15-alpn-no-client-support-resumption-server-extra +client = 15-alpn-no-client-support-resumption-client-extra + +[15-alpn-no-client-support-resumption-server-extra] +ALPNProtocols = foo + +[15-alpn-no-client-support-resumption-client-extra] +ALPNProtocols = foo + + diff --git a/test/ssl-tests/09-alpn.cnf.in b/test/ssl-tests/09-alpn.cnf.in new file mode 100644 index 0000000000..75141bf8a5 --- /dev/null +++ b/test/ssl-tests/09-alpn.cnf.in @@ -0,0 +1,325 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test version negotiation + +use strict; +use warnings; + +package ssltests; + + +our @tests = ( + { + name => "alpn-simple", + server => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + test => { + "ExpectedALPNProtocol" => "foo", + }, + }, + { + name => "alpn-server-finds-match", + server => { + extra => { + "ALPNProtocols" => "baz,bar", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + }, + }, + test => { + "ExpectedALPNProtocol" => "bar", + }, + }, + { + name => "alpn-server-honours-server-pref", + server => { + extra => { + "ALPNProtocols" => "bar,foo", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + }, + }, + test => { + "ExpectedALPNProtocol" => "bar", + }, + }, + { + name => "alpn-alert-on-mismatch", + server => { + extra => { + "ALPNProtocols" => "baz", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + }, + }, + test => { + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => "NoApplicationProtocol", + }, + }, + { + name => "alpn-no-server-support", + server => { }, + client => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + test => { + "ExpectedALPNProtocol" => undef, + }, + }, + { + name => "alpn-no-client-support", + server => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + client => { }, + test => { + "ExpectedALPNProtocol" => undef, + }, + }, + { + name => "alpn-with-sni-no-context-switch", + server => { + extra => { + "ALPNProtocols" => "foo", + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { + extra => { + "ALPNProtocols" => "bar", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + "ServerName" => "server1", + }, + }, + test => { + "ExpectedServerName" => "server1", + "ExpectedALPNProtocol" => "foo", + }, + }, + { + name => "alpn-with-sni-context-switch", + server => { + extra => { + "ALPNProtocols" => "foo", + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { + extra => { + "ALPNProtocols" => "bar", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + "ServerName" => "server2", + }, + }, + test => { + "ExpectedServerName" => "server2", + "ExpectedALPNProtocol" => "bar", + }, + }, + { + name => "alpn-selected-sni-server-supports-alpn", + server => { + extra => { + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { + extra => { + "ALPNProtocols" => "bar", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + "ServerName" => "server2", + }, + }, + test => { + "ExpectedServerName" => "server2", + "ExpectedALPNProtocol" => "bar", + }, + }, + { + name => "alpn-selected-sni-server-does-not-support-alpn", + server => { + extra => { + "ALPNProtocols" => "bar", + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + "ServerName" => "server2", + }, + }, + test => { + "ExpectedServerName" => "server2", + "ExpectedALPNProtocol" => undef, + }, + }, + { + name => "alpn-simple-resumption", + server => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedALPNProtocol" => "foo", + }, + }, + { + name => "alpn-server-switch-resumption", + server => { + extra => { + "ALPNProtocols" => "bar,foo", + }, + }, + resume_server => { + extra => { + "ALPNProtocols" => "baz,foo", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar,baz", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedALPNProtocol" => "baz", + }, + }, + { + name => "alpn-client-switch-resumption", + server => { + extra => { + "ALPNProtocols" => "foo,bar,baz", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,baz", + }, + }, + resume_client => { + extra => { + "ALPNProtocols" => "bar,baz", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedALPNProtocol" => "bar", + }, + }, + { + name => "alpn-alert-on-mismatch-resumption", + server => { + extra => { + "ALPNProtocols" => "bar", + }, + }, + resume_server => { + extra => { + "ALPNProtocols" => "baz", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => "NoApplicationProtocol", + }, + }, + { + name => "alpn-no-server-support-resumption", + server => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + resume_server => { }, + client => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedALPNProtocol" => undef, + }, + }, + { + name => "alpn-no-client-support-resumption", + server => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + resume_client => { + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedALPNProtocol" => undef, + }, + }, +); diff --git a/test/ssl-tests/09-alpn.conf b/test/ssl-tests/09-alpn.conf deleted file mode 100644 index e7e6cb9534..0000000000 --- a/test/ssl-tests/09-alpn.conf +++ /dev/null @@ -1,619 +0,0 @@ -# Generated with generate_ssl_tests.pl - -num_tests = 16 - -test-0 = 0-alpn-simple -test-1 = 1-alpn-server-finds-match -test-2 = 2-alpn-server-honours-server-pref -test-3 = 3-alpn-alert-on-mismatch -test-4 = 4-alpn-no-server-support -test-5 = 5-alpn-no-client-support -test-6 = 6-alpn-with-sni-no-context-switch -test-7 = 7-alpn-with-sni-context-switch -test-8 = 8-alpn-selected-sni-server-supports-alpn -test-9 = 9-alpn-selected-sni-server-does-not-support-alpn -test-10 = 10-alpn-simple-resumption -test-11 = 11-alpn-server-switch-resumption -test-12 = 12-alpn-client-switch-resumption -test-13 = 13-alpn-alert-on-mismatch-resumption -test-14 = 14-alpn-no-server-support-resumption -test-15 = 15-alpn-no-client-support-resumption -# =========================================================== - -[0-alpn-simple] -ssl_conf = 0-alpn-simple-ssl - -[0-alpn-simple-ssl] -server = 0-alpn-simple-server -client = 0-alpn-simple-client - -[0-alpn-simple-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[0-alpn-simple-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-0] -ExpectedALPNProtocol = foo -server = 0-alpn-simple-server-extra -client = 0-alpn-simple-client-extra - -[0-alpn-simple-server-extra] -ALPNProtocols = foo - -[0-alpn-simple-client-extra] -ALPNProtocols = foo - - -# =========================================================== - -[1-alpn-server-finds-match] -ssl_conf = 1-alpn-server-finds-match-ssl - -[1-alpn-server-finds-match-ssl] -server = 1-alpn-server-finds-match-server -client = 1-alpn-server-finds-match-client - -[1-alpn-server-finds-match-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[1-alpn-server-finds-match-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-1] -ExpectedALPNProtocol = bar -server = 1-alpn-server-finds-match-server-extra -client = 1-alpn-server-finds-match-client-extra - -[1-alpn-server-finds-match-server-extra] -ALPNProtocols = baz,bar - -[1-alpn-server-finds-match-client-extra] -ALPNProtocols = foo,bar - - -# =========================================================== - -[2-alpn-server-honours-server-pref] -ssl_conf = 2-alpn-server-honours-server-pref-ssl - -[2-alpn-server-honours-server-pref-ssl] -server = 2-alpn-server-honours-server-pref-server -client = 2-alpn-server-honours-server-pref-client - -[2-alpn-server-honours-server-pref-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[2-alpn-server-honours-server-pref-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-2] -ExpectedALPNProtocol = bar -server = 2-alpn-server-honours-server-pref-server-extra -client = 2-alpn-server-honours-server-pref-client-extra - -[2-alpn-server-honours-server-pref-server-extra] -ALPNProtocols = bar,foo - -[2-alpn-server-honours-server-pref-client-extra] -ALPNProtocols = foo,bar - - -# =========================================================== - -[3-alpn-alert-on-mismatch] -ssl_conf = 3-alpn-alert-on-mismatch-ssl - -[3-alpn-alert-on-mismatch-ssl] -server = 3-alpn-alert-on-mismatch-server -client = 3-alpn-alert-on-mismatch-client - -[3-alpn-alert-on-mismatch-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[3-alpn-alert-on-mismatch-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-3] -ExpectedResult = ServerFail -ExpectedServerAlert = NoApplicationProtocol -server = 3-alpn-alert-on-mismatch-server-extra -client = 3-alpn-alert-on-mismatch-client-extra - -[3-alpn-alert-on-mismatch-server-extra] -ALPNProtocols = baz - -[3-alpn-alert-on-mismatch-client-extra] -ALPNProtocols = foo,bar - - -# =========================================================== - -[4-alpn-no-server-support] -ssl_conf = 4-alpn-no-server-support-ssl - -[4-alpn-no-server-support-ssl] -server = 4-alpn-no-server-support-server -client = 4-alpn-no-server-support-client - -[4-alpn-no-server-support-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[4-alpn-no-server-support-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-4] -client = 4-alpn-no-server-support-client-extra - -[4-alpn-no-server-support-client-extra] -ALPNProtocols = foo - - -# =========================================================== - -[5-alpn-no-client-support] -ssl_conf = 5-alpn-no-client-support-ssl - -[5-alpn-no-client-support-ssl] -server = 5-alpn-no-client-support-server -client = 5-alpn-no-client-support-client - -[5-alpn-no-client-support-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[5-alpn-no-client-support-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-5] -server = 5-alpn-no-client-support-server-extra - -[5-alpn-no-client-support-server-extra] -ALPNProtocols = foo - - -# =========================================================== - -[6-alpn-with-sni-no-context-switch] -ssl_conf = 6-alpn-with-sni-no-context-switch-ssl - -[6-alpn-with-sni-no-context-switch-ssl] -server = 6-alpn-with-sni-no-context-switch-server -client = 6-alpn-with-sni-no-context-switch-client -server2 = 6-alpn-with-sni-no-context-switch-server2 - -[6-alpn-with-sni-no-context-switch-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[6-alpn-with-sni-no-context-switch-server2] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[6-alpn-with-sni-no-context-switch-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-6] -ExpectedALPNProtocol = foo -ExpectedServerName = server1 -server = 6-alpn-with-sni-no-context-switch-server-extra -server2 = 6-alpn-with-sni-no-context-switch-server2-extra -client = 6-alpn-with-sni-no-context-switch-client-extra - -[6-alpn-with-sni-no-context-switch-server-extra] -ALPNProtocols = foo -ServerNameCallback = IgnoreMismatch - -[6-alpn-with-sni-no-context-switch-server2-extra] -ALPNProtocols = bar - -[6-alpn-with-sni-no-context-switch-client-extra] -ALPNProtocols = foo,bar -ServerName = server1 - - -# =========================================================== - -[7-alpn-with-sni-context-switch] -ssl_conf = 7-alpn-with-sni-context-switch-ssl - -[7-alpn-with-sni-context-switch-ssl] -server = 7-alpn-with-sni-context-switch-server -client = 7-alpn-with-sni-context-switch-client -server2 = 7-alpn-with-sni-context-switch-server2 - -[7-alpn-with-sni-context-switch-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[7-alpn-with-sni-context-switch-server2] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[7-alpn-with-sni-context-switch-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-7] -ExpectedALPNProtocol = bar -ExpectedServerName = server2 -server = 7-alpn-with-sni-context-switch-server-extra -server2 = 7-alpn-with-sni-context-switch-server2-extra -client = 7-alpn-with-sni-context-switch-client-extra - -[7-alpn-with-sni-context-switch-server-extra] -ALPNProtocols = foo -ServerNameCallback = IgnoreMismatch - -[7-alpn-with-sni-context-switch-server2-extra] -ALPNProtocols = bar - -[7-alpn-with-sni-context-switch-client-extra] -ALPNProtocols = foo,bar -ServerName = server2 - - -# =========================================================== - -[8-alpn-selected-sni-server-supports-alpn] -ssl_conf = 8-alpn-selected-sni-server-supports-alpn-ssl - -[8-alpn-selected-sni-server-supports-alpn-ssl] -server = 8-alpn-selected-sni-server-supports-alpn-server -client = 8-alpn-selected-sni-server-supports-alpn-client -server2 = 8-alpn-selected-sni-server-supports-alpn-server2 - -[8-alpn-selected-sni-server-supports-alpn-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[8-alpn-selected-sni-server-supports-alpn-server2] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[8-alpn-selected-sni-server-supports-alpn-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-8] -ExpectedALPNProtocol = bar -ExpectedServerName = server2 -server = 8-alpn-selected-sni-server-supports-alpn-server-extra -server2 = 8-alpn-selected-sni-server-supports-alpn-server2-extra -client = 8-alpn-selected-sni-server-supports-alpn-client-extra - -[8-alpn-selected-sni-server-supports-alpn-server-extra] -ServerNameCallback = IgnoreMismatch - -[8-alpn-selected-sni-server-supports-alpn-server2-extra] -ALPNProtocols = bar - -[8-alpn-selected-sni-server-supports-alpn-client-extra] -ALPNProtocols = foo,bar -ServerName = server2 - - -# =========================================================== - -[9-alpn-selected-sni-server-does-not-support-alpn] -ssl_conf = 9-alpn-selected-sni-server-does-not-support-alpn-ssl - -[9-alpn-selected-sni-server-does-not-support-alpn-ssl] -server = 9-alpn-selected-sni-server-does-not-support-alpn-server -client = 9-alpn-selected-sni-server-does-not-support-alpn-client -server2 = 9-alpn-selected-sni-server-does-not-support-alpn-server2 - -[9-alpn-selected-sni-server-does-not-support-alpn-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[9-alpn-selected-sni-server-does-not-support-alpn-server2] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[9-alpn-selected-sni-server-does-not-support-alpn-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-9] -ExpectedServerName = server2 -server = 9-alpn-selected-sni-server-does-not-support-alpn-server-extra -client = 9-alpn-selected-sni-server-does-not-support-alpn-client-extra - -[9-alpn-selected-sni-server-does-not-support-alpn-server-extra] -ALPNProtocols = bar -ServerNameCallback = IgnoreMismatch - -[9-alpn-selected-sni-server-does-not-support-alpn-client-extra] -ALPNProtocols = foo,bar -ServerName = server2 - - -# =========================================================== - -[10-alpn-simple-resumption] -ssl_conf = 10-alpn-simple-resumption-ssl - -[10-alpn-simple-resumption-ssl] -server = 10-alpn-simple-resumption-server -client = 10-alpn-simple-resumption-client -resume-server = 10-alpn-simple-resumption-server -resume-client = 10-alpn-simple-resumption-client - -[10-alpn-simple-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[10-alpn-simple-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-10] -ExpectedALPNProtocol = foo -HandshakeMode = Resume -ResumptionExpected = Yes -server = 10-alpn-simple-resumption-server-extra -resume-server = 10-alpn-simple-resumption-server-extra -client = 10-alpn-simple-resumption-client-extra -resume-client = 10-alpn-simple-resumption-client-extra - -[10-alpn-simple-resumption-server-extra] -ALPNProtocols = foo - -[10-alpn-simple-resumption-client-extra] -ALPNProtocols = foo - - -# =========================================================== - -[11-alpn-server-switch-resumption] -ssl_conf = 11-alpn-server-switch-resumption-ssl - -[11-alpn-server-switch-resumption-ssl] -server = 11-alpn-server-switch-resumption-server -client = 11-alpn-server-switch-resumption-client -resume-server = 11-alpn-server-switch-resumption-resume-server -resume-client = 11-alpn-server-switch-resumption-client - -[11-alpn-server-switch-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[11-alpn-server-switch-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[11-alpn-server-switch-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-11] -ExpectedALPNProtocol = baz -HandshakeMode = Resume -ResumptionExpected = Yes -server = 11-alpn-server-switch-resumption-server-extra -resume-server = 11-alpn-server-switch-resumption-resume-server-extra -client = 11-alpn-server-switch-resumption-client-extra -resume-client = 11-alpn-server-switch-resumption-client-extra - -[11-alpn-server-switch-resumption-server-extra] -ALPNProtocols = bar,foo - -[11-alpn-server-switch-resumption-resume-server-extra] -ALPNProtocols = baz,foo - -[11-alpn-server-switch-resumption-client-extra] -ALPNProtocols = foo,bar,baz - - -# =========================================================== - -[12-alpn-client-switch-resumption] -ssl_conf = 12-alpn-client-switch-resumption-ssl - -[12-alpn-client-switch-resumption-ssl] -server = 12-alpn-client-switch-resumption-server -client = 12-alpn-client-switch-resumption-client -resume-server = 12-alpn-client-switch-resumption-server -resume-client = 12-alpn-client-switch-resumption-resume-client - -[12-alpn-client-switch-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[12-alpn-client-switch-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[12-alpn-client-switch-resumption-resume-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-12] -ExpectedALPNProtocol = bar -HandshakeMode = Resume -ResumptionExpected = Yes -server = 12-alpn-client-switch-resumption-server-extra -resume-server = 12-alpn-client-switch-resumption-server-extra -client = 12-alpn-client-switch-resumption-client-extra -resume-client = 12-alpn-client-switch-resumption-resume-client-extra - -[12-alpn-client-switch-resumption-server-extra] -ALPNProtocols = foo,bar,baz - -[12-alpn-client-switch-resumption-client-extra] -ALPNProtocols = foo,baz - -[12-alpn-client-switch-resumption-resume-client-extra] -ALPNProtocols = bar,baz - - -# =========================================================== - -[13-alpn-alert-on-mismatch-resumption] -ssl_conf = 13-alpn-alert-on-mismatch-resumption-ssl - -[13-alpn-alert-on-mismatch-resumption-ssl] -server = 13-alpn-alert-on-mismatch-resumption-server -client = 13-alpn-alert-on-mismatch-resumption-client -resume-server = 13-alpn-alert-on-mismatch-resumption-resume-server -resume-client = 13-alpn-alert-on-mismatch-resumption-client - -[13-alpn-alert-on-mismatch-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[13-alpn-alert-on-mismatch-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[13-alpn-alert-on-mismatch-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-13] -ExpectedResult = ServerFail -ExpectedServerAlert = NoApplicationProtocol -HandshakeMode = Resume -server = 13-alpn-alert-on-mismatch-resumption-server-extra -resume-server = 13-alpn-alert-on-mismatch-resumption-resume-server-extra -client = 13-alpn-alert-on-mismatch-resumption-client-extra -resume-client = 13-alpn-alert-on-mismatch-resumption-client-extra - -[13-alpn-alert-on-mismatch-resumption-server-extra] -ALPNProtocols = bar - -[13-alpn-alert-on-mismatch-resumption-resume-server-extra] -ALPNProtocols = baz - -[13-alpn-alert-on-mismatch-resumption-client-extra] -ALPNProtocols = foo,bar - - -# =========================================================== - -[14-alpn-no-server-support-resumption] -ssl_conf = 14-alpn-no-server-support-resumption-ssl - -[14-alpn-no-server-support-resumption-ssl] -server = 14-alpn-no-server-support-resumption-server -client = 14-alpn-no-server-support-resumption-client -resume-server = 14-alpn-no-server-support-resumption-resume-server -resume-client = 14-alpn-no-server-support-resumption-client - -[14-alpn-no-server-support-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[14-alpn-no-server-support-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[14-alpn-no-server-support-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-14] -HandshakeMode = Resume -ResumptionExpected = Yes -server = 14-alpn-no-server-support-resumption-server-extra -client = 14-alpn-no-server-support-resumption-client-extra -resume-client = 14-alpn-no-server-support-resumption-client-extra - -[14-alpn-no-server-support-resumption-server-extra] -ALPNProtocols = foo - -[14-alpn-no-server-support-resumption-client-extra] -ALPNProtocols = foo - - -# =========================================================== - -[15-alpn-no-client-support-resumption] -ssl_conf = 15-alpn-no-client-support-resumption-ssl - -[15-alpn-no-client-support-resumption-ssl] -server = 15-alpn-no-client-support-resumption-server -client = 15-alpn-no-client-support-resumption-client -resume-server = 15-alpn-no-client-support-resumption-server -resume-client = 15-alpn-no-client-support-resumption-resume-client - -[15-alpn-no-client-support-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[15-alpn-no-client-support-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[15-alpn-no-client-support-resumption-resume-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-15] -HandshakeMode = Resume -ResumptionExpected = Yes -server = 15-alpn-no-client-support-resumption-server-extra -resume-server = 15-alpn-no-client-support-resumption-server-extra -client = 15-alpn-no-client-support-resumption-client-extra - -[15-alpn-no-client-support-resumption-server-extra] -ALPNProtocols = foo - -[15-alpn-no-client-support-resumption-client-extra] -ALPNProtocols = foo - - diff --git a/test/ssl-tests/09-alpn.conf.in b/test/ssl-tests/09-alpn.conf.in deleted file mode 100644 index 75141bf8a5..0000000000 --- a/test/ssl-tests/09-alpn.conf.in +++ /dev/null @@ -1,325 +0,0 @@ -# -*- mode: perl; -*- -# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -## Test version negotiation - -use strict; -use warnings; - -package ssltests; - - -our @tests = ( - { - name => "alpn-simple", - server => { - extra => { - "ALPNProtocols" => "foo", - }, - }, - client => { - extra => { - "ALPNProtocols" => "foo", - }, - }, - test => { - "ExpectedALPNProtocol" => "foo", - }, - }, - { - name => "alpn-server-finds-match", - server => { - extra => { - "ALPNProtocols" => "baz,bar", - }, - }, - client => { - extra => { - "ALPNProtocols" => "foo,bar", - }, - }, - test => { - "ExpectedALPNProtocol" => "bar", - }, - }, - { - name => "alpn-server-honours-server-pref", - server => { - extra => { - "ALPNProtocols" => "bar,foo", - }, - }, - client => { - extra => { - "ALPNProtocols" => "foo,bar", - }, - }, - test => { - "ExpectedALPNProtocol" => "bar", - }, - }, - { - name => "alpn-alert-on-mismatch", - server => { - extra => { - "ALPNProtocols" => "baz", - }, - }, - client => { - extra => { - "ALPNProtocols" => "foo,bar", - }, - }, - test => { - "ExpectedResult" => "ServerFail", - "ExpectedServerAlert" => "NoApplicationProtocol", - }, - }, - { - name => "alpn-no-server-support", - server => { }, - client => { - extra => { - "ALPNProtocols" => "foo", - }, - }, - test => { - "ExpectedALPNProtocol" => undef, - }, - }, - { - name => "alpn-no-client-support", - server => { - extra => { - "ALPNProtocols" => "foo", - }, - }, - client => { }, - test => { - "ExpectedALPNProtocol" => undef, - }, - }, - { - name => "alpn-with-sni-no-context-switch", - server => { - extra => { - "ALPNProtocols" => "foo", - "ServerNameCallback" => "IgnoreMismatch", - }, - }, - server2 => { - extra => { - "ALPNProtocols" => "bar", - }, - }, - client => { - extra => { - "ALPNProtocols" => "foo,bar", - "ServerName" => "server1", - }, - }, - test => { - "ExpectedServerName" => "server1", - "ExpectedALPNProtocol" => "foo", - }, - }, - { - name => "alpn-with-sni-context-switch", - server => { - extra => { - "ALPNProtocols" => "foo", - "ServerNameCallback" => "IgnoreMismatch", - }, - }, - server2 => { - extra => { - "ALPNProtocols" => "bar", - }, - }, - client => { - extra => { - "ALPNProtocols" => "foo,bar", - "ServerName" => "server2", - }, - }, - test => { - "ExpectedServerName" => "server2", - "ExpectedALPNProtocol" => "bar", - }, - }, - { - name => "alpn-selected-sni-server-supports-alpn", - server => { - extra => { - "ServerNameCallback" => "IgnoreMismatch", - }, - }, - server2 => { - extra => { - "ALPNProtocols" => "bar", - }, - }, - client => { - extra => { - "ALPNProtocols" => "foo,bar", - "ServerName" => "server2", - }, - }, - test => { - "ExpectedServerName" => "server2", - "ExpectedALPNProtocol" => "bar", - }, - }, - { - name => "alpn-selected-sni-server-does-not-support-alpn", - server => { - extra => { - "ALPNProtocols" => "bar", - "ServerNameCallback" => "IgnoreMismatch", - }, - }, - server2 => { }, - client => { - extra => { - "ALPNProtocols" => "foo,bar", - "ServerName" => "server2", - }, - }, - test => { - "ExpectedServerName" => "server2", - "ExpectedALPNProtocol" => undef, - }, - }, - { - name => "alpn-simple-resumption", - server => { - extra => { - "ALPNProtocols" => "foo", - }, - }, - client => { - extra => { - "ALPNProtocols" => "foo", - }, - }, - test => { - "HandshakeMode" => "Resume", - "ResumptionExpected" => "Yes", - "ExpectedALPNProtocol" => "foo", - }, - }, - { - name => "alpn-server-switch-resumption", - server => { - extra => { - "ALPNProtocols" => "bar,foo", - }, - }, - resume_server => { - extra => { - "ALPNProtocols" => "baz,foo", - }, - }, - client => { - extra => { - "ALPNProtocols" => "foo,bar,baz", - }, - }, - test => { - "HandshakeMode" => "Resume", - "ResumptionExpected" => "Yes", - "ExpectedALPNProtocol" => "baz", - }, - }, - { - name => "alpn-client-switch-resumption", - server => { - extra => { - "ALPNProtocols" => "foo,bar,baz", - }, - }, - client => { - extra => { - "ALPNProtocols" => "foo,baz", - }, - }, - resume_client => { - extra => { - "ALPNProtocols" => "bar,baz", - }, - }, - test => { - "HandshakeMode" => "Resume", - "ResumptionExpected" => "Yes", - "ExpectedALPNProtocol" => "bar", - }, - }, - { - name => "alpn-alert-on-mismatch-resumption", - server => { - extra => { - "ALPNProtocols" => "bar", - }, - }, - resume_server => { - extra => { - "ALPNProtocols" => "baz", - }, - }, - client => { - extra => { - "ALPNProtocols" => "foo,bar", - }, - }, - test => { - "HandshakeMode" => "Resume", - "ExpectedResult" => "ServerFail", - "ExpectedServerAlert" => "NoApplicationProtocol", - }, - }, - { - name => "alpn-no-server-support-resumption", - server => { - extra => { - "ALPNProtocols" => "foo", - }, - }, - resume_server => { }, - client => { - extra => { - "ALPNProtocols" => "foo", - }, - }, - test => { - "HandshakeMode" => "Resume", - "ResumptionExpected" => "Yes", - "ExpectedALPNProtocol" => undef, - }, - }, - { - name => "alpn-no-client-support-resumption", - server => { - extra => { - "ALPNProtocols" => "foo", - }, - }, - client => { - extra => { - "ALPNProtocols" => "foo", - }, - }, - resume_client => { - }, - test => { - "HandshakeMode" => "Resume", - "ResumptionExpected" => "Yes", - "ExpectedALPNProtocol" => undef, - }, - }, -); diff --git a/test/ssl-tests/10-resumption.cnf b/test/ssl-tests/10-resumption.cnf new file mode 100644 index 0000000000..73de974ab0 --- /dev/null +++ b/test/ssl-tests/10-resumption.cnf @@ -0,0 +1,2439 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 65 + +test-0 = 0-resumption +test-1 = 1-resumption +test-2 = 2-resumption +test-3 = 3-resumption +test-4 = 4-resumption +test-5 = 5-resumption +test-6 = 6-resumption +test-7 = 7-resumption +test-8 = 8-resumption +test-9 = 9-resumption +test-10 = 10-resumption +test-11 = 11-resumption +test-12 = 12-resumption +test-13 = 13-resumption +test-14 = 14-resumption +test-15 = 15-resumption +test-16 = 16-resumption +test-17 = 17-resumption +test-18 = 18-resumption +test-19 = 19-resumption +test-20 = 20-resumption +test-21 = 21-resumption +test-22 = 22-resumption +test-23 = 23-resumption +test-24 = 24-resumption +test-25 = 25-resumption +test-26 = 26-resumption +test-27 = 27-resumption +test-28 = 28-resumption +test-29 = 29-resumption +test-30 = 30-resumption +test-31 = 31-resumption +test-32 = 32-resumption +test-33 = 33-resumption +test-34 = 34-resumption +test-35 = 35-resumption +test-36 = 36-resumption +test-37 = 37-resumption +test-38 = 38-resumption +test-39 = 39-resumption +test-40 = 40-resumption +test-41 = 41-resumption +test-42 = 42-resumption +test-43 = 43-resumption +test-44 = 44-resumption +test-45 = 45-resumption +test-46 = 46-resumption +test-47 = 47-resumption +test-48 = 48-resumption +test-49 = 49-resumption +test-50 = 50-resumption +test-51 = 51-resumption +test-52 = 52-resumption +test-53 = 53-resumption +test-54 = 54-resumption +test-55 = 55-resumption +test-56 = 56-resumption +test-57 = 57-resumption +test-58 = 58-resumption +test-59 = 59-resumption +test-60 = 60-resumption +test-61 = 61-resumption +test-62 = 62-resumption +test-63 = 63-resumption +test-64 = 64-resumption-with-hrr +# =========================================================== + +[0-resumption] +ssl_conf = 0-resumption-ssl + +[0-resumption-ssl] +server = 0-resumption-server +client = 0-resumption-client +resume-server = 0-resumption-resume-server +resume-client = 0-resumption-client + +[0-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[1-resumption] +ssl_conf = 1-resumption-ssl + +[1-resumption-ssl] +server = 1-resumption-server +client = 1-resumption-client +resume-server = 1-resumption-resume-server +resume-client = 1-resumption-client + +[1-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[2-resumption] +ssl_conf = 2-resumption-ssl + +[2-resumption-ssl] +server = 2-resumption-server +client = 2-resumption-client +resume-server = 2-resumption-resume-server +resume-client = 2-resumption-client + +[2-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[3-resumption] +ssl_conf = 3-resumption-ssl + +[3-resumption-ssl] +server = 3-resumption-server +client = 3-resumption-client +resume-server = 3-resumption-resume-server +resume-client = 3-resumption-client + +[3-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[4-resumption] +ssl_conf = 4-resumption-ssl + +[4-resumption-ssl] +server = 4-resumption-server +client = 4-resumption-client +resume-server = 4-resumption-resume-server +resume-client = 4-resumption-client + +[4-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[5-resumption] +ssl_conf = 5-resumption-ssl + +[5-resumption-ssl] +server = 5-resumption-server +client = 5-resumption-client +resume-server = 5-resumption-resume-server +resume-client = 5-resumption-client + +[5-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[6-resumption] +ssl_conf = 6-resumption-ssl + +[6-resumption-ssl] +server = 6-resumption-server +client = 6-resumption-client +resume-server = 6-resumption-resume-server +resume-client = 6-resumption-client + +[6-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[7-resumption] +ssl_conf = 7-resumption-ssl + +[7-resumption-ssl] +server = 7-resumption-server +client = 7-resumption-client +resume-server = 7-resumption-resume-server +resume-client = 7-resumption-client + +[7-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[8-resumption] +ssl_conf = 8-resumption-ssl + +[8-resumption-ssl] +server = 8-resumption-server +client = 8-resumption-client +resume-server = 8-resumption-resume-server +resume-client = 8-resumption-client + +[8-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[9-resumption] +ssl_conf = 9-resumption-ssl + +[9-resumption-ssl] +server = 9-resumption-server +client = 9-resumption-client +resume-server = 9-resumption-resume-server +resume-client = 9-resumption-client + +[9-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[10-resumption] +ssl_conf = 10-resumption-ssl + +[10-resumption-ssl] +server = 10-resumption-server +client = 10-resumption-client +resume-server = 10-resumption-resume-server +resume-client = 10-resumption-client + +[10-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[11-resumption] +ssl_conf = 11-resumption-ssl + +[11-resumption-ssl] +server = 11-resumption-server +client = 11-resumption-client +resume-server = 11-resumption-resume-server +resume-client = 11-resumption-client + +[11-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[12-resumption] +ssl_conf = 12-resumption-ssl + +[12-resumption-ssl] +server = 12-resumption-server +client = 12-resumption-client +resume-server = 12-resumption-resume-server +resume-client = 12-resumption-client + +[12-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[13-resumption] +ssl_conf = 13-resumption-ssl + +[13-resumption-ssl] +server = 13-resumption-server +client = 13-resumption-client +resume-server = 13-resumption-resume-server +resume-client = 13-resumption-client + +[13-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[14-resumption] +ssl_conf = 14-resumption-ssl + +[14-resumption-ssl] +server = 14-resumption-server +client = 14-resumption-client +resume-server = 14-resumption-resume-server +resume-client = 14-resumption-client + +[14-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[15-resumption] +ssl_conf = 15-resumption-ssl + +[15-resumption-ssl] +server = 15-resumption-server +client = 15-resumption-client +resume-server = 15-resumption-resume-server +resume-client = 15-resumption-client + +[15-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[16-resumption] +ssl_conf = 16-resumption-ssl + +[16-resumption-ssl] +server = 16-resumption-server +client = 16-resumption-client +resume-server = 16-resumption-resume-server +resume-client = 16-resumption-client + +[16-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[17-resumption] +ssl_conf = 17-resumption-ssl + +[17-resumption-ssl] +server = 17-resumption-server +client = 17-resumption-client +resume-server = 17-resumption-resume-server +resume-client = 17-resumption-client + +[17-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[17-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[17-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-17] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[18-resumption] +ssl_conf = 18-resumption-ssl + +[18-resumption-ssl] +server = 18-resumption-server +client = 18-resumption-client +resume-server = 18-resumption-resume-server +resume-client = 18-resumption-client + +[18-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-18] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[19-resumption] +ssl_conf = 19-resumption-ssl + +[19-resumption-ssl] +server = 19-resumption-server +client = 19-resumption-client +resume-server = 19-resumption-resume-server +resume-client = 19-resumption-client + +[19-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-19] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[20-resumption] +ssl_conf = 20-resumption-ssl + +[20-resumption-ssl] +server = 20-resumption-server +client = 20-resumption-client +resume-server = 20-resumption-resume-server +resume-client = 20-resumption-client + +[20-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[20-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[20-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-20] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[21-resumption] +ssl_conf = 21-resumption-ssl + +[21-resumption-ssl] +server = 21-resumption-server +client = 21-resumption-client +resume-server = 21-resumption-resume-server +resume-client = 21-resumption-client + +[21-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[21-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[21-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-21] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[22-resumption] +ssl_conf = 22-resumption-ssl + +[22-resumption-ssl] +server = 22-resumption-server +client = 22-resumption-client +resume-server = 22-resumption-resume-server +resume-client = 22-resumption-client + +[22-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[22-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[22-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-22] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[23-resumption] +ssl_conf = 23-resumption-ssl + +[23-resumption-ssl] +server = 23-resumption-server +client = 23-resumption-client +resume-server = 23-resumption-resume-server +resume-client = 23-resumption-client + +[23-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[23-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[23-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-23] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[24-resumption] +ssl_conf = 24-resumption-ssl + +[24-resumption-ssl] +server = 24-resumption-server +client = 24-resumption-client +resume-server = 24-resumption-resume-server +resume-client = 24-resumption-client + +[24-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[24-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[24-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-24] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[25-resumption] +ssl_conf = 25-resumption-ssl + +[25-resumption-ssl] +server = 25-resumption-server +client = 25-resumption-client +resume-server = 25-resumption-resume-server +resume-client = 25-resumption-client + +[25-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[25-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[25-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-25] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[26-resumption] +ssl_conf = 26-resumption-ssl + +[26-resumption-ssl] +server = 26-resumption-server +client = 26-resumption-client +resume-server = 26-resumption-resume-server +resume-client = 26-resumption-client + +[26-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[26-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[26-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-26] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[27-resumption] +ssl_conf = 27-resumption-ssl + +[27-resumption-ssl] +server = 27-resumption-server +client = 27-resumption-client +resume-server = 27-resumption-resume-server +resume-client = 27-resumption-client + +[27-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[27-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[27-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-27] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[28-resumption] +ssl_conf = 28-resumption-ssl + +[28-resumption-ssl] +server = 28-resumption-server +client = 28-resumption-client +resume-server = 28-resumption-resume-server +resume-client = 28-resumption-client + +[28-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[28-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[28-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-28] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[29-resumption] +ssl_conf = 29-resumption-ssl + +[29-resumption-ssl] +server = 29-resumption-server +client = 29-resumption-client +resume-server = 29-resumption-resume-server +resume-client = 29-resumption-client + +[29-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[29-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[29-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-29] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[30-resumption] +ssl_conf = 30-resumption-ssl + +[30-resumption-ssl] +server = 30-resumption-server +client = 30-resumption-client +resume-server = 30-resumption-resume-server +resume-client = 30-resumption-client + +[30-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[30-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[30-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-30] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[31-resumption] +ssl_conf = 31-resumption-ssl + +[31-resumption-ssl] +server = 31-resumption-server +client = 31-resumption-client +resume-server = 31-resumption-resume-server +resume-client = 31-resumption-client + +[31-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[31-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[31-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-31] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[32-resumption] +ssl_conf = 32-resumption-ssl + +[32-resumption-ssl] +server = 32-resumption-server +client = 32-resumption-client +resume-server = 32-resumption-server +resume-client = 32-resumption-resume-client + +[32-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[32-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[32-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-32] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[33-resumption] +ssl_conf = 33-resumption-ssl + +[33-resumption-ssl] +server = 33-resumption-server +client = 33-resumption-client +resume-server = 33-resumption-server +resume-client = 33-resumption-resume-client + +[33-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[33-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[33-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-33] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[34-resumption] +ssl_conf = 34-resumption-ssl + +[34-resumption-ssl] +server = 34-resumption-server +client = 34-resumption-client +resume-server = 34-resumption-server +resume-client = 34-resumption-resume-client + +[34-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[34-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[34-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-34] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[35-resumption] +ssl_conf = 35-resumption-ssl + +[35-resumption-ssl] +server = 35-resumption-server +client = 35-resumption-client +resume-server = 35-resumption-server +resume-client = 35-resumption-resume-client + +[35-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[35-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[35-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-35] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[36-resumption] +ssl_conf = 36-resumption-ssl + +[36-resumption-ssl] +server = 36-resumption-server +client = 36-resumption-client +resume-server = 36-resumption-server +resume-client = 36-resumption-resume-client + +[36-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[36-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[36-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-36] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[37-resumption] +ssl_conf = 37-resumption-ssl + +[37-resumption-ssl] +server = 37-resumption-server +client = 37-resumption-client +resume-server = 37-resumption-server +resume-client = 37-resumption-resume-client + +[37-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[37-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[37-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-37] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[38-resumption] +ssl_conf = 38-resumption-ssl + +[38-resumption-ssl] +server = 38-resumption-server +client = 38-resumption-client +resume-server = 38-resumption-server +resume-client = 38-resumption-resume-client + +[38-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[38-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[38-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-38] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[39-resumption] +ssl_conf = 39-resumption-ssl + +[39-resumption-ssl] +server = 39-resumption-server +client = 39-resumption-client +resume-server = 39-resumption-server +resume-client = 39-resumption-resume-client + +[39-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[39-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[39-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-39] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[40-resumption] +ssl_conf = 40-resumption-ssl + +[40-resumption-ssl] +server = 40-resumption-server +client = 40-resumption-client +resume-server = 40-resumption-server +resume-client = 40-resumption-resume-client + +[40-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[40-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[40-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-40] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[41-resumption] +ssl_conf = 41-resumption-ssl + +[41-resumption-ssl] +server = 41-resumption-server +client = 41-resumption-client +resume-server = 41-resumption-server +resume-client = 41-resumption-resume-client + +[41-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[41-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[41-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-41] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[42-resumption] +ssl_conf = 42-resumption-ssl + +[42-resumption-ssl] +server = 42-resumption-server +client = 42-resumption-client +resume-server = 42-resumption-server +resume-client = 42-resumption-resume-client + +[42-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[42-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[42-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-42] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[43-resumption] +ssl_conf = 43-resumption-ssl + +[43-resumption-ssl] +server = 43-resumption-server +client = 43-resumption-client +resume-server = 43-resumption-server +resume-client = 43-resumption-resume-client + +[43-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[43-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[43-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-43] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[44-resumption] +ssl_conf = 44-resumption-ssl + +[44-resumption-ssl] +server = 44-resumption-server +client = 44-resumption-client +resume-server = 44-resumption-server +resume-client = 44-resumption-resume-client + +[44-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[44-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[44-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-44] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[45-resumption] +ssl_conf = 45-resumption-ssl + +[45-resumption-ssl] +server = 45-resumption-server +client = 45-resumption-client +resume-server = 45-resumption-server +resume-client = 45-resumption-resume-client + +[45-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[45-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[45-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-45] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[46-resumption] +ssl_conf = 46-resumption-ssl + +[46-resumption-ssl] +server = 46-resumption-server +client = 46-resumption-client +resume-server = 46-resumption-server +resume-client = 46-resumption-resume-client + +[46-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[46-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[46-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-46] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[47-resumption] +ssl_conf = 47-resumption-ssl + +[47-resumption-ssl] +server = 47-resumption-server +client = 47-resumption-client +resume-server = 47-resumption-server +resume-client = 47-resumption-resume-client + +[47-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[47-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[47-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-47] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[48-resumption] +ssl_conf = 48-resumption-ssl + +[48-resumption-ssl] +server = 48-resumption-server +client = 48-resumption-client +resume-server = 48-resumption-server +resume-client = 48-resumption-resume-client + +[48-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[48-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[48-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-48] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[49-resumption] +ssl_conf = 49-resumption-ssl + +[49-resumption-ssl] +server = 49-resumption-server +client = 49-resumption-client +resume-server = 49-resumption-server +resume-client = 49-resumption-resume-client + +[49-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[49-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[49-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-49] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[50-resumption] +ssl_conf = 50-resumption-ssl + +[50-resumption-ssl] +server = 50-resumption-server +client = 50-resumption-client +resume-server = 50-resumption-server +resume-client = 50-resumption-resume-client + +[50-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[50-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[50-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-50] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[51-resumption] +ssl_conf = 51-resumption-ssl + +[51-resumption-ssl] +server = 51-resumption-server +client = 51-resumption-client +resume-server = 51-resumption-server +resume-client = 51-resumption-resume-client + +[51-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[51-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[51-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-51] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[52-resumption] +ssl_conf = 52-resumption-ssl + +[52-resumption-ssl] +server = 52-resumption-server +client = 52-resumption-client +resume-server = 52-resumption-server +resume-client = 52-resumption-resume-client + +[52-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[52-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[52-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-52] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[53-resumption] +ssl_conf = 53-resumption-ssl + +[53-resumption-ssl] +server = 53-resumption-server +client = 53-resumption-client +resume-server = 53-resumption-server +resume-client = 53-resumption-resume-client + +[53-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[53-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[53-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-53] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[54-resumption] +ssl_conf = 54-resumption-ssl + +[54-resumption-ssl] +server = 54-resumption-server +client = 54-resumption-client +resume-server = 54-resumption-server +resume-client = 54-resumption-resume-client + +[54-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[54-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[54-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-54] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[55-resumption] +ssl_conf = 55-resumption-ssl + +[55-resumption-ssl] +server = 55-resumption-server +client = 55-resumption-client +resume-server = 55-resumption-server +resume-client = 55-resumption-resume-client + +[55-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[55-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[55-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-55] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[56-resumption] +ssl_conf = 56-resumption-ssl + +[56-resumption-ssl] +server = 56-resumption-server +client = 56-resumption-client +resume-server = 56-resumption-server +resume-client = 56-resumption-resume-client + +[56-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[56-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[56-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-56] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[57-resumption] +ssl_conf = 57-resumption-ssl + +[57-resumption-ssl] +server = 57-resumption-server +client = 57-resumption-client +resume-server = 57-resumption-server +resume-client = 57-resumption-resume-client + +[57-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[57-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[57-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-57] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[58-resumption] +ssl_conf = 58-resumption-ssl + +[58-resumption-ssl] +server = 58-resumption-server +client = 58-resumption-client +resume-server = 58-resumption-server +resume-client = 58-resumption-resume-client + +[58-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[58-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[58-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-58] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[59-resumption] +ssl_conf = 59-resumption-ssl + +[59-resumption-ssl] +server = 59-resumption-server +client = 59-resumption-client +resume-server = 59-resumption-server +resume-client = 59-resumption-resume-client + +[59-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[59-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[59-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-59] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[60-resumption] +ssl_conf = 60-resumption-ssl + +[60-resumption-ssl] +server = 60-resumption-server +client = 60-resumption-client +resume-server = 60-resumption-server +resume-client = 60-resumption-resume-client + +[60-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[60-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[60-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-60] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[61-resumption] +ssl_conf = 61-resumption-ssl + +[61-resumption-ssl] +server = 61-resumption-server +client = 61-resumption-client +resume-server = 61-resumption-server +resume-client = 61-resumption-resume-client + +[61-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[61-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[61-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-61] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[62-resumption] +ssl_conf = 62-resumption-ssl + +[62-resumption-ssl] +server = 62-resumption-server +client = 62-resumption-client +resume-server = 62-resumption-server +resume-client = 62-resumption-resume-client + +[62-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[62-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[62-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-62] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[63-resumption] +ssl_conf = 63-resumption-ssl + +[63-resumption-ssl] +server = 63-resumption-server +client = 63-resumption-client +resume-server = 63-resumption-server +resume-client = 63-resumption-resume-client + +[63-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[63-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[63-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-63] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[64-resumption-with-hrr] +ssl_conf = 64-resumption-with-hrr-ssl + +[64-resumption-with-hrr-ssl] +server = 64-resumption-with-hrr-server +client = 64-resumption-with-hrr-client +resume-server = 64-resumption-with-hrr-server +resume-client = 64-resumption-with-hrr-resume-client + +[64-resumption-with-hrr-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = P-256 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[64-resumption-with-hrr-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[64-resumption-with-hrr-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-64] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +Method = TLS +ResumptionExpected = Yes + + diff --git a/test/ssl-tests/10-resumption.cnf.in b/test/ssl-tests/10-resumption.cnf.in new file mode 100644 index 0000000000..39c69395bf --- /dev/null +++ b/test/ssl-tests/10-resumption.cnf.in @@ -0,0 +1,19 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test version negotiation upon resumption. + +use strict; +use warnings; + +package ssltests; + +use protocol_version; + +our @tests = generate_resumption_tests("TLS"); diff --git a/test/ssl-tests/10-resumption.conf b/test/ssl-tests/10-resumption.conf deleted file mode 100644 index 73de974ab0..0000000000 --- a/test/ssl-tests/10-resumption.conf +++ /dev/null @@ -1,2439 +0,0 @@ -# Generated with generate_ssl_tests.pl - -num_tests = 65 - -test-0 = 0-resumption -test-1 = 1-resumption -test-2 = 2-resumption -test-3 = 3-resumption -test-4 = 4-resumption -test-5 = 5-resumption -test-6 = 6-resumption -test-7 = 7-resumption -test-8 = 8-resumption -test-9 = 9-resumption -test-10 = 10-resumption -test-11 = 11-resumption -test-12 = 12-resumption -test-13 = 13-resumption -test-14 = 14-resumption -test-15 = 15-resumption -test-16 = 16-resumption -test-17 = 17-resumption -test-18 = 18-resumption -test-19 = 19-resumption -test-20 = 20-resumption -test-21 = 21-resumption -test-22 = 22-resumption -test-23 = 23-resumption -test-24 = 24-resumption -test-25 = 25-resumption -test-26 = 26-resumption -test-27 = 27-resumption -test-28 = 28-resumption -test-29 = 29-resumption -test-30 = 30-resumption -test-31 = 31-resumption -test-32 = 32-resumption -test-33 = 33-resumption -test-34 = 34-resumption -test-35 = 35-resumption -test-36 = 36-resumption -test-37 = 37-resumption -test-38 = 38-resumption -test-39 = 39-resumption -test-40 = 40-resumption -test-41 = 41-resumption -test-42 = 42-resumption -test-43 = 43-resumption -test-44 = 44-resumption -test-45 = 45-resumption -test-46 = 46-resumption -test-47 = 47-resumption -test-48 = 48-resumption -test-49 = 49-resumption -test-50 = 50-resumption -test-51 = 51-resumption -test-52 = 52-resumption -test-53 = 53-resumption -test-54 = 54-resumption -test-55 = 55-resumption -test-56 = 56-resumption -test-57 = 57-resumption -test-58 = 58-resumption -test-59 = 59-resumption -test-60 = 60-resumption -test-61 = 61-resumption -test-62 = 62-resumption -test-63 = 63-resumption -test-64 = 64-resumption-with-hrr -# =========================================================== - -[0-resumption] -ssl_conf = 0-resumption-ssl - -[0-resumption-ssl] -server = 0-resumption-server -client = 0-resumption-client -resume-server = 0-resumption-resume-server -resume-client = 0-resumption-client - -[0-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[0-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[0-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-0] -ExpectedProtocol = TLSv1 -HandshakeMode = Resume -ResumptionExpected = Yes - - -# =========================================================== - -[1-resumption] -ssl_conf = 1-resumption-ssl - -[1-resumption-ssl] -server = 1-resumption-server -client = 1-resumption-client -resume-server = 1-resumption-resume-server -resume-client = 1-resumption-client - -[1-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[1-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[1-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-1] -ExpectedProtocol = TLSv1 -HandshakeMode = Resume -ResumptionExpected = Yes - - -# =========================================================== - -[2-resumption] -ssl_conf = 2-resumption-ssl - -[2-resumption-ssl] -server = 2-resumption-server -client = 2-resumption-client -resume-server = 2-resumption-resume-server -resume-client = 2-resumption-client - -[2-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[2-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[2-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-2] -ExpectedProtocol = TLSv1.1 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[3-resumption] -ssl_conf = 3-resumption-ssl - -[3-resumption-ssl] -server = 3-resumption-server -client = 3-resumption-client -resume-server = 3-resumption-resume-server -resume-client = 3-resumption-client - -[3-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[3-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[3-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-3] -ExpectedProtocol = TLSv1.1 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[4-resumption] -ssl_conf = 4-resumption-ssl - -[4-resumption-ssl] -server = 4-resumption-server -client = 4-resumption-client -resume-server = 4-resumption-resume-server -resume-client = 4-resumption-client - -[4-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[4-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[4-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-4] -ExpectedProtocol = TLSv1.2 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[5-resumption] -ssl_conf = 5-resumption-ssl - -[5-resumption-ssl] -server = 5-resumption-server -client = 5-resumption-client -resume-server = 5-resumption-resume-server -resume-client = 5-resumption-client - -[5-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[5-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[5-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-5] -ExpectedProtocol = TLSv1.2 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[6-resumption] -ssl_conf = 6-resumption-ssl - -[6-resumption-ssl] -server = 6-resumption-server -client = 6-resumption-client -resume-server = 6-resumption-resume-server -resume-client = 6-resumption-client - -[6-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[6-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[6-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-6] -ExpectedProtocol = TLSv1.3 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[7-resumption] -ssl_conf = 7-resumption-ssl - -[7-resumption-ssl] -server = 7-resumption-server -client = 7-resumption-client -resume-server = 7-resumption-resume-server -resume-client = 7-resumption-client - -[7-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[7-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[7-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-7] -ExpectedProtocol = TLSv1.3 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[8-resumption] -ssl_conf = 8-resumption-ssl - -[8-resumption-ssl] -server = 8-resumption-server -client = 8-resumption-client -resume-server = 8-resumption-resume-server -resume-client = 8-resumption-client - -[8-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[8-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[8-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-8] -ExpectedProtocol = TLSv1 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[9-resumption] -ssl_conf = 9-resumption-ssl - -[9-resumption-ssl] -server = 9-resumption-server -client = 9-resumption-client -resume-server = 9-resumption-resume-server -resume-client = 9-resumption-client - -[9-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[9-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[9-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-9] -ExpectedProtocol = TLSv1 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[10-resumption] -ssl_conf = 10-resumption-ssl - -[10-resumption-ssl] -server = 10-resumption-server -client = 10-resumption-client -resume-server = 10-resumption-resume-server -resume-client = 10-resumption-client - -[10-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[10-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[10-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-10] -ExpectedProtocol = TLSv1.1 -HandshakeMode = Resume -ResumptionExpected = Yes - - -# =========================================================== - -[11-resumption] -ssl_conf = 11-resumption-ssl - -[11-resumption-ssl] -server = 11-resumption-server -client = 11-resumption-client -resume-server = 11-resumption-resume-server -resume-client = 11-resumption-client - -[11-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[11-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[11-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-11] -ExpectedProtocol = TLSv1.1 -HandshakeMode = Resume -ResumptionExpected = Yes - - -# =========================================================== - -[12-resumption] -ssl_conf = 12-resumption-ssl - -[12-resumption-ssl] -server = 12-resumption-server -client = 12-resumption-client -resume-server = 12-resumption-resume-server -resume-client = 12-resumption-client - -[12-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[12-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[12-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-12] -ExpectedProtocol = TLSv1.2 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[13-resumption] -ssl_conf = 13-resumption-ssl - -[13-resumption-ssl] -server = 13-resumption-server -client = 13-resumption-client -resume-server = 13-resumption-resume-server -resume-client = 13-resumption-client - -[13-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[13-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[13-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-13] -ExpectedProtocol = TLSv1.2 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[14-resumption] -ssl_conf = 14-resumption-ssl - -[14-resumption-ssl] -server = 14-resumption-server -client = 14-resumption-client -resume-server = 14-resumption-resume-server -resume-client = 14-resumption-client - -[14-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[14-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[14-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-14] -ExpectedProtocol = TLSv1.3 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[15-resumption] -ssl_conf = 15-resumption-ssl - -[15-resumption-ssl] -server = 15-resumption-server -client = 15-resumption-client -resume-server = 15-resumption-resume-server -resume-client = 15-resumption-client - -[15-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[15-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[15-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-15] -ExpectedProtocol = TLSv1.3 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[16-resumption] -ssl_conf = 16-resumption-ssl - -[16-resumption-ssl] -server = 16-resumption-server -client = 16-resumption-client -resume-server = 16-resumption-resume-server -resume-client = 16-resumption-client - -[16-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[16-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[16-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-16] -ExpectedProtocol = TLSv1 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[17-resumption] -ssl_conf = 17-resumption-ssl - -[17-resumption-ssl] -server = 17-resumption-server -client = 17-resumption-client -resume-server = 17-resumption-resume-server -resume-client = 17-resumption-client - -[17-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[17-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[17-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-17] -ExpectedProtocol = TLSv1 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[18-resumption] -ssl_conf = 18-resumption-ssl - -[18-resumption-ssl] -server = 18-resumption-server -client = 18-resumption-client -resume-server = 18-resumption-resume-server -resume-client = 18-resumption-client - -[18-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[18-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[18-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-18] -ExpectedProtocol = TLSv1.1 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[19-resumption] -ssl_conf = 19-resumption-ssl - -[19-resumption-ssl] -server = 19-resumption-server -client = 19-resumption-client -resume-server = 19-resumption-resume-server -resume-client = 19-resumption-client - -[19-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[19-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[19-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-19] -ExpectedProtocol = TLSv1.1 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[20-resumption] -ssl_conf = 20-resumption-ssl - -[20-resumption-ssl] -server = 20-resumption-server -client = 20-resumption-client -resume-server = 20-resumption-resume-server -resume-client = 20-resumption-client - -[20-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[20-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[20-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-20] -ExpectedProtocol = TLSv1.2 -HandshakeMode = Resume -ResumptionExpected = Yes - - -# =========================================================== - -[21-resumption] -ssl_conf = 21-resumption-ssl - -[21-resumption-ssl] -server = 21-resumption-server -client = 21-resumption-client -resume-server = 21-resumption-resume-server -resume-client = 21-resumption-client - -[21-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[21-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[21-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-21] -ExpectedProtocol = TLSv1.2 -HandshakeMode = Resume -ResumptionExpected = Yes - - -# =========================================================== - -[22-resumption] -ssl_conf = 22-resumption-ssl - -[22-resumption-ssl] -server = 22-resumption-server -client = 22-resumption-client -resume-server = 22-resumption-resume-server -resume-client = 22-resumption-client - -[22-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[22-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[22-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-22] -ExpectedProtocol = TLSv1.3 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[23-resumption] -ssl_conf = 23-resumption-ssl - -[23-resumption-ssl] -server = 23-resumption-server -client = 23-resumption-client -resume-server = 23-resumption-resume-server -resume-client = 23-resumption-client - -[23-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[23-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[23-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-23] -ExpectedProtocol = TLSv1.3 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[24-resumption] -ssl_conf = 24-resumption-ssl - -[24-resumption-ssl] -server = 24-resumption-server -client = 24-resumption-client -resume-server = 24-resumption-resume-server -resume-client = 24-resumption-client - -[24-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[24-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[24-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-24] -ExpectedProtocol = TLSv1 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[25-resumption] -ssl_conf = 25-resumption-ssl - -[25-resumption-ssl] -server = 25-resumption-server -client = 25-resumption-client -resume-server = 25-resumption-resume-server -resume-client = 25-resumption-client - -[25-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[25-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[25-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-25] -ExpectedProtocol = TLSv1 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[26-resumption] -ssl_conf = 26-resumption-ssl - -[26-resumption-ssl] -server = 26-resumption-server -client = 26-resumption-client -resume-server = 26-resumption-resume-server -resume-client = 26-resumption-client - -[26-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[26-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[26-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-26] -ExpectedProtocol = TLSv1.1 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[27-resumption] -ssl_conf = 27-resumption-ssl - -[27-resumption-ssl] -server = 27-resumption-server -client = 27-resumption-client -resume-server = 27-resumption-resume-server -resume-client = 27-resumption-client - -[27-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[27-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[27-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-27] -ExpectedProtocol = TLSv1.1 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[28-resumption] -ssl_conf = 28-resumption-ssl - -[28-resumption-ssl] -server = 28-resumption-server -client = 28-resumption-client -resume-server = 28-resumption-resume-server -resume-client = 28-resumption-client - -[28-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[28-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[28-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-28] -ExpectedProtocol = TLSv1.2 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[29-resumption] -ssl_conf = 29-resumption-ssl - -[29-resumption-ssl] -server = 29-resumption-server -client = 29-resumption-client -resume-server = 29-resumption-resume-server -resume-client = 29-resumption-client - -[29-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[29-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[29-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-29] -ExpectedProtocol = TLSv1.2 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[30-resumption] -ssl_conf = 30-resumption-ssl - -[30-resumption-ssl] -server = 30-resumption-server -client = 30-resumption-client -resume-server = 30-resumption-resume-server -resume-client = 30-resumption-client - -[30-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[30-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[30-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-30] -ExpectedProtocol = TLSv1.3 -HandshakeMode = Resume -ResumptionExpected = Yes - - -# =========================================================== - -[31-resumption] -ssl_conf = 31-resumption-ssl - -[31-resumption-ssl] -server = 31-resumption-server -client = 31-resumption-client -resume-server = 31-resumption-resume-server -resume-client = 31-resumption-client - -[31-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[31-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[31-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-31] -ExpectedProtocol = TLSv1.3 -HandshakeMode = Resume -ResumptionExpected = Yes - - -# =========================================================== - -[32-resumption] -ssl_conf = 32-resumption-ssl - -[32-resumption-ssl] -server = 32-resumption-server -client = 32-resumption-client -resume-server = 32-resumption-server -resume-client = 32-resumption-resume-client - -[32-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[32-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[32-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-32] -ExpectedProtocol = TLSv1 -HandshakeMode = Resume -ResumptionExpected = Yes - - -# =========================================================== - -[33-resumption] -ssl_conf = 33-resumption-ssl - -[33-resumption-ssl] -server = 33-resumption-server -client = 33-resumption-client -resume-server = 33-resumption-server -resume-client = 33-resumption-resume-client - -[33-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[33-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[33-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-33] -ExpectedProtocol = TLSv1 -HandshakeMode = Resume -ResumptionExpected = Yes - - -# =========================================================== - -[34-resumption] -ssl_conf = 34-resumption-ssl - -[34-resumption-ssl] -server = 34-resumption-server -client = 34-resumption-client -resume-server = 34-resumption-server -resume-client = 34-resumption-resume-client - -[34-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[34-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[34-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-34] -ExpectedProtocol = TLSv1.1 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[35-resumption] -ssl_conf = 35-resumption-ssl - -[35-resumption-ssl] -server = 35-resumption-server -client = 35-resumption-client -resume-server = 35-resumption-server -resume-client = 35-resumption-resume-client - -[35-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[35-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[35-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-35] -ExpectedProtocol = TLSv1.1 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[36-resumption] -ssl_conf = 36-resumption-ssl - -[36-resumption-ssl] -server = 36-resumption-server -client = 36-resumption-client -resume-server = 36-resumption-server -resume-client = 36-resumption-resume-client - -[36-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[36-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[36-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-36] -ExpectedProtocol = TLSv1.2 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[37-resumption] -ssl_conf = 37-resumption-ssl - -[37-resumption-ssl] -server = 37-resumption-server -client = 37-resumption-client -resume-server = 37-resumption-server -resume-client = 37-resumption-resume-client - -[37-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[37-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[37-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-37] -ExpectedProtocol = TLSv1.2 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[38-resumption] -ssl_conf = 38-resumption-ssl - -[38-resumption-ssl] -server = 38-resumption-server -client = 38-resumption-client -resume-server = 38-resumption-server -resume-client = 38-resumption-resume-client - -[38-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[38-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[38-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-38] -ExpectedProtocol = TLSv1.3 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[39-resumption] -ssl_conf = 39-resumption-ssl - -[39-resumption-ssl] -server = 39-resumption-server -client = 39-resumption-client -resume-server = 39-resumption-server -resume-client = 39-resumption-resume-client - -[39-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[39-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[39-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-39] -ExpectedProtocol = TLSv1.3 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[40-resumption] -ssl_conf = 40-resumption-ssl - -[40-resumption-ssl] -server = 40-resumption-server -client = 40-resumption-client -resume-server = 40-resumption-server -resume-client = 40-resumption-resume-client - -[40-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[40-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[40-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-40] -ExpectedProtocol = TLSv1 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[41-resumption] -ssl_conf = 41-resumption-ssl - -[41-resumption-ssl] -server = 41-resumption-server -client = 41-resumption-client -resume-server = 41-resumption-server -resume-client = 41-resumption-resume-client - -[41-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[41-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[41-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-41] -ExpectedProtocol = TLSv1 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[42-resumption] -ssl_conf = 42-resumption-ssl - -[42-resumption-ssl] -server = 42-resumption-server -client = 42-resumption-client -resume-server = 42-resumption-server -resume-client = 42-resumption-resume-client - -[42-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[42-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[42-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-42] -ExpectedProtocol = TLSv1.1 -HandshakeMode = Resume -ResumptionExpected = Yes - - -# =========================================================== - -[43-resumption] -ssl_conf = 43-resumption-ssl - -[43-resumption-ssl] -server = 43-resumption-server -client = 43-resumption-client -resume-server = 43-resumption-server -resume-client = 43-resumption-resume-client - -[43-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[43-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[43-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-43] -ExpectedProtocol = TLSv1.1 -HandshakeMode = Resume -ResumptionExpected = Yes - - -# =========================================================== - -[44-resumption] -ssl_conf = 44-resumption-ssl - -[44-resumption-ssl] -server = 44-resumption-server -client = 44-resumption-client -resume-server = 44-resumption-server -resume-client = 44-resumption-resume-client - -[44-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[44-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[44-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-44] -ExpectedProtocol = TLSv1.2 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[45-resumption] -ssl_conf = 45-resumption-ssl - -[45-resumption-ssl] -server = 45-resumption-server -client = 45-resumption-client -resume-server = 45-resumption-server -resume-client = 45-resumption-resume-client - -[45-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[45-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[45-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-45] -ExpectedProtocol = TLSv1.2 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[46-resumption] -ssl_conf = 46-resumption-ssl - -[46-resumption-ssl] -server = 46-resumption-server -client = 46-resumption-client -resume-server = 46-resumption-server -resume-client = 46-resumption-resume-client - -[46-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[46-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[46-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-46] -ExpectedProtocol = TLSv1.3 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[47-resumption] -ssl_conf = 47-resumption-ssl - -[47-resumption-ssl] -server = 47-resumption-server -client = 47-resumption-client -resume-server = 47-resumption-server -resume-client = 47-resumption-resume-client - -[47-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[47-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[47-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-47] -ExpectedProtocol = TLSv1.3 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[48-resumption] -ssl_conf = 48-resumption-ssl - -[48-resumption-ssl] -server = 48-resumption-server -client = 48-resumption-client -resume-server = 48-resumption-server -resume-client = 48-resumption-resume-client - -[48-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[48-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[48-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-48] -ExpectedProtocol = TLSv1 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[49-resumption] -ssl_conf = 49-resumption-ssl - -[49-resumption-ssl] -server = 49-resumption-server -client = 49-resumption-client -resume-server = 49-resumption-server -resume-client = 49-resumption-resume-client - -[49-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[49-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[49-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-49] -ExpectedProtocol = TLSv1 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[50-resumption] -ssl_conf = 50-resumption-ssl - -[50-resumption-ssl] -server = 50-resumption-server -client = 50-resumption-client -resume-server = 50-resumption-server -resume-client = 50-resumption-resume-client - -[50-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[50-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[50-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-50] -ExpectedProtocol = TLSv1.1 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[51-resumption] -ssl_conf = 51-resumption-ssl - -[51-resumption-ssl] -server = 51-resumption-server -client = 51-resumption-client -resume-server = 51-resumption-server -resume-client = 51-resumption-resume-client - -[51-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[51-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[51-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-51] -ExpectedProtocol = TLSv1.1 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[52-resumption] -ssl_conf = 52-resumption-ssl - -[52-resumption-ssl] -server = 52-resumption-server -client = 52-resumption-client -resume-server = 52-resumption-server -resume-client = 52-resumption-resume-client - -[52-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[52-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[52-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-52] -ExpectedProtocol = TLSv1.2 -HandshakeMode = Resume -ResumptionExpected = Yes - - -# =========================================================== - -[53-resumption] -ssl_conf = 53-resumption-ssl - -[53-resumption-ssl] -server = 53-resumption-server -client = 53-resumption-client -resume-server = 53-resumption-server -resume-client = 53-resumption-resume-client - -[53-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[53-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[53-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-53] -ExpectedProtocol = TLSv1.2 -HandshakeMode = Resume -ResumptionExpected = Yes - - -# =========================================================== - -[54-resumption] -ssl_conf = 54-resumption-ssl - -[54-resumption-ssl] -server = 54-resumption-server -client = 54-resumption-client -resume-server = 54-resumption-server -resume-client = 54-resumption-resume-client - -[54-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[54-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[54-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-54] -ExpectedProtocol = TLSv1.3 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[55-resumption] -ssl_conf = 55-resumption-ssl - -[55-resumption-ssl] -server = 55-resumption-server -client = 55-resumption-client -resume-server = 55-resumption-server -resume-client = 55-resumption-resume-client - -[55-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[55-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[55-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-55] -ExpectedProtocol = TLSv1.3 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[56-resumption] -ssl_conf = 56-resumption-ssl - -[56-resumption-ssl] -server = 56-resumption-server -client = 56-resumption-client -resume-server = 56-resumption-server -resume-client = 56-resumption-resume-client - -[56-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[56-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[56-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-56] -ExpectedProtocol = TLSv1 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[57-resumption] -ssl_conf = 57-resumption-ssl - -[57-resumption-ssl] -server = 57-resumption-server -client = 57-resumption-client -resume-server = 57-resumption-server -resume-client = 57-resumption-resume-client - -[57-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[57-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[57-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-57] -ExpectedProtocol = TLSv1 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[58-resumption] -ssl_conf = 58-resumption-ssl - -[58-resumption-ssl] -server = 58-resumption-server -client = 58-resumption-client -resume-server = 58-resumption-server -resume-client = 58-resumption-resume-client - -[58-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[58-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[58-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-58] -ExpectedProtocol = TLSv1.1 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[59-resumption] -ssl_conf = 59-resumption-ssl - -[59-resumption-ssl] -server = 59-resumption-server -client = 59-resumption-client -resume-server = 59-resumption-server -resume-client = 59-resumption-resume-client - -[59-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[59-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[59-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-59] -ExpectedProtocol = TLSv1.1 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[60-resumption] -ssl_conf = 60-resumption-ssl - -[60-resumption-ssl] -server = 60-resumption-server -client = 60-resumption-client -resume-server = 60-resumption-server -resume-client = 60-resumption-resume-client - -[60-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[60-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[60-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-60] -ExpectedProtocol = TLSv1.2 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[61-resumption] -ssl_conf = 61-resumption-ssl - -[61-resumption-ssl] -server = 61-resumption-server -client = 61-resumption-client -resume-server = 61-resumption-server -resume-client = 61-resumption-resume-client - -[61-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[61-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[61-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-61] -ExpectedProtocol = TLSv1.2 -HandshakeMode = Resume -ResumptionExpected = No - - -# =========================================================== - -[62-resumption] -ssl_conf = 62-resumption-ssl - -[62-resumption-ssl] -server = 62-resumption-server -client = 62-resumption-client -resume-server = 62-resumption-server -resume-client = 62-resumption-resume-client - -[62-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[62-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[62-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-62] -ExpectedProtocol = TLSv1.3 -HandshakeMode = Resume -ResumptionExpected = Yes - - -# =========================================================== - -[63-resumption] -ssl_conf = 63-resumption-ssl - -[63-resumption-ssl] -server = 63-resumption-server -client = 63-resumption-client -resume-server = 63-resumption-server -resume-client = 63-resumption-resume-client - -[63-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[63-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[63-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-63] -ExpectedProtocol = TLSv1.3 -HandshakeMode = Resume -ResumptionExpected = Yes - - -# =========================================================== - -[64-resumption-with-hrr] -ssl_conf = 64-resumption-with-hrr-ssl - -[64-resumption-with-hrr-ssl] -server = 64-resumption-with-hrr-server -client = 64-resumption-with-hrr-client -resume-server = 64-resumption-with-hrr-server -resume-client = 64-resumption-with-hrr-resume-client - -[64-resumption-with-hrr-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Curves = P-256 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[64-resumption-with-hrr-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[64-resumption-with-hrr-resume-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-64] -ExpectedProtocol = TLSv1.3 -HandshakeMode = Resume -Method = TLS -ResumptionExpected = Yes - - diff --git a/test/ssl-tests/10-resumption.conf.in b/test/ssl-tests/10-resumption.conf.in deleted file mode 100644 index 39c69395bf..0000000000 --- a/test/ssl-tests/10-resumption.conf.in +++ /dev/null @@ -1,19 +0,0 @@ -# -*- mode: perl; -*- -# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -## Test version negotiation upon resumption. - -use strict; -use warnings; - -package ssltests; - -use protocol_version; - -our @tests = generate_resumption_tests("TLS"); diff --git a/test/ssl-tests/11-dtls_resumption.cnf b/test/ssl-tests/11-dtls_resumption.cnf new file mode 100644 index 0000000000..a981fa51df --- /dev/null +++ b/test/ssl-tests/11-dtls_resumption.cnf @@ -0,0 +1,620 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 16 + +test-0 = 0-resumption +test-1 = 1-resumption +test-2 = 2-resumption +test-3 = 3-resumption +test-4 = 4-resumption +test-5 = 5-resumption +test-6 = 6-resumption +test-7 = 7-resumption +test-8 = 8-resumption +test-9 = 9-resumption +test-10 = 10-resumption +test-11 = 11-resumption +test-12 = 12-resumption +test-13 = 13-resumption +test-14 = 14-resumption +test-15 = 15-resumption +# =========================================================== + +[0-resumption] +ssl_conf = 0-resumption-ssl + +[0-resumption-ssl] +server = 0-resumption-server +client = 0-resumption-client +resume-server = 0-resumption-resume-server +resume-client = 0-resumption-client + +[0-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedProtocol = DTLSv1 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = Yes + + +# =========================================================== + +[1-resumption] +ssl_conf = 1-resumption-ssl + +[1-resumption-ssl] +server = 1-resumption-server +client = 1-resumption-client +resume-server = 1-resumption-resume-server +resume-client = 1-resumption-client + +[1-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedProtocol = DTLSv1 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = Yes + + +# =========================================================== + +[2-resumption] +ssl_conf = 2-resumption-ssl + +[2-resumption-ssl] +server = 2-resumption-server +client = 2-resumption-client +resume-server = 2-resumption-resume-server +resume-client = 2-resumption-client + +[2-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedProtocol = DTLSv1.2 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[3-resumption] +ssl_conf = 3-resumption-ssl + +[3-resumption-ssl] +server = 3-resumption-server +client = 3-resumption-client +resume-server = 3-resumption-resume-server +resume-client = 3-resumption-client + +[3-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedProtocol = DTLSv1.2 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[4-resumption] +ssl_conf = 4-resumption-ssl + +[4-resumption-ssl] +server = 4-resumption-server +client = 4-resumption-client +resume-server = 4-resumption-resume-server +resume-client = 4-resumption-client + +[4-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedProtocol = DTLSv1 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[5-resumption] +ssl_conf = 5-resumption-ssl + +[5-resumption-ssl] +server = 5-resumption-server +client = 5-resumption-client +resume-server = 5-resumption-resume-server +resume-client = 5-resumption-client + +[5-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedProtocol = DTLSv1 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[6-resumption] +ssl_conf = 6-resumption-ssl + +[6-resumption-ssl] +server = 6-resumption-server +client = 6-resumption-client +resume-server = 6-resumption-resume-server +resume-client = 6-resumption-client + +[6-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedProtocol = DTLSv1.2 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = Yes + + +# =========================================================== + +[7-resumption] +ssl_conf = 7-resumption-ssl + +[7-resumption-ssl] +server = 7-resumption-server +client = 7-resumption-client +resume-server = 7-resumption-resume-server +resume-client = 7-resumption-client + +[7-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedProtocol = DTLSv1.2 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = Yes + + +# =========================================================== + +[8-resumption] +ssl_conf = 8-resumption-ssl + +[8-resumption-ssl] +server = 8-resumption-server +client = 8-resumption-client +resume-server = 8-resumption-server +resume-client = 8-resumption-resume-client + +[8-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-resumption-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[8-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedProtocol = DTLSv1 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = Yes + + +# =========================================================== + +[9-resumption] +ssl_conf = 9-resumption-ssl + +[9-resumption-ssl] +server = 9-resumption-server +client = 9-resumption-client +resume-server = 9-resumption-server +resume-client = 9-resumption-resume-client + +[9-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-resumption-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[9-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedProtocol = DTLSv1 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = Yes + + +# =========================================================== + +[10-resumption] +ssl_conf = 10-resumption-ssl + +[10-resumption-ssl] +server = 10-resumption-server +client = 10-resumption-client +resume-server = 10-resumption-server +resume-client = 10-resumption-resume-client + +[10-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-resumption-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[10-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedProtocol = DTLSv1.2 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[11-resumption] +ssl_conf = 11-resumption-ssl + +[11-resumption-ssl] +server = 11-resumption-server +client = 11-resumption-client +resume-server = 11-resumption-server +resume-client = 11-resumption-resume-client + +[11-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-resumption-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[11-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedProtocol = DTLSv1.2 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[12-resumption] +ssl_conf = 12-resumption-ssl + +[12-resumption-ssl] +server = 12-resumption-server +client = 12-resumption-client +resume-server = 12-resumption-server +resume-client = 12-resumption-resume-client + +[12-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-resumption-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[12-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedProtocol = DTLSv1 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[13-resumption] +ssl_conf = 13-resumption-ssl + +[13-resumption-ssl] +server = 13-resumption-server +client = 13-resumption-client +resume-server = 13-resumption-server +resume-client = 13-resumption-resume-client + +[13-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-resumption-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[13-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedProtocol = DTLSv1 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[14-resumption] +ssl_conf = 14-resumption-ssl + +[14-resumption-ssl] +server = 14-resumption-server +client = 14-resumption-client +resume-server = 14-resumption-server +resume-client = 14-resumption-resume-client + +[14-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-resumption-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[14-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedProtocol = DTLSv1.2 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = Yes + + +# =========================================================== + +[15-resumption] +ssl_conf = 15-resumption-ssl + +[15-resumption-ssl] +server = 15-resumption-server +client = 15-resumption-client +resume-server = 15-resumption-server +resume-client = 15-resumption-resume-client + +[15-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-resumption-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[15-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedProtocol = DTLSv1.2 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = Yes + + diff --git a/test/ssl-tests/11-dtls_resumption.cnf.in b/test/ssl-tests/11-dtls_resumption.cnf.in new file mode 100644 index 0000000000..9f600e6625 --- /dev/null +++ b/test/ssl-tests/11-dtls_resumption.cnf.in @@ -0,0 +1,19 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test version negotiation upon resumption. + +use strict; +use warnings; + +package ssltests; + +use protocol_version; + +our @tests = generate_resumption_tests("DTLS"); diff --git a/test/ssl-tests/11-dtls_resumption.conf b/test/ssl-tests/11-dtls_resumption.conf deleted file mode 100644 index a981fa51df..0000000000 --- a/test/ssl-tests/11-dtls_resumption.conf +++ /dev/null @@ -1,620 +0,0 @@ -# Generated with generate_ssl_tests.pl - -num_tests = 16 - -test-0 = 0-resumption -test-1 = 1-resumption -test-2 = 2-resumption -test-3 = 3-resumption -test-4 = 4-resumption -test-5 = 5-resumption -test-6 = 6-resumption -test-7 = 7-resumption -test-8 = 8-resumption -test-9 = 9-resumption -test-10 = 10-resumption -test-11 = 11-resumption -test-12 = 12-resumption -test-13 = 13-resumption -test-14 = 14-resumption -test-15 = 15-resumption -# =========================================================== - -[0-resumption] -ssl_conf = 0-resumption-ssl - -[0-resumption-ssl] -server = 0-resumption-server -client = 0-resumption-client -resume-server = 0-resumption-resume-server -resume-client = 0-resumption-client - -[0-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1 -MinProtocol = DTLSv1 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[0-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[0-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-0] -ExpectedProtocol = DTLSv1 -HandshakeMode = Resume -Method = DTLS -ResumptionExpected = Yes - - -# =========================================================== - -[1-resumption] -ssl_conf = 1-resumption-ssl - -[1-resumption-ssl] -server = 1-resumption-server -client = 1-resumption-client -resume-server = 1-resumption-resume-server -resume-client = 1-resumption-client - -[1-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1 -MinProtocol = DTLSv1 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[1-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[1-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-1] -ExpectedProtocol = DTLSv1 -HandshakeMode = Resume -Method = DTLS -ResumptionExpected = Yes - - -# =========================================================== - -[2-resumption] -ssl_conf = 2-resumption-ssl - -[2-resumption-ssl] -server = 2-resumption-server -client = 2-resumption-client -resume-server = 2-resumption-resume-server -resume-client = 2-resumption-client - -[2-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1 -MinProtocol = DTLSv1 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[2-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[2-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-2] -ExpectedProtocol = DTLSv1.2 -HandshakeMode = Resume -Method = DTLS -ResumptionExpected = No - - -# =========================================================== - -[3-resumption] -ssl_conf = 3-resumption-ssl - -[3-resumption-ssl] -server = 3-resumption-server -client = 3-resumption-client -resume-server = 3-resumption-resume-server -resume-client = 3-resumption-client - -[3-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1 -MinProtocol = DTLSv1 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[3-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[3-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-3] -ExpectedProtocol = DTLSv1.2 -HandshakeMode = Resume -Method = DTLS -ResumptionExpected = No - - -# =========================================================== - -[4-resumption] -ssl_conf = 4-resumption-ssl - -[4-resumption-ssl] -server = 4-resumption-server -client = 4-resumption-client -resume-server = 4-resumption-resume-server -resume-client = 4-resumption-client - -[4-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1.2 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[4-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[4-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-4] -ExpectedProtocol = DTLSv1 -HandshakeMode = Resume -Method = DTLS -ResumptionExpected = No - - -# =========================================================== - -[5-resumption] -ssl_conf = 5-resumption-ssl - -[5-resumption-ssl] -server = 5-resumption-server -client = 5-resumption-client -resume-server = 5-resumption-resume-server -resume-client = 5-resumption-client - -[5-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1.2 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[5-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[5-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-5] -ExpectedProtocol = DTLSv1 -HandshakeMode = Resume -Method = DTLS -ResumptionExpected = No - - -# =========================================================== - -[6-resumption] -ssl_conf = 6-resumption-ssl - -[6-resumption-ssl] -server = 6-resumption-server -client = 6-resumption-client -resume-server = 6-resumption-resume-server -resume-client = 6-resumption-client - -[6-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1.2 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[6-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[6-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-6] -ExpectedProtocol = DTLSv1.2 -HandshakeMode = Resume -Method = DTLS -ResumptionExpected = Yes - - -# =========================================================== - -[7-resumption] -ssl_conf = 7-resumption-ssl - -[7-resumption-ssl] -server = 7-resumption-server -client = 7-resumption-client -resume-server = 7-resumption-resume-server -resume-client = 7-resumption-client - -[7-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1.2 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[7-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[7-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-7] -ExpectedProtocol = DTLSv1.2 -HandshakeMode = Resume -Method = DTLS -ResumptionExpected = Yes - - -# =========================================================== - -[8-resumption] -ssl_conf = 8-resumption-ssl - -[8-resumption-ssl] -server = 8-resumption-server -client = 8-resumption-client -resume-server = 8-resumption-server -resume-client = 8-resumption-resume-client - -[8-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[8-resumption-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1 -MinProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[8-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-8] -ExpectedProtocol = DTLSv1 -HandshakeMode = Resume -Method = DTLS -ResumptionExpected = Yes - - -# =========================================================== - -[9-resumption] -ssl_conf = 9-resumption-ssl - -[9-resumption-ssl] -server = 9-resumption-server -client = 9-resumption-client -resume-server = 9-resumption-server -resume-client = 9-resumption-resume-client - -[9-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[9-resumption-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1 -MinProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[9-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-9] -ExpectedProtocol = DTLSv1 -HandshakeMode = Resume -Method = DTLS -ResumptionExpected = Yes - - -# =========================================================== - -[10-resumption] -ssl_conf = 10-resumption-ssl - -[10-resumption-ssl] -server = 10-resumption-server -client = 10-resumption-client -resume-server = 10-resumption-server -resume-client = 10-resumption-resume-client - -[10-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[10-resumption-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1 -MinProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[10-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-10] -ExpectedProtocol = DTLSv1.2 -HandshakeMode = Resume -Method = DTLS -ResumptionExpected = No - - -# =========================================================== - -[11-resumption] -ssl_conf = 11-resumption-ssl - -[11-resumption-ssl] -server = 11-resumption-server -client = 11-resumption-client -resume-server = 11-resumption-server -resume-client = 11-resumption-resume-client - -[11-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[11-resumption-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1 -MinProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[11-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-11] -ExpectedProtocol = DTLSv1.2 -HandshakeMode = Resume -Method = DTLS -ResumptionExpected = No - - -# =========================================================== - -[12-resumption] -ssl_conf = 12-resumption-ssl - -[12-resumption-ssl] -server = 12-resumption-server -client = 12-resumption-client -resume-server = 12-resumption-server -resume-client = 12-resumption-resume-client - -[12-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[12-resumption-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[12-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-12] -ExpectedProtocol = DTLSv1 -HandshakeMode = Resume -Method = DTLS -ResumptionExpected = No - - -# =========================================================== - -[13-resumption] -ssl_conf = 13-resumption-ssl - -[13-resumption-ssl] -server = 13-resumption-server -client = 13-resumption-client -resume-server = 13-resumption-server -resume-client = 13-resumption-resume-client - -[13-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[13-resumption-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[13-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-13] -ExpectedProtocol = DTLSv1 -HandshakeMode = Resume -Method = DTLS -ResumptionExpected = No - - -# =========================================================== - -[14-resumption] -ssl_conf = 14-resumption-ssl - -[14-resumption-ssl] -server = 14-resumption-server -client = 14-resumption-client -resume-server = 14-resumption-server -resume-client = 14-resumption-resume-client - -[14-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[14-resumption-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[14-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-14] -ExpectedProtocol = DTLSv1.2 -HandshakeMode = Resume -Method = DTLS -ResumptionExpected = Yes - - -# =========================================================== - -[15-resumption] -ssl_conf = 15-resumption-ssl - -[15-resumption-ssl] -server = 15-resumption-server -client = 15-resumption-client -resume-server = 15-resumption-server -resume-client = 15-resumption-resume-client - -[15-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[15-resumption-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -MinProtocol = DTLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[15-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = DTLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-15] -ExpectedProtocol = DTLSv1.2 -HandshakeMode = Resume -Method = DTLS -ResumptionExpected = Yes - - diff --git a/test/ssl-tests/11-dtls_resumption.conf.in b/test/ssl-tests/11-dtls_resumption.conf.in deleted file mode 100644 index 9f600e6625..0000000000 --- a/test/ssl-tests/11-dtls_resumption.conf.in +++ /dev/null @@ -1,19 +0,0 @@ -# -*- mode: perl; -*- -# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -## Test version negotiation upon resumption. - -use strict; -use warnings; - -package ssltests; - -use protocol_version; - -our @tests = generate_resumption_tests("DTLS"); diff --git a/test/ssl-tests/12-ct.cnf b/test/ssl-tests/12-ct.cnf new file mode 100644 index 0000000000..2e6e9dea67 --- /dev/null +++ b/test/ssl-tests/12-ct.cnf @@ -0,0 +1,191 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 6 + +test-0 = 0-ct-permissive-without-scts +test-1 = 1-ct-permissive-with-scts +test-2 = 2-ct-strict-without-scts +test-3 = 3-ct-strict-with-scts +test-4 = 4-ct-permissive-resumption +test-5 = 5-ct-strict-resumption +# =========================================================== + +[0-ct-permissive-without-scts] +ssl_conf = 0-ct-permissive-without-scts-ssl + +[0-ct-permissive-without-scts-ssl] +server = 0-ct-permissive-without-scts-server +client = 0-ct-permissive-without-scts-client + +[0-ct-permissive-without-scts-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-ct-permissive-without-scts-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +client = 0-ct-permissive-without-scts-client-extra + +[0-ct-permissive-without-scts-client-extra] +CTValidation = Permissive + + +# =========================================================== + +[1-ct-permissive-with-scts] +ssl_conf = 1-ct-permissive-with-scts-ssl + +[1-ct-permissive-with-scts-ssl] +server = 1-ct-permissive-with-scts-server +client = 1-ct-permissive-with-scts-client + +[1-ct-permissive-with-scts-server] +Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem + +[1-ct-permissive-with-scts-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success +client = 1-ct-permissive-with-scts-client-extra + +[1-ct-permissive-with-scts-client-extra] +CTValidation = Permissive + + +# =========================================================== + +[2-ct-strict-without-scts] +ssl_conf = 2-ct-strict-without-scts-ssl + +[2-ct-strict-without-scts-ssl] +server = 2-ct-strict-without-scts-server +client = 2-ct-strict-without-scts-client + +[2-ct-strict-without-scts-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-ct-strict-without-scts-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedClientAlert = HandshakeFailure +ExpectedResult = ClientFail +client = 2-ct-strict-without-scts-client-extra + +[2-ct-strict-without-scts-client-extra] +CTValidation = Strict + + +# =========================================================== + +[3-ct-strict-with-scts] +ssl_conf = 3-ct-strict-with-scts-ssl + +[3-ct-strict-with-scts-ssl] +server = 3-ct-strict-with-scts-server +client = 3-ct-strict-with-scts-client + +[3-ct-strict-with-scts-server] +Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem + +[3-ct-strict-with-scts-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +client = 3-ct-strict-with-scts-client-extra + +[3-ct-strict-with-scts-client-extra] +CTValidation = Strict + + +# =========================================================== + +[4-ct-permissive-resumption] +ssl_conf = 4-ct-permissive-resumption-ssl + +[4-ct-permissive-resumption-ssl] +server = 4-ct-permissive-resumption-server +client = 4-ct-permissive-resumption-client +resume-server = 4-ct-permissive-resumption-server +resume-client = 4-ct-permissive-resumption-client + +[4-ct-permissive-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem + +[4-ct-permissive-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success +HandshakeMode = Resume +ResumptionExpected = Yes +client = 4-ct-permissive-resumption-client-extra +resume-client = 4-ct-permissive-resumption-client-extra + +[4-ct-permissive-resumption-client-extra] +CTValidation = Permissive + + +# =========================================================== + +[5-ct-strict-resumption] +ssl_conf = 5-ct-strict-resumption-ssl + +[5-ct-strict-resumption-ssl] +server = 5-ct-strict-resumption-server +client = 5-ct-strict-resumption-client +resume-server = 5-ct-strict-resumption-server +resume-client = 5-ct-strict-resumption-resume-client + +[5-ct-strict-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem + +[5-ct-strict-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem +VerifyMode = Peer + +[5-ct-strict-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = Success +HandshakeMode = Resume +ResumptionExpected = Yes +client = 5-ct-strict-resumption-client-extra +resume-client = 5-ct-strict-resumption-resume-client-extra + +[5-ct-strict-resumption-client-extra] +CTValidation = Strict + +[5-ct-strict-resumption-resume-client-extra] +CTValidation = Strict + + diff --git a/test/ssl-tests/12-ct.cnf.in b/test/ssl-tests/12-ct.cnf.in new file mode 100644 index 0000000000..e87a1de4c1 --- /dev/null +++ b/test/ssl-tests/12-ct.cnf.in @@ -0,0 +1,119 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test version negotiation + +use strict; +use warnings; + +package ssltests; + + +our @tests = ( + { + name => "ct-permissive-without-scts", + server => { }, + client => { + extra => { + "CTValidation" => "Permissive", + }, + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "ct-permissive-with-scts", + server => { + "Certificate" => test_pem("embeddedSCTs1.pem"), + "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), + }, + client => { + "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), + extra => { + "CTValidation" => "Permissive", + }, + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "ct-strict-without-scts", + server => { }, + client => { + extra => { + "CTValidation" => "Strict", + }, + }, + test => { + "ExpectedResult" => "ClientFail", + "ExpectedClientAlert" => "HandshakeFailure", + }, + }, + { + name => "ct-strict-with-scts", + server => { + "Certificate" => test_pem("embeddedSCTs1.pem"), + "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), + }, + client => { + "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), + extra => { + "CTValidation" => "Strict", + }, + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "ct-permissive-resumption", + server => { + "Certificate" => test_pem("embeddedSCTs1.pem"), + "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), + }, + client => { + "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), + extra => { + "CTValidation" => "Permissive", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedResult" => "Success", + }, + }, + { + name => "ct-strict-resumption", + server => { + "Certificate" => test_pem("embeddedSCTs1.pem"), + "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), + }, + client => { + "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), + extra => { + "CTValidation" => "Strict", + }, + }, + # SCTs are not present during resumption, so the resumption + # should succeed. + resume_client => { + extra => { + "CTValidation" => "Strict", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedResult" => "Success", + }, + }, +); diff --git a/test/ssl-tests/12-ct.conf b/test/ssl-tests/12-ct.conf deleted file mode 100644 index 2e6e9dea67..0000000000 --- a/test/ssl-tests/12-ct.conf +++ /dev/null @@ -1,191 +0,0 @@ -# Generated with generate_ssl_tests.pl - -num_tests = 6 - -test-0 = 0-ct-permissive-without-scts -test-1 = 1-ct-permissive-with-scts -test-2 = 2-ct-strict-without-scts -test-3 = 3-ct-strict-with-scts -test-4 = 4-ct-permissive-resumption -test-5 = 5-ct-strict-resumption -# =========================================================== - -[0-ct-permissive-without-scts] -ssl_conf = 0-ct-permissive-without-scts-ssl - -[0-ct-permissive-without-scts-ssl] -server = 0-ct-permissive-without-scts-server -client = 0-ct-permissive-without-scts-client - -[0-ct-permissive-without-scts-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[0-ct-permissive-without-scts-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-0] -ExpectedResult = Success -client = 0-ct-permissive-without-scts-client-extra - -[0-ct-permissive-without-scts-client-extra] -CTValidation = Permissive - - -# =========================================================== - -[1-ct-permissive-with-scts] -ssl_conf = 1-ct-permissive-with-scts-ssl - -[1-ct-permissive-with-scts-ssl] -server = 1-ct-permissive-with-scts-server -client = 1-ct-permissive-with-scts-client - -[1-ct-permissive-with-scts-server] -Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem - -[1-ct-permissive-with-scts-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem -VerifyMode = Peer - -[test-1] -ExpectedResult = Success -client = 1-ct-permissive-with-scts-client-extra - -[1-ct-permissive-with-scts-client-extra] -CTValidation = Permissive - - -# =========================================================== - -[2-ct-strict-without-scts] -ssl_conf = 2-ct-strict-without-scts-ssl - -[2-ct-strict-without-scts-ssl] -server = 2-ct-strict-without-scts-server -client = 2-ct-strict-without-scts-client - -[2-ct-strict-without-scts-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[2-ct-strict-without-scts-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-2] -ExpectedClientAlert = HandshakeFailure -ExpectedResult = ClientFail -client = 2-ct-strict-without-scts-client-extra - -[2-ct-strict-without-scts-client-extra] -CTValidation = Strict - - -# =========================================================== - -[3-ct-strict-with-scts] -ssl_conf = 3-ct-strict-with-scts-ssl - -[3-ct-strict-with-scts-ssl] -server = 3-ct-strict-with-scts-server -client = 3-ct-strict-with-scts-client - -[3-ct-strict-with-scts-server] -Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem - -[3-ct-strict-with-scts-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem -VerifyMode = Peer - -[test-3] -ExpectedResult = Success -client = 3-ct-strict-with-scts-client-extra - -[3-ct-strict-with-scts-client-extra] -CTValidation = Strict - - -# =========================================================== - -[4-ct-permissive-resumption] -ssl_conf = 4-ct-permissive-resumption-ssl - -[4-ct-permissive-resumption-ssl] -server = 4-ct-permissive-resumption-server -client = 4-ct-permissive-resumption-client -resume-server = 4-ct-permissive-resumption-server -resume-client = 4-ct-permissive-resumption-client - -[4-ct-permissive-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem - -[4-ct-permissive-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem -VerifyMode = Peer - -[test-4] -ExpectedResult = Success -HandshakeMode = Resume -ResumptionExpected = Yes -client = 4-ct-permissive-resumption-client-extra -resume-client = 4-ct-permissive-resumption-client-extra - -[4-ct-permissive-resumption-client-extra] -CTValidation = Permissive - - -# =========================================================== - -[5-ct-strict-resumption] -ssl_conf = 5-ct-strict-resumption-ssl - -[5-ct-strict-resumption-ssl] -server = 5-ct-strict-resumption-server -client = 5-ct-strict-resumption-client -resume-server = 5-ct-strict-resumption-server -resume-client = 5-ct-strict-resumption-resume-client - -[5-ct-strict-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem - -[5-ct-strict-resumption-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem -VerifyMode = Peer - -[5-ct-strict-resumption-resume-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-5] -ExpectedResult = Success -HandshakeMode = Resume -ResumptionExpected = Yes -client = 5-ct-strict-resumption-client-extra -resume-client = 5-ct-strict-resumption-resume-client-extra - -[5-ct-strict-resumption-client-extra] -CTValidation = Strict - -[5-ct-strict-resumption-resume-client-extra] -CTValidation = Strict - - diff --git a/test/ssl-tests/12-ct.conf.in b/test/ssl-tests/12-ct.conf.in deleted file mode 100644 index e87a1de4c1..0000000000 --- a/test/ssl-tests/12-ct.conf.in +++ /dev/null @@ -1,119 +0,0 @@ -# -*- mode: perl; -*- -# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -## Test version negotiation - -use strict; -use warnings; - -package ssltests; - - -our @tests = ( - { - name => "ct-permissive-without-scts", - server => { }, - client => { - extra => { - "CTValidation" => "Permissive", - }, - }, - test => { - "ExpectedResult" => "Success", - }, - }, - { - name => "ct-permissive-with-scts", - server => { - "Certificate" => test_pem("embeddedSCTs1.pem"), - "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), - }, - client => { - "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), - extra => { - "CTValidation" => "Permissive", - }, - }, - test => { - "ExpectedResult" => "Success", - }, - }, - { - name => "ct-strict-without-scts", - server => { }, - client => { - extra => { - "CTValidation" => "Strict", - }, - }, - test => { - "ExpectedResult" => "ClientFail", - "ExpectedClientAlert" => "HandshakeFailure", - }, - }, - { - name => "ct-strict-with-scts", - server => { - "Certificate" => test_pem("embeddedSCTs1.pem"), - "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), - }, - client => { - "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), - extra => { - "CTValidation" => "Strict", - }, - }, - test => { - "ExpectedResult" => "Success", - }, - }, - { - name => "ct-permissive-resumption", - server => { - "Certificate" => test_pem("embeddedSCTs1.pem"), - "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), - }, - client => { - "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), - extra => { - "CTValidation" => "Permissive", - }, - }, - test => { - "HandshakeMode" => "Resume", - "ResumptionExpected" => "Yes", - "ExpectedResult" => "Success", - }, - }, - { - name => "ct-strict-resumption", - server => { - "Certificate" => test_pem("embeddedSCTs1.pem"), - "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), - }, - client => { - "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), - extra => { - "CTValidation" => "Strict", - }, - }, - # SCTs are not present during resumption, so the resumption - # should succeed. - resume_client => { - extra => { - "CTValidation" => "Strict", - }, - }, - test => { - "HandshakeMode" => "Resume", - "ResumptionExpected" => "Yes", - "ExpectedResult" => "Success", - }, - }, -); diff --git a/test/ssl-tests/13-fragmentation.cnf b/test/ssl-tests/13-fragmentation.cnf new file mode 100644 index 0000000000..649387c7b7 --- /dev/null +++ b/test/ssl-tests/13-fragmentation.cnf @@ -0,0 +1,577 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 22 + +test-0 = 0-one-fragment-minus-app-data +test-1 = 1-one-fragment-app-data +test-2 = 2-one-fragment-plus-app-data +test-3 = 3-small-app-data +test-4 = 4-small-app-data-large-fragment-size +test-5 = 5-medium-app-data +test-6 = 6-medium-plus-app-data +test-7 = 7-large-app-data +test-8 = 8-large-app-data-large-fragment-size +test-9 = 9-large-app-data-odd-fragment-size +test-10 = 10-large-app-data-aes-sha1-multibuffer +test-11 = 11-large-app-data-aes-sha2-multibuffer +test-12 = 12-large-app-data-aes-sha1-multibuffer-odd-fragment +test-13 = 13-large-app-data-aes-sha2-multibuffer-odd-fragment +test-14 = 14-small-app-data-aes-sha1-multibuffer +test-15 = 15-small-app-data-aes-sha2-multibuffer +test-16 = 16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled +test-17 = 17-Maximum Fragment Len extension equal FragmentSize to 2048 +test-18 = 18-Maximum Fragment Len extension 512 lower than FragmentSize 1024 +test-19 = 19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024 +test-20 = 20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048 +test-21 = 21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024 +# =========================================================== + +[0-one-fragment-minus-app-data] +ssl_conf = 0-one-fragment-minus-app-data-ssl + +[0-one-fragment-minus-app-data-ssl] +server = 0-one-fragment-minus-app-data-server +client = 0-one-fragment-minus-app-data-client + +[0-one-fragment-minus-app-data-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-one-fragment-minus-app-data-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ApplicationData = 511 + + +# =========================================================== + +[1-one-fragment-app-data] +ssl_conf = 1-one-fragment-app-data-ssl + +[1-one-fragment-app-data-ssl] +server = 1-one-fragment-app-data-server +client = 1-one-fragment-app-data-client + +[1-one-fragment-app-data-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-one-fragment-app-data-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ApplicationData = 512 + + +# =========================================================== + +[2-one-fragment-plus-app-data] +ssl_conf = 2-one-fragment-plus-app-data-ssl + +[2-one-fragment-plus-app-data-ssl] +server = 2-one-fragment-plus-app-data-server +client = 2-one-fragment-plus-app-data-client + +[2-one-fragment-plus-app-data-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-one-fragment-plus-app-data-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ApplicationData = 513 + + +# =========================================================== + +[3-small-app-data] +ssl_conf = 3-small-app-data-ssl + +[3-small-app-data-ssl] +server = 3-small-app-data-server +client = 3-small-app-data-client + +[3-small-app-data-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-small-app-data-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ApplicationData = 4097 + + +# =========================================================== + +[4-small-app-data-large-fragment-size] +ssl_conf = 4-small-app-data-large-fragment-size-ssl + +[4-small-app-data-large-fragment-size-ssl] +server = 4-small-app-data-large-fragment-size-server +client = 4-small-app-data-large-fragment-size-client + +[4-small-app-data-large-fragment-size-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-small-app-data-large-fragment-size-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ApplicationData = 4097 +MaxFragmentSize = 16384 + + +# =========================================================== + +[5-medium-app-data] +ssl_conf = 5-medium-app-data-ssl + +[5-medium-app-data-ssl] +server = 5-medium-app-data-server +client = 5-medium-app-data-client + +[5-medium-app-data-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-medium-app-data-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ApplicationData = 32775 + + +# =========================================================== + +[6-medium-plus-app-data] +ssl_conf = 6-medium-plus-app-data-ssl + +[6-medium-plus-app-data-ssl] +server = 6-medium-plus-app-data-server +client = 6-medium-plus-app-data-client + +[6-medium-plus-app-data-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-medium-plus-app-data-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ApplicationData = 131069 + + +# =========================================================== + +[7-large-app-data] +ssl_conf = 7-large-app-data-ssl + +[7-large-app-data-ssl] +server = 7-large-app-data-server +client = 7-large-app-data-client + +[7-large-app-data-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-large-app-data-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ApplicationData = 1048576 + + +# =========================================================== + +[8-large-app-data-large-fragment-size] +ssl_conf = 8-large-app-data-large-fragment-size-ssl + +[8-large-app-data-large-fragment-size-ssl] +server = 8-large-app-data-large-fragment-size-server +client = 8-large-app-data-large-fragment-size-client + +[8-large-app-data-large-fragment-size-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-large-app-data-large-fragment-size-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ApplicationData = 1048576 +MaxFragmentSize = 16384 + + +# =========================================================== + +[9-large-app-data-odd-fragment-size] +ssl_conf = 9-large-app-data-odd-fragment-size-ssl + +[9-large-app-data-odd-fragment-size-ssl] +server = 9-large-app-data-odd-fragment-size-server +client = 9-large-app-data-odd-fragment-size-client + +[9-large-app-data-odd-fragment-size-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-large-app-data-odd-fragment-size-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ApplicationData = 1048576 +MaxFragmentSize = 5115 + + +# =========================================================== + +[10-large-app-data-aes-sha1-multibuffer] +ssl_conf = 10-large-app-data-aes-sha1-multibuffer-ssl + +[10-large-app-data-aes-sha1-multibuffer-ssl] +server = 10-large-app-data-aes-sha1-multibuffer-server +client = 10-large-app-data-aes-sha1-multibuffer-client + +[10-large-app-data-aes-sha1-multibuffer-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-large-app-data-aes-sha1-multibuffer-client] +CipherString = AES128-SHA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ApplicationData = 1048576 +MaxFragmentSize = 4096 + + +# =========================================================== + +[11-large-app-data-aes-sha2-multibuffer] +ssl_conf = 11-large-app-data-aes-sha2-multibuffer-ssl + +[11-large-app-data-aes-sha2-multibuffer-ssl] +server = 11-large-app-data-aes-sha2-multibuffer-server +client = 11-large-app-data-aes-sha2-multibuffer-client + +[11-large-app-data-aes-sha2-multibuffer-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-large-app-data-aes-sha2-multibuffer-client] +CipherString = AES128-SHA256 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ApplicationData = 1048576 +MaxFragmentSize = 4096 + + +# =========================================================== + +[12-large-app-data-aes-sha1-multibuffer-odd-fragment] +ssl_conf = 12-large-app-data-aes-sha1-multibuffer-odd-fragment-ssl + +[12-large-app-data-aes-sha1-multibuffer-odd-fragment-ssl] +server = 12-large-app-data-aes-sha1-multibuffer-odd-fragment-server +client = 12-large-app-data-aes-sha1-multibuffer-odd-fragment-client + +[12-large-app-data-aes-sha1-multibuffer-odd-fragment-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-large-app-data-aes-sha1-multibuffer-odd-fragment-client] +CipherString = AES128-SHA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ApplicationData = 1048579 +MaxFragmentSize = 5115 + + +# =========================================================== + +[13-large-app-data-aes-sha2-multibuffer-odd-fragment] +ssl_conf = 13-large-app-data-aes-sha2-multibuffer-odd-fragment-ssl + +[13-large-app-data-aes-sha2-multibuffer-odd-fragment-ssl] +server = 13-large-app-data-aes-sha2-multibuffer-odd-fragment-server +client = 13-large-app-data-aes-sha2-multibuffer-odd-fragment-client + +[13-large-app-data-aes-sha2-multibuffer-odd-fragment-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-large-app-data-aes-sha2-multibuffer-odd-fragment-client] +CipherString = AES128-SHA256 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ApplicationData = 1048573 +MaxFragmentSize = 5125 + + +# =========================================================== + +[14-small-app-data-aes-sha1-multibuffer] +ssl_conf = 14-small-app-data-aes-sha1-multibuffer-ssl + +[14-small-app-data-aes-sha1-multibuffer-ssl] +server = 14-small-app-data-aes-sha1-multibuffer-server +client = 14-small-app-data-aes-sha1-multibuffer-client + +[14-small-app-data-aes-sha1-multibuffer-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-small-app-data-aes-sha1-multibuffer-client] +CipherString = AES128-SHA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ApplicationData = 4096 +MaxFragmentSize = 4096 + + +# =========================================================== + +[15-small-app-data-aes-sha2-multibuffer] +ssl_conf = 15-small-app-data-aes-sha2-multibuffer-ssl + +[15-small-app-data-aes-sha2-multibuffer-ssl] +server = 15-small-app-data-aes-sha2-multibuffer-server +client = 15-small-app-data-aes-sha2-multibuffer-client + +[15-small-app-data-aes-sha2-multibuffer-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-small-app-data-aes-sha2-multibuffer-client] +CipherString = AES128-SHA256 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ApplicationData = 4096 +MaxFragmentSize = 4096 + + +# =========================================================== + +[16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled] +ssl_conf = 16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-ssl + +[16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-ssl] +server = 16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-server +client = 16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-client + +[16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +ApplicationData = 3072 +MaxFragmentSize = 16384 +client = 16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-client-extra + +[16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-client-extra] +MaxFragmentLenExt = 1024 + + +# =========================================================== + +[17-Maximum Fragment Len extension equal FragmentSize to 2048] +ssl_conf = 17-Maximum Fragment Len extension equal FragmentSize to 2048-ssl + +[17-Maximum Fragment Len extension equal FragmentSize to 2048-ssl] +server = 17-Maximum Fragment Len extension equal FragmentSize to 2048-server +client = 17-Maximum Fragment Len extension equal FragmentSize to 2048-client + +[17-Maximum Fragment Len extension equal FragmentSize to 2048-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[17-Maximum Fragment Len extension equal FragmentSize to 2048-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-17] +ApplicationData = 3072 +MaxFragmentSize = 2048 +client = 17-Maximum Fragment Len extension equal FragmentSize to 2048-client-extra + +[17-Maximum Fragment Len extension equal FragmentSize to 2048-client-extra] +MaxFragmentLenExt = 2048 + + +# =========================================================== + +[18-Maximum Fragment Len extension 512 lower than FragmentSize 1024] +ssl_conf = 18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-ssl + +[18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-ssl] +server = 18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-server +client = 18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-client + +[18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-18] +ApplicationData = 3072 +MaxFragmentSize = 1024 +client = 18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-client-extra + +[18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-client-extra] +MaxFragmentLenExt = 512 + + +# =========================================================== + +[19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024] +ssl_conf = 19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-ssl + +[19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-ssl] +server = 19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-server +client = 19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-client + +[19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-19] +ApplicationData = 3072 +MaxFragmentSize = 1024 +client = 19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-client-extra + +[19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-client-extra] +MaxFragmentLenExt = 2048 + + +# =========================================================== + +[20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048] +ssl_conf = 20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-ssl + +[20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-ssl] +server = 20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-server +client = 20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-client + +[20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-20] +ApplicationData = 8196 +MaxFragmentSize = 2048 +client = 20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-client-extra + +[20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-client-extra] +MaxFragmentLenExt = 4096 + + +# =========================================================== + +[21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024] +ssl_conf = 21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-ssl + +[21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-ssl] +server = 21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-server +client = 21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-client + +[21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-21] +ApplicationData = 3072 +MaxFragmentSize = 1024 +client = 21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-client-extra + +[21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-client-extra] +MaxFragmentLenExt = 2048 + + diff --git a/test/ssl-tests/13-fragmentation.cnf.in b/test/ssl-tests/13-fragmentation.cnf.in new file mode 100644 index 0000000000..ea208396a9 --- /dev/null +++ b/test/ssl-tests/13-fragmentation.cnf.in @@ -0,0 +1,268 @@ +# -*- mode: perl; -*- +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test packet fragmentation + +use strict; +use warnings; + +package ssltests; + + +our @tests = ( + # Default fragment size is 512. + { + name => "one-fragment-minus-app-data", + server => { }, + client => { }, + test => { + ApplicationData => 511, + } + }, + { + name => "one-fragment-app-data", + server => { }, + client => { }, + test => { + ApplicationData => 512, + } + }, + { + name => "one-fragment-plus-app-data", + server => { }, + client => { }, + test => { + ApplicationData => 513, + } + }, + { + name => "small-app-data", + server => { }, + client => { }, + test => { + ApplicationData => 4 * 1024 + 1, + } + }, + { + name => "small-app-data-large-fragment-size", + server => { }, + client => { }, + test => { + ApplicationData => 4 * 1024 + 1, + MaxFragmentSize => 16384, + } + }, + { + name => "medium-app-data", + server => { }, + client => { }, + test => { + ApplicationData => 32 * 1024 + 7, + } + }, + # Exceeds the 64kB write buffer size. + { + name => "medium-plus-app-data", + server => { }, + client => { }, + test => { + ApplicationData => 128 * 1024 - 3, + } + }, + { + name => "large-app-data", + server => { }, + client => { }, + test => { + ApplicationData => 1024 * 1024, + } + }, + { + name => "large-app-data-large-fragment-size", + server => { }, + client => { }, + test => { + ApplicationData => 1024 * 1024, + MaxFragmentSize => 16384, + } + }, + { + name => "large-app-data-odd-fragment-size", + server => { }, + client => { }, + test => { + ApplicationData => 1024 * 1024, + MaxFragmentSize => 5 * 1024 - 5, + } + }, + # When the buffer / fragment size ratio is sufficiently large, + # multi-buffer code kicks in on some platforms for AES-SHA. The + # exact minimum ratio depends on the platform, and is usually + # around 4. Since the test buffer is 64kB, a 4kB fragment is + # easily sufficient. + # + # (We run this test on all platforms though it's only true multibuffer + # on some of them.) + { + name => "large-app-data-aes-sha1-multibuffer", + server => { }, + client => { + CipherString => "AES128-SHA", + MaxProtocol => "TLSv1.2" + }, + test => { + ApplicationData => 1024 * 1024, + MaxFragmentSize => 4 * 1024, + } + }, + { + name => "large-app-data-aes-sha2-multibuffer", + server => { }, + client => { + CipherString => "AES128-SHA256", + MaxProtocol => "TLSv1.2" + }, + test => { + ApplicationData => 1024 * 1024, + MaxFragmentSize => 4 * 1024, + } + }, + { + name => "large-app-data-aes-sha1-multibuffer-odd-fragment", + server => { }, + client => { + CipherString => "AES128-SHA", + MaxProtocol => "TLSv1.2" + }, + test => { + ApplicationData => 1024 * 1024 + 3, + MaxFragmentSize => 5 * 1024 - 5, + } + }, + { + name => "large-app-data-aes-sha2-multibuffer-odd-fragment", + server => { }, + client => { + CipherString => "AES128-SHA256", + MaxProtocol => "TLSv1.2" + }, + test => { + ApplicationData => 1024 * 1024 - 3, + MaxFragmentSize => 5 * 1024 + 5, + } + }, + # Test that multibuffer-capable code also handles small data correctly. + # Here fragment size == app data size < buffer size, + # so no multibuffering should happen. + { + name => "small-app-data-aes-sha1-multibuffer", + server => { }, + client => { + CipherString => "AES128-SHA", + MaxProtocol => "TLSv1.2" + }, + test => { + ApplicationData => 4 * 1024, + MaxFragmentSize => 4 * 1024, + } + }, + { + name => "small-app-data-aes-sha2-multibuffer", + server => { }, + client => { + CipherString => "AES128-SHA256", + MaxProtocol => "TLSv1.2" + }, + test => { + ApplicationData => 4 * 1024, + MaxFragmentSize => 4 * 1024, + } + }, + ############################################ + # Default (Max) Fragment Size is 512. + # Default Application data size is 256. + { + name => "Maximum Fragment Len extension set to 1024 w. FragmentSize disabled", + server => { }, + client => { + extra => { + MaxFragmentLenExt => 1024, + }, + }, + test => { + ApplicationData => 3072, + MaxFragmentSize => 16384, + } + }, + { + name => "Maximum Fragment Len extension equal FragmentSize to 2048", + server => { }, + client => { + extra => { + MaxFragmentLenExt => 2048, + }, + }, + test => { + ApplicationData => 3072, + MaxFragmentSize => 2048, + } + }, + { + name => "Maximum Fragment Len extension 512 lower than FragmentSize 1024", + server => { }, + client => { + extra => { + MaxFragmentLenExt => 512, + }, + }, + test => { + ApplicationData => 3072, + MaxFragmentSize => 1024, + } + }, + { + name => "Maximum Fragment Len extension 1024 lower than FragmentSize 1024", + server => { }, + client => { + extra => { + MaxFragmentLenExt => 2048, + }, + }, + test => { + ApplicationData => 3072, + MaxFragmentSize => 1024, + } + }, + { + name => "Maximum Fragment Len extension 4096 greater than FragmentSize 2048", + server => { }, + client => { + extra => { + MaxFragmentLenExt => 4096, + }, + }, + test => { + ApplicationData => 8196, + MaxFragmentSize => 2048, + } + }, + { + name => "Maximum Fragment Len extension 2048 greater than FragmentSize 1024", + server => { }, + client => { + extra => { + MaxFragmentLenExt => 2048, + }, + }, + test => { + ApplicationData => 3072, + MaxFragmentSize => 1024, + } + }, +); diff --git a/test/ssl-tests/13-fragmentation.conf b/test/ssl-tests/13-fragmentation.conf deleted file mode 100644 index 649387c7b7..0000000000 --- a/test/ssl-tests/13-fragmentation.conf +++ /dev/null @@ -1,577 +0,0 @@ -# Generated with generate_ssl_tests.pl - -num_tests = 22 - -test-0 = 0-one-fragment-minus-app-data -test-1 = 1-one-fragment-app-data -test-2 = 2-one-fragment-plus-app-data -test-3 = 3-small-app-data -test-4 = 4-small-app-data-large-fragment-size -test-5 = 5-medium-app-data -test-6 = 6-medium-plus-app-data -test-7 = 7-large-app-data -test-8 = 8-large-app-data-large-fragment-size -test-9 = 9-large-app-data-odd-fragment-size -test-10 = 10-large-app-data-aes-sha1-multibuffer -test-11 = 11-large-app-data-aes-sha2-multibuffer -test-12 = 12-large-app-data-aes-sha1-multibuffer-odd-fragment -test-13 = 13-large-app-data-aes-sha2-multibuffer-odd-fragment -test-14 = 14-small-app-data-aes-sha1-multibuffer -test-15 = 15-small-app-data-aes-sha2-multibuffer -test-16 = 16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled -test-17 = 17-Maximum Fragment Len extension equal FragmentSize to 2048 -test-18 = 18-Maximum Fragment Len extension 512 lower than FragmentSize 1024 -test-19 = 19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024 -test-20 = 20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048 -test-21 = 21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024 -# =========================================================== - -[0-one-fragment-minus-app-data] -ssl_conf = 0-one-fragment-minus-app-data-ssl - -[0-one-fragment-minus-app-data-ssl] -server = 0-one-fragment-minus-app-data-server -client = 0-one-fragment-minus-app-data-client - -[0-one-fragment-minus-app-data-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[0-one-fragment-minus-app-data-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-0] -ApplicationData = 511 - - -# =========================================================== - -[1-one-fragment-app-data] -ssl_conf = 1-one-fragment-app-data-ssl - -[1-one-fragment-app-data-ssl] -server = 1-one-fragment-app-data-server -client = 1-one-fragment-app-data-client - -[1-one-fragment-app-data-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[1-one-fragment-app-data-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-1] -ApplicationData = 512 - - -# =========================================================== - -[2-one-fragment-plus-app-data] -ssl_conf = 2-one-fragment-plus-app-data-ssl - -[2-one-fragment-plus-app-data-ssl] -server = 2-one-fragment-plus-app-data-server -client = 2-one-fragment-plus-app-data-client - -[2-one-fragment-plus-app-data-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[2-one-fragment-plus-app-data-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-2] -ApplicationData = 513 - - -# =========================================================== - -[3-small-app-data] -ssl_conf = 3-small-app-data-ssl - -[3-small-app-data-ssl] -server = 3-small-app-data-server -client = 3-small-app-data-client - -[3-small-app-data-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[3-small-app-data-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-3] -ApplicationData = 4097 - - -# =========================================================== - -[4-small-app-data-large-fragment-size] -ssl_conf = 4-small-app-data-large-fragment-size-ssl - -[4-small-app-data-large-fragment-size-ssl] -server = 4-small-app-data-large-fragment-size-server -client = 4-small-app-data-large-fragment-size-client - -[4-small-app-data-large-fragment-size-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[4-small-app-data-large-fragment-size-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-4] -ApplicationData = 4097 -MaxFragmentSize = 16384 - - -# =========================================================== - -[5-medium-app-data] -ssl_conf = 5-medium-app-data-ssl - -[5-medium-app-data-ssl] -server = 5-medium-app-data-server -client = 5-medium-app-data-client - -[5-medium-app-data-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[5-medium-app-data-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-5] -ApplicationData = 32775 - - -# =========================================================== - -[6-medium-plus-app-data] -ssl_conf = 6-medium-plus-app-data-ssl - -[6-medium-plus-app-data-ssl] -server = 6-medium-plus-app-data-server -client = 6-medium-plus-app-data-client - -[6-medium-plus-app-data-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[6-medium-plus-app-data-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-6] -ApplicationData = 131069 - - -# =========================================================== - -[7-large-app-data] -ssl_conf = 7-large-app-data-ssl - -[7-large-app-data-ssl] -server = 7-large-app-data-server -client = 7-large-app-data-client - -[7-large-app-data-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[7-large-app-data-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-7] -ApplicationData = 1048576 - - -# =========================================================== - -[8-large-app-data-large-fragment-size] -ssl_conf = 8-large-app-data-large-fragment-size-ssl - -[8-large-app-data-large-fragment-size-ssl] -server = 8-large-app-data-large-fragment-size-server -client = 8-large-app-data-large-fragment-size-client - -[8-large-app-data-large-fragment-size-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[8-large-app-data-large-fragment-size-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-8] -ApplicationData = 1048576 -MaxFragmentSize = 16384 - - -# =========================================================== - -[9-large-app-data-odd-fragment-size] -ssl_conf = 9-large-app-data-odd-fragment-size-ssl - -[9-large-app-data-odd-fragment-size-ssl] -server = 9-large-app-data-odd-fragment-size-server -client = 9-large-app-data-odd-fragment-size-client - -[9-large-app-data-odd-fragment-size-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[9-large-app-data-odd-fragment-size-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-9] -ApplicationData = 1048576 -MaxFragmentSize = 5115 - - -# =========================================================== - -[10-large-app-data-aes-sha1-multibuffer] -ssl_conf = 10-large-app-data-aes-sha1-multibuffer-ssl - -[10-large-app-data-aes-sha1-multibuffer-ssl] -server = 10-large-app-data-aes-sha1-multibuffer-server -client = 10-large-app-data-aes-sha1-multibuffer-client - -[10-large-app-data-aes-sha1-multibuffer-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[10-large-app-data-aes-sha1-multibuffer-client] -CipherString = AES128-SHA -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-10] -ApplicationData = 1048576 -MaxFragmentSize = 4096 - - -# =========================================================== - -[11-large-app-data-aes-sha2-multibuffer] -ssl_conf = 11-large-app-data-aes-sha2-multibuffer-ssl - -[11-large-app-data-aes-sha2-multibuffer-ssl] -server = 11-large-app-data-aes-sha2-multibuffer-server -client = 11-large-app-data-aes-sha2-multibuffer-client - -[11-large-app-data-aes-sha2-multibuffer-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[11-large-app-data-aes-sha2-multibuffer-client] -CipherString = AES128-SHA256 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-11] -ApplicationData = 1048576 -MaxFragmentSize = 4096 - - -# =========================================================== - -[12-large-app-data-aes-sha1-multibuffer-odd-fragment] -ssl_conf = 12-large-app-data-aes-sha1-multibuffer-odd-fragment-ssl - -[12-large-app-data-aes-sha1-multibuffer-odd-fragment-ssl] -server = 12-large-app-data-aes-sha1-multibuffer-odd-fragment-server -client = 12-large-app-data-aes-sha1-multibuffer-odd-fragment-client - -[12-large-app-data-aes-sha1-multibuffer-odd-fragment-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[12-large-app-data-aes-sha1-multibuffer-odd-fragment-client] -CipherString = AES128-SHA -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-12] -ApplicationData = 1048579 -MaxFragmentSize = 5115 - - -# =========================================================== - -[13-large-app-data-aes-sha2-multibuffer-odd-fragment] -ssl_conf = 13-large-app-data-aes-sha2-multibuffer-odd-fragment-ssl - -[13-large-app-data-aes-sha2-multibuffer-odd-fragment-ssl] -server = 13-large-app-data-aes-sha2-multibuffer-odd-fragment-server -client = 13-large-app-data-aes-sha2-multibuffer-odd-fragment-client - -[13-large-app-data-aes-sha2-multibuffer-odd-fragment-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[13-large-app-data-aes-sha2-multibuffer-odd-fragment-client] -CipherString = AES128-SHA256 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-13] -ApplicationData = 1048573 -MaxFragmentSize = 5125 - - -# =========================================================== - -[14-small-app-data-aes-sha1-multibuffer] -ssl_conf = 14-small-app-data-aes-sha1-multibuffer-ssl - -[14-small-app-data-aes-sha1-multibuffer-ssl] -server = 14-small-app-data-aes-sha1-multibuffer-server -client = 14-small-app-data-aes-sha1-multibuffer-client - -[14-small-app-data-aes-sha1-multibuffer-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[14-small-app-data-aes-sha1-multibuffer-client] -CipherString = AES128-SHA -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-14] -ApplicationData = 4096 -MaxFragmentSize = 4096 - - -# =========================================================== - -[15-small-app-data-aes-sha2-multibuffer] -ssl_conf = 15-small-app-data-aes-sha2-multibuffer-ssl - -[15-small-app-data-aes-sha2-multibuffer-ssl] -server = 15-small-app-data-aes-sha2-multibuffer-server -client = 15-small-app-data-aes-sha2-multibuffer-client - -[15-small-app-data-aes-sha2-multibuffer-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[15-small-app-data-aes-sha2-multibuffer-client] -CipherString = AES128-SHA256 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-15] -ApplicationData = 4096 -MaxFragmentSize = 4096 - - -# =========================================================== - -[16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled] -ssl_conf = 16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-ssl - -[16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-ssl] -server = 16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-server -client = 16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-client - -[16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-16] -ApplicationData = 3072 -MaxFragmentSize = 16384 -client = 16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-client-extra - -[16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-client-extra] -MaxFragmentLenExt = 1024 - - -# =========================================================== - -[17-Maximum Fragment Len extension equal FragmentSize to 2048] -ssl_conf = 17-Maximum Fragment Len extension equal FragmentSize to 2048-ssl - -[17-Maximum Fragment Len extension equal FragmentSize to 2048-ssl] -server = 17-Maximum Fragment Len extension equal FragmentSize to 2048-server -client = 17-Maximum Fragment Len extension equal FragmentSize to 2048-client - -[17-Maximum Fragment Len extension equal FragmentSize to 2048-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[17-Maximum Fragment Len extension equal FragmentSize to 2048-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-17] -ApplicationData = 3072 -MaxFragmentSize = 2048 -client = 17-Maximum Fragment Len extension equal FragmentSize to 2048-client-extra - -[17-Maximum Fragment Len extension equal FragmentSize to 2048-client-extra] -MaxFragmentLenExt = 2048 - - -# =========================================================== - -[18-Maximum Fragment Len extension 512 lower than FragmentSize 1024] -ssl_conf = 18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-ssl - -[18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-ssl] -server = 18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-server -client = 18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-client - -[18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-18] -ApplicationData = 3072 -MaxFragmentSize = 1024 -client = 18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-client-extra - -[18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-client-extra] -MaxFragmentLenExt = 512 - - -# =========================================================== - -[19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024] -ssl_conf = 19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-ssl - -[19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-ssl] -server = 19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-server -client = 19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-client - -[19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-19] -ApplicationData = 3072 -MaxFragmentSize = 1024 -client = 19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-client-extra - -[19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-client-extra] -MaxFragmentLenExt = 2048 - - -# =========================================================== - -[20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048] -ssl_conf = 20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-ssl - -[20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-ssl] -server = 20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-server -client = 20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-client - -[20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-20] -ApplicationData = 8196 -MaxFragmentSize = 2048 -client = 20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-client-extra - -[20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-client-extra] -MaxFragmentLenExt = 4096 - - -# =========================================================== - -[21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024] -ssl_conf = 21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-ssl - -[21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-ssl] -server = 21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-server -client = 21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-client - -[21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-21] -ApplicationData = 3072 -MaxFragmentSize = 1024 -client = 21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-client-extra - -[21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-client-extra] -MaxFragmentLenExt = 2048 - - diff --git a/test/ssl-tests/13-fragmentation.conf.in b/test/ssl-tests/13-fragmentation.conf.in deleted file mode 100644 index ea208396a9..0000000000 --- a/test/ssl-tests/13-fragmentation.conf.in +++ /dev/null @@ -1,268 +0,0 @@ -# -*- mode: perl; -*- -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -## Test packet fragmentation - -use strict; -use warnings; - -package ssltests; - - -our @tests = ( - # Default fragment size is 512. - { - name => "one-fragment-minus-app-data", - server => { }, - client => { }, - test => { - ApplicationData => 511, - } - }, - { - name => "one-fragment-app-data", - server => { }, - client => { }, - test => { - ApplicationData => 512, - } - }, - { - name => "one-fragment-plus-app-data", - server => { }, - client => { }, - test => { - ApplicationData => 513, - } - }, - { - name => "small-app-data", - server => { }, - client => { }, - test => { - ApplicationData => 4 * 1024 + 1, - } - }, - { - name => "small-app-data-large-fragment-size", - server => { }, - client => { }, - test => { - ApplicationData => 4 * 1024 + 1, - MaxFragmentSize => 16384, - } - }, - { - name => "medium-app-data", - server => { }, - client => { }, - test => { - ApplicationData => 32 * 1024 + 7, - } - }, - # Exceeds the 64kB write buffer size. - { - name => "medium-plus-app-data", - server => { }, - client => { }, - test => { - ApplicationData => 128 * 1024 - 3, - } - }, - { - name => "large-app-data", - server => { }, - client => { }, - test => { - ApplicationData => 1024 * 1024, - } - }, - { - name => "large-app-data-large-fragment-size", - server => { }, - client => { }, - test => { - ApplicationData => 1024 * 1024, - MaxFragmentSize => 16384, - } - }, - { - name => "large-app-data-odd-fragment-size", - server => { }, - client => { }, - test => { - ApplicationData => 1024 * 1024, - MaxFragmentSize => 5 * 1024 - 5, - } - }, - # When the buffer / fragment size ratio is sufficiently large, - # multi-buffer code kicks in on some platforms for AES-SHA. The - # exact minimum ratio depends on the platform, and is usually - # around 4. Since the test buffer is 64kB, a 4kB fragment is - # easily sufficient. - # - # (We run this test on all platforms though it's only true multibuffer - # on some of them.) - { - name => "large-app-data-aes-sha1-multibuffer", - server => { }, - client => { - CipherString => "AES128-SHA", - MaxProtocol => "TLSv1.2" - }, - test => { - ApplicationData => 1024 * 1024, - MaxFragmentSize => 4 * 1024, - } - }, - { - name => "large-app-data-aes-sha2-multibuffer", - server => { }, - client => { - CipherString => "AES128-SHA256", - MaxProtocol => "TLSv1.2" - }, - test => { - ApplicationData => 1024 * 1024, - MaxFragmentSize => 4 * 1024, - } - }, - { - name => "large-app-data-aes-sha1-multibuffer-odd-fragment", - server => { }, - client => { - CipherString => "AES128-SHA", - MaxProtocol => "TLSv1.2" - }, - test => { - ApplicationData => 1024 * 1024 + 3, - MaxFragmentSize => 5 * 1024 - 5, - } - }, - { - name => "large-app-data-aes-sha2-multibuffer-odd-fragment", - server => { }, - client => { - CipherString => "AES128-SHA256", - MaxProtocol => "TLSv1.2" - }, - test => { - ApplicationData => 1024 * 1024 - 3, - MaxFragmentSize => 5 * 1024 + 5, - } - }, - # Test that multibuffer-capable code also handles small data correctly. - # Here fragment size == app data size < buffer size, - # so no multibuffering should happen. - { - name => "small-app-data-aes-sha1-multibuffer", - server => { }, - client => { - CipherString => "AES128-SHA", - MaxProtocol => "TLSv1.2" - }, - test => { - ApplicationData => 4 * 1024, - MaxFragmentSize => 4 * 1024, - } - }, - { - name => "small-app-data-aes-sha2-multibuffer", - server => { }, - client => { - CipherString => "AES128-SHA256", - MaxProtocol => "TLSv1.2" - }, - test => { - ApplicationData => 4 * 1024, - MaxFragmentSize => 4 * 1024, - } - }, - ############################################ - # Default (Max) Fragment Size is 512. - # Default Application data size is 256. - { - name => "Maximum Fragment Len extension set to 1024 w. FragmentSize disabled", - server => { }, - client => { - extra => { - MaxFragmentLenExt => 1024, - }, - }, - test => { - ApplicationData => 3072, - MaxFragmentSize => 16384, - } - }, - { - name => "Maximum Fragment Len extension equal FragmentSize to 2048", - server => { }, - client => { - extra => { - MaxFragmentLenExt => 2048, - }, - }, - test => { - ApplicationData => 3072, - MaxFragmentSize => 2048, - } - }, - { - name => "Maximum Fragment Len extension 512 lower than FragmentSize 1024", - server => { }, - client => { - extra => { - MaxFragmentLenExt => 512, - }, - }, - test => { - ApplicationData => 3072, - MaxFragmentSize => 1024, - } - }, - { - name => "Maximum Fragment Len extension 1024 lower than FragmentSize 1024", - server => { }, - client => { - extra => { - MaxFragmentLenExt => 2048, - }, - }, - test => { - ApplicationData => 3072, - MaxFragmentSize => 1024, - } - }, - { - name => "Maximum Fragment Len extension 4096 greater than FragmentSize 2048", - server => { }, - client => { - extra => { - MaxFragmentLenExt => 4096, - }, - }, - test => { - ApplicationData => 8196, - MaxFragmentSize => 2048, - } - }, - { - name => "Maximum Fragment Len extension 2048 greater than FragmentSize 1024", - server => { }, - client => { - extra => { - MaxFragmentLenExt => 2048, - }, - }, - test => { - ApplicationData => 3072, - MaxFragmentSize => 1024, - } - }, -); diff --git a/test/ssl-tests/14-curves.cnf b/test/ssl-tests/14-curves.cnf new file mode 100644 index 0000000000..f76f08fd7d --- /dev/null +++ b/test/ssl-tests/14-curves.cnf @@ -0,0 +1,874 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 30 + +test-0 = 0-curve-sect163k1 +test-1 = 1-curve-sect163r1 +test-2 = 2-curve-sect163r2 +test-3 = 3-curve-sect193r1 +test-4 = 4-curve-sect193r2 +test-5 = 5-curve-sect233k1 +test-6 = 6-curve-sect233r1 +test-7 = 7-curve-sect239k1 +test-8 = 8-curve-sect283k1 +test-9 = 9-curve-sect283r1 +test-10 = 10-curve-sect409k1 +test-11 = 11-curve-sect409r1 +test-12 = 12-curve-sect571k1 +test-13 = 13-curve-sect571r1 +test-14 = 14-curve-secp160k1 +test-15 = 15-curve-secp160r1 +test-16 = 16-curve-secp160r2 +test-17 = 17-curve-secp192k1 +test-18 = 18-curve-prime192v1 +test-19 = 19-curve-secp224k1 +test-20 = 20-curve-secp224r1 +test-21 = 21-curve-secp256k1 +test-22 = 22-curve-prime256v1 +test-23 = 23-curve-secp384r1 +test-24 = 24-curve-secp521r1 +test-25 = 25-curve-brainpoolP256r1 +test-26 = 26-curve-brainpoolP384r1 +test-27 = 27-curve-brainpoolP512r1 +test-28 = 28-curve-X25519 +test-29 = 29-curve-X448 +# =========================================================== + +[0-curve-sect163k1] +ssl_conf = 0-curve-sect163k1-ssl + +[0-curve-sect163k1-ssl] +server = 0-curve-sect163k1-server +client = 0-curve-sect163k1-client + +[0-curve-sect163k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect163k1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-curve-sect163k1-client] +CipherString = ECDHE +Curves = sect163k1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +ExpectedTmpKeyType = sect163k1 + + +# =========================================================== + +[1-curve-sect163r1] +ssl_conf = 1-curve-sect163r1-ssl + +[1-curve-sect163r1-ssl] +server = 1-curve-sect163r1-server +client = 1-curve-sect163r1-client + +[1-curve-sect163r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect163r1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-curve-sect163r1-client] +CipherString = ECDHE +Curves = sect163r1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success +ExpectedTmpKeyType = sect163r1 + + +# =========================================================== + +[2-curve-sect163r2] +ssl_conf = 2-curve-sect163r2-ssl + +[2-curve-sect163r2-ssl] +server = 2-curve-sect163r2-server +client = 2-curve-sect163r2-client + +[2-curve-sect163r2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect163r2 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-curve-sect163r2-client] +CipherString = ECDHE +Curves = sect163r2 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success +ExpectedTmpKeyType = sect163r2 + + +# =========================================================== + +[3-curve-sect193r1] +ssl_conf = 3-curve-sect193r1-ssl + +[3-curve-sect193r1-ssl] +server = 3-curve-sect193r1-server +client = 3-curve-sect193r1-client + +[3-curve-sect193r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect193r1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-curve-sect193r1-client] +CipherString = ECDHE +Curves = sect193r1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +ExpectedTmpKeyType = sect193r1 + + +# =========================================================== + +[4-curve-sect193r2] +ssl_conf = 4-curve-sect193r2-ssl + +[4-curve-sect193r2-ssl] +server = 4-curve-sect193r2-server +client = 4-curve-sect193r2-client + +[4-curve-sect193r2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect193r2 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-curve-sect193r2-client] +CipherString = ECDHE +Curves = sect193r2 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success +ExpectedTmpKeyType = sect193r2 + + +# =========================================================== + +[5-curve-sect233k1] +ssl_conf = 5-curve-sect233k1-ssl + +[5-curve-sect233k1-ssl] +server = 5-curve-sect233k1-server +client = 5-curve-sect233k1-client + +[5-curve-sect233k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect233k1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-curve-sect233k1-client] +CipherString = ECDHE +Curves = sect233k1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = Success +ExpectedTmpKeyType = sect233k1 + + +# =========================================================== + +[6-curve-sect233r1] +ssl_conf = 6-curve-sect233r1-ssl + +[6-curve-sect233r1-ssl] +server = 6-curve-sect233r1-server +client = 6-curve-sect233r1-client + +[6-curve-sect233r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect233r1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-curve-sect233r1-client] +CipherString = ECDHE +Curves = sect233r1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = Success +ExpectedTmpKeyType = sect233r1 + + +# =========================================================== + +[7-curve-sect239k1] +ssl_conf = 7-curve-sect239k1-ssl + +[7-curve-sect239k1-ssl] +server = 7-curve-sect239k1-server +client = 7-curve-sect239k1-client + +[7-curve-sect239k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect239k1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-curve-sect239k1-client] +CipherString = ECDHE +Curves = sect239k1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = Success +ExpectedTmpKeyType = sect239k1 + + +# =========================================================== + +[8-curve-sect283k1] +ssl_conf = 8-curve-sect283k1-ssl + +[8-curve-sect283k1-ssl] +server = 8-curve-sect283k1-server +client = 8-curve-sect283k1-client + +[8-curve-sect283k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect283k1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-curve-sect283k1-client] +CipherString = ECDHE +Curves = sect283k1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedResult = Success +ExpectedTmpKeyType = sect283k1 + + +# =========================================================== + +[9-curve-sect283r1] +ssl_conf = 9-curve-sect283r1-ssl + +[9-curve-sect283r1-ssl] +server = 9-curve-sect283r1-server +client = 9-curve-sect283r1-client + +[9-curve-sect283r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect283r1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-curve-sect283r1-client] +CipherString = ECDHE +Curves = sect283r1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedResult = Success +ExpectedTmpKeyType = sect283r1 + + +# =========================================================== + +[10-curve-sect409k1] +ssl_conf = 10-curve-sect409k1-ssl + +[10-curve-sect409k1-ssl] +server = 10-curve-sect409k1-server +client = 10-curve-sect409k1-client + +[10-curve-sect409k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect409k1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-curve-sect409k1-client] +CipherString = ECDHE +Curves = sect409k1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedResult = Success +ExpectedTmpKeyType = sect409k1 + + +# =========================================================== + +[11-curve-sect409r1] +ssl_conf = 11-curve-sect409r1-ssl + +[11-curve-sect409r1-ssl] +server = 11-curve-sect409r1-server +client = 11-curve-sect409r1-client + +[11-curve-sect409r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect409r1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-curve-sect409r1-client] +CipherString = ECDHE +Curves = sect409r1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedResult = Success +ExpectedTmpKeyType = sect409r1 + + +# =========================================================== + +[12-curve-sect571k1] +ssl_conf = 12-curve-sect571k1-ssl + +[12-curve-sect571k1-ssl] +server = 12-curve-sect571k1-server +client = 12-curve-sect571k1-client + +[12-curve-sect571k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect571k1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-curve-sect571k1-client] +CipherString = ECDHE +Curves = sect571k1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedResult = Success +ExpectedTmpKeyType = sect571k1 + + +# =========================================================== + +[13-curve-sect571r1] +ssl_conf = 13-curve-sect571r1-ssl + +[13-curve-sect571r1-ssl] +server = 13-curve-sect571r1-server +client = 13-curve-sect571r1-client + +[13-curve-sect571r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect571r1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-curve-sect571r1-client] +CipherString = ECDHE +Curves = sect571r1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedResult = Success +ExpectedTmpKeyType = sect571r1 + + +# =========================================================== + +[14-curve-secp160k1] +ssl_conf = 14-curve-secp160k1-ssl + +[14-curve-secp160k1-ssl] +server = 14-curve-secp160k1-server +client = 14-curve-secp160k1-client + +[14-curve-secp160k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp160k1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-curve-secp160k1-client] +CipherString = ECDHE +Curves = secp160k1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedResult = Success +ExpectedTmpKeyType = secp160k1 + + +# =========================================================== + +[15-curve-secp160r1] +ssl_conf = 15-curve-secp160r1-ssl + +[15-curve-secp160r1-ssl] +server = 15-curve-secp160r1-server +client = 15-curve-secp160r1-client + +[15-curve-secp160r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp160r1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-curve-secp160r1-client] +CipherString = ECDHE +Curves = secp160r1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedResult = Success +ExpectedTmpKeyType = secp160r1 + + +# =========================================================== + +[16-curve-secp160r2] +ssl_conf = 16-curve-secp160r2-ssl + +[16-curve-secp160r2-ssl] +server = 16-curve-secp160r2-server +client = 16-curve-secp160r2-client + +[16-curve-secp160r2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp160r2 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-curve-secp160r2-client] +CipherString = ECDHE +Curves = secp160r2 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +ExpectedResult = Success +ExpectedTmpKeyType = secp160r2 + + +# =========================================================== + +[17-curve-secp192k1] +ssl_conf = 17-curve-secp192k1-ssl + +[17-curve-secp192k1-ssl] +server = 17-curve-secp192k1-server +client = 17-curve-secp192k1-client + +[17-curve-secp192k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp192k1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[17-curve-secp192k1-client] +CipherString = ECDHE +Curves = secp192k1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-17] +ExpectedResult = Success +ExpectedTmpKeyType = secp192k1 + + +# =========================================================== + +[18-curve-prime192v1] +ssl_conf = 18-curve-prime192v1-ssl + +[18-curve-prime192v1-ssl] +server = 18-curve-prime192v1-server +client = 18-curve-prime192v1-client + +[18-curve-prime192v1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = prime192v1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-curve-prime192v1-client] +CipherString = ECDHE +Curves = prime192v1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-18] +ExpectedResult = Success +ExpectedTmpKeyType = prime192v1 + + +# =========================================================== + +[19-curve-secp224k1] +ssl_conf = 19-curve-secp224k1-ssl + +[19-curve-secp224k1-ssl] +server = 19-curve-secp224k1-server +client = 19-curve-secp224k1-client + +[19-curve-secp224k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp224k1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-curve-secp224k1-client] +CipherString = ECDHE +Curves = secp224k1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-19] +ExpectedResult = Success +ExpectedTmpKeyType = secp224k1 + + +# =========================================================== + +[20-curve-secp224r1] +ssl_conf = 20-curve-secp224r1-ssl + +[20-curve-secp224r1-ssl] +server = 20-curve-secp224r1-server +client = 20-curve-secp224r1-client + +[20-curve-secp224r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp224r1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[20-curve-secp224r1-client] +CipherString = ECDHE +Curves = secp224r1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-20] +ExpectedResult = Success +ExpectedTmpKeyType = secp224r1 + + +# =========================================================== + +[21-curve-secp256k1] +ssl_conf = 21-curve-secp256k1-ssl + +[21-curve-secp256k1-ssl] +server = 21-curve-secp256k1-server +client = 21-curve-secp256k1-client + +[21-curve-secp256k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp256k1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[21-curve-secp256k1-client] +CipherString = ECDHE +Curves = secp256k1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-21] +ExpectedResult = Success +ExpectedTmpKeyType = secp256k1 + + +# =========================================================== + +[22-curve-prime256v1] +ssl_conf = 22-curve-prime256v1-ssl + +[22-curve-prime256v1-ssl] +server = 22-curve-prime256v1-server +client = 22-curve-prime256v1-client + +[22-curve-prime256v1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = prime256v1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[22-curve-prime256v1-client] +CipherString = ECDHE +Curves = prime256v1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-22] +ExpectedResult = Success +ExpectedTmpKeyType = prime256v1 + + +# =========================================================== + +[23-curve-secp384r1] +ssl_conf = 23-curve-secp384r1-ssl + +[23-curve-secp384r1-ssl] +server = 23-curve-secp384r1-server +client = 23-curve-secp384r1-client + +[23-curve-secp384r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp384r1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[23-curve-secp384r1-client] +CipherString = ECDHE +Curves = secp384r1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-23] +ExpectedResult = Success +ExpectedTmpKeyType = secp384r1 + + +# =========================================================== + +[24-curve-secp521r1] +ssl_conf = 24-curve-secp521r1-ssl + +[24-curve-secp521r1-ssl] +server = 24-curve-secp521r1-server +client = 24-curve-secp521r1-client + +[24-curve-secp521r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp521r1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[24-curve-secp521r1-client] +CipherString = ECDHE +Curves = secp521r1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-24] +ExpectedResult = Success +ExpectedTmpKeyType = secp521r1 + + +# =========================================================== + +[25-curve-brainpoolP256r1] +ssl_conf = 25-curve-brainpoolP256r1-ssl + +[25-curve-brainpoolP256r1-ssl] +server = 25-curve-brainpoolP256r1-server +client = 25-curve-brainpoolP256r1-client + +[25-curve-brainpoolP256r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = brainpoolP256r1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[25-curve-brainpoolP256r1-client] +CipherString = ECDHE +Curves = brainpoolP256r1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-25] +ExpectedResult = Success +ExpectedTmpKeyType = brainpoolP256r1 + + +# =========================================================== + +[26-curve-brainpoolP384r1] +ssl_conf = 26-curve-brainpoolP384r1-ssl + +[26-curve-brainpoolP384r1-ssl] +server = 26-curve-brainpoolP384r1-server +client = 26-curve-brainpoolP384r1-client + +[26-curve-brainpoolP384r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = brainpoolP384r1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[26-curve-brainpoolP384r1-client] +CipherString = ECDHE +Curves = brainpoolP384r1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-26] +ExpectedResult = Success +ExpectedTmpKeyType = brainpoolP384r1 + + +# =========================================================== + +[27-curve-brainpoolP512r1] +ssl_conf = 27-curve-brainpoolP512r1-ssl + +[27-curve-brainpoolP512r1-ssl] +server = 27-curve-brainpoolP512r1-server +client = 27-curve-brainpoolP512r1-client + +[27-curve-brainpoolP512r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = brainpoolP512r1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[27-curve-brainpoolP512r1-client] +CipherString = ECDHE +Curves = brainpoolP512r1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-27] +ExpectedResult = Success +ExpectedTmpKeyType = brainpoolP512r1 + + +# =========================================================== + +[28-curve-X25519] +ssl_conf = 28-curve-X25519-ssl + +[28-curve-X25519-ssl] +server = 28-curve-X25519-server +client = 28-curve-X25519-client + +[28-curve-X25519-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = X25519 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[28-curve-X25519-client] +CipherString = ECDHE +Curves = X25519 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-28] +ExpectedResult = Success +ExpectedTmpKeyType = X25519 + + +# =========================================================== + +[29-curve-X448] +ssl_conf = 29-curve-X448-ssl + +[29-curve-X448-ssl] +server = 29-curve-X448-server +client = 29-curve-X448-client + +[29-curve-X448-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = X448 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[29-curve-X448-client] +CipherString = ECDHE +Curves = X448 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-29] +ExpectedResult = Success +ExpectedTmpKeyType = X448 + + diff --git a/test/ssl-tests/14-curves.cnf.in b/test/ssl-tests/14-curves.cnf.in new file mode 100644 index 0000000000..2f8077c44a --- /dev/null +++ b/test/ssl-tests/14-curves.cnf.in @@ -0,0 +1,47 @@ +# -*- mode: perl; -*- + +## SSL test configurations + +package ssltests; + +use strict; +use warnings; + +use OpenSSL::Test; +use OpenSSL::Test::Utils qw(anydisabled); + +my @curves = ("sect163k1", "sect163r1", "sect163r2", "sect193r1", + "sect193r2", "sect233k1", "sect233r1", "sect239k1", + "sect283k1", "sect283r1", "sect409k1", "sect409r1", + "sect571k1", "sect571r1", "secp160k1", "secp160r1", + "secp160r2", "secp192k1", "prime192v1", "secp224k1", + "secp224r1", "secp256k1", "prime256v1", "secp384r1", + "secp521r1", "brainpoolP256r1", "brainpoolP384r1", + "brainpoolP512r1", "X25519", "X448"); + +our @tests = (); + +sub generate_tests() { + foreach (0..$#curves) { + my $curve = $curves[$_]; + push @tests, { + name => "curve-${curve}", + server => { + "Curves" => $curve, + # TODO(TLS1.3): Can we get this to work for TLSv1.3? + "MaxProtocol" => "TLSv1.2" + }, + client => { + "CipherString" => "ECDHE", + "MaxProtocol" => "TLSv1.2", + "Curves" => $curve + }, + test => { + "ExpectedTmpKeyType" => $curve, + "ExpectedResult" => "Success" + }, + }; + } +} + +generate_tests(); diff --git a/test/ssl-tests/14-curves.conf b/test/ssl-tests/14-curves.conf deleted file mode 100644 index f76f08fd7d..0000000000 --- a/test/ssl-tests/14-curves.conf +++ /dev/null @@ -1,874 +0,0 @@ -# Generated with generate_ssl_tests.pl - -num_tests = 30 - -test-0 = 0-curve-sect163k1 -test-1 = 1-curve-sect163r1 -test-2 = 2-curve-sect163r2 -test-3 = 3-curve-sect193r1 -test-4 = 4-curve-sect193r2 -test-5 = 5-curve-sect233k1 -test-6 = 6-curve-sect233r1 -test-7 = 7-curve-sect239k1 -test-8 = 8-curve-sect283k1 -test-9 = 9-curve-sect283r1 -test-10 = 10-curve-sect409k1 -test-11 = 11-curve-sect409r1 -test-12 = 12-curve-sect571k1 -test-13 = 13-curve-sect571r1 -test-14 = 14-curve-secp160k1 -test-15 = 15-curve-secp160r1 -test-16 = 16-curve-secp160r2 -test-17 = 17-curve-secp192k1 -test-18 = 18-curve-prime192v1 -test-19 = 19-curve-secp224k1 -test-20 = 20-curve-secp224r1 -test-21 = 21-curve-secp256k1 -test-22 = 22-curve-prime256v1 -test-23 = 23-curve-secp384r1 -test-24 = 24-curve-secp521r1 -test-25 = 25-curve-brainpoolP256r1 -test-26 = 26-curve-brainpoolP384r1 -test-27 = 27-curve-brainpoolP512r1 -test-28 = 28-curve-X25519 -test-29 = 29-curve-X448 -# =========================================================== - -[0-curve-sect163k1] -ssl_conf = 0-curve-sect163k1-ssl - -[0-curve-sect163k1-ssl] -server = 0-curve-sect163k1-server -client = 0-curve-sect163k1-client - -[0-curve-sect163k1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Curves = sect163k1 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[0-curve-sect163k1-client] -CipherString = ECDHE -Curves = sect163k1 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-0] -ExpectedResult = Success -ExpectedTmpKeyType = sect163k1 - - -# =========================================================== - -[1-curve-sect163r1] -ssl_conf = 1-curve-sect163r1-ssl - -[1-curve-sect163r1-ssl] -server = 1-curve-sect163r1-server -client = 1-curve-sect163r1-client - -[1-curve-sect163r1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Curves = sect163r1 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[1-curve-sect163r1-client] -CipherString = ECDHE -Curves = sect163r1 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-1] -ExpectedResult = Success -ExpectedTmpKeyType = sect163r1 - - -# =========================================================== - -[2-curve-sect163r2] -ssl_conf = 2-curve-sect163r2-ssl - -[2-curve-sect163r2-ssl] -server = 2-curve-sect163r2-server -client = 2-curve-sect163r2-client - -[2-curve-sect163r2-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Curves = sect163r2 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[2-curve-sect163r2-client] -CipherString = ECDHE -Curves = sect163r2 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-2] -ExpectedResult = Success -ExpectedTmpKeyType = sect163r2 - - -# =========================================================== - -[3-curve-sect193r1] -ssl_conf = 3-curve-sect193r1-ssl - -[3-curve-sect193r1-ssl] -server = 3-curve-sect193r1-server -client = 3-curve-sect193r1-client - -[3-curve-sect193r1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Curves = sect193r1 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[3-curve-sect193r1-client] -CipherString = ECDHE -Curves = sect193r1 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-3] -ExpectedResult = Success -ExpectedTmpKeyType = sect193r1 - - -# =========================================================== - -[4-curve-sect193r2] -ssl_conf = 4-curve-sect193r2-ssl - -[4-curve-sect193r2-ssl] -server = 4-curve-sect193r2-server -client = 4-curve-sect193r2-client - -[4-curve-sect193r2-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Curves = sect193r2 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[4-curve-sect193r2-client] -CipherString = ECDHE -Curves = sect193r2 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-4] -ExpectedResult = Success -ExpectedTmpKeyType = sect193r2 - - -# =========================================================== - -[5-curve-sect233k1] -ssl_conf = 5-curve-sect233k1-ssl - -[5-curve-sect233k1-ssl] -server = 5-curve-sect233k1-server -client = 5-curve-sect233k1-client - -[5-curve-sect233k1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Curves = sect233k1 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[5-curve-sect233k1-client] -CipherString = ECDHE -Curves = sect233k1 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-5] -ExpectedResult = Success -ExpectedTmpKeyType = sect233k1 - - -# =========================================================== - -[6-curve-sect233r1] -ssl_conf = 6-curve-sect233r1-ssl - -[6-curve-sect233r1-ssl] -server = 6-curve-sect233r1-server -client = 6-curve-sect233r1-client - -[6-curve-sect233r1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Curves = sect233r1 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[6-curve-sect233r1-client] -CipherString = ECDHE -Curves = sect233r1 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-6] -ExpectedResult = Success -ExpectedTmpKeyType = sect233r1 - - -# =========================================================== - -[7-curve-sect239k1] -ssl_conf = 7-curve-sect239k1-ssl - -[7-curve-sect239k1-ssl] -server = 7-curve-sect239k1-server -client = 7-curve-sect239k1-client - -[7-curve-sect239k1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Curves = sect239k1 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[7-curve-sect239k1-client] -CipherString = ECDHE -Curves = sect239k1 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-7] -ExpectedResult = Success -ExpectedTmpKeyType = sect239k1 - - -# =========================================================== - -[8-curve-sect283k1] -ssl_conf = 8-curve-sect283k1-ssl - -[8-curve-sect283k1-ssl] -server = 8-curve-sect283k1-server -client = 8-curve-sect283k1-client - -[8-curve-sect283k1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Curves = sect283k1 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[8-curve-sect283k1-client] -CipherString = ECDHE -Curves = sect283k1 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-8] -ExpectedResult = Success -ExpectedTmpKeyType = sect283k1 - - -# =========================================================== - -[9-curve-sect283r1] -ssl_conf = 9-curve-sect283r1-ssl - -[9-curve-sect283r1-ssl] -server = 9-curve-sect283r1-server -client = 9-curve-sect283r1-client - -[9-curve-sect283r1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Curves = sect283r1 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[9-curve-sect283r1-client] -CipherString = ECDHE -Curves = sect283r1 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-9] -ExpectedResult = Success -ExpectedTmpKeyType = sect283r1 - - -# =========================================================== - -[10-curve-sect409k1] -ssl_conf = 10-curve-sect409k1-ssl - -[10-curve-sect409k1-ssl] -server = 10-curve-sect409k1-server -client = 10-curve-sect409k1-client - -[10-curve-sect409k1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Curves = sect409k1 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[10-curve-sect409k1-client] -CipherString = ECDHE -Curves = sect409k1 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-10] -ExpectedResult = Success -ExpectedTmpKeyType = sect409k1 - - -# =========================================================== - -[11-curve-sect409r1] -ssl_conf = 11-curve-sect409r1-ssl - -[11-curve-sect409r1-ssl] -server = 11-curve-sect409r1-server -client = 11-curve-sect409r1-client - -[11-curve-sect409r1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Curves = sect409r1 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[11-curve-sect409r1-client] -CipherString = ECDHE -Curves = sect409r1 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-11] -ExpectedResult = Success -ExpectedTmpKeyType = sect409r1 - - -# =========================================================== - -[12-curve-sect571k1] -ssl_conf = 12-curve-sect571k1-ssl - -[12-curve-sect571k1-ssl] -server = 12-curve-sect571k1-server -client = 12-curve-sect571k1-client - -[12-curve-sect571k1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Curves = sect571k1 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[12-curve-sect571k1-client] -CipherString = ECDHE -Curves = sect571k1 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-12] -ExpectedResult = Success -ExpectedTmpKeyType = sect571k1 - - -# =========================================================== - -[13-curve-sect571r1] -ssl_conf = 13-curve-sect571r1-ssl - -[13-curve-sect571r1-ssl] -server = 13-curve-sect571r1-server -client = 13-curve-sect571r1-client - -[13-curve-sect571r1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Curves = sect571r1 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[13-curve-sect571r1-client] -CipherString = ECDHE -Curves = sect571r1 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-13] -ExpectedResult = Success -ExpectedTmpKeyType = sect571r1 - - -# =========================================================== - -[14-curve-secp160k1] -ssl_conf = 14-curve-secp160k1-ssl - -[14-curve-secp160k1-ssl] -server = 14-curve-secp160k1-server -client = 14-curve-secp160k1-client - -[14-curve-secp160k1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Curves = secp160k1 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[14-curve-secp160k1-client] -CipherString = ECDHE -Curves = secp160k1 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-14] -ExpectedResult = Success -ExpectedTmpKeyType = secp160k1 - - -# =========================================================== - -[15-curve-secp160r1] -ssl_conf = 15-curve-secp160r1-ssl - -[15-curve-secp160r1-ssl] -server = 15-curve-secp160r1-server -client = 15-curve-secp160r1-client - -[15-curve-secp160r1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Curves = secp160r1 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[15-curve-secp160r1-client] -CipherString = ECDHE -Curves = secp160r1 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-15] -ExpectedResult = Success -ExpectedTmpKeyType = secp160r1 - - -# =========================================================== - -[16-curve-secp160r2] -ssl_conf = 16-curve-secp160r2-ssl - -[16-curve-secp160r2-ssl] -server = 16-curve-secp160r2-server -client = 16-curve-secp160r2-client - -[16-curve-secp160r2-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Curves = secp160r2 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[16-curve-secp160r2-client] -CipherString = ECDHE -Curves = secp160r2 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-16] -ExpectedResult = Success -ExpectedTmpKeyType = secp160r2 - - -# =========================================================== - -[17-curve-secp192k1] -ssl_conf = 17-curve-secp192k1-ssl - -[17-curve-secp192k1-ssl] -server = 17-curve-secp192k1-server -client = 17-curve-secp192k1-client - -[17-curve-secp192k1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Curves = secp192k1 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[17-curve-secp192k1-client] -CipherString = ECDHE -Curves = secp192k1 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-17] -ExpectedResult = Success -ExpectedTmpKeyType = secp192k1 - - -# =========================================================== - -[18-curve-prime192v1] -ssl_conf = 18-curve-prime192v1-ssl - -[18-curve-prime192v1-ssl] -server = 18-curve-prime192v1-server -client = 18-curve-prime192v1-client - -[18-curve-prime192v1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Curves = prime192v1 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[18-curve-prime192v1-client] -CipherString = ECDHE -Curves = prime192v1 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-18] -ExpectedResult = Success -ExpectedTmpKeyType = prime192v1 - - -# =========================================================== - -[19-curve-secp224k1] -ssl_conf = 19-curve-secp224k1-ssl - -[19-curve-secp224k1-ssl] -server = 19-curve-secp224k1-server -client = 19-curve-secp224k1-client - -[19-curve-secp224k1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Curves = secp224k1 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[19-curve-secp224k1-client] -CipherString = ECDHE -Curves = secp224k1 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-19] -ExpectedResult = Success -ExpectedTmpKeyType = secp224k1 - - -# =========================================================== - -[20-curve-secp224r1] -ssl_conf = 20-curve-secp224r1-ssl - -[20-curve-secp224r1-ssl] -server = 20-curve-secp224r1-server -client = 20-curve-secp224r1-client - -[20-curve-secp224r1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Curves = secp224r1 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[20-curve-secp224r1-client] -CipherString = ECDHE -Curves = secp224r1 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-20] -ExpectedResult = Success -ExpectedTmpKeyType = secp224r1 - - -# =========================================================== - -[21-curve-secp256k1] -ssl_conf = 21-curve-secp256k1-ssl - -[21-curve-secp256k1-ssl] -server = 21-curve-secp256k1-server -client = 21-curve-secp256k1-client - -[21-curve-secp256k1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Curves = secp256k1 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[21-curve-secp256k1-client] -CipherString = ECDHE -Curves = secp256k1 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-21] -ExpectedResult = Success -ExpectedTmpKeyType = secp256k1 - - -# =========================================================== - -[22-curve-prime256v1] -ssl_conf = 22-curve-prime256v1-ssl - -[22-curve-prime256v1-ssl] -server = 22-curve-prime256v1-server -client = 22-curve-prime256v1-client - -[22-curve-prime256v1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Curves = prime256v1 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[22-curve-prime256v1-client] -CipherString = ECDHE -Curves = prime256v1 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-22] -ExpectedResult = Success -ExpectedTmpKeyType = prime256v1 - - -# =========================================================== - -[23-curve-secp384r1] -ssl_conf = 23-curve-secp384r1-ssl - -[23-curve-secp384r1-ssl] -server = 23-curve-secp384r1-server -client = 23-curve-secp384r1-client - -[23-curve-secp384r1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Curves = secp384r1 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[23-curve-secp384r1-client] -CipherString = ECDHE -Curves = secp384r1 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-23] -ExpectedResult = Success -ExpectedTmpKeyType = secp384r1 - - -# =========================================================== - -[24-curve-secp521r1] -ssl_conf = 24-curve-secp521r1-ssl - -[24-curve-secp521r1-ssl] -server = 24-curve-secp521r1-server -client = 24-curve-secp521r1-client - -[24-curve-secp521r1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Curves = secp521r1 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[24-curve-secp521r1-client] -CipherString = ECDHE -Curves = secp521r1 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-24] -ExpectedResult = Success -ExpectedTmpKeyType = secp521r1 - - -# =========================================================== - -[25-curve-brainpoolP256r1] -ssl_conf = 25-curve-brainpoolP256r1-ssl - -[25-curve-brainpoolP256r1-ssl] -server = 25-curve-brainpoolP256r1-server -client = 25-curve-brainpoolP256r1-client - -[25-curve-brainpoolP256r1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Curves = brainpoolP256r1 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[25-curve-brainpoolP256r1-client] -CipherString = ECDHE -Curves = brainpoolP256r1 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-25] -ExpectedResult = Success -ExpectedTmpKeyType = brainpoolP256r1 - - -# =========================================================== - -[26-curve-brainpoolP384r1] -ssl_conf = 26-curve-brainpoolP384r1-ssl - -[26-curve-brainpoolP384r1-ssl] -server = 26-curve-brainpoolP384r1-server -client = 26-curve-brainpoolP384r1-client - -[26-curve-brainpoolP384r1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Curves = brainpoolP384r1 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[26-curve-brainpoolP384r1-client] -CipherString = ECDHE -Curves = brainpoolP384r1 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-26] -ExpectedResult = Success -ExpectedTmpKeyType = brainpoolP384r1 - - -# =========================================================== - -[27-curve-brainpoolP512r1] -ssl_conf = 27-curve-brainpoolP512r1-ssl - -[27-curve-brainpoolP512r1-ssl] -server = 27-curve-brainpoolP512r1-server -client = 27-curve-brainpoolP512r1-client - -[27-curve-brainpoolP512r1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Curves = brainpoolP512r1 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[27-curve-brainpoolP512r1-client] -CipherString = ECDHE -Curves = brainpoolP512r1 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-27] -ExpectedResult = Success -ExpectedTmpKeyType = brainpoolP512r1 - - -# =========================================================== - -[28-curve-X25519] -ssl_conf = 28-curve-X25519-ssl - -[28-curve-X25519-ssl] -server = 28-curve-X25519-server -client = 28-curve-X25519-client - -[28-curve-X25519-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Curves = X25519 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[28-curve-X25519-client] -CipherString = ECDHE -Curves = X25519 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-28] -ExpectedResult = Success -ExpectedTmpKeyType = X25519 - - -# =========================================================== - -[29-curve-X448] -ssl_conf = 29-curve-X448-ssl - -[29-curve-X448-ssl] -server = 29-curve-X448-server -client = 29-curve-X448-client - -[29-curve-X448-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Curves = X448 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[29-curve-X448-client] -CipherString = ECDHE -Curves = X448 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-29] -ExpectedResult = Success -ExpectedTmpKeyType = X448 - - diff --git a/test/ssl-tests/14-curves.conf.in b/test/ssl-tests/14-curves.conf.in deleted file mode 100644 index 2f8077c44a..0000000000 --- a/test/ssl-tests/14-curves.conf.in +++ /dev/null @@ -1,47 +0,0 @@ -# -*- mode: perl; -*- - -## SSL test configurations - -package ssltests; - -use strict; -use warnings; - -use OpenSSL::Test; -use OpenSSL::Test::Utils qw(anydisabled); - -my @curves = ("sect163k1", "sect163r1", "sect163r2", "sect193r1", - "sect193r2", "sect233k1", "sect233r1", "sect239k1", - "sect283k1", "sect283r1", "sect409k1", "sect409r1", - "sect571k1", "sect571r1", "secp160k1", "secp160r1", - "secp160r2", "secp192k1", "prime192v1", "secp224k1", - "secp224r1", "secp256k1", "prime256v1", "secp384r1", - "secp521r1", "brainpoolP256r1", "brainpoolP384r1", - "brainpoolP512r1", "X25519", "X448"); - -our @tests = (); - -sub generate_tests() { - foreach (0..$#curves) { - my $curve = $curves[$_]; - push @tests, { - name => "curve-${curve}", - server => { - "Curves" => $curve, - # TODO(TLS1.3): Can we get this to work for TLSv1.3? - "MaxProtocol" => "TLSv1.2" - }, - client => { - "CipherString" => "ECDHE", - "MaxProtocol" => "TLSv1.2", - "Curves" => $curve - }, - test => { - "ExpectedTmpKeyType" => $curve, - "ExpectedResult" => "Success" - }, - }; - } -} - -generate_tests(); diff --git a/test/ssl-tests/15-certstatus.cnf b/test/ssl-tests/15-certstatus.cnf new file mode 100644 index 0000000000..bf6c41cda2 --- /dev/null +++ b/test/ssl-tests/15-certstatus.cnf @@ -0,0 +1,62 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 2 + +test-0 = 0-certstatus-good +test-1 = 1-certstatus-bad +# =========================================================== + +[0-certstatus-good] +ssl_conf = 0-certstatus-good-ssl + +[0-certstatus-good-ssl] +server = 0-certstatus-good-server +client = 0-certstatus-good-client + +[0-certstatus-good-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-certstatus-good-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +Method = TLS +server = 0-certstatus-good-server-extra + +[0-certstatus-good-server-extra] +CertStatus = GoodResponse + + +# =========================================================== + +[1-certstatus-bad] +ssl_conf = 1-certstatus-bad-ssl + +[1-certstatus-bad-ssl] +server = 1-certstatus-bad-server +client = 1-certstatus-bad-client + +[1-certstatus-bad-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-certstatus-bad-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = ClientFail +Method = TLS +server = 1-certstatus-bad-server-extra + +[1-certstatus-bad-server-extra] +CertStatus = BadResponse + + diff --git a/test/ssl-tests/15-certstatus.cnf.in b/test/ssl-tests/15-certstatus.cnf.in new file mode 100644 index 0000000000..67b0602b2d --- /dev/null +++ b/test/ssl-tests/15-certstatus.cnf.in @@ -0,0 +1,45 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test CertStatus messages + +use strict; +use warnings; + +package ssltests; + + +our @tests = ( + { + name => "certstatus-good", + server => { + extra => { + "CertStatus" => "GoodResponse", + }, + }, + client => {}, + test => { + "Method" => "TLS", + "ExpectedResult" => "Success" + } + }, + { + name => "certstatus-bad", + server => { + extra => { + "CertStatus" => "BadResponse", + }, + }, + client => {}, + test => { + "Method" => "TLS", + "ExpectedResult" => "ClientFail" + } + }, +); diff --git a/test/ssl-tests/15-certstatus.conf b/test/ssl-tests/15-certstatus.conf deleted file mode 100644 index bf6c41cda2..0000000000 --- a/test/ssl-tests/15-certstatus.conf +++ /dev/null @@ -1,62 +0,0 @@ -# Generated with generate_ssl_tests.pl - -num_tests = 2 - -test-0 = 0-certstatus-good -test-1 = 1-certstatus-bad -# =========================================================== - -[0-certstatus-good] -ssl_conf = 0-certstatus-good-ssl - -[0-certstatus-good-ssl] -server = 0-certstatus-good-server -client = 0-certstatus-good-client - -[0-certstatus-good-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[0-certstatus-good-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-0] -ExpectedResult = Success -Method = TLS -server = 0-certstatus-good-server-extra - -[0-certstatus-good-server-extra] -CertStatus = GoodResponse - - -# =========================================================== - -[1-certstatus-bad] -ssl_conf = 1-certstatus-bad-ssl - -[1-certstatus-bad-ssl] -server = 1-certstatus-bad-server -client = 1-certstatus-bad-client - -[1-certstatus-bad-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[1-certstatus-bad-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-1] -ExpectedResult = ClientFail -Method = TLS -server = 1-certstatus-bad-server-extra - -[1-certstatus-bad-server-extra] -CertStatus = BadResponse - - diff --git a/test/ssl-tests/15-certstatus.conf.in b/test/ssl-tests/15-certstatus.conf.in deleted file mode 100644 index 67b0602b2d..0000000000 --- a/test/ssl-tests/15-certstatus.conf.in +++ /dev/null @@ -1,45 +0,0 @@ -# -*- mode: perl; -*- -# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -## Test CertStatus messages - -use strict; -use warnings; - -package ssltests; - - -our @tests = ( - { - name => "certstatus-good", - server => { - extra => { - "CertStatus" => "GoodResponse", - }, - }, - client => {}, - test => { - "Method" => "TLS", - "ExpectedResult" => "Success" - } - }, - { - name => "certstatus-bad", - server => { - extra => { - "CertStatus" => "BadResponse", - }, - }, - client => {}, - test => { - "Method" => "TLS", - "ExpectedResult" => "ClientFail" - } - }, -); diff --git a/test/ssl-tests/16-dtls-certstatus.cnf b/test/ssl-tests/16-dtls-certstatus.cnf new file mode 100644 index 0000000000..a561803a55 --- /dev/null +++ b/test/ssl-tests/16-dtls-certstatus.cnf @@ -0,0 +1,62 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 2 + +test-0 = 0-certstatus-good +test-1 = 1-certstatus-bad +# =========================================================== + +[0-certstatus-good] +ssl_conf = 0-certstatus-good-ssl + +[0-certstatus-good-ssl] +server = 0-certstatus-good-server +client = 0-certstatus-good-client + +[0-certstatus-good-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-certstatus-good-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +Method = DTLS +server = 0-certstatus-good-server-extra + +[0-certstatus-good-server-extra] +CertStatus = GoodResponse + + +# =========================================================== + +[1-certstatus-bad] +ssl_conf = 1-certstatus-bad-ssl + +[1-certstatus-bad-ssl] +server = 1-certstatus-bad-server +client = 1-certstatus-bad-client + +[1-certstatus-bad-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-certstatus-bad-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = ClientFail +Method = DTLS +server = 1-certstatus-bad-server-extra + +[1-certstatus-bad-server-extra] +CertStatus = BadResponse + + diff --git a/test/ssl-tests/16-dtls-certstatus.cnf.in b/test/ssl-tests/16-dtls-certstatus.cnf.in new file mode 100644 index 0000000000..742de63ff7 --- /dev/null +++ b/test/ssl-tests/16-dtls-certstatus.cnf.in @@ -0,0 +1,78 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test DTLS CertStatus messages + +use strict; +use warnings; + +package ssltests; +use OpenSSL::Test::Utils; + +our @tests = ( + { + name => "certstatus-good", + server => { + extra => { + "CertStatus" => "GoodResponse", + }, + }, + client => {}, + test => { + "Method" => "DTLS", + "ExpectedResult" => "Success" + } + }, + { + name => "certstatus-bad", + server => { + extra => { + "CertStatus" => "BadResponse", + }, + }, + client => {}, + test => { + "Method" => "DTLS", + "ExpectedResult" => "ClientFail" + } + } +); + +our @tests_sctp = ( + { + name => "certstatus-good", + server => { + extra => { + "CertStatus" => "GoodResponse", + }, + }, + client => {}, + test => { + "Method" => "DTLS", + "UseSCTP" => "Yes", + "ExpectedResult" => "Success" + } + }, + { + name => "certstatus-bad", + server => { + extra => { + "CertStatus" => "BadResponse", + }, + }, + client => {}, + test => { + "Method" => "DTLS", + "UseSCTP" => "Yes", + "ExpectedResult" => "ClientFail" + } + }, +); + +push @tests, @tests_sctp unless disabled("sctp") || disabled("sock"); diff --git a/test/ssl-tests/16-dtls-certstatus.conf b/test/ssl-tests/16-dtls-certstatus.conf deleted file mode 100644 index a561803a55..0000000000 --- a/test/ssl-tests/16-dtls-certstatus.conf +++ /dev/null @@ -1,62 +0,0 @@ -# Generated with generate_ssl_tests.pl - -num_tests = 2 - -test-0 = 0-certstatus-good -test-1 = 1-certstatus-bad -# =========================================================== - -[0-certstatus-good] -ssl_conf = 0-certstatus-good-ssl - -[0-certstatus-good-ssl] -server = 0-certstatus-good-server -client = 0-certstatus-good-client - -[0-certstatus-good-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[0-certstatus-good-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-0] -ExpectedResult = Success -Method = DTLS -server = 0-certstatus-good-server-extra - -[0-certstatus-good-server-extra] -CertStatus = GoodResponse - - -# =========================================================== - -[1-certstatus-bad] -ssl_conf = 1-certstatus-bad-ssl - -[1-certstatus-bad-ssl] -server = 1-certstatus-bad-server -client = 1-certstatus-bad-client - -[1-certstatus-bad-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[1-certstatus-bad-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-1] -ExpectedResult = ClientFail -Method = DTLS -server = 1-certstatus-bad-server-extra - -[1-certstatus-bad-server-extra] -CertStatus = BadResponse - - diff --git a/test/ssl-tests/16-dtls-certstatus.conf.in b/test/ssl-tests/16-dtls-certstatus.conf.in deleted file mode 100644 index 742de63ff7..0000000000 --- a/test/ssl-tests/16-dtls-certstatus.conf.in +++ /dev/null @@ -1,78 +0,0 @@ -# -*- mode: perl; -*- -# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -## Test DTLS CertStatus messages - -use strict; -use warnings; - -package ssltests; -use OpenSSL::Test::Utils; - -our @tests = ( - { - name => "certstatus-good", - server => { - extra => { - "CertStatus" => "GoodResponse", - }, - }, - client => {}, - test => { - "Method" => "DTLS", - "ExpectedResult" => "Success" - } - }, - { - name => "certstatus-bad", - server => { - extra => { - "CertStatus" => "BadResponse", - }, - }, - client => {}, - test => { - "Method" => "DTLS", - "ExpectedResult" => "ClientFail" - } - } -); - -our @tests_sctp = ( - { - name => "certstatus-good", - server => { - extra => { - "CertStatus" => "GoodResponse", - }, - }, - client => {}, - test => { - "Method" => "DTLS", - "UseSCTP" => "Yes", - "ExpectedResult" => "Success" - } - }, - { - name => "certstatus-bad", - server => { - extra => { - "CertStatus" => "BadResponse", - }, - }, - client => {}, - test => { - "Method" => "DTLS", - "UseSCTP" => "Yes", - "ExpectedResult" => "ClientFail" - } - }, -); - -push @tests, @tests_sctp unless disabled("sctp") || disabled("sock"); diff --git a/test/ssl-tests/17-renegotiate.cnf b/test/ssl-tests/17-renegotiate.cnf new file mode 100644 index 0000000000..12cf791310 --- /dev/null +++ b/test/ssl-tests/17-renegotiate.cnf @@ -0,0 +1,432 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 14 + +test-0 = 0-renegotiate-client-no-resume +test-1 = 1-renegotiate-client-resume +test-2 = 2-renegotiate-server-no-resume +test-3 = 3-renegotiate-server-resume +test-4 = 4-renegotiate-client-auth-require +test-5 = 5-renegotiate-client-auth-once +test-6 = 6-renegotiate-aead-to-non-aead +test-7 = 7-renegotiate-non-aead-to-aead +test-8 = 8-renegotiate-non-aead-to-non-aead +test-9 = 9-renegotiate-aead-to-aead +test-10 = 10-no-renegotiation-server-by-client +test-11 = 11-no-renegotiation-server-by-server +test-12 = 12-no-renegotiation-client-by-server +test-13 = 13-no-renegotiation-client-by-client +# =========================================================== + +[0-renegotiate-client-no-resume] +ssl_conf = 0-renegotiate-client-no-resume-ssl + +[0-renegotiate-client-no-resume-ssl] +server = 0-renegotiate-client-no-resume-server +client = 0-renegotiate-client-no-resume-client + +[0-renegotiate-client-no-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-renegotiate-client-no-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = TLS +ResumptionExpected = No + + +# =========================================================== + +[1-renegotiate-client-resume] +ssl_conf = 1-renegotiate-client-resume-ssl + +[1-renegotiate-client-resume-ssl] +server = 1-renegotiate-client-resume-server +client = 1-renegotiate-client-resume-client + +[1-renegotiate-client-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-renegotiate-client-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = TLS +ResumptionExpected = Yes + + +# =========================================================== + +[2-renegotiate-server-no-resume] +ssl_conf = 2-renegotiate-server-no-resume-ssl + +[2-renegotiate-server-no-resume-ssl] +server = 2-renegotiate-server-no-resume-server +client = 2-renegotiate-server-no-resume-client + +[2-renegotiate-server-no-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-renegotiate-server-no-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success +HandshakeMode = RenegotiateServer +Method = TLS +ResumptionExpected = No + + +# =========================================================== + +[3-renegotiate-server-resume] +ssl_conf = 3-renegotiate-server-resume-ssl + +[3-renegotiate-server-resume-ssl] +server = 3-renegotiate-server-resume-server +client = 3-renegotiate-server-resume-client + +[3-renegotiate-server-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-renegotiate-server-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +HandshakeMode = RenegotiateServer +Method = TLS +ResumptionExpected = Yes + + +# =========================================================== + +[4-renegotiate-client-auth-require] +ssl_conf = 4-renegotiate-client-auth-require-ssl + +[4-renegotiate-client-auth-require-ssl] +server = 4-renegotiate-client-auth-require-server +client = 4-renegotiate-client-auth-require-client + +[4-renegotiate-client-auth-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[4-renegotiate-client-auth-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success +HandshakeMode = RenegotiateServer +Method = TLS +ResumptionExpected = No + + +# =========================================================== + +[5-renegotiate-client-auth-once] +ssl_conf = 5-renegotiate-client-auth-once-ssl + +[5-renegotiate-client-auth-once-ssl] +server = 5-renegotiate-client-auth-once-server +client = 5-renegotiate-client-auth-once-client + +[5-renegotiate-client-auth-once-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Once + +[5-renegotiate-client-auth-once-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = Success +HandshakeMode = RenegotiateServer +Method = TLS +ResumptionExpected = No + + +# =========================================================== + +[6-renegotiate-aead-to-non-aead] +ssl_conf = 6-renegotiate-aead-to-non-aead-ssl + +[6-renegotiate-aead-to-non-aead-ssl] +server = 6-renegotiate-aead-to-non-aead-server +client = 6-renegotiate-aead-to-non-aead-client + +[6-renegotiate-aead-to-non-aead-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-renegotiate-aead-to-non-aead-client] +CipherString = AES128-GCM-SHA256 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = TLS +ResumptionExpected = No +client = 6-renegotiate-aead-to-non-aead-client-extra + +[6-renegotiate-aead-to-non-aead-client-extra] +RenegotiateCiphers = AES128-SHA + + +# =========================================================== + +[7-renegotiate-non-aead-to-aead] +ssl_conf = 7-renegotiate-non-aead-to-aead-ssl + +[7-renegotiate-non-aead-to-aead-ssl] +server = 7-renegotiate-non-aead-to-aead-server +client = 7-renegotiate-non-aead-to-aead-client + +[7-renegotiate-non-aead-to-aead-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-renegotiate-non-aead-to-aead-client] +CipherString = AES128-SHA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = TLS +ResumptionExpected = No +client = 7-renegotiate-non-aead-to-aead-client-extra + +[7-renegotiate-non-aead-to-aead-client-extra] +RenegotiateCiphers = AES128-GCM-SHA256 + + +# =========================================================== + +[8-renegotiate-non-aead-to-non-aead] +ssl_conf = 8-renegotiate-non-aead-to-non-aead-ssl + +[8-renegotiate-non-aead-to-non-aead-ssl] +server = 8-renegotiate-non-aead-to-non-aead-server +client = 8-renegotiate-non-aead-to-non-aead-client + +[8-renegotiate-non-aead-to-non-aead-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-renegotiate-non-aead-to-non-aead-client] +CipherString = AES128-SHA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = TLS +ResumptionExpected = No +client = 8-renegotiate-non-aead-to-non-aead-client-extra + +[8-renegotiate-non-aead-to-non-aead-client-extra] +RenegotiateCiphers = AES256-SHA + + +# =========================================================== + +[9-renegotiate-aead-to-aead] +ssl_conf = 9-renegotiate-aead-to-aead-ssl + +[9-renegotiate-aead-to-aead-ssl] +server = 9-renegotiate-aead-to-aead-server +client = 9-renegotiate-aead-to-aead-client + +[9-renegotiate-aead-to-aead-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-renegotiate-aead-to-aead-client] +CipherString = AES128-GCM-SHA256 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = TLS +ResumptionExpected = No +client = 9-renegotiate-aead-to-aead-client-extra + +[9-renegotiate-aead-to-aead-client-extra] +RenegotiateCiphers = AES256-GCM-SHA384 + + +# =========================================================== + +[10-no-renegotiation-server-by-client] +ssl_conf = 10-no-renegotiation-server-by-client-ssl + +[10-no-renegotiation-server-by-client-ssl] +server = 10-no-renegotiation-server-by-client-server +client = 10-no-renegotiation-server-by-client-client + +[10-no-renegotiation-server-by-client-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = NoRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-no-renegotiation-server-by-client-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedResult = ClientFail +HandshakeMode = RenegotiateClient +Method = TLS +ResumptionExpected = No + + +# =========================================================== + +[11-no-renegotiation-server-by-server] +ssl_conf = 11-no-renegotiation-server-by-server-ssl + +[11-no-renegotiation-server-by-server-ssl] +server = 11-no-renegotiation-server-by-server-server +client = 11-no-renegotiation-server-by-server-client + +[11-no-renegotiation-server-by-server-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = NoRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-no-renegotiation-server-by-server-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedResult = ServerFail +HandshakeMode = RenegotiateServer +Method = TLS +ResumptionExpected = No + + +# =========================================================== + +[12-no-renegotiation-client-by-server] +ssl_conf = 12-no-renegotiation-client-by-server-ssl + +[12-no-renegotiation-client-by-server-ssl] +server = 12-no-renegotiation-client-by-server-server +client = 12-no-renegotiation-client-by-server-client + +[12-no-renegotiation-client-by-server-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-no-renegotiation-client-by-server-client] +CipherString = DEFAULT +Options = NoRenegotiation +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedResult = ServerFail +HandshakeMode = RenegotiateServer +Method = TLS +ResumptionExpected = No + + +# =========================================================== + +[13-no-renegotiation-client-by-client] +ssl_conf = 13-no-renegotiation-client-by-client-ssl + +[13-no-renegotiation-client-by-client-ssl] +server = 13-no-renegotiation-client-by-client-server +client = 13-no-renegotiation-client-by-client-client + +[13-no-renegotiation-client-by-client-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-no-renegotiation-client-by-client-client] +CipherString = DEFAULT +Options = NoRenegotiation +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedResult = ClientFail +HandshakeMode = RenegotiateClient +Method = TLS +ResumptionExpected = No + + diff --git a/test/ssl-tests/17-renegotiate.cnf.in b/test/ssl-tests/17-renegotiate.cnf.in new file mode 100644 index 0000000000..636f9fb081 --- /dev/null +++ b/test/ssl-tests/17-renegotiate.cnf.in @@ -0,0 +1,249 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test Renegotiation + +use strict; +use warnings; + +package ssltests; +use OpenSSL::Test::Utils; + +our @tests = ( + { + name => "renegotiate-client-no-resume", + server => { + "Options" => "NoResumptionOnRenegotiation", + "MaxProtocol" => "TLSv1.2" + }, + client => {}, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-client-resume", + server => { + "MaxProtocol" => "TLSv1.2" + }, + client => {}, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "Yes", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-server-no-resume", + server => { + "Options" => "NoResumptionOnRenegotiation", + "MaxProtocol" => "TLSv1.2" + }, + client => {}, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-server-resume", + server => { + "MaxProtocol" => "TLSv1.2" + }, + client => {}, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "Yes", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-client-auth-require", + server => { + "Options" => "NoResumptionOnRenegotiation", + "MaxProtocol" => "TLSv1.2", + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require", + }, + client => { + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-client-auth-once", + server => { + "Options" => "NoResumptionOnRenegotiation", + "MaxProtocol" => "TLSv1.2", + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Once", + }, + client => { + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + } +); +our @tests_tls1_2 = ( + { + name => "renegotiate-aead-to-non-aead", + server => { + "Options" => "NoResumptionOnRenegotiation", + }, + client => { + "CipherString" => "AES128-GCM-SHA256", + "MaxProtocol" => "TLSv1.2", + extra => { + "RenegotiateCiphers" => "AES128-SHA" + } + }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-non-aead-to-aead", + server => { + "Options" => "NoResumptionOnRenegotiation", + }, + client => { + "CipherString" => "AES128-SHA", + "MaxProtocol" => "TLSv1.2", + extra => { + "RenegotiateCiphers" => "AES128-GCM-SHA256" + } + }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-non-aead-to-non-aead", + server => { + "Options" => "NoResumptionOnRenegotiation", + }, + client => { + "CipherString" => "AES128-SHA", + "MaxProtocol" => "TLSv1.2", + extra => { + "RenegotiateCiphers" => "AES256-SHA" + } + }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-aead-to-aead", + server => { + "Options" => "NoResumptionOnRenegotiation", + }, + client => { + "CipherString" => "AES128-GCM-SHA256", + "MaxProtocol" => "TLSv1.2", + extra => { + "RenegotiateCiphers" => "AES256-GCM-SHA384" + } + }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "no-renegotiation-server-by-client", + server => { + "Options" => "NoRenegotiation", + "MaxProtocol" => "TLSv1.2" + }, + client => { }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "ClientFail" + } + }, + { + name => "no-renegotiation-server-by-server", + server => { + "Options" => "NoRenegotiation", + "MaxProtocol" => "TLSv1.2" + }, + client => { }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "ServerFail" + } + }, + { + name => "no-renegotiation-client-by-server", + server => { + "MaxProtocol" => "TLSv1.2" + }, + client => { + "Options" => "NoRenegotiation", + }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "ServerFail" + } + }, + { + name => "no-renegotiation-client-by-client", + server => { + "MaxProtocol" => "TLSv1.2" + }, + client => { + "Options" => "NoRenegotiation", + }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "ClientFail" + } + } +); + +push @tests, @tests_tls1_2 unless disabled("tls1_2"); diff --git a/test/ssl-tests/17-renegotiate.conf b/test/ssl-tests/17-renegotiate.conf deleted file mode 100644 index 12cf791310..0000000000 --- a/test/ssl-tests/17-renegotiate.conf +++ /dev/null @@ -1,432 +0,0 @@ -# Generated with generate_ssl_tests.pl - -num_tests = 14 - -test-0 = 0-renegotiate-client-no-resume -test-1 = 1-renegotiate-client-resume -test-2 = 2-renegotiate-server-no-resume -test-3 = 3-renegotiate-server-resume -test-4 = 4-renegotiate-client-auth-require -test-5 = 5-renegotiate-client-auth-once -test-6 = 6-renegotiate-aead-to-non-aead -test-7 = 7-renegotiate-non-aead-to-aead -test-8 = 8-renegotiate-non-aead-to-non-aead -test-9 = 9-renegotiate-aead-to-aead -test-10 = 10-no-renegotiation-server-by-client -test-11 = 11-no-renegotiation-server-by-server -test-12 = 12-no-renegotiation-client-by-server -test-13 = 13-no-renegotiation-client-by-client -# =========================================================== - -[0-renegotiate-client-no-resume] -ssl_conf = 0-renegotiate-client-no-resume-ssl - -[0-renegotiate-client-no-resume-ssl] -server = 0-renegotiate-client-no-resume-server -client = 0-renegotiate-client-no-resume-client - -[0-renegotiate-client-no-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -Options = NoResumptionOnRenegotiation -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[0-renegotiate-client-no-resume-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-0] -ExpectedResult = Success -HandshakeMode = RenegotiateClient -Method = TLS -ResumptionExpected = No - - -# =========================================================== - -[1-renegotiate-client-resume] -ssl_conf = 1-renegotiate-client-resume-ssl - -[1-renegotiate-client-resume-ssl] -server = 1-renegotiate-client-resume-server -client = 1-renegotiate-client-resume-client - -[1-renegotiate-client-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[1-renegotiate-client-resume-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-1] -ExpectedResult = Success -HandshakeMode = RenegotiateClient -Method = TLS -ResumptionExpected = Yes - - -# =========================================================== - -[2-renegotiate-server-no-resume] -ssl_conf = 2-renegotiate-server-no-resume-ssl - -[2-renegotiate-server-no-resume-ssl] -server = 2-renegotiate-server-no-resume-server -client = 2-renegotiate-server-no-resume-client - -[2-renegotiate-server-no-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -Options = NoResumptionOnRenegotiation -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[2-renegotiate-server-no-resume-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-2] -ExpectedResult = Success -HandshakeMode = RenegotiateServer -Method = TLS -ResumptionExpected = No - - -# =========================================================== - -[3-renegotiate-server-resume] -ssl_conf = 3-renegotiate-server-resume-ssl - -[3-renegotiate-server-resume-ssl] -server = 3-renegotiate-server-resume-server -client = 3-renegotiate-server-resume-client - -[3-renegotiate-server-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[3-renegotiate-server-resume-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-3] -ExpectedResult = Success -HandshakeMode = RenegotiateServer -Method = TLS -ResumptionExpected = Yes - - -# =========================================================== - -[4-renegotiate-client-auth-require] -ssl_conf = 4-renegotiate-client-auth-require-ssl - -[4-renegotiate-client-auth-require-ssl] -server = 4-renegotiate-client-auth-require-server -client = 4-renegotiate-client-auth-require-client - -[4-renegotiate-client-auth-require-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -Options = NoResumptionOnRenegotiation -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyMode = Require - -[4-renegotiate-client-auth-require-client] -Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-4] -ExpectedResult = Success -HandshakeMode = RenegotiateServer -Method = TLS -ResumptionExpected = No - - -# =========================================================== - -[5-renegotiate-client-auth-once] -ssl_conf = 5-renegotiate-client-auth-once-ssl - -[5-renegotiate-client-auth-once-ssl] -server = 5-renegotiate-client-auth-once-server -client = 5-renegotiate-client-auth-once-client - -[5-renegotiate-client-auth-once-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -Options = NoResumptionOnRenegotiation -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyMode = Once - -[5-renegotiate-client-auth-once-client] -Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-5] -ExpectedResult = Success -HandshakeMode = RenegotiateServer -Method = TLS -ResumptionExpected = No - - -# =========================================================== - -[6-renegotiate-aead-to-non-aead] -ssl_conf = 6-renegotiate-aead-to-non-aead-ssl - -[6-renegotiate-aead-to-non-aead-ssl] -server = 6-renegotiate-aead-to-non-aead-server -client = 6-renegotiate-aead-to-non-aead-client - -[6-renegotiate-aead-to-non-aead-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = NoResumptionOnRenegotiation -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[6-renegotiate-aead-to-non-aead-client] -CipherString = AES128-GCM-SHA256 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-6] -ExpectedResult = Success -HandshakeMode = RenegotiateClient -Method = TLS -ResumptionExpected = No -client = 6-renegotiate-aead-to-non-aead-client-extra - -[6-renegotiate-aead-to-non-aead-client-extra] -RenegotiateCiphers = AES128-SHA - - -# =========================================================== - -[7-renegotiate-non-aead-to-aead] -ssl_conf = 7-renegotiate-non-aead-to-aead-ssl - -[7-renegotiate-non-aead-to-aead-ssl] -server = 7-renegotiate-non-aead-to-aead-server -client = 7-renegotiate-non-aead-to-aead-client - -[7-renegotiate-non-aead-to-aead-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = NoResumptionOnRenegotiation -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[7-renegotiate-non-aead-to-aead-client] -CipherString = AES128-SHA -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-7] -ExpectedResult = Success -HandshakeMode = RenegotiateClient -Method = TLS -ResumptionExpected = No -client = 7-renegotiate-non-aead-to-aead-client-extra - -[7-renegotiate-non-aead-to-aead-client-extra] -RenegotiateCiphers = AES128-GCM-SHA256 - - -# =========================================================== - -[8-renegotiate-non-aead-to-non-aead] -ssl_conf = 8-renegotiate-non-aead-to-non-aead-ssl - -[8-renegotiate-non-aead-to-non-aead-ssl] -server = 8-renegotiate-non-aead-to-non-aead-server -client = 8-renegotiate-non-aead-to-non-aead-client - -[8-renegotiate-non-aead-to-non-aead-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = NoResumptionOnRenegotiation -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[8-renegotiate-non-aead-to-non-aead-client] -CipherString = AES128-SHA -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-8] -ExpectedResult = Success -HandshakeMode = RenegotiateClient -Method = TLS -ResumptionExpected = No -client = 8-renegotiate-non-aead-to-non-aead-client-extra - -[8-renegotiate-non-aead-to-non-aead-client-extra] -RenegotiateCiphers = AES256-SHA - - -# =========================================================== - -[9-renegotiate-aead-to-aead] -ssl_conf = 9-renegotiate-aead-to-aead-ssl - -[9-renegotiate-aead-to-aead-ssl] -server = 9-renegotiate-aead-to-aead-server -client = 9-renegotiate-aead-to-aead-client - -[9-renegotiate-aead-to-aead-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = NoResumptionOnRenegotiation -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[9-renegotiate-aead-to-aead-client] -CipherString = AES128-GCM-SHA256 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-9] -ExpectedResult = Success -HandshakeMode = RenegotiateClient -Method = TLS -ResumptionExpected = No -client = 9-renegotiate-aead-to-aead-client-extra - -[9-renegotiate-aead-to-aead-client-extra] -RenegotiateCiphers = AES256-GCM-SHA384 - - -# =========================================================== - -[10-no-renegotiation-server-by-client] -ssl_conf = 10-no-renegotiation-server-by-client-ssl - -[10-no-renegotiation-server-by-client-ssl] -server = 10-no-renegotiation-server-by-client-server -client = 10-no-renegotiation-server-by-client-client - -[10-no-renegotiation-server-by-client-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -Options = NoRenegotiation -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[10-no-renegotiation-server-by-client-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-10] -ExpectedResult = ClientFail -HandshakeMode = RenegotiateClient -Method = TLS -ResumptionExpected = No - - -# =========================================================== - -[11-no-renegotiation-server-by-server] -ssl_conf = 11-no-renegotiation-server-by-server-ssl - -[11-no-renegotiation-server-by-server-ssl] -server = 11-no-renegotiation-server-by-server-server -client = 11-no-renegotiation-server-by-server-client - -[11-no-renegotiation-server-by-server-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -Options = NoRenegotiation -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[11-no-renegotiation-server-by-server-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-11] -ExpectedResult = ServerFail -HandshakeMode = RenegotiateServer -Method = TLS -ResumptionExpected = No - - -# =========================================================== - -[12-no-renegotiation-client-by-server] -ssl_conf = 12-no-renegotiation-client-by-server-ssl - -[12-no-renegotiation-client-by-server-ssl] -server = 12-no-renegotiation-client-by-server-server -client = 12-no-renegotiation-client-by-server-client - -[12-no-renegotiation-client-by-server-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[12-no-renegotiation-client-by-server-client] -CipherString = DEFAULT -Options = NoRenegotiation -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-12] -ExpectedResult = ServerFail -HandshakeMode = RenegotiateServer -Method = TLS -ResumptionExpected = No - - -# =========================================================== - -[13-no-renegotiation-client-by-client] -ssl_conf = 13-no-renegotiation-client-by-client-ssl - -[13-no-renegotiation-client-by-client-ssl] -server = 13-no-renegotiation-client-by-client-server -client = 13-no-renegotiation-client-by-client-client - -[13-no-renegotiation-client-by-client-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[13-no-renegotiation-client-by-client-client] -CipherString = DEFAULT -Options = NoRenegotiation -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-13] -ExpectedResult = ClientFail -HandshakeMode = RenegotiateClient -Method = TLS -ResumptionExpected = No - - diff --git a/test/ssl-tests/17-renegotiate.conf.in b/test/ssl-tests/17-renegotiate.conf.in deleted file mode 100644 index 636f9fb081..0000000000 --- a/test/ssl-tests/17-renegotiate.conf.in +++ /dev/null @@ -1,249 +0,0 @@ -# -*- mode: perl; -*- -# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -## Test Renegotiation - -use strict; -use warnings; - -package ssltests; -use OpenSSL::Test::Utils; - -our @tests = ( - { - name => "renegotiate-client-no-resume", - server => { - "Options" => "NoResumptionOnRenegotiation", - "MaxProtocol" => "TLSv1.2" - }, - client => {}, - test => { - "Method" => "TLS", - "HandshakeMode" => "RenegotiateClient", - "ResumptionExpected" => "No", - "ExpectedResult" => "Success" - } - }, - { - name => "renegotiate-client-resume", - server => { - "MaxProtocol" => "TLSv1.2" - }, - client => {}, - test => { - "Method" => "TLS", - "HandshakeMode" => "RenegotiateClient", - "ResumptionExpected" => "Yes", - "ExpectedResult" => "Success" - } - }, - { - name => "renegotiate-server-no-resume", - server => { - "Options" => "NoResumptionOnRenegotiation", - "MaxProtocol" => "TLSv1.2" - }, - client => {}, - test => { - "Method" => "TLS", - "HandshakeMode" => "RenegotiateServer", - "ResumptionExpected" => "No", - "ExpectedResult" => "Success" - } - }, - { - name => "renegotiate-server-resume", - server => { - "MaxProtocol" => "TLSv1.2" - }, - client => {}, - test => { - "Method" => "TLS", - "HandshakeMode" => "RenegotiateServer", - "ResumptionExpected" => "Yes", - "ExpectedResult" => "Success" - } - }, - { - name => "renegotiate-client-auth-require", - server => { - "Options" => "NoResumptionOnRenegotiation", - "MaxProtocol" => "TLSv1.2", - "VerifyCAFile" => test_pem("root-cert.pem"), - "VerifyMode" => "Require", - }, - client => { - "Certificate" => test_pem("ee-client-chain.pem"), - "PrivateKey" => test_pem("ee-key.pem"), - }, - test => { - "Method" => "TLS", - "HandshakeMode" => "RenegotiateServer", - "ResumptionExpected" => "No", - "ExpectedResult" => "Success" - } - }, - { - name => "renegotiate-client-auth-once", - server => { - "Options" => "NoResumptionOnRenegotiation", - "MaxProtocol" => "TLSv1.2", - "VerifyCAFile" => test_pem("root-cert.pem"), - "VerifyMode" => "Once", - }, - client => { - "Certificate" => test_pem("ee-client-chain.pem"), - "PrivateKey" => test_pem("ee-key.pem"), - }, - test => { - "Method" => "TLS", - "HandshakeMode" => "RenegotiateServer", - "ResumptionExpected" => "No", - "ExpectedResult" => "Success" - } - } -); -our @tests_tls1_2 = ( - { - name => "renegotiate-aead-to-non-aead", - server => { - "Options" => "NoResumptionOnRenegotiation", - }, - client => { - "CipherString" => "AES128-GCM-SHA256", - "MaxProtocol" => "TLSv1.2", - extra => { - "RenegotiateCiphers" => "AES128-SHA" - } - }, - test => { - "Method" => "TLS", - "HandshakeMode" => "RenegotiateClient", - "ResumptionExpected" => "No", - "ExpectedResult" => "Success" - } - }, - { - name => "renegotiate-non-aead-to-aead", - server => { - "Options" => "NoResumptionOnRenegotiation", - }, - client => { - "CipherString" => "AES128-SHA", - "MaxProtocol" => "TLSv1.2", - extra => { - "RenegotiateCiphers" => "AES128-GCM-SHA256" - } - }, - test => { - "Method" => "TLS", - "HandshakeMode" => "RenegotiateClient", - "ResumptionExpected" => "No", - "ExpectedResult" => "Success" - } - }, - { - name => "renegotiate-non-aead-to-non-aead", - server => { - "Options" => "NoResumptionOnRenegotiation", - }, - client => { - "CipherString" => "AES128-SHA", - "MaxProtocol" => "TLSv1.2", - extra => { - "RenegotiateCiphers" => "AES256-SHA" - } - }, - test => { - "Method" => "TLS", - "HandshakeMode" => "RenegotiateClient", - "ResumptionExpected" => "No", - "ExpectedResult" => "Success" - } - }, - { - name => "renegotiate-aead-to-aead", - server => { - "Options" => "NoResumptionOnRenegotiation", - }, - client => { - "CipherString" => "AES128-GCM-SHA256", - "MaxProtocol" => "TLSv1.2", - extra => { - "RenegotiateCiphers" => "AES256-GCM-SHA384" - } - }, - test => { - "Method" => "TLS", - "HandshakeMode" => "RenegotiateClient", - "ResumptionExpected" => "No", - "ExpectedResult" => "Success" - } - }, - { - name => "no-renegotiation-server-by-client", - server => { - "Options" => "NoRenegotiation", - "MaxProtocol" => "TLSv1.2" - }, - client => { }, - test => { - "Method" => "TLS", - "HandshakeMode" => "RenegotiateClient", - "ResumptionExpected" => "No", - "ExpectedResult" => "ClientFail" - } - }, - { - name => "no-renegotiation-server-by-server", - server => { - "Options" => "NoRenegotiation", - "MaxProtocol" => "TLSv1.2" - }, - client => { }, - test => { - "Method" => "TLS", - "HandshakeMode" => "RenegotiateServer", - "ResumptionExpected" => "No", - "ExpectedResult" => "ServerFail" - } - }, - { - name => "no-renegotiation-client-by-server", - server => { - "MaxProtocol" => "TLSv1.2" - }, - client => { - "Options" => "NoRenegotiation", - }, - test => { - "Method" => "TLS", - "HandshakeMode" => "RenegotiateServer", - "ResumptionExpected" => "No", - "ExpectedResult" => "ServerFail" - } - }, - { - name => "no-renegotiation-client-by-client", - server => { - "MaxProtocol" => "TLSv1.2" - }, - client => { - "Options" => "NoRenegotiation", - }, - test => { - "Method" => "TLS", - "HandshakeMode" => "RenegotiateClient", - "ResumptionExpected" => "No", - "ExpectedResult" => "ClientFail" - } - } -); - -push @tests, @tests_tls1_2 unless disabled("tls1_2"); diff --git a/test/ssl-tests/18-dtls-renegotiate.cnf b/test/ssl-tests/18-dtls-renegotiate.cnf new file mode 100644 index 0000000000..9204dd2c5d --- /dev/null +++ b/test/ssl-tests/18-dtls-renegotiate.cnf @@ -0,0 +1,285 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 9 + +test-0 = 0-renegotiate-client-no-resume +test-1 = 1-renegotiate-client-resume +test-2 = 2-renegotiate-server-resume +test-3 = 3-renegotiate-client-auth-require +test-4 = 4-renegotiate-client-auth-once +test-5 = 5-renegotiate-aead-to-non-aead +test-6 = 6-renegotiate-non-aead-to-aead +test-7 = 7-renegotiate-non-aead-to-non-aead +test-8 = 8-renegotiate-aead-to-aead +# =========================================================== + +[0-renegotiate-client-no-resume] +ssl_conf = 0-renegotiate-client-no-resume-ssl + +[0-renegotiate-client-no-resume-ssl] +server = 0-renegotiate-client-no-resume-server +client = 0-renegotiate-client-no-resume-client + +[0-renegotiate-client-no-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-renegotiate-client-no-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = DTLS +ResumptionExpected = No +UseSCTP = No + + +# =========================================================== + +[1-renegotiate-client-resume] +ssl_conf = 1-renegotiate-client-resume-ssl + +[1-renegotiate-client-resume-ssl] +server = 1-renegotiate-client-resume-server +client = 1-renegotiate-client-resume-client + +[1-renegotiate-client-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-renegotiate-client-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = DTLS +ResumptionExpected = Yes +UseSCTP = No + + +# =========================================================== + +[2-renegotiate-server-resume] +ssl_conf = 2-renegotiate-server-resume-ssl + +[2-renegotiate-server-resume-ssl] +server = 2-renegotiate-server-resume-server +client = 2-renegotiate-server-resume-client + +[2-renegotiate-server-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-renegotiate-server-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success +HandshakeMode = RenegotiateServer +Method = DTLS +ResumptionExpected = No +UseSCTP = No + + +# =========================================================== + +[3-renegotiate-client-auth-require] +ssl_conf = 3-renegotiate-client-auth-require-ssl + +[3-renegotiate-client-auth-require-ssl] +server = 3-renegotiate-client-auth-require-server +client = 3-renegotiate-client-auth-require-client + +[3-renegotiate-client-auth-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[3-renegotiate-client-auth-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +HandshakeMode = RenegotiateServer +Method = DTLS +ResumptionExpected = No +UseSCTP = No + + +# =========================================================== + +[4-renegotiate-client-auth-once] +ssl_conf = 4-renegotiate-client-auth-once-ssl + +[4-renegotiate-client-auth-once-ssl] +server = 4-renegotiate-client-auth-once-server +client = 4-renegotiate-client-auth-once-client + +[4-renegotiate-client-auth-once-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Once + +[4-renegotiate-client-auth-once-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success +HandshakeMode = RenegotiateServer +Method = DTLS +ResumptionExpected = No +UseSCTP = No + + +# =========================================================== + +[5-renegotiate-aead-to-non-aead] +ssl_conf = 5-renegotiate-aead-to-non-aead-ssl + +[5-renegotiate-aead-to-non-aead-ssl] +server = 5-renegotiate-aead-to-non-aead-server +client = 5-renegotiate-aead-to-non-aead-client + +[5-renegotiate-aead-to-non-aead-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-renegotiate-aead-to-non-aead-client] +CipherString = AES128-GCM-SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = DTLS +ResumptionExpected = No +UseSCTP = No +client = 5-renegotiate-aead-to-non-aead-client-extra + +[5-renegotiate-aead-to-non-aead-client-extra] +RenegotiateCiphers = AES128-SHA + + +# =========================================================== + +[6-renegotiate-non-aead-to-aead] +ssl_conf = 6-renegotiate-non-aead-to-aead-ssl + +[6-renegotiate-non-aead-to-aead-ssl] +server = 6-renegotiate-non-aead-to-aead-server +client = 6-renegotiate-non-aead-to-aead-client + +[6-renegotiate-non-aead-to-aead-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-renegotiate-non-aead-to-aead-client] +CipherString = AES128-SHA +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = DTLS +ResumptionExpected = No +UseSCTP = No +client = 6-renegotiate-non-aead-to-aead-client-extra + +[6-renegotiate-non-aead-to-aead-client-extra] +RenegotiateCiphers = AES128-GCM-SHA256 + + +# =========================================================== + +[7-renegotiate-non-aead-to-non-aead] +ssl_conf = 7-renegotiate-non-aead-to-non-aead-ssl + +[7-renegotiate-non-aead-to-non-aead-ssl] +server = 7-renegotiate-non-aead-to-non-aead-server +client = 7-renegotiate-non-aead-to-non-aead-client + +[7-renegotiate-non-aead-to-non-aead-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-renegotiate-non-aead-to-non-aead-client] +CipherString = AES128-SHA +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = DTLS +ResumptionExpected = No +UseSCTP = No +client = 7-renegotiate-non-aead-to-non-aead-client-extra + +[7-renegotiate-non-aead-to-non-aead-client-extra] +RenegotiateCiphers = AES256-SHA + + +# =========================================================== + +[8-renegotiate-aead-to-aead] +ssl_conf = 8-renegotiate-aead-to-aead-ssl + +[8-renegotiate-aead-to-aead-ssl] +server = 8-renegotiate-aead-to-aead-server +client = 8-renegotiate-aead-to-aead-client + +[8-renegotiate-aead-to-aead-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-renegotiate-aead-to-aead-client] +CipherString = AES128-GCM-SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = DTLS +ResumptionExpected = No +UseSCTP = No +client = 8-renegotiate-aead-to-aead-client-extra + +[8-renegotiate-aead-to-aead-client-extra] +RenegotiateCiphers = AES256-GCM-SHA384 + + diff --git a/test/ssl-tests/18-dtls-renegotiate.cnf.in b/test/ssl-tests/18-dtls-renegotiate.cnf.in new file mode 100644 index 0000000000..56623b4317 --- /dev/null +++ b/test/ssl-tests/18-dtls-renegotiate.cnf.in @@ -0,0 +1,192 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test Renegotiation + +use strict; +use warnings; + +package ssltests; +use OpenSSL::Test::Utils; + +our @tests = (); + +foreach my $sctp ("No", "Yes") +{ + next if disabled("sctp") && $sctp eq "Yes"; + + my $suffix = ($sctp eq "No") ? "" : "-sctp"; + our @tests_basic = ( + { + name => "renegotiate-client-no-resume".$suffix, + server => { + "Options" => "NoResumptionOnRenegotiation" + }, + client => {}, + test => { + "Method" => "DTLS", + "UseSCTP" => $sctp, + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-client-resume".$suffix, + server => {}, + client => {}, + test => { + "Method" => "DTLS", + "UseSCTP" => $sctp, + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "Yes", + "ExpectedResult" => "Success" + } + }, + # Note: Unlike the TLS tests, we will never do resumption with server + # initiated reneg. This is because an OpenSSL DTLS client will always do a full + # handshake (i.e. it doesn't supply a session id) when it receives a + # HelloRequest. This is different to the OpenSSL TLS implementation where an + # OpenSSL client will always try an abbreviated handshake (i.e. it will supply + # the session id). This goes all the way to commit 48ae85b6f when abbreviated + # handshake support was first added. Neither behaviour is wrong, but the + # discrepancy is strange. TODO: Should we harmonise the TLS and DTLS behaviour, + # and if so, what to? + { + name => "renegotiate-server-resume".$suffix, + server => {}, + client => {}, + test => { + "Method" => "DTLS", + "UseSCTP" => $sctp, + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-client-auth-require".$suffix, + server => { + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require", + }, + client => { + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "Method" => "DTLS", + "UseSCTP" => $sctp, + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-client-auth-once".$suffix, + server => { + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Once", + }, + client => { + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "Method" => "DTLS", + "UseSCTP" => $sctp, + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + } + ); + push @tests, @tests_basic; + + next if disabled("dtls1_2"); + our @tests_dtls1_2 = ( + { + name => "renegotiate-aead-to-non-aead".$suffix, + server => { + "Options" => "NoResumptionOnRenegotiation" + }, + client => { + "CipherString" => "AES128-GCM-SHA256", + extra => { + "RenegotiateCiphers" => "AES128-SHA" + } + }, + test => { + "Method" => "DTLS", + "UseSCTP" => $sctp, + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-non-aead-to-aead".$suffix, + server => { + "Options" => "NoResumptionOnRenegotiation" + }, + client => { + "CipherString" => "AES128-SHA", + extra => { + "RenegotiateCiphers" => "AES128-GCM-SHA256" + } + }, + test => { + "Method" => "DTLS", + "UseSCTP" => $sctp, + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-non-aead-to-non-aead".$suffix, + server => { + "Options" => "NoResumptionOnRenegotiation" + }, + client => { + "CipherString" => "AES128-SHA", + extra => { + "RenegotiateCiphers" => "AES256-SHA" + } + }, + test => { + "Method" => "DTLS", + "UseSCTP" => $sctp, + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-aead-to-aead".$suffix, + server => { + "Options" => "NoResumptionOnRenegotiation" + }, + client => { + "CipherString" => "AES128-GCM-SHA256", + extra => { + "RenegotiateCiphers" => "AES256-GCM-SHA384" + } + }, + test => { + "Method" => "DTLS", + "UseSCTP" => $sctp, + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + ); + push @tests, @tests_dtls1_2; +} diff --git a/test/ssl-tests/18-dtls-renegotiate.conf b/test/ssl-tests/18-dtls-renegotiate.conf deleted file mode 100644 index 9204dd2c5d..0000000000 --- a/test/ssl-tests/18-dtls-renegotiate.conf +++ /dev/null @@ -1,285 +0,0 @@ -# Generated with generate_ssl_tests.pl - -num_tests = 9 - -test-0 = 0-renegotiate-client-no-resume -test-1 = 1-renegotiate-client-resume -test-2 = 2-renegotiate-server-resume -test-3 = 3-renegotiate-client-auth-require -test-4 = 4-renegotiate-client-auth-once -test-5 = 5-renegotiate-aead-to-non-aead -test-6 = 6-renegotiate-non-aead-to-aead -test-7 = 7-renegotiate-non-aead-to-non-aead -test-8 = 8-renegotiate-aead-to-aead -# =========================================================== - -[0-renegotiate-client-no-resume] -ssl_conf = 0-renegotiate-client-no-resume-ssl - -[0-renegotiate-client-no-resume-ssl] -server = 0-renegotiate-client-no-resume-server -client = 0-renegotiate-client-no-resume-client - -[0-renegotiate-client-no-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = NoResumptionOnRenegotiation -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[0-renegotiate-client-no-resume-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-0] -ExpectedResult = Success -HandshakeMode = RenegotiateClient -Method = DTLS -ResumptionExpected = No -UseSCTP = No - - -# =========================================================== - -[1-renegotiate-client-resume] -ssl_conf = 1-renegotiate-client-resume-ssl - -[1-renegotiate-client-resume-ssl] -server = 1-renegotiate-client-resume-server -client = 1-renegotiate-client-resume-client - -[1-renegotiate-client-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[1-renegotiate-client-resume-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-1] -ExpectedResult = Success -HandshakeMode = RenegotiateClient -Method = DTLS -ResumptionExpected = Yes -UseSCTP = No - - -# =========================================================== - -[2-renegotiate-server-resume] -ssl_conf = 2-renegotiate-server-resume-ssl - -[2-renegotiate-server-resume-ssl] -server = 2-renegotiate-server-resume-server -client = 2-renegotiate-server-resume-client - -[2-renegotiate-server-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[2-renegotiate-server-resume-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-2] -ExpectedResult = Success -HandshakeMode = RenegotiateServer -Method = DTLS -ResumptionExpected = No -UseSCTP = No - - -# =========================================================== - -[3-renegotiate-client-auth-require] -ssl_conf = 3-renegotiate-client-auth-require-ssl - -[3-renegotiate-client-auth-require-ssl] -server = 3-renegotiate-client-auth-require-server -client = 3-renegotiate-client-auth-require-client - -[3-renegotiate-client-auth-require-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyMode = Require - -[3-renegotiate-client-auth-require-client] -Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-3] -ExpectedResult = Success -HandshakeMode = RenegotiateServer -Method = DTLS -ResumptionExpected = No -UseSCTP = No - - -# =========================================================== - -[4-renegotiate-client-auth-once] -ssl_conf = 4-renegotiate-client-auth-once-ssl - -[4-renegotiate-client-auth-once-ssl] -server = 4-renegotiate-client-auth-once-server -client = 4-renegotiate-client-auth-once-client - -[4-renegotiate-client-auth-once-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyMode = Once - -[4-renegotiate-client-auth-once-client] -Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-4] -ExpectedResult = Success -HandshakeMode = RenegotiateServer -Method = DTLS -ResumptionExpected = No -UseSCTP = No - - -# =========================================================== - -[5-renegotiate-aead-to-non-aead] -ssl_conf = 5-renegotiate-aead-to-non-aead-ssl - -[5-renegotiate-aead-to-non-aead-ssl] -server = 5-renegotiate-aead-to-non-aead-server -client = 5-renegotiate-aead-to-non-aead-client - -[5-renegotiate-aead-to-non-aead-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = NoResumptionOnRenegotiation -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[5-renegotiate-aead-to-non-aead-client] -CipherString = AES128-GCM-SHA256 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-5] -ExpectedResult = Success -HandshakeMode = RenegotiateClient -Method = DTLS -ResumptionExpected = No -UseSCTP = No -client = 5-renegotiate-aead-to-non-aead-client-extra - -[5-renegotiate-aead-to-non-aead-client-extra] -RenegotiateCiphers = AES128-SHA - - -# =========================================================== - -[6-renegotiate-non-aead-to-aead] -ssl_conf = 6-renegotiate-non-aead-to-aead-ssl - -[6-renegotiate-non-aead-to-aead-ssl] -server = 6-renegotiate-non-aead-to-aead-server -client = 6-renegotiate-non-aead-to-aead-client - -[6-renegotiate-non-aead-to-aead-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = NoResumptionOnRenegotiation -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[6-renegotiate-non-aead-to-aead-client] -CipherString = AES128-SHA -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-6] -ExpectedResult = Success -HandshakeMode = RenegotiateClient -Method = DTLS -ResumptionExpected = No -UseSCTP = No -client = 6-renegotiate-non-aead-to-aead-client-extra - -[6-renegotiate-non-aead-to-aead-client-extra] -RenegotiateCiphers = AES128-GCM-SHA256 - - -# =========================================================== - -[7-renegotiate-non-aead-to-non-aead] -ssl_conf = 7-renegotiate-non-aead-to-non-aead-ssl - -[7-renegotiate-non-aead-to-non-aead-ssl] -server = 7-renegotiate-non-aead-to-non-aead-server -client = 7-renegotiate-non-aead-to-non-aead-client - -[7-renegotiate-non-aead-to-non-aead-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = NoResumptionOnRenegotiation -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[7-renegotiate-non-aead-to-non-aead-client] -CipherString = AES128-SHA -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-7] -ExpectedResult = Success -HandshakeMode = RenegotiateClient -Method = DTLS -ResumptionExpected = No -UseSCTP = No -client = 7-renegotiate-non-aead-to-non-aead-client-extra - -[7-renegotiate-non-aead-to-non-aead-client-extra] -RenegotiateCiphers = AES256-SHA - - -# =========================================================== - -[8-renegotiate-aead-to-aead] -ssl_conf = 8-renegotiate-aead-to-aead-ssl - -[8-renegotiate-aead-to-aead-ssl] -server = 8-renegotiate-aead-to-aead-server -client = 8-renegotiate-aead-to-aead-client - -[8-renegotiate-aead-to-aead-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = NoResumptionOnRenegotiation -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[8-renegotiate-aead-to-aead-client] -CipherString = AES128-GCM-SHA256 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-8] -ExpectedResult = Success -HandshakeMode = RenegotiateClient -Method = DTLS -ResumptionExpected = No -UseSCTP = No -client = 8-renegotiate-aead-to-aead-client-extra - -[8-renegotiate-aead-to-aead-client-extra] -RenegotiateCiphers = AES256-GCM-SHA384 - - diff --git a/test/ssl-tests/18-dtls-renegotiate.conf.in b/test/ssl-tests/18-dtls-renegotiate.conf.in deleted file mode 100644 index 56623b4317..0000000000 --- a/test/ssl-tests/18-dtls-renegotiate.conf.in +++ /dev/null @@ -1,192 +0,0 @@ -# -*- mode: perl; -*- -# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -## Test Renegotiation - -use strict; -use warnings; - -package ssltests; -use OpenSSL::Test::Utils; - -our @tests = (); - -foreach my $sctp ("No", "Yes") -{ - next if disabled("sctp") && $sctp eq "Yes"; - - my $suffix = ($sctp eq "No") ? "" : "-sctp"; - our @tests_basic = ( - { - name => "renegotiate-client-no-resume".$suffix, - server => { - "Options" => "NoResumptionOnRenegotiation" - }, - client => {}, - test => { - "Method" => "DTLS", - "UseSCTP" => $sctp, - "HandshakeMode" => "RenegotiateClient", - "ResumptionExpected" => "No", - "ExpectedResult" => "Success" - } - }, - { - name => "renegotiate-client-resume".$suffix, - server => {}, - client => {}, - test => { - "Method" => "DTLS", - "UseSCTP" => $sctp, - "HandshakeMode" => "RenegotiateClient", - "ResumptionExpected" => "Yes", - "ExpectedResult" => "Success" - } - }, - # Note: Unlike the TLS tests, we will never do resumption with server - # initiated reneg. This is because an OpenSSL DTLS client will always do a full - # handshake (i.e. it doesn't supply a session id) when it receives a - # HelloRequest. This is different to the OpenSSL TLS implementation where an - # OpenSSL client will always try an abbreviated handshake (i.e. it will supply - # the session id). This goes all the way to commit 48ae85b6f when abbreviated - # handshake support was first added. Neither behaviour is wrong, but the - # discrepancy is strange. TODO: Should we harmonise the TLS and DTLS behaviour, - # and if so, what to? - { - name => "renegotiate-server-resume".$suffix, - server => {}, - client => {}, - test => { - "Method" => "DTLS", - "UseSCTP" => $sctp, - "HandshakeMode" => "RenegotiateServer", - "ResumptionExpected" => "No", - "ExpectedResult" => "Success" - } - }, - { - name => "renegotiate-client-auth-require".$suffix, - server => { - "VerifyCAFile" => test_pem("root-cert.pem"), - "VerifyMode" => "Require", - }, - client => { - "Certificate" => test_pem("ee-client-chain.pem"), - "PrivateKey" => test_pem("ee-key.pem"), - }, - test => { - "Method" => "DTLS", - "UseSCTP" => $sctp, - "HandshakeMode" => "RenegotiateServer", - "ResumptionExpected" => "No", - "ExpectedResult" => "Success" - } - }, - { - name => "renegotiate-client-auth-once".$suffix, - server => { - "VerifyCAFile" => test_pem("root-cert.pem"), - "VerifyMode" => "Once", - }, - client => { - "Certificate" => test_pem("ee-client-chain.pem"), - "PrivateKey" => test_pem("ee-key.pem"), - }, - test => { - "Method" => "DTLS", - "UseSCTP" => $sctp, - "HandshakeMode" => "RenegotiateServer", - "ResumptionExpected" => "No", - "ExpectedResult" => "Success" - } - } - ); - push @tests, @tests_basic; - - next if disabled("dtls1_2"); - our @tests_dtls1_2 = ( - { - name => "renegotiate-aead-to-non-aead".$suffix, - server => { - "Options" => "NoResumptionOnRenegotiation" - }, - client => { - "CipherString" => "AES128-GCM-SHA256", - extra => { - "RenegotiateCiphers" => "AES128-SHA" - } - }, - test => { - "Method" => "DTLS", - "UseSCTP" => $sctp, - "HandshakeMode" => "RenegotiateClient", - "ResumptionExpected" => "No", - "ExpectedResult" => "Success" - } - }, - { - name => "renegotiate-non-aead-to-aead".$suffix, - server => { - "Options" => "NoResumptionOnRenegotiation" - }, - client => { - "CipherString" => "AES128-SHA", - extra => { - "RenegotiateCiphers" => "AES128-GCM-SHA256" - } - }, - test => { - "Method" => "DTLS", - "UseSCTP" => $sctp, - "HandshakeMode" => "RenegotiateClient", - "ResumptionExpected" => "No", - "ExpectedResult" => "Success" - } - }, - { - name => "renegotiate-non-aead-to-non-aead".$suffix, - server => { - "Options" => "NoResumptionOnRenegotiation" - }, - client => { - "CipherString" => "AES128-SHA", - extra => { - "RenegotiateCiphers" => "AES256-SHA" - } - }, - test => { - "Method" => "DTLS", - "UseSCTP" => $sctp, - "HandshakeMode" => "RenegotiateClient", - "ResumptionExpected" => "No", - "ExpectedResult" => "Success" - } - }, - { - name => "renegotiate-aead-to-aead".$suffix, - server => { - "Options" => "NoResumptionOnRenegotiation" - }, - client => { - "CipherString" => "AES128-GCM-SHA256", - extra => { - "RenegotiateCiphers" => "AES256-GCM-SHA384" - } - }, - test => { - "Method" => "DTLS", - "UseSCTP" => $sctp, - "HandshakeMode" => "RenegotiateClient", - "ResumptionExpected" => "No", - "ExpectedResult" => "Success" - } - }, - ); - push @tests, @tests_dtls1_2; -} diff --git a/test/ssl-tests/19-mac-then-encrypt.cnf b/test/ssl-tests/19-mac-then-encrypt.cnf new file mode 100644 index 0000000000..0dd384ea6c --- /dev/null +++ b/test/ssl-tests/19-mac-then-encrypt.cnf @@ -0,0 +1,162 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 6 + +test-0 = 0-disable-encrypt-then-mac-server-sha +test-1 = 1-disable-encrypt-then-mac-client-sha +test-2 = 2-disable-encrypt-then-mac-both-sha +test-3 = 3-disable-encrypt-then-mac-server-sha2 +test-4 = 4-disable-encrypt-then-mac-client-sha2 +test-5 = 5-disable-encrypt-then-mac-both-sha2 +# =========================================================== + +[0-disable-encrypt-then-mac-server-sha] +ssl_conf = 0-disable-encrypt-then-mac-server-sha-ssl + +[0-disable-encrypt-then-mac-server-sha-ssl] +server = 0-disable-encrypt-then-mac-server-sha-server +client = 0-disable-encrypt-then-mac-server-sha-client + +[0-disable-encrypt-then-mac-server-sha-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -EncryptThenMac +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-disable-encrypt-then-mac-server-sha-client] +CipherString = AES128-SHA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success + + +# =========================================================== + +[1-disable-encrypt-then-mac-client-sha] +ssl_conf = 1-disable-encrypt-then-mac-client-sha-ssl + +[1-disable-encrypt-then-mac-client-sha-ssl] +server = 1-disable-encrypt-then-mac-client-sha-server +client = 1-disable-encrypt-then-mac-client-sha-client + +[1-disable-encrypt-then-mac-client-sha-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-disable-encrypt-then-mac-client-sha-client] +CipherString = AES128-SHA +MaxProtocol = TLSv1.2 +Options = -EncryptThenMac +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success + + +# =========================================================== + +[2-disable-encrypt-then-mac-both-sha] +ssl_conf = 2-disable-encrypt-then-mac-both-sha-ssl + +[2-disable-encrypt-then-mac-both-sha-ssl] +server = 2-disable-encrypt-then-mac-both-sha-server +client = 2-disable-encrypt-then-mac-both-sha-client + +[2-disable-encrypt-then-mac-both-sha-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -EncryptThenMac +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-disable-encrypt-then-mac-both-sha-client] +CipherString = AES128-SHA +MaxProtocol = TLSv1.2 +Options = -EncryptThenMac +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success + + +# =========================================================== + +[3-disable-encrypt-then-mac-server-sha2] +ssl_conf = 3-disable-encrypt-then-mac-server-sha2-ssl + +[3-disable-encrypt-then-mac-server-sha2-ssl] +server = 3-disable-encrypt-then-mac-server-sha2-server +client = 3-disable-encrypt-then-mac-server-sha2-client + +[3-disable-encrypt-then-mac-server-sha2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -EncryptThenMac +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-disable-encrypt-then-mac-server-sha2-client] +CipherString = AES128-SHA256 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success + + +# =========================================================== + +[4-disable-encrypt-then-mac-client-sha2] +ssl_conf = 4-disable-encrypt-then-mac-client-sha2-ssl + +[4-disable-encrypt-then-mac-client-sha2-ssl] +server = 4-disable-encrypt-then-mac-client-sha2-server +client = 4-disable-encrypt-then-mac-client-sha2-client + +[4-disable-encrypt-then-mac-client-sha2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-disable-encrypt-then-mac-client-sha2-client] +CipherString = AES128-SHA256 +MaxProtocol = TLSv1.2 +Options = -EncryptThenMac +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success + + +# =========================================================== + +[5-disable-encrypt-then-mac-both-sha2] +ssl_conf = 5-disable-encrypt-then-mac-both-sha2-ssl + +[5-disable-encrypt-then-mac-both-sha2-ssl] +server = 5-disable-encrypt-then-mac-both-sha2-server +client = 5-disable-encrypt-then-mac-both-sha2-client + +[5-disable-encrypt-then-mac-both-sha2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -EncryptThenMac +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-disable-encrypt-then-mac-both-sha2-client] +CipherString = AES128-SHA256 +MaxProtocol = TLSv1.2 +Options = -EncryptThenMac +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = Success + + diff --git a/test/ssl-tests/19-mac-then-encrypt.cnf.in b/test/ssl-tests/19-mac-then-encrypt.cnf.in new file mode 100644 index 0000000000..968f5ac6c6 --- /dev/null +++ b/test/ssl-tests/19-mac-then-encrypt.cnf.in @@ -0,0 +1,102 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## SSL test configurations + +package ssltests; + +use OpenSSL::Test::Utils; + +our @tests = ( + { + name => "disable-encrypt-then-mac-server-sha", + server => { + "Options" => "-EncryptThenMac", + }, + client => { + "CipherString" => "AES128-SHA", + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "disable-encrypt-then-mac-client-sha", + server => { + }, + client => { + "CipherString" => "AES128-SHA", + "Options" => "-EncryptThenMac", + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "disable-encrypt-then-mac-both-sha", + server => { + "Options" => "-EncryptThenMac", + }, + client => { + "CipherString" => "AES128-SHA", + "Options" => "-EncryptThenMac", + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedResult" => "Success", + }, + }, +); + +my @tests_tls1_2 = ( + { + name => "disable-encrypt-then-mac-server-sha2", + server => { + "Options" => "-EncryptThenMac", + }, + client => { + "CipherString" => "AES128-SHA256", + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "disable-encrypt-then-mac-client-sha2", + server => { + }, + client => { + "CipherString" => "AES128-SHA256", + "Options" => "-EncryptThenMac", + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "disable-encrypt-then-mac-both-sha2", + server => { + "Options" => "-EncryptThenMac", + }, + client => { + "CipherString" => "AES128-SHA256", + "Options" => "-EncryptThenMac", + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedResult" => "Success", + }, + }, +); + +push @tests, @tests_tls1_2 unless disabled("tls1_2"); diff --git a/test/ssl-tests/19-mac-then-encrypt.conf b/test/ssl-tests/19-mac-then-encrypt.conf deleted file mode 100644 index 0dd384ea6c..0000000000 --- a/test/ssl-tests/19-mac-then-encrypt.conf +++ /dev/null @@ -1,162 +0,0 @@ -# Generated with generate_ssl_tests.pl - -num_tests = 6 - -test-0 = 0-disable-encrypt-then-mac-server-sha -test-1 = 1-disable-encrypt-then-mac-client-sha -test-2 = 2-disable-encrypt-then-mac-both-sha -test-3 = 3-disable-encrypt-then-mac-server-sha2 -test-4 = 4-disable-encrypt-then-mac-client-sha2 -test-5 = 5-disable-encrypt-then-mac-both-sha2 -# =========================================================== - -[0-disable-encrypt-then-mac-server-sha] -ssl_conf = 0-disable-encrypt-then-mac-server-sha-ssl - -[0-disable-encrypt-then-mac-server-sha-ssl] -server = 0-disable-encrypt-then-mac-server-sha-server -client = 0-disable-encrypt-then-mac-server-sha-client - -[0-disable-encrypt-then-mac-server-sha-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -EncryptThenMac -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[0-disable-encrypt-then-mac-server-sha-client] -CipherString = AES128-SHA -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-0] -ExpectedResult = Success - - -# =========================================================== - -[1-disable-encrypt-then-mac-client-sha] -ssl_conf = 1-disable-encrypt-then-mac-client-sha-ssl - -[1-disable-encrypt-then-mac-client-sha-ssl] -server = 1-disable-encrypt-then-mac-client-sha-server -client = 1-disable-encrypt-then-mac-client-sha-client - -[1-disable-encrypt-then-mac-client-sha-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[1-disable-encrypt-then-mac-client-sha-client] -CipherString = AES128-SHA -MaxProtocol = TLSv1.2 -Options = -EncryptThenMac -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-1] -ExpectedResult = Success - - -# =========================================================== - -[2-disable-encrypt-then-mac-both-sha] -ssl_conf = 2-disable-encrypt-then-mac-both-sha-ssl - -[2-disable-encrypt-then-mac-both-sha-ssl] -server = 2-disable-encrypt-then-mac-both-sha-server -client = 2-disable-encrypt-then-mac-both-sha-client - -[2-disable-encrypt-then-mac-both-sha-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -EncryptThenMac -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[2-disable-encrypt-then-mac-both-sha-client] -CipherString = AES128-SHA -MaxProtocol = TLSv1.2 -Options = -EncryptThenMac -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-2] -ExpectedResult = Success - - -# =========================================================== - -[3-disable-encrypt-then-mac-server-sha2] -ssl_conf = 3-disable-encrypt-then-mac-server-sha2-ssl - -[3-disable-encrypt-then-mac-server-sha2-ssl] -server = 3-disable-encrypt-then-mac-server-sha2-server -client = 3-disable-encrypt-then-mac-server-sha2-client - -[3-disable-encrypt-then-mac-server-sha2-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -EncryptThenMac -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[3-disable-encrypt-then-mac-server-sha2-client] -CipherString = AES128-SHA256 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-3] -ExpectedResult = Success - - -# =========================================================== - -[4-disable-encrypt-then-mac-client-sha2] -ssl_conf = 4-disable-encrypt-then-mac-client-sha2-ssl - -[4-disable-encrypt-then-mac-client-sha2-ssl] -server = 4-disable-encrypt-then-mac-client-sha2-server -client = 4-disable-encrypt-then-mac-client-sha2-client - -[4-disable-encrypt-then-mac-client-sha2-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[4-disable-encrypt-then-mac-client-sha2-client] -CipherString = AES128-SHA256 -MaxProtocol = TLSv1.2 -Options = -EncryptThenMac -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-4] -ExpectedResult = Success - - -# =========================================================== - -[5-disable-encrypt-then-mac-both-sha2] -ssl_conf = 5-disable-encrypt-then-mac-both-sha2-ssl - -[5-disable-encrypt-then-mac-both-sha2-ssl] -server = 5-disable-encrypt-then-mac-both-sha2-server -client = 5-disable-encrypt-then-mac-both-sha2-client - -[5-disable-encrypt-then-mac-both-sha2-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -EncryptThenMac -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[5-disable-encrypt-then-mac-both-sha2-client] -CipherString = AES128-SHA256 -MaxProtocol = TLSv1.2 -Options = -EncryptThenMac -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-5] -ExpectedResult = Success - - diff --git a/test/ssl-tests/19-mac-then-encrypt.conf.in b/test/ssl-tests/19-mac-then-encrypt.conf.in deleted file mode 100644 index 968f5ac6c6..0000000000 --- a/test/ssl-tests/19-mac-then-encrypt.conf.in +++ /dev/null @@ -1,102 +0,0 @@ -# -*- mode: perl; -*- -# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -## SSL test configurations - -package ssltests; - -use OpenSSL::Test::Utils; - -our @tests = ( - { - name => "disable-encrypt-then-mac-server-sha", - server => { - "Options" => "-EncryptThenMac", - }, - client => { - "CipherString" => "AES128-SHA", - "MaxProtocol" => "TLSv1.2" - }, - test => { - "ExpectedResult" => "Success", - }, - }, - { - name => "disable-encrypt-then-mac-client-sha", - server => { - }, - client => { - "CipherString" => "AES128-SHA", - "Options" => "-EncryptThenMac", - "MaxProtocol" => "TLSv1.2" - }, - test => { - "ExpectedResult" => "Success", - }, - }, - { - name => "disable-encrypt-then-mac-both-sha", - server => { - "Options" => "-EncryptThenMac", - }, - client => { - "CipherString" => "AES128-SHA", - "Options" => "-EncryptThenMac", - "MaxProtocol" => "TLSv1.2" - }, - test => { - "ExpectedResult" => "Success", - }, - }, -); - -my @tests_tls1_2 = ( - { - name => "disable-encrypt-then-mac-server-sha2", - server => { - "Options" => "-EncryptThenMac", - }, - client => { - "CipherString" => "AES128-SHA256", - "MaxProtocol" => "TLSv1.2" - }, - test => { - "ExpectedResult" => "Success", - }, - }, - { - name => "disable-encrypt-then-mac-client-sha2", - server => { - }, - client => { - "CipherString" => "AES128-SHA256", - "Options" => "-EncryptThenMac", - "MaxProtocol" => "TLSv1.2" - }, - test => { - "ExpectedResult" => "Success", - }, - }, - { - name => "disable-encrypt-then-mac-both-sha2", - server => { - "Options" => "-EncryptThenMac", - }, - client => { - "CipherString" => "AES128-SHA256", - "Options" => "-EncryptThenMac", - "MaxProtocol" => "TLSv1.2" - }, - test => { - "ExpectedResult" => "Success", - }, - }, -); - -push @tests, @tests_tls1_2 unless disabled("tls1_2"); diff --git a/test/ssl-tests/20-cert-select.cnf b/test/ssl-tests/20-cert-select.cnf new file mode 100644 index 0000000000..757b973e57 --- /dev/null +++ b/test/ssl-tests/20-cert-select.cnf @@ -0,0 +1,1816 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 56 + +test-0 = 0-ECDSA CipherString Selection +test-1 = 1-ECDSA CipherString Selection +test-2 = 2-ECDSA CipherString Selection +test-3 = 3-Ed25519 CipherString and Signature Algorithm Selection +test-4 = 4-Ed448 CipherString and Signature Algorithm Selection +test-5 = 5-ECDSA with brainpool +test-6 = 6-RSA CipherString Selection +test-7 = 7-RSA-PSS Certificate CipherString Selection +test-8 = 8-P-256 CipherString and Signature Algorithm Selection +test-9 = 9-Ed25519 CipherString and Curves Selection +test-10 = 10-Ed448 CipherString and Curves Selection +test-11 = 11-ECDSA CipherString Selection, no ECDSA certificate +test-12 = 12-ECDSA Signature Algorithm Selection +test-13 = 13-ECDSA Signature Algorithm Selection SHA384 +test-14 = 14-ECDSA Signature Algorithm Selection SHA1 +test-15 = 15-ECDSA Signature Algorithm Selection compressed point +test-16 = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate +test-17 = 17-RSA Signature Algorithm Selection +test-18 = 18-RSA-PSS Signature Algorithm Selection +test-19 = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection +test-20 = 20-RSA-PSS Certificate Unified Signature Algorithm Selection +test-21 = 21-Only RSA-PSS Certificate +test-22 = 22-Only RSA-PSS Certificate Valid Signature Algorithms +test-23 = 23-RSA-PSS Certificate, no PSS signature algorithms +test-24 = 24-Only RSA-PSS Restricted Certificate +test-25 = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms +test-26 = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm +test-27 = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms +test-28 = 28-RSA key exchange with all RSA certificate types +test-29 = 29-RSA key exchange with only RSA-PSS certificate +test-30 = 30-Suite B P-256 Hash Algorithm Selection +test-31 = 31-Suite B P-384 Hash Algorithm Selection +test-32 = 32-TLS 1.2 Ed25519 Client Auth +test-33 = 33-TLS 1.2 Ed448 Client Auth +test-34 = 34-Only RSA-PSS Certificate, TLS v1.1 +test-35 = 35-TLS 1.3 ECDSA Signature Algorithm Selection +test-36 = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point +test-37 = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1 +test-38 = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS +test-39 = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS +test-40 = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate +test-41 = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS +test-42 = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection +test-43 = 43-TLS 1.3 Ed25519 Signature Algorithm Selection +test-44 = 44-TLS 1.3 Ed448 Signature Algorithm Selection +test-45 = 45-TLS 1.3 Ed25519 CipherString and Groups Selection +test-46 = 46-TLS 1.3 Ed448 CipherString and Groups Selection +test-47 = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection +test-48 = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names +test-49 = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection +test-50 = 50-TLS 1.3 Ed25519 Client Auth +test-51 = 51-TLS 1.3 Ed448 Client Auth +test-52 = 52-TLS 1.3 ECDSA with brainpool +test-53 = 53-TLS 1.2 DSA Certificate Test +test-54 = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms +test-55 = 55-TLS 1.3 DSA Certificate Test +# =========================================================== + +[0-ECDSA CipherString Selection] +ssl_conf = 0-ECDSA CipherString Selection-ssl + +[0-ECDSA CipherString Selection-ssl] +server = 0-ECDSA CipherString Selection-server +client = 0-ECDSA CipherString Selection-client + +[0-ECDSA CipherString Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-ECDSA CipherString Selection-client] +CipherString = aECDSA +MaxProtocol = TLSv1.2 +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +ExpectedServerCANames = empty +ExpectedServerCertType = P-256 +ExpectedServerSignType = EC + + +# =========================================================== + +[1-ECDSA CipherString Selection] +ssl_conf = 1-ECDSA CipherString Selection-ssl + +[1-ECDSA CipherString Selection-ssl] +server = 1-ECDSA CipherString Selection-server +client = 1-ECDSA CipherString Selection-client + +[1-ECDSA CipherString Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Groups = P-384 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-ECDSA CipherString Selection-client] +CipherString = aECDSA +Groups = P-256:P-384 +MaxProtocol = TLSv1.2 +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success +ExpectedServerCANames = empty +ExpectedServerCertType = P-256 +ExpectedServerSignType = EC + + +# =========================================================== + +[2-ECDSA CipherString Selection] +ssl_conf = 2-ECDSA CipherString Selection-ssl + +[2-ECDSA CipherString Selection-ssl] +server = 2-ECDSA CipherString Selection-server +client = 2-ECDSA CipherString Selection-client + +[2-ECDSA CipherString Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Groups = P-256:P-384 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-ECDSA CipherString Selection-client] +CipherString = aECDSA +Groups = P-384 +MaxProtocol = TLSv1.2 +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = ServerFail + + +# =========================================================== + +[3-Ed25519 CipherString and Signature Algorithm Selection] +ssl_conf = 3-Ed25519 CipherString and Signature Algorithm Selection-ssl + +[3-Ed25519 CipherString and Signature Algorithm Selection-ssl] +server = 3-Ed25519 CipherString and Signature Algorithm Selection-server +client = 3-Ed25519 CipherString and Signature Algorithm Selection-client + +[3-Ed25519 CipherString and Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-Ed25519 CipherString and Signature Algorithm Selection-client] +CipherString = aECDSA +MaxProtocol = TLSv1.2 +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +SignatureAlgorithms = ed25519:ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +ExpectedServerCANames = empty +ExpectedServerCertType = Ed25519 +ExpectedServerSignType = Ed25519 + + +# =========================================================== + +[4-Ed448 CipherString and Signature Algorithm Selection] +ssl_conf = 4-Ed448 CipherString and Signature Algorithm Selection-ssl + +[4-Ed448 CipherString and Signature Algorithm Selection-ssl] +server = 4-Ed448 CipherString and Signature Algorithm Selection-server +client = 4-Ed448 CipherString and Signature Algorithm Selection-client + +[4-Ed448 CipherString and Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-Ed448 CipherString and Signature Algorithm Selection-client] +CipherString = aECDSA +MaxProtocol = TLSv1.2 +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem +SignatureAlgorithms = ed448:ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success +ExpectedServerCANames = empty +ExpectedServerCertType = Ed448 +ExpectedServerSignType = Ed448 + + +# =========================================================== + +[5-ECDSA with brainpool] +ssl_conf = 5-ECDSA with brainpool-ssl + +[5-ECDSA with brainpool-ssl] +server = 5-ECDSA with brainpool-server +client = 5-ECDSA with brainpool-client + +[5-ECDSA with brainpool-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem +CipherString = DEFAULT +Groups = brainpoolP256r1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem + +[5-ECDSA with brainpool-client] +CipherString = aECDSA +Groups = brainpoolP256r1 +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = Success +ExpectedServerCANames = empty +ExpectedServerCertType = brainpoolP256r1 +ExpectedServerSignType = EC + + +# =========================================================== + +[6-RSA CipherString Selection] +ssl_conf = 6-RSA CipherString Selection-ssl + +[6-RSA CipherString Selection-ssl] +server = 6-RSA CipherString Selection-server +client = 6-RSA CipherString Selection-client + +[6-RSA CipherString Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-RSA CipherString Selection-client] +CipherString = aRSA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = Success +ExpectedServerCertType = RSA +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[7-RSA-PSS Certificate CipherString Selection] +ssl_conf = 7-RSA-PSS Certificate CipherString Selection-ssl + +[7-RSA-PSS Certificate CipherString Selection-ssl] +server = 7-RSA-PSS Certificate CipherString Selection-server +client = 7-RSA-PSS Certificate CipherString Selection-client + +[7-RSA-PSS Certificate CipherString Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem +PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-RSA-PSS Certificate CipherString Selection-client] +CipherString = aRSA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = Success +ExpectedServerCertType = RSA-PSS +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[8-P-256 CipherString and Signature Algorithm Selection] +ssl_conf = 8-P-256 CipherString and Signature Algorithm Selection-ssl + +[8-P-256 CipherString and Signature Algorithm Selection-ssl] +server = 8-P-256 CipherString and Signature Algorithm Selection-server +client = 8-P-256 CipherString and Signature Algorithm Selection-client + +[8-P-256 CipherString and Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-P-256 CipherString and Signature Algorithm Selection-client] +CipherString = aECDSA +MaxProtocol = TLSv1.2 +SignatureAlgorithms = ECDSA+SHA256:ed25519 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedResult = Success +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = EC + + +# =========================================================== + +[9-Ed25519 CipherString and Curves Selection] +ssl_conf = 9-Ed25519 CipherString and Curves Selection-ssl + +[9-Ed25519 CipherString and Curves Selection-ssl] +server = 9-Ed25519 CipherString and Curves Selection-server +client = 9-Ed25519 CipherString and Curves Selection-client + +[9-Ed25519 CipherString and Curves Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-Ed25519 CipherString and Curves Selection-client] +CipherString = aECDSA +Curves = X25519 +MaxProtocol = TLSv1.2 +SignatureAlgorithms = ECDSA+SHA256:ed25519 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedResult = Success +ExpectedServerCertType = Ed25519 +ExpectedServerSignType = Ed25519 + + +# =========================================================== + +[10-Ed448 CipherString and Curves Selection] +ssl_conf = 10-Ed448 CipherString and Curves Selection-ssl + +[10-Ed448 CipherString and Curves Selection-ssl] +server = 10-Ed448 CipherString and Curves Selection-server +client = 10-Ed448 CipherString and Curves Selection-client + +[10-Ed448 CipherString and Curves Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-Ed448 CipherString and Curves Selection-client] +CipherString = aECDSA +Curves = X448 +MaxProtocol = TLSv1.2 +SignatureAlgorithms = ECDSA+SHA256:ed448 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem +VerifyMode = Peer + +[test-10] +ExpectedResult = Success +ExpectedServerCertType = Ed448 +ExpectedServerSignType = Ed448 + + +# =========================================================== + +[11-ECDSA CipherString Selection, no ECDSA certificate] +ssl_conf = 11-ECDSA CipherString Selection, no ECDSA certificate-ssl + +[11-ECDSA CipherString Selection, no ECDSA certificate-ssl] +server = 11-ECDSA CipherString Selection, no ECDSA certificate-server +client = 11-ECDSA CipherString Selection, no ECDSA certificate-client + +[11-ECDSA CipherString Selection, no ECDSA certificate-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-ECDSA CipherString Selection, no ECDSA certificate-client] +CipherString = aECDSA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedResult = ServerFail + + +# =========================================================== + +[12-ECDSA Signature Algorithm Selection] +ssl_conf = 12-ECDSA Signature Algorithm Selection-ssl + +[12-ECDSA Signature Algorithm Selection-ssl] +server = 12-ECDSA Signature Algorithm Selection-server +client = 12-ECDSA Signature Algorithm Selection-client + +[12-ECDSA Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-ECDSA Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedResult = Success +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = EC + + +# =========================================================== + +[13-ECDSA Signature Algorithm Selection SHA384] +ssl_conf = 13-ECDSA Signature Algorithm Selection SHA384-ssl + +[13-ECDSA Signature Algorithm Selection SHA384-ssl] +server = 13-ECDSA Signature Algorithm Selection SHA384-server +client = 13-ECDSA Signature Algorithm Selection SHA384-client + +[13-ECDSA Signature Algorithm Selection SHA384-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-ECDSA Signature Algorithm Selection SHA384-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA384 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedResult = Success +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA384 +ExpectedServerSignType = EC + + +# =========================================================== + +[14-ECDSA Signature Algorithm Selection SHA1] +ssl_conf = 14-ECDSA Signature Algorithm Selection SHA1-ssl + +[14-ECDSA Signature Algorithm Selection SHA1-ssl] +server = 14-ECDSA Signature Algorithm Selection SHA1-server +client = 14-ECDSA Signature Algorithm Selection SHA1-client + +[14-ECDSA Signature Algorithm Selection SHA1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-ECDSA Signature Algorithm Selection SHA1-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedResult = Success +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA1 +ExpectedServerSignType = EC + + +# =========================================================== + +[15-ECDSA Signature Algorithm Selection compressed point] +ssl_conf = 15-ECDSA Signature Algorithm Selection compressed point-ssl + +[15-ECDSA Signature Algorithm Selection compressed point-ssl] +server = 15-ECDSA Signature Algorithm Selection compressed point-server +client = 15-ECDSA Signature Algorithm Selection compressed point-client + +[15-ECDSA Signature Algorithm Selection compressed point-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-ECDSA Signature Algorithm Selection compressed point-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedResult = Success +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = EC + + +# =========================================================== + +[16-ECDSA Signature Algorithm Selection, no ECDSA certificate] +ssl_conf = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl + +[16-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl] +server = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-server +client = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-client + +[16-ECDSA Signature Algorithm Selection, no ECDSA certificate-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-ECDSA Signature Algorithm Selection, no ECDSA certificate-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +ExpectedResult = ServerFail + + +# =========================================================== + +[17-RSA Signature Algorithm Selection] +ssl_conf = 17-RSA Signature Algorithm Selection-ssl + +[17-RSA Signature Algorithm Selection-ssl] +server = 17-RSA Signature Algorithm Selection-server +client = 17-RSA Signature Algorithm Selection-client + +[17-RSA Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[17-RSA Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = RSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-17] +ExpectedResult = Success +ExpectedServerCertType = RSA +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = RSA + + +# =========================================================== + +[18-RSA-PSS Signature Algorithm Selection] +ssl_conf = 18-RSA-PSS Signature Algorithm Selection-ssl + +[18-RSA-PSS Signature Algorithm Selection-ssl] +server = 18-RSA-PSS Signature Algorithm Selection-server +client = 18-RSA-PSS Signature Algorithm Selection-client + +[18-RSA-PSS Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-RSA-PSS Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = RSA-PSS+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-18] +ExpectedResult = Success +ExpectedServerCertType = RSA +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[19-RSA-PSS Certificate Legacy Signature Algorithm Selection] +ssl_conf = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl + +[19-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl] +server = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-server +client = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-client + +[19-RSA-PSS Certificate Legacy Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem +PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-RSA-PSS Certificate Legacy Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = RSA-PSS+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-19] +ExpectedResult = Success +ExpectedServerCertType = RSA +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[20-RSA-PSS Certificate Unified Signature Algorithm Selection] +ssl_conf = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl + +[20-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl] +server = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-server +client = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-client + +[20-RSA-PSS Certificate Unified Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem +PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[20-RSA-PSS Certificate Unified Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = rsa_pss_pss_sha256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-20] +ExpectedResult = Success +ExpectedServerCertType = RSA-PSS +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[21-Only RSA-PSS Certificate] +ssl_conf = 21-Only RSA-PSS Certificate-ssl + +[21-Only RSA-PSS Certificate-ssl] +server = 21-Only RSA-PSS Certificate-server +client = 21-Only RSA-PSS Certificate-client + +[21-Only RSA-PSS Certificate-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem + +[21-Only RSA-PSS Certificate-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-21] +ExpectedResult = Success +ExpectedServerCertType = RSA-PSS +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[22-Only RSA-PSS Certificate Valid Signature Algorithms] +ssl_conf = 22-Only RSA-PSS Certificate Valid Signature Algorithms-ssl + +[22-Only RSA-PSS Certificate Valid Signature Algorithms-ssl] +server = 22-Only RSA-PSS Certificate Valid Signature Algorithms-server +client = 22-Only RSA-PSS Certificate Valid Signature Algorithms-client + +[22-Only RSA-PSS Certificate Valid Signature Algorithms-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem + +[22-Only RSA-PSS Certificate Valid Signature Algorithms-client] +CipherString = DEFAULT +SignatureAlgorithms = rsa_pss_pss_sha512 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-22] +ExpectedResult = Success +ExpectedServerCertType = RSA-PSS +ExpectedServerSignHash = SHA512 +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[23-RSA-PSS Certificate, no PSS signature algorithms] +ssl_conf = 23-RSA-PSS Certificate, no PSS signature algorithms-ssl + +[23-RSA-PSS Certificate, no PSS signature algorithms-ssl] +server = 23-RSA-PSS Certificate, no PSS signature algorithms-server +client = 23-RSA-PSS Certificate, no PSS signature algorithms-client + +[23-RSA-PSS Certificate, no PSS signature algorithms-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem + +[23-RSA-PSS Certificate, no PSS signature algorithms-client] +CipherString = DEFAULT +SignatureAlgorithms = RSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-23] +ExpectedResult = ServerFail + + +# =========================================================== + +[24-Only RSA-PSS Restricted Certificate] +ssl_conf = 24-Only RSA-PSS Restricted Certificate-ssl + +[24-Only RSA-PSS Restricted Certificate-ssl] +server = 24-Only RSA-PSS Restricted Certificate-server +client = 24-Only RSA-PSS Restricted Certificate-client + +[24-Only RSA-PSS Restricted Certificate-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem + +[24-Only RSA-PSS Restricted Certificate-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-24] +ExpectedResult = Success +ExpectedServerCertType = RSA-PSS +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[25-RSA-PSS Restricted Certificate Valid Signature Algorithms] +ssl_conf = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms-ssl + +[25-RSA-PSS Restricted Certificate Valid Signature Algorithms-ssl] +server = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms-server +client = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms-client + +[25-RSA-PSS Restricted Certificate Valid Signature Algorithms-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem + +[25-RSA-PSS Restricted Certificate Valid Signature Algorithms-client] +CipherString = DEFAULT +SignatureAlgorithms = rsa_pss_pss_sha256:rsa_pss_pss_sha512 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-25] +ExpectedResult = Success +ExpectedServerCertType = RSA-PSS +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm] +ssl_conf = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-ssl + +[26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-ssl] +server = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-server +client = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-client + +[26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem + +[26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-client] +CipherString = DEFAULT +SignatureAlgorithms = rsa_pss_pss_sha512:rsa_pss_pss_sha256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-26] +ExpectedResult = Success +ExpectedServerCertType = RSA-PSS +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[27-RSA-PSS Restricted Certificate Invalid Signature Algorithms] +ssl_conf = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-ssl + +[27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-ssl] +server = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-server +client = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-client + +[27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem + +[27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-client] +CipherString = DEFAULT +SignatureAlgorithms = rsa_pss_pss_sha512 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-27] +ExpectedResult = ServerFail + + +# =========================================================== + +[28-RSA key exchange with all RSA certificate types] +ssl_conf = 28-RSA key exchange with all RSA certificate types-ssl + +[28-RSA key exchange with all RSA certificate types-ssl] +server = 28-RSA key exchange with all RSA certificate types-server +client = 28-RSA key exchange with all RSA certificate types-client + +[28-RSA key exchange with all RSA certificate types-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem +PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[28-RSA key exchange with all RSA certificate types-client] +CipherString = kRSA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-28] +ExpectedResult = Success +ExpectedServerCertType = RSA + + +# =========================================================== + +[29-RSA key exchange with only RSA-PSS certificate] +ssl_conf = 29-RSA key exchange with only RSA-PSS certificate-ssl + +[29-RSA key exchange with only RSA-PSS certificate-ssl] +server = 29-RSA key exchange with only RSA-PSS certificate-server +client = 29-RSA key exchange with only RSA-PSS certificate-client + +[29-RSA key exchange with only RSA-PSS certificate-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem + +[29-RSA key exchange with only RSA-PSS certificate-client] +CipherString = kRSA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-29] +ExpectedResult = ServerFail + + +# =========================================================== + +[30-Suite B P-256 Hash Algorithm Selection] +ssl_conf = 30-Suite B P-256 Hash Algorithm Selection-ssl + +[30-Suite B P-256 Hash Algorithm Selection-ssl] +server = 30-Suite B P-256 Hash Algorithm Selection-server +client = 30-Suite B P-256 Hash Algorithm Selection-client + +[30-Suite B P-256 Hash Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = SUITEB128 +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p256-server-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p256-server-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[30-Suite B P-256 Hash Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA384:ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem +VerifyMode = Peer + +[test-30] +ExpectedResult = Success +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = EC + + +# =========================================================== + +[31-Suite B P-384 Hash Algorithm Selection] +ssl_conf = 31-Suite B P-384 Hash Algorithm Selection-ssl + +[31-Suite B P-384 Hash Algorithm Selection-ssl] +server = 31-Suite B P-384 Hash Algorithm Selection-server +client = 31-Suite B P-384 Hash Algorithm Selection-client + +[31-Suite B P-384 Hash Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = SUITEB128 +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[31-Suite B P-384 Hash Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem +VerifyMode = Peer + +[test-31] +ExpectedResult = Success +ExpectedServerCertType = P-384 +ExpectedServerSignHash = SHA384 +ExpectedServerSignType = EC + + +# =========================================================== + +[32-TLS 1.2 Ed25519 Client Auth] +ssl_conf = 32-TLS 1.2 Ed25519 Client Auth-ssl + +[32-TLS 1.2 Ed25519 Client Auth-ssl] +server = 32-TLS 1.2 Ed25519 Client Auth-server +client = 32-TLS 1.2 Ed25519 Client Auth-client + +[32-TLS 1.2 Ed25519 Client Auth-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[32-TLS 1.2 Ed25519 Client Auth-client] +CipherString = DEFAULT +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-32] +ExpectedClientCertType = Ed25519 +ExpectedClientSignType = Ed25519 +ExpectedResult = Success + + +# =========================================================== + +[33-TLS 1.2 Ed448 Client Auth] +ssl_conf = 33-TLS 1.2 Ed448 Client Auth-ssl + +[33-TLS 1.2 Ed448 Client Auth-ssl] +server = 33-TLS 1.2 Ed448 Client Auth-server +client = 33-TLS 1.2 Ed448 Client Auth-client + +[33-TLS 1.2 Ed448 Client Auth-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[33-TLS 1.2 Ed448 Client Auth-client] +CipherString = DEFAULT +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-33] +ExpectedClientCertType = Ed448 +ExpectedClientSignType = Ed448 +ExpectedResult = Success + + +# =========================================================== + +[34-Only RSA-PSS Certificate, TLS v1.1] +ssl_conf = 34-Only RSA-PSS Certificate, TLS v1.1-ssl + +[34-Only RSA-PSS Certificate, TLS v1.1-ssl] +server = 34-Only RSA-PSS Certificate, TLS v1.1-server +client = 34-Only RSA-PSS Certificate, TLS v1.1-client + +[34-Only RSA-PSS Certificate, TLS v1.1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem + +[34-Only RSA-PSS Certificate, TLS v1.1-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-34] +ExpectedResult = ServerFail + + +# =========================================================== + +[35-TLS 1.3 ECDSA Signature Algorithm Selection] +ssl_conf = 35-TLS 1.3 ECDSA Signature Algorithm Selection-ssl + +[35-TLS 1.3 ECDSA Signature Algorithm Selection-ssl] +server = 35-TLS 1.3 ECDSA Signature Algorithm Selection-server +client = 35-TLS 1.3 ECDSA Signature Algorithm Selection-client + +[35-TLS 1.3 ECDSA Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[35-TLS 1.3 ECDSA Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-35] +ExpectedResult = Success +ExpectedServerCANames = empty +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = EC + + +# =========================================================== + +[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point] +ssl_conf = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl + +[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl] +server = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server +client = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client + +[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-36] +ExpectedResult = Success +ExpectedServerCANames = empty +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = EC + + +# =========================================================== + +[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1] +ssl_conf = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl + +[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl] +server = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server +client = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client + +[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-37] +ExpectedResult = ServerFail + + +# =========================================================== + +[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS] +ssl_conf = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl + +[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl] +server = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server +client = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client + +[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client] +CipherString = DEFAULT +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +SignatureAlgorithms = ECDSA+SHA256:RSA-PSS+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-38] +ExpectedResult = Success +ExpectedServerCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = EC + + +# =========================================================== + +[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS] +ssl_conf = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl + +[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl] +server = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server +client = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client + +[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA384:RSA-PSS+SHA384 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-39] +ExpectedResult = Success +ExpectedServerCertType = RSA +ExpectedServerSignHash = SHA384 +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate] +ssl_conf = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl + +[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl] +server = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server +client = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client + +[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-40] +ExpectedResult = ServerFail + + +# =========================================================== + +[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS] +ssl_conf = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl + +[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl] +server = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server +client = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client + +[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client] +CipherString = DEFAULT +SignatureAlgorithms = RSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-41] +ExpectedResult = ServerFail + + +# =========================================================== + +[42-TLS 1.3 RSA-PSS Signature Algorithm Selection] +ssl_conf = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl + +[42-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl] +server = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-server +client = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-client + +[42-TLS 1.3 RSA-PSS Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[42-TLS 1.3 RSA-PSS Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = RSA-PSS+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-42] +ExpectedResult = Success +ExpectedServerCertType = RSA +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[43-TLS 1.3 Ed25519 Signature Algorithm Selection] +ssl_conf = 43-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl + +[43-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl] +server = 43-TLS 1.3 Ed25519 Signature Algorithm Selection-server +client = 43-TLS 1.3 Ed25519 Signature Algorithm Selection-client + +[43-TLS 1.3 Ed25519 Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[43-TLS 1.3 Ed25519 Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = ed25519 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-43] +ExpectedResult = Success +ExpectedServerCertType = Ed25519 +ExpectedServerSignType = Ed25519 + + +# =========================================================== + +[44-TLS 1.3 Ed448 Signature Algorithm Selection] +ssl_conf = 44-TLS 1.3 Ed448 Signature Algorithm Selection-ssl + +[44-TLS 1.3 Ed448 Signature Algorithm Selection-ssl] +server = 44-TLS 1.3 Ed448 Signature Algorithm Selection-server +client = 44-TLS 1.3 Ed448 Signature Algorithm Selection-client + +[44-TLS 1.3 Ed448 Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[44-TLS 1.3 Ed448 Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = ed448 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem +VerifyMode = Peer + +[test-44] +ExpectedResult = Success +ExpectedServerCertType = Ed448 +ExpectedServerSignType = Ed448 + + +# =========================================================== + +[45-TLS 1.3 Ed25519 CipherString and Groups Selection] +ssl_conf = 45-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl + +[45-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl] +server = 45-TLS 1.3 Ed25519 CipherString and Groups Selection-server +client = 45-TLS 1.3 Ed25519 CipherString and Groups Selection-client + +[45-TLS 1.3 Ed25519 CipherString and Groups Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[45-TLS 1.3 Ed25519 CipherString and Groups Selection-client] +CipherString = DEFAULT +Groups = X25519 +SignatureAlgorithms = ECDSA+SHA256:ed25519 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-45] +ExpectedResult = Success +ExpectedServerCertType = P-256 +ExpectedServerSignType = EC + + +# =========================================================== + +[46-TLS 1.3 Ed448 CipherString and Groups Selection] +ssl_conf = 46-TLS 1.3 Ed448 CipherString and Groups Selection-ssl + +[46-TLS 1.3 Ed448 CipherString and Groups Selection-ssl] +server = 46-TLS 1.3 Ed448 CipherString and Groups Selection-server +client = 46-TLS 1.3 Ed448 CipherString and Groups Selection-client + +[46-TLS 1.3 Ed448 CipherString and Groups Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[46-TLS 1.3 Ed448 CipherString and Groups Selection-client] +CipherString = DEFAULT +Groups = X448 +SignatureAlgorithms = ECDSA+SHA256:ed448 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-46] +ExpectedResult = Success +ExpectedServerCertType = P-256 +ExpectedServerSignType = EC + + +# =========================================================== + +[47-TLS 1.3 RSA Client Auth Signature Algorithm Selection] +ssl_conf = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl + +[47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl] +server = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server +client = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client + +[47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientSignatureAlgorithms = PSS+SHA256 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client] +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-47] +ExpectedClientCANames = empty +ExpectedClientCertType = RSA +ExpectedClientSignHash = SHA256 +ExpectedClientSignType = RSA-PSS +ExpectedResult = Success + + +# =========================================================== + +[48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names] +ssl_conf = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl + +[48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl] +server = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server +client = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client + +[48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientSignatureAlgorithms = PSS+SHA256 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client] +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-48] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedClientCertType = RSA +ExpectedClientSignHash = SHA256 +ExpectedClientSignType = RSA-PSS +ExpectedResult = Success + + +# =========================================================== + +[49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection] +ssl_conf = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl + +[49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl] +server = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server +client = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client + +[49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientSignatureAlgorithms = ECDSA+SHA256 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client] +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-49] +ExpectedClientCertType = P-256 +ExpectedClientSignHash = SHA256 +ExpectedClientSignType = EC +ExpectedResult = Success + + +# =========================================================== + +[50-TLS 1.3 Ed25519 Client Auth] +ssl_conf = 50-TLS 1.3 Ed25519 Client Auth-ssl + +[50-TLS 1.3 Ed25519 Client Auth-ssl] +server = 50-TLS 1.3 Ed25519 Client Auth-server +client = 50-TLS 1.3 Ed25519 Client Auth-client + +[50-TLS 1.3 Ed25519 Client Auth-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[50-TLS 1.3 Ed25519 Client Auth-client] +CipherString = DEFAULT +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-50] +ExpectedClientCertType = Ed25519 +ExpectedClientSignType = Ed25519 +ExpectedResult = Success + + +# =========================================================== + +[51-TLS 1.3 Ed448 Client Auth] +ssl_conf = 51-TLS 1.3 Ed448 Client Auth-ssl + +[51-TLS 1.3 Ed448 Client Auth-ssl] +server = 51-TLS 1.3 Ed448 Client Auth-server +client = 51-TLS 1.3 Ed448 Client Auth-client + +[51-TLS 1.3 Ed448 Client Auth-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[51-TLS 1.3 Ed448 Client Auth-client] +CipherString = DEFAULT +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-51] +ExpectedClientCertType = Ed448 +ExpectedClientSignType = Ed448 +ExpectedResult = Success + + +# =========================================================== + +[52-TLS 1.3 ECDSA with brainpool] +ssl_conf = 52-TLS 1.3 ECDSA with brainpool-ssl + +[52-TLS 1.3 ECDSA with brainpool-ssl] +server = 52-TLS 1.3 ECDSA with brainpool-server +client = 52-TLS 1.3 ECDSA with brainpool-client + +[52-TLS 1.3 ECDSA with brainpool-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem +CipherString = DEFAULT +Groups = brainpoolP256r1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem + +[52-TLS 1.3 ECDSA with brainpool-client] +CipherString = DEFAULT +Groups = brainpoolP256r1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-52] +ExpectedResult = ServerFail + + +# =========================================================== + +[53-TLS 1.2 DSA Certificate Test] +ssl_conf = 53-TLS 1.2 DSA Certificate Test-ssl + +[53-TLS 1.2 DSA Certificate Test-ssl] +server = 53-TLS 1.2 DSA Certificate Test-server +client = 53-TLS 1.2 DSA Certificate Test-client + +[53-TLS 1.2 DSA Certificate Test-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ALL +DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem +DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem +DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[53-TLS 1.2 DSA Certificate Test-client] +CipherString = ALL +SignatureAlgorithms = DSA+SHA256:DSA+SHA1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-53] +ExpectedResult = Success + + +# =========================================================== + +[54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms] +ssl_conf = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl + +[54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl] +server = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server +client = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client + +[54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientSignatureAlgorithms = ECDSA+SHA1:DSA+SHA256:RSA+SHA256 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-54] +ExpectedResult = ServerFail + + +# =========================================================== + +[55-TLS 1.3 DSA Certificate Test] +ssl_conf = 55-TLS 1.3 DSA Certificate Test-ssl + +[55-TLS 1.3 DSA Certificate Test-ssl] +server = 55-TLS 1.3 DSA Certificate Test-server +client = 55-TLS 1.3 DSA Certificate Test-client + +[55-TLS 1.3 DSA Certificate Test-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ALL +DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem +DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[55-TLS 1.3 DSA Certificate Test-client] +CipherString = ALL +SignatureAlgorithms = DSA+SHA1:DSA+SHA256:ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-55] +ExpectedResult = ServerFail + + diff --git a/test/ssl-tests/20-cert-select.cnf.in b/test/ssl-tests/20-cert-select.cnf.in new file mode 100644 index 0000000000..24093548cd --- /dev/null +++ b/test/ssl-tests/20-cert-select.cnf.in @@ -0,0 +1,933 @@ +# -*- mode: perl; -*- + +## SSL test configurations + + +use strict; +use warnings; + +package ssltests; +use OpenSSL::Test::Utils; + +my $server = { + "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), + "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), + "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"), + "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"), + "Ed448.Certificate" => test_pem("server-ed448-cert.pem"), + "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"), + "MaxProtocol" => "TLSv1.2" +}; + +my $server_pss = { + "PSS.Certificate" => test_pem("server-pss-cert.pem"), + "PSS.PrivateKey" => test_pem("server-pss-key.pem"), + "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), + "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), + "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"), + "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"), + "Ed448.Certificate" => test_pem("server-ed448-cert.pem"), + "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"), + "MaxProtocol" => "TLSv1.2" +}; + +my $server_pss_only = { + "Certificate" => test_pem("server-pss-cert.pem"), + "PrivateKey" => test_pem("server-pss-key.pem"), +}; + +my $server_pss_restrict_only = { + "Certificate" => test_pem("server-pss-restrict-cert.pem"), + "PrivateKey" => test_pem("server-pss-restrict-key.pem"), +}; + + +my $server_rsa_all = { + "PSS.Certificate" => test_pem("server-pss-cert.pem"), + "PSS.PrivateKey" => test_pem("server-pss-key.pem"), + "Certificate" => test_pem("servercert.pem"), + "PrivateKey" => test_pem("serverkey.pem"), +}; + +our @tests = ( + { + name => "ECDSA CipherString Selection", + server => $server, + client => { + "CipherString" => "aECDSA", + "MaxProtocol" => "TLSv1.2", + "RequestCAFile" => test_pem("root-cert.pem"), + }, + test => { + "ExpectedServerCertType" =>, "P-256", + "ExpectedServerSignType" =>, "EC", + # Note: certificate_authorities not sent for TLS < 1.3 + "ExpectedServerCANames" =>, "empty", + "ExpectedResult" => "Success" + }, + }, + { + name => "ECDSA CipherString Selection", + server => { + "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), + "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), + "MaxProtocol" => "TLSv1.2", + #Deliberately set supported_groups to one not in the cert. This + #should be tolerated + "Groups" => "P-384" + }, + client => { + "CipherString" => "aECDSA", + "MaxProtocol" => "TLSv1.2", + "Groups" => "P-256:P-384", + "RequestCAFile" => test_pem("root-cert.pem"), + }, + test => { + "ExpectedServerCertType" =>, "P-256", + "ExpectedServerSignType" =>, "EC", + # Note: certificate_authorities not sent for TLS < 1.3 + "ExpectedServerCANames" =>, "empty", + "ExpectedResult" => "Success" + }, + }, + { + name => "ECDSA CipherString Selection", + server => { + "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), + "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), + "MaxProtocol" => "TLSv1.2", + "Groups" => "P-256:P-384" + }, + client => { + "CipherString" => "aECDSA", + "MaxProtocol" => "TLSv1.2", + #Deliberately set groups to not include the certificate group. This + #should fail + "Groups" => "P-384", + "RequestCAFile" => test_pem("root-cert.pem"), + }, + test => { + "ExpectedResult" => "ServerFail" + }, + }, + { + name => "Ed25519 CipherString and Signature Algorithm Selection", + server => $server, + client => { + "CipherString" => "aECDSA", + "MaxProtocol" => "TLSv1.2", + "SignatureAlgorithms" => "ed25519:ECDSA+SHA256", + "RequestCAFile" => test_pem("root-cert.pem"), + }, + test => { + "ExpectedServerCertType" =>, "Ed25519", + "ExpectedServerSignType" =>, "Ed25519", + # Note: certificate_authorities not sent for TLS < 1.3 + "ExpectedServerCANames" =>, "empty", + "ExpectedResult" => "Success" + }, + }, + { + name => "Ed448 CipherString and Signature Algorithm Selection", + server => $server, + client => { + "CipherString" => "aECDSA", + "MaxProtocol" => "TLSv1.2", + "SignatureAlgorithms" => "ed448:ECDSA+SHA256", + "RequestCAFile" => test_pem("root-ed448-cert.pem"), + "VerifyCAFile" => test_pem("root-ed448-cert.pem"), + }, + test => { + "ExpectedServerCertType" =>, "Ed448", + "ExpectedServerSignType" =>, "Ed448", + # Note: certificate_authorities not sent for TLS < 1.3 + "ExpectedServerCANames" =>, "empty", + "ExpectedResult" => "Success" + }, + }, + { + name => "ECDSA with brainpool", + server => { + "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), + "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), + "Groups" => "brainpoolP256r1", + }, + client => { + #We don't restrict this to TLSv1.2, although use of brainpool + #should force this anyway so that this should succeed + "CipherString" => "aECDSA", + "RequestCAFile" => test_pem("root-cert.pem"), + "Groups" => "brainpoolP256r1", + }, + test => { + "ExpectedServerCertType" =>, "brainpoolP256r1", + "ExpectedServerSignType" =>, "EC", + # Note: certificate_authorities not sent for TLS < 1.3 + "ExpectedServerCANames" =>, "empty", + "ExpectedResult" => "Success" + }, + }, + { + name => "RSA CipherString Selection", + server => $server, + client => { + "CipherString" => "aRSA", + "MaxProtocol" => "TLSv1.2", + }, + test => { + "ExpectedServerCertType" =>, "RSA", + "ExpectedServerSignType" =>, "RSA-PSS", + "ExpectedResult" => "Success" + }, + }, + { + name => "RSA-PSS Certificate CipherString Selection", + server => $server_pss, + client => { + "CipherString" => "aRSA", + "MaxProtocol" => "TLSv1.2", + }, + test => { + "ExpectedServerCertType" =>, "RSA-PSS", + "ExpectedServerSignType" =>, "RSA-PSS", + "ExpectedResult" => "Success" + }, + }, + { + name => "P-256 CipherString and Signature Algorithm Selection", + server => $server, + client => { + "CipherString" => "aECDSA", + "MaxProtocol" => "TLSv1.2", + "SignatureAlgorithms" => "ECDSA+SHA256:ed25519", + }, + test => { + "ExpectedServerCertType" => "P-256", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "EC", + "ExpectedResult" => "Success" + }, + }, + { + name => "Ed25519 CipherString and Curves Selection", + server => $server, + client => { + "CipherString" => "aECDSA", + "MaxProtocol" => "TLSv1.2", + "SignatureAlgorithms" => "ECDSA+SHA256:ed25519", + # Excluding P-256 from the supported curves list means server + # certificate should be Ed25519 and not P-256 + "Curves" => "X25519" + }, + test => { + "ExpectedServerCertType" =>, "Ed25519", + "ExpectedServerSignType" =>, "Ed25519", + "ExpectedResult" => "Success" + }, + }, + { + name => "Ed448 CipherString and Curves Selection", + server => $server, + client => { + "CipherString" => "aECDSA", + "MaxProtocol" => "TLSv1.2", + "SignatureAlgorithms" => "ECDSA+SHA256:ed448", + "VerifyCAFile" => test_pem("root-ed448-cert.pem"), + # Excluding P-256 from the supported curves list means server + # certificate should be Ed25519 and not P-256 + "Curves" => "X448" + }, + test => { + "ExpectedServerCertType" =>, "Ed448", + "ExpectedServerSignType" =>, "Ed448", + "ExpectedResult" => "Success" + }, + }, + { + name => "ECDSA CipherString Selection, no ECDSA certificate", + server => { + "MaxProtocol" => "TLSv1.2" + }, + client => { + "CipherString" => "aECDSA", + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedResult" => "ServerFail" + }, + }, + { + name => "ECDSA Signature Algorithm Selection", + server => $server, + client => { + "SignatureAlgorithms" => "ECDSA+SHA256", + }, + test => { + "ExpectedServerCertType" => "P-256", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "EC", + "ExpectedResult" => "Success" + }, + }, + { + name => "ECDSA Signature Algorithm Selection SHA384", + server => $server, + client => { + "SignatureAlgorithms" => "ECDSA+SHA384", + }, + test => { + "ExpectedServerCertType" => "P-256", + "ExpectedServerSignHash" => "SHA384", + "ExpectedServerSignType" => "EC", + "ExpectedResult" => "Success" + }, + }, + { + name => "ECDSA Signature Algorithm Selection SHA1", + server => $server, + client => { + "SignatureAlgorithms" => "ECDSA+SHA1", + }, + test => { + "ExpectedServerCertType" => "P-256", + "ExpectedServerSignHash" => "SHA1", + "ExpectedServerSignType" => "EC", + "ExpectedResult" => "Success" + }, + }, + { + name => "ECDSA Signature Algorithm Selection compressed point", + server => { + "ECDSA.Certificate" => test_pem("server-cecdsa-cert.pem"), + "ECDSA.PrivateKey" => test_pem("server-cecdsa-key.pem"), + "MaxProtocol" => "TLSv1.2" + }, + client => { + "SignatureAlgorithms" => "ECDSA+SHA256", + }, + test => { + "ExpectedServerCertType" => "P-256", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "EC", + "ExpectedResult" => "Success" + }, + }, + { + name => "ECDSA Signature Algorithm Selection, no ECDSA certificate", + server => { + "MaxProtocol" => "TLSv1.2" + }, + client => { + "SignatureAlgorithms" => "ECDSA+SHA256", + }, + test => { + "ExpectedResult" => "ServerFail" + }, + }, + { + name => "RSA Signature Algorithm Selection", + server => $server, + client => { + "SignatureAlgorithms" => "RSA+SHA256", + }, + test => { + "ExpectedServerCertType" => "RSA", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "RSA", + "ExpectedResult" => "Success" + }, + }, + { + name => "RSA-PSS Signature Algorithm Selection", + server => $server, + client => { + "SignatureAlgorithms" => "RSA-PSS+SHA256", + }, + test => { + "ExpectedServerCertType" => "RSA", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "RSA-PSS", + "ExpectedResult" => "Success" + }, + }, + { + name => "RSA-PSS Certificate Legacy Signature Algorithm Selection", + server => $server_pss, + client => { + "SignatureAlgorithms" => "RSA-PSS+SHA256", + }, + test => { + "ExpectedServerCertType" => "RSA", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "RSA-PSS", + "ExpectedResult" => "Success" + }, + }, + { + name => "RSA-PSS Certificate Unified Signature Algorithm Selection", + server => $server_pss, + client => { + "SignatureAlgorithms" => "rsa_pss_pss_sha256", + }, + test => { + "ExpectedServerCertType" => "RSA-PSS", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "RSA-PSS", + "ExpectedResult" => "Success" + }, + }, + { + name => "Only RSA-PSS Certificate", + server => $server_pss_only, + client => {}, + test => { + "ExpectedServerCertType" => "RSA-PSS", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "RSA-PSS", + "ExpectedResult" => "Success" + }, + }, + { + name => "Only RSA-PSS Certificate Valid Signature Algorithms", + server => $server_pss_only, + client => { + "SignatureAlgorithms" => "rsa_pss_pss_sha512", + }, + test => { + "ExpectedServerCertType" => "RSA-PSS", + "ExpectedServerSignHash" => "SHA512", + "ExpectedServerSignType" => "RSA-PSS", + "ExpectedResult" => "Success" + }, + }, + { + name => "RSA-PSS Certificate, no PSS signature algorithms", + server => $server_pss_only, + client => { + "SignatureAlgorithms" => "RSA+SHA256", + }, + test => { + "ExpectedResult" => "ServerFail" + }, + }, + { + name => "Only RSA-PSS Restricted Certificate", + server => $server_pss_restrict_only, + client => {}, + test => { + "ExpectedServerCertType" => "RSA-PSS", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "RSA-PSS", + "ExpectedResult" => "Success" + }, + }, + { + name => "RSA-PSS Restricted Certificate Valid Signature Algorithms", + server => $server_pss_restrict_only, + client => { + "SignatureAlgorithms" => "rsa_pss_pss_sha256:rsa_pss_pss_sha512", + }, + test => { + "ExpectedServerCertType" => "RSA-PSS", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "RSA-PSS", + "ExpectedResult" => "Success" + }, + }, + { + name => "RSA-PSS Restricted Cert client prefers invalid Signature Algorithm", + server => $server_pss_restrict_only, + client => { + "SignatureAlgorithms" => "rsa_pss_pss_sha512:rsa_pss_pss_sha256", + }, + test => { + "ExpectedServerCertType" => "RSA-PSS", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "RSA-PSS", + "ExpectedResult" => "Success" + }, + }, + { + name => "RSA-PSS Restricted Certificate Invalid Signature Algorithms", + server => $server_pss_restrict_only, + client => { + "SignatureAlgorithms" => "rsa_pss_pss_sha512", + }, + test => { + "ExpectedResult" => "ServerFail" + }, + }, + { + name => "RSA key exchange with all RSA certificate types", + server => $server_rsa_all, + client => { + "CipherString" => "kRSA", + "MaxProtocol" => "TLSv1.2", + }, + test => { + "ExpectedServerCertType" =>, "RSA", + "ExpectedResult" => "Success" + }, + }, + { + name => "RSA key exchange with only RSA-PSS certificate", + server => $server_pss_only, + client => { + "CipherString" => "kRSA", + "MaxProtocol" => "TLSv1.2", + }, + test => { + "ExpectedResult" => "ServerFail" + }, + }, + { + name => "Suite B P-256 Hash Algorithm Selection", + server => { + "ECDSA.Certificate" => test_pem("p256-server-cert.pem"), + "ECDSA.PrivateKey" => test_pem("p256-server-key.pem"), + "MaxProtocol" => "TLSv1.2", + "CipherString" => "SUITEB128" + }, + client => { + "VerifyCAFile" => test_pem("p384-root.pem"), + "SignatureAlgorithms" => "ECDSA+SHA384:ECDSA+SHA256" + }, + test => { + "ExpectedServerCertType" => "P-256", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "EC", + "ExpectedResult" => "Success" + }, + }, + { + name => "Suite B P-384 Hash Algorithm Selection", + server => { + "ECDSA.Certificate" => test_pem("p384-server-cert.pem"), + "ECDSA.PrivateKey" => test_pem("p384-server-key.pem"), + "MaxProtocol" => "TLSv1.2", + "CipherString" => "SUITEB128" + }, + client => { + "VerifyCAFile" => test_pem("p384-root.pem"), + "SignatureAlgorithms" => "ECDSA+SHA256:ECDSA+SHA384" + }, + test => { + "ExpectedServerCertType" => "P-384", + "ExpectedServerSignHash" => "SHA384", + "ExpectedServerSignType" => "EC", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.2 Ed25519 Client Auth", + server => { + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require" + }, + client => { + "Ed25519.Certificate" => test_pem("client-ed25519-cert.pem"), + "Ed25519.PrivateKey" => test_pem("client-ed25519-key.pem"), + "MinProtocol" => "TLSv1.2", + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedClientCertType" => "Ed25519", + "ExpectedClientSignType" => "Ed25519", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.2 Ed448 Client Auth", + server => { + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require" + }, + client => { + "Ed448.Certificate" => test_pem("client-ed448-cert.pem"), + "Ed448.PrivateKey" => test_pem("client-ed448-key.pem"), + "MinProtocol" => "TLSv1.2", + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedClientCertType" => "Ed448", + "ExpectedClientSignType" => "Ed448", + "ExpectedResult" => "Success" + }, + }, +); + +my @tests_tls_1_1 = ( + { + name => "Only RSA-PSS Certificate, TLS v1.1", + server => $server_pss_only, + client => { + "MaxProtocol" => "TLSv1.1", + }, + test => { + "ExpectedResult" => "ServerFail" + }, + }, +); + +push @tests, @tests_tls_1_1 unless disabled("tls1_1"); + +my $server_tls_1_3 = { + "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), + "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), + "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"), + "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"), + "Ed448.Certificate" => test_pem("server-ed448-cert.pem"), + "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"), + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3" +}; + +my $server_tls_1_3_pss = { + "PSS.Certificate" => test_pem("server-pss-cert.pem"), + "PSS.PrivateKey" => test_pem("server-pss-key.pem"), + "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), + "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), + "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"), + "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"), + "Ed448.Certificate" => test_pem("server-ed448-cert.pem"), + "Ed448.PrivateKey" => test_pem("server-ed449-key.pem"), + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3" +}; + +my $client_tls_1_3 = { + "RSA.Certificate" => test_pem("ee-client-chain.pem"), + "RSA.PrivateKey" => test_pem("ee-key.pem"), + "ECDSA.Certificate" => test_pem("ee-ecdsa-client-chain.pem"), + "ECDSA.PrivateKey" => test_pem("ee-ecdsa-key.pem"), + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3" +}; + +my @tests_tls_1_3 = ( + { + name => "TLS 1.3 ECDSA Signature Algorithm Selection", + server => $server_tls_1_3, + client => { + "SignatureAlgorithms" => "ECDSA+SHA256", + }, + test => { + "ExpectedServerCertType" => "P-256", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "EC", + "ExpectedServerCANames" => "empty", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 ECDSA Signature Algorithm Selection compressed point", + server => { + "ECDSA.Certificate" => test_pem("server-cecdsa-cert.pem"), + "ECDSA.PrivateKey" => test_pem("server-cecdsa-key.pem"), + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3" + }, + client => { + "SignatureAlgorithms" => "ECDSA+SHA256", + }, + test => { + "ExpectedServerCertType" => "P-256", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "EC", + "ExpectedServerCANames" => "empty", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 ECDSA Signature Algorithm Selection SHA1", + server => $server_tls_1_3, + client => { + "SignatureAlgorithms" => "ECDSA+SHA1", + }, + test => { + "ExpectedResult" => "ServerFail" + }, + }, + { + name => "TLS 1.3 ECDSA Signature Algorithm Selection with PSS", + server => $server_tls_1_3, + client => { + "SignatureAlgorithms" => "ECDSA+SHA256:RSA-PSS+SHA256", + "RequestCAFile" => test_pem("root-cert.pem"), + }, + test => { + "ExpectedServerCertType" => "P-256", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "EC", + "ExpectedServerCANames" => test_pem("root-cert.pem"), + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS", + server => $server_tls_1_3, + client => { + "SignatureAlgorithms" => "ECDSA+SHA384:RSA-PSS+SHA384", + }, + test => { + "ExpectedServerCertType" => "RSA", + "ExpectedServerSignHash" => "SHA384", + "ExpectedServerSignType" => "RSA-PSS", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3" + }, + client => { + "SignatureAlgorithms" => "ECDSA+SHA256", + }, + test => { + "ExpectedResult" => "ServerFail" + }, + }, + { + name => "TLS 1.3 RSA Signature Algorithm Selection, no PSS", + server => $server_tls_1_3, + client => { + "SignatureAlgorithms" => "RSA+SHA256", + }, + test => { + "ExpectedResult" => "ServerFail" + }, + }, + { + name => "TLS 1.3 RSA-PSS Signature Algorithm Selection", + server => $server_tls_1_3, + client => { + "SignatureAlgorithms" => "RSA-PSS+SHA256", + }, + test => { + "ExpectedServerCertType" => "RSA", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "RSA-PSS", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 Ed25519 Signature Algorithm Selection", + server => $server_tls_1_3, + client => { + "SignatureAlgorithms" => "ed25519", + }, + test => { + "ExpectedServerCertType" => "Ed25519", + "ExpectedServerSignType" => "Ed25519", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 Ed448 Signature Algorithm Selection", + server => $server_tls_1_3, + client => { + "SignatureAlgorithms" => "ed448", + "VerifyCAFile" => test_pem("root-ed448-cert.pem"), + }, + test => { + "ExpectedServerCertType" => "Ed448", + "ExpectedServerSignType" => "Ed448", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 Ed25519 CipherString and Groups Selection", + server => $server_tls_1_3, + client => { + "SignatureAlgorithms" => "ECDSA+SHA256:ed25519", + # Excluding P-256 from the supported groups list should + # mean server still uses a P-256 certificate because supported + # groups is not used in signature selection for TLS 1.3 + "Groups" => "X25519" + }, + test => { + "ExpectedServerCertType" =>, "P-256", + "ExpectedServerSignType" =>, "EC", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 Ed448 CipherString and Groups Selection", + server => $server_tls_1_3, + client => { + "SignatureAlgorithms" => "ECDSA+SHA256:ed448", + # Excluding P-256 from the supported groups list should + # mean server still uses a P-256 certificate because supported + # groups is not used in signature selection for TLS 1.3 + "Groups" => "X448" + }, + test => { + "ExpectedServerCertType" =>, "P-256", + "ExpectedServerSignType" =>, "EC", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection", + server => { + "ClientSignatureAlgorithms" => "PSS+SHA256", + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require" + }, + client => $client_tls_1_3, + test => { + "ExpectedClientCertType" => "RSA", + "ExpectedClientSignHash" => "SHA256", + "ExpectedClientSignType" => "RSA-PSS", + "ExpectedClientCANames" => "empty", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names", + server => { + "ClientSignatureAlgorithms" => "PSS+SHA256", + "VerifyCAFile" => test_pem("root-cert.pem"), + "RequestCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require" + }, + client => $client_tls_1_3, + test => { + "ExpectedClientCertType" => "RSA", + "ExpectedClientSignHash" => "SHA256", + "ExpectedClientSignType" => "RSA-PSS", + "ExpectedClientCANames" => test_pem("root-cert.pem"), + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 ECDSA Client Auth Signature Algorithm Selection", + server => { + "ClientSignatureAlgorithms" => "ECDSA+SHA256", + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require" + }, + client => $client_tls_1_3, + test => { + "ExpectedClientCertType" => "P-256", + "ExpectedClientSignHash" => "SHA256", + "ExpectedClientSignType" => "EC", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 Ed25519 Client Auth", + server => { + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require" + }, + client => { + "EdDSA.Certificate" => test_pem("client-ed25519-cert.pem"), + "EdDSA.PrivateKey" => test_pem("client-ed25519-key.pem"), + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3" + }, + test => { + "ExpectedClientCertType" => "Ed25519", + "ExpectedClientSignType" => "Ed25519", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 Ed448 Client Auth", + server => { + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require" + }, + client => { + "EdDSA.Certificate" => test_pem("client-ed448-cert.pem"), + "EdDSA.PrivateKey" => test_pem("client-ed448-key.pem"), + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3" + }, + test => { + "ExpectedClientCertType" => "Ed448", + "ExpectedClientSignType" => "Ed448", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 ECDSA with brainpool", + server => { + "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), + "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), + "Groups" => "brainpoolP256r1", + }, + client => { + "RequestCAFile" => test_pem("root-cert.pem"), + "Groups" => "brainpoolP256r1", + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3" + }, + test => { + "ExpectedResult" => "ServerFail" + }, + }, +); + +push @tests, @tests_tls_1_3 unless disabled("tls1_3"); + +my @tests_dsa_tls_1_2 = ( + { + name => "TLS 1.2 DSA Certificate Test", + server => { + "DSA.Certificate" => test_pem("server-dsa-cert.pem"), + "DSA.PrivateKey" => test_pem("server-dsa-key.pem"), + "DHParameters" => test_pem("dhp2048.pem"), + "MinProtocol" => "TLSv1.2", + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ALL", + }, + client => { + "SignatureAlgorithms" => "DSA+SHA256:DSA+SHA1", + "CipherString" => "ALL", + }, + test => { + "ExpectedResult" => "Success" + }, + }, +); + +my @tests_dsa_tls_1_3 = ( + { + name => "TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms", + server => { + "ClientSignatureAlgorithms" => "ECDSA+SHA1:DSA+SHA256:RSA+SHA256", + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Request" + }, + client => {}, + test => { + "ExpectedResult" => "ServerFail" + }, + }, + { + name => "TLS 1.3 DSA Certificate Test", + server => { + "DSA.Certificate" => test_pem("server-dsa-cert.pem"), + "DSA.PrivateKey" => test_pem("server-dsa-key.pem"), + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "CipherString" => "ALL", + }, + client => { + "SignatureAlgorithms" => "DSA+SHA1:DSA+SHA256:ECDSA+SHA256", + "CipherString" => "ALL", + }, + test => { + "ExpectedResult" => "ServerFail" + }, + }, +); + +if (!disabled("dsa")) { + push @tests, @tests_dsa_tls_1_2 unless disabled("dh"); + push @tests, @tests_dsa_tls_1_3 unless disabled("tls1_3"); +} diff --git a/test/ssl-tests/20-cert-select.conf b/test/ssl-tests/20-cert-select.conf deleted file mode 100644 index 757b973e57..0000000000 --- a/test/ssl-tests/20-cert-select.conf +++ /dev/null @@ -1,1816 +0,0 @@ -# Generated with generate_ssl_tests.pl - -num_tests = 56 - -test-0 = 0-ECDSA CipherString Selection -test-1 = 1-ECDSA CipherString Selection -test-2 = 2-ECDSA CipherString Selection -test-3 = 3-Ed25519 CipherString and Signature Algorithm Selection -test-4 = 4-Ed448 CipherString and Signature Algorithm Selection -test-5 = 5-ECDSA with brainpool -test-6 = 6-RSA CipherString Selection -test-7 = 7-RSA-PSS Certificate CipherString Selection -test-8 = 8-P-256 CipherString and Signature Algorithm Selection -test-9 = 9-Ed25519 CipherString and Curves Selection -test-10 = 10-Ed448 CipherString and Curves Selection -test-11 = 11-ECDSA CipherString Selection, no ECDSA certificate -test-12 = 12-ECDSA Signature Algorithm Selection -test-13 = 13-ECDSA Signature Algorithm Selection SHA384 -test-14 = 14-ECDSA Signature Algorithm Selection SHA1 -test-15 = 15-ECDSA Signature Algorithm Selection compressed point -test-16 = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate -test-17 = 17-RSA Signature Algorithm Selection -test-18 = 18-RSA-PSS Signature Algorithm Selection -test-19 = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection -test-20 = 20-RSA-PSS Certificate Unified Signature Algorithm Selection -test-21 = 21-Only RSA-PSS Certificate -test-22 = 22-Only RSA-PSS Certificate Valid Signature Algorithms -test-23 = 23-RSA-PSS Certificate, no PSS signature algorithms -test-24 = 24-Only RSA-PSS Restricted Certificate -test-25 = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms -test-26 = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm -test-27 = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms -test-28 = 28-RSA key exchange with all RSA certificate types -test-29 = 29-RSA key exchange with only RSA-PSS certificate -test-30 = 30-Suite B P-256 Hash Algorithm Selection -test-31 = 31-Suite B P-384 Hash Algorithm Selection -test-32 = 32-TLS 1.2 Ed25519 Client Auth -test-33 = 33-TLS 1.2 Ed448 Client Auth -test-34 = 34-Only RSA-PSS Certificate, TLS v1.1 -test-35 = 35-TLS 1.3 ECDSA Signature Algorithm Selection -test-36 = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point -test-37 = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1 -test-38 = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS -test-39 = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS -test-40 = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate -test-41 = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS -test-42 = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection -test-43 = 43-TLS 1.3 Ed25519 Signature Algorithm Selection -test-44 = 44-TLS 1.3 Ed448 Signature Algorithm Selection -test-45 = 45-TLS 1.3 Ed25519 CipherString and Groups Selection -test-46 = 46-TLS 1.3 Ed448 CipherString and Groups Selection -test-47 = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection -test-48 = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names -test-49 = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection -test-50 = 50-TLS 1.3 Ed25519 Client Auth -test-51 = 51-TLS 1.3 Ed448 Client Auth -test-52 = 52-TLS 1.3 ECDSA with brainpool -test-53 = 53-TLS 1.2 DSA Certificate Test -test-54 = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms -test-55 = 55-TLS 1.3 DSA Certificate Test -# =========================================================== - -[0-ECDSA CipherString Selection] -ssl_conf = 0-ECDSA CipherString Selection-ssl - -[0-ECDSA CipherString Selection-ssl] -server = 0-ECDSA CipherString Selection-server -client = 0-ECDSA CipherString Selection-client - -[0-ECDSA CipherString Selection-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem -Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem -Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[0-ECDSA CipherString Selection-client] -CipherString = aECDSA -MaxProtocol = TLSv1.2 -RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-0] -ExpectedResult = Success -ExpectedServerCANames = empty -ExpectedServerCertType = P-256 -ExpectedServerSignType = EC - - -# =========================================================== - -[1-ECDSA CipherString Selection] -ssl_conf = 1-ECDSA CipherString Selection-ssl - -[1-ECDSA CipherString Selection-ssl] -server = 1-ECDSA CipherString Selection-server -client = 1-ECDSA CipherString Selection-client - -[1-ECDSA CipherString Selection-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -Groups = P-384 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[1-ECDSA CipherString Selection-client] -CipherString = aECDSA -Groups = P-256:P-384 -MaxProtocol = TLSv1.2 -RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-1] -ExpectedResult = Success -ExpectedServerCANames = empty -ExpectedServerCertType = P-256 -ExpectedServerSignType = EC - - -# =========================================================== - -[2-ECDSA CipherString Selection] -ssl_conf = 2-ECDSA CipherString Selection-ssl - -[2-ECDSA CipherString Selection-ssl] -server = 2-ECDSA CipherString Selection-server -client = 2-ECDSA CipherString Selection-client - -[2-ECDSA CipherString Selection-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -Groups = P-256:P-384 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[2-ECDSA CipherString Selection-client] -CipherString = aECDSA -Groups = P-384 -MaxProtocol = TLSv1.2 -RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-2] -ExpectedResult = ServerFail - - -# =========================================================== - -[3-Ed25519 CipherString and Signature Algorithm Selection] -ssl_conf = 3-Ed25519 CipherString and Signature Algorithm Selection-ssl - -[3-Ed25519 CipherString and Signature Algorithm Selection-ssl] -server = 3-Ed25519 CipherString and Signature Algorithm Selection-server -client = 3-Ed25519 CipherString and Signature Algorithm Selection-client - -[3-Ed25519 CipherString and Signature Algorithm Selection-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem -Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem -Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[3-Ed25519 CipherString and Signature Algorithm Selection-client] -CipherString = aECDSA -MaxProtocol = TLSv1.2 -RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -SignatureAlgorithms = ed25519:ECDSA+SHA256 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-3] -ExpectedResult = Success -ExpectedServerCANames = empty -ExpectedServerCertType = Ed25519 -ExpectedServerSignType = Ed25519 - - -# =========================================================== - -[4-Ed448 CipherString and Signature Algorithm Selection] -ssl_conf = 4-Ed448 CipherString and Signature Algorithm Selection-ssl - -[4-Ed448 CipherString and Signature Algorithm Selection-ssl] -server = 4-Ed448 CipherString and Signature Algorithm Selection-server -client = 4-Ed448 CipherString and Signature Algorithm Selection-client - -[4-Ed448 CipherString and Signature Algorithm Selection-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem -Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem -Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[4-Ed448 CipherString and Signature Algorithm Selection-client] -CipherString = aECDSA -MaxProtocol = TLSv1.2 -RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem -SignatureAlgorithms = ed448:ECDSA+SHA256 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem -VerifyMode = Peer - -[test-4] -ExpectedResult = Success -ExpectedServerCANames = empty -ExpectedServerCertType = Ed448 -ExpectedServerSignType = Ed448 - - -# =========================================================== - -[5-ECDSA with brainpool] -ssl_conf = 5-ECDSA with brainpool-ssl - -[5-ECDSA with brainpool-ssl] -server = 5-ECDSA with brainpool-server -client = 5-ECDSA with brainpool-client - -[5-ECDSA with brainpool-server] -Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem -CipherString = DEFAULT -Groups = brainpoolP256r1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem - -[5-ECDSA with brainpool-client] -CipherString = aECDSA -Groups = brainpoolP256r1 -RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-5] -ExpectedResult = Success -ExpectedServerCANames = empty -ExpectedServerCertType = brainpoolP256r1 -ExpectedServerSignType = EC - - -# =========================================================== - -[6-RSA CipherString Selection] -ssl_conf = 6-RSA CipherString Selection-ssl - -[6-RSA CipherString Selection-ssl] -server = 6-RSA CipherString Selection-server -client = 6-RSA CipherString Selection-client - -[6-RSA CipherString Selection-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem -Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem -Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[6-RSA CipherString Selection-client] -CipherString = aRSA -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-6] -ExpectedResult = Success -ExpectedServerCertType = RSA -ExpectedServerSignType = RSA-PSS - - -# =========================================================== - -[7-RSA-PSS Certificate CipherString Selection] -ssl_conf = 7-RSA-PSS Certificate CipherString Selection-ssl - -[7-RSA-PSS Certificate CipherString Selection-ssl] -server = 7-RSA-PSS Certificate CipherString Selection-server -client = 7-RSA-PSS Certificate CipherString Selection-client - -[7-RSA-PSS Certificate CipherString Selection-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem -Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem -Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem -MaxProtocol = TLSv1.2 -PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem -PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[7-RSA-PSS Certificate CipherString Selection-client] -CipherString = aRSA -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-7] -ExpectedResult = Success -ExpectedServerCertType = RSA-PSS -ExpectedServerSignType = RSA-PSS - - -# =========================================================== - -[8-P-256 CipherString and Signature Algorithm Selection] -ssl_conf = 8-P-256 CipherString and Signature Algorithm Selection-ssl - -[8-P-256 CipherString and Signature Algorithm Selection-ssl] -server = 8-P-256 CipherString and Signature Algorithm Selection-server -client = 8-P-256 CipherString and Signature Algorithm Selection-client - -[8-P-256 CipherString and Signature Algorithm Selection-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem -Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem -Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[8-P-256 CipherString and Signature Algorithm Selection-client] -CipherString = aECDSA -MaxProtocol = TLSv1.2 -SignatureAlgorithms = ECDSA+SHA256:ed25519 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-8] -ExpectedResult = Success -ExpectedServerCertType = P-256 -ExpectedServerSignHash = SHA256 -ExpectedServerSignType = EC - - -# =========================================================== - -[9-Ed25519 CipherString and Curves Selection] -ssl_conf = 9-Ed25519 CipherString and Curves Selection-ssl - -[9-Ed25519 CipherString and Curves Selection-ssl] -server = 9-Ed25519 CipherString and Curves Selection-server -client = 9-Ed25519 CipherString and Curves Selection-client - -[9-Ed25519 CipherString and Curves Selection-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem -Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem -Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[9-Ed25519 CipherString and Curves Selection-client] -CipherString = aECDSA -Curves = X25519 -MaxProtocol = TLSv1.2 -SignatureAlgorithms = ECDSA+SHA256:ed25519 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-9] -ExpectedResult = Success -ExpectedServerCertType = Ed25519 -ExpectedServerSignType = Ed25519 - - -# =========================================================== - -[10-Ed448 CipherString and Curves Selection] -ssl_conf = 10-Ed448 CipherString and Curves Selection-ssl - -[10-Ed448 CipherString and Curves Selection-ssl] -server = 10-Ed448 CipherString and Curves Selection-server -client = 10-Ed448 CipherString and Curves Selection-client - -[10-Ed448 CipherString and Curves Selection-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem -Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem -Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[10-Ed448 CipherString and Curves Selection-client] -CipherString = aECDSA -Curves = X448 -MaxProtocol = TLSv1.2 -SignatureAlgorithms = ECDSA+SHA256:ed448 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem -VerifyMode = Peer - -[test-10] -ExpectedResult = Success -ExpectedServerCertType = Ed448 -ExpectedServerSignType = Ed448 - - -# =========================================================== - -[11-ECDSA CipherString Selection, no ECDSA certificate] -ssl_conf = 11-ECDSA CipherString Selection, no ECDSA certificate-ssl - -[11-ECDSA CipherString Selection, no ECDSA certificate-ssl] -server = 11-ECDSA CipherString Selection, no ECDSA certificate-server -client = 11-ECDSA CipherString Selection, no ECDSA certificate-client - -[11-ECDSA CipherString Selection, no ECDSA certificate-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[11-ECDSA CipherString Selection, no ECDSA certificate-client] -CipherString = aECDSA -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-11] -ExpectedResult = ServerFail - - -# =========================================================== - -[12-ECDSA Signature Algorithm Selection] -ssl_conf = 12-ECDSA Signature Algorithm Selection-ssl - -[12-ECDSA Signature Algorithm Selection-ssl] -server = 12-ECDSA Signature Algorithm Selection-server -client = 12-ECDSA Signature Algorithm Selection-client - -[12-ECDSA Signature Algorithm Selection-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem -Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem -Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[12-ECDSA Signature Algorithm Selection-client] -CipherString = DEFAULT -SignatureAlgorithms = ECDSA+SHA256 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-12] -ExpectedResult = Success -ExpectedServerCertType = P-256 -ExpectedServerSignHash = SHA256 -ExpectedServerSignType = EC - - -# =========================================================== - -[13-ECDSA Signature Algorithm Selection SHA384] -ssl_conf = 13-ECDSA Signature Algorithm Selection SHA384-ssl - -[13-ECDSA Signature Algorithm Selection SHA384-ssl] -server = 13-ECDSA Signature Algorithm Selection SHA384-server -client = 13-ECDSA Signature Algorithm Selection SHA384-client - -[13-ECDSA Signature Algorithm Selection SHA384-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem -Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem -Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[13-ECDSA Signature Algorithm Selection SHA384-client] -CipherString = DEFAULT -SignatureAlgorithms = ECDSA+SHA384 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-13] -ExpectedResult = Success -ExpectedServerCertType = P-256 -ExpectedServerSignHash = SHA384 -ExpectedServerSignType = EC - - -# =========================================================== - -[14-ECDSA Signature Algorithm Selection SHA1] -ssl_conf = 14-ECDSA Signature Algorithm Selection SHA1-ssl - -[14-ECDSA Signature Algorithm Selection SHA1-ssl] -server = 14-ECDSA Signature Algorithm Selection SHA1-server -client = 14-ECDSA Signature Algorithm Selection SHA1-client - -[14-ECDSA Signature Algorithm Selection SHA1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem -Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem -Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[14-ECDSA Signature Algorithm Selection SHA1-client] -CipherString = DEFAULT -SignatureAlgorithms = ECDSA+SHA1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-14] -ExpectedResult = Success -ExpectedServerCertType = P-256 -ExpectedServerSignHash = SHA1 -ExpectedServerSignType = EC - - -# =========================================================== - -[15-ECDSA Signature Algorithm Selection compressed point] -ssl_conf = 15-ECDSA Signature Algorithm Selection compressed point-ssl - -[15-ECDSA Signature Algorithm Selection compressed point-ssl] -server = 15-ECDSA Signature Algorithm Selection compressed point-server -client = 15-ECDSA Signature Algorithm Selection compressed point-client - -[15-ECDSA Signature Algorithm Selection compressed point-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[15-ECDSA Signature Algorithm Selection compressed point-client] -CipherString = DEFAULT -SignatureAlgorithms = ECDSA+SHA256 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-15] -ExpectedResult = Success -ExpectedServerCertType = P-256 -ExpectedServerSignHash = SHA256 -ExpectedServerSignType = EC - - -# =========================================================== - -[16-ECDSA Signature Algorithm Selection, no ECDSA certificate] -ssl_conf = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl - -[16-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl] -server = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-server -client = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-client - -[16-ECDSA Signature Algorithm Selection, no ECDSA certificate-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[16-ECDSA Signature Algorithm Selection, no ECDSA certificate-client] -CipherString = DEFAULT -SignatureAlgorithms = ECDSA+SHA256 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-16] -ExpectedResult = ServerFail - - -# =========================================================== - -[17-RSA Signature Algorithm Selection] -ssl_conf = 17-RSA Signature Algorithm Selection-ssl - -[17-RSA Signature Algorithm Selection-ssl] -server = 17-RSA Signature Algorithm Selection-server -client = 17-RSA Signature Algorithm Selection-client - -[17-RSA Signature Algorithm Selection-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem -Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem -Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[17-RSA Signature Algorithm Selection-client] -CipherString = DEFAULT -SignatureAlgorithms = RSA+SHA256 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-17] -ExpectedResult = Success -ExpectedServerCertType = RSA -ExpectedServerSignHash = SHA256 -ExpectedServerSignType = RSA - - -# =========================================================== - -[18-RSA-PSS Signature Algorithm Selection] -ssl_conf = 18-RSA-PSS Signature Algorithm Selection-ssl - -[18-RSA-PSS Signature Algorithm Selection-ssl] -server = 18-RSA-PSS Signature Algorithm Selection-server -client = 18-RSA-PSS Signature Algorithm Selection-client - -[18-RSA-PSS Signature Algorithm Selection-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem -Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem -Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[18-RSA-PSS Signature Algorithm Selection-client] -CipherString = DEFAULT -SignatureAlgorithms = RSA-PSS+SHA256 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-18] -ExpectedResult = Success -ExpectedServerCertType = RSA -ExpectedServerSignHash = SHA256 -ExpectedServerSignType = RSA-PSS - - -# =========================================================== - -[19-RSA-PSS Certificate Legacy Signature Algorithm Selection] -ssl_conf = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl - -[19-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl] -server = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-server -client = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-client - -[19-RSA-PSS Certificate Legacy Signature Algorithm Selection-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem -Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem -Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem -MaxProtocol = TLSv1.2 -PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem -PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[19-RSA-PSS Certificate Legacy Signature Algorithm Selection-client] -CipherString = DEFAULT -SignatureAlgorithms = RSA-PSS+SHA256 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-19] -ExpectedResult = Success -ExpectedServerCertType = RSA -ExpectedServerSignHash = SHA256 -ExpectedServerSignType = RSA-PSS - - -# =========================================================== - -[20-RSA-PSS Certificate Unified Signature Algorithm Selection] -ssl_conf = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl - -[20-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl] -server = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-server -client = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-client - -[20-RSA-PSS Certificate Unified Signature Algorithm Selection-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem -Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem -Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem -MaxProtocol = TLSv1.2 -PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem -PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[20-RSA-PSS Certificate Unified Signature Algorithm Selection-client] -CipherString = DEFAULT -SignatureAlgorithms = rsa_pss_pss_sha256 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-20] -ExpectedResult = Success -ExpectedServerCertType = RSA-PSS -ExpectedServerSignHash = SHA256 -ExpectedServerSignType = RSA-PSS - - -# =========================================================== - -[21-Only RSA-PSS Certificate] -ssl_conf = 21-Only RSA-PSS Certificate-ssl - -[21-Only RSA-PSS Certificate-ssl] -server = 21-Only RSA-PSS Certificate-server -client = 21-Only RSA-PSS Certificate-client - -[21-Only RSA-PSS Certificate-server] -Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem - -[21-Only RSA-PSS Certificate-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-21] -ExpectedResult = Success -ExpectedServerCertType = RSA-PSS -ExpectedServerSignHash = SHA256 -ExpectedServerSignType = RSA-PSS - - -# =========================================================== - -[22-Only RSA-PSS Certificate Valid Signature Algorithms] -ssl_conf = 22-Only RSA-PSS Certificate Valid Signature Algorithms-ssl - -[22-Only RSA-PSS Certificate Valid Signature Algorithms-ssl] -server = 22-Only RSA-PSS Certificate Valid Signature Algorithms-server -client = 22-Only RSA-PSS Certificate Valid Signature Algorithms-client - -[22-Only RSA-PSS Certificate Valid Signature Algorithms-server] -Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem - -[22-Only RSA-PSS Certificate Valid Signature Algorithms-client] -CipherString = DEFAULT -SignatureAlgorithms = rsa_pss_pss_sha512 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-22] -ExpectedResult = Success -ExpectedServerCertType = RSA-PSS -ExpectedServerSignHash = SHA512 -ExpectedServerSignType = RSA-PSS - - -# =========================================================== - -[23-RSA-PSS Certificate, no PSS signature algorithms] -ssl_conf = 23-RSA-PSS Certificate, no PSS signature algorithms-ssl - -[23-RSA-PSS Certificate, no PSS signature algorithms-ssl] -server = 23-RSA-PSS Certificate, no PSS signature algorithms-server -client = 23-RSA-PSS Certificate, no PSS signature algorithms-client - -[23-RSA-PSS Certificate, no PSS signature algorithms-server] -Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem - -[23-RSA-PSS Certificate, no PSS signature algorithms-client] -CipherString = DEFAULT -SignatureAlgorithms = RSA+SHA256 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-23] -ExpectedResult = ServerFail - - -# =========================================================== - -[24-Only RSA-PSS Restricted Certificate] -ssl_conf = 24-Only RSA-PSS Restricted Certificate-ssl - -[24-Only RSA-PSS Restricted Certificate-ssl] -server = 24-Only RSA-PSS Restricted Certificate-server -client = 24-Only RSA-PSS Restricted Certificate-client - -[24-Only RSA-PSS Restricted Certificate-server] -Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem - -[24-Only RSA-PSS Restricted Certificate-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-24] -ExpectedResult = Success -ExpectedServerCertType = RSA-PSS -ExpectedServerSignHash = SHA256 -ExpectedServerSignType = RSA-PSS - - -# =========================================================== - -[25-RSA-PSS Restricted Certificate Valid Signature Algorithms] -ssl_conf = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms-ssl - -[25-RSA-PSS Restricted Certificate Valid Signature Algorithms-ssl] -server = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms-server -client = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms-client - -[25-RSA-PSS Restricted Certificate Valid Signature Algorithms-server] -Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem - -[25-RSA-PSS Restricted Certificate Valid Signature Algorithms-client] -CipherString = DEFAULT -SignatureAlgorithms = rsa_pss_pss_sha256:rsa_pss_pss_sha512 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-25] -ExpectedResult = Success -ExpectedServerCertType = RSA-PSS -ExpectedServerSignHash = SHA256 -ExpectedServerSignType = RSA-PSS - - -# =========================================================== - -[26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm] -ssl_conf = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-ssl - -[26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-ssl] -server = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-server -client = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-client - -[26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-server] -Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem - -[26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-client] -CipherString = DEFAULT -SignatureAlgorithms = rsa_pss_pss_sha512:rsa_pss_pss_sha256 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-26] -ExpectedResult = Success -ExpectedServerCertType = RSA-PSS -ExpectedServerSignHash = SHA256 -ExpectedServerSignType = RSA-PSS - - -# =========================================================== - -[27-RSA-PSS Restricted Certificate Invalid Signature Algorithms] -ssl_conf = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-ssl - -[27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-ssl] -server = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-server -client = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-client - -[27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-server] -Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem - -[27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-client] -CipherString = DEFAULT -SignatureAlgorithms = rsa_pss_pss_sha512 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-27] -ExpectedResult = ServerFail - - -# =========================================================== - -[28-RSA key exchange with all RSA certificate types] -ssl_conf = 28-RSA key exchange with all RSA certificate types-ssl - -[28-RSA key exchange with all RSA certificate types-ssl] -server = 28-RSA key exchange with all RSA certificate types-server -client = 28-RSA key exchange with all RSA certificate types-client - -[28-RSA key exchange with all RSA certificate types-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem -PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[28-RSA key exchange with all RSA certificate types-client] -CipherString = kRSA -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-28] -ExpectedResult = Success -ExpectedServerCertType = RSA - - -# =========================================================== - -[29-RSA key exchange with only RSA-PSS certificate] -ssl_conf = 29-RSA key exchange with only RSA-PSS certificate-ssl - -[29-RSA key exchange with only RSA-PSS certificate-ssl] -server = 29-RSA key exchange with only RSA-PSS certificate-server -client = 29-RSA key exchange with only RSA-PSS certificate-client - -[29-RSA key exchange with only RSA-PSS certificate-server] -Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem - -[29-RSA key exchange with only RSA-PSS certificate-client] -CipherString = kRSA -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-29] -ExpectedResult = ServerFail - - -# =========================================================== - -[30-Suite B P-256 Hash Algorithm Selection] -ssl_conf = 30-Suite B P-256 Hash Algorithm Selection-ssl - -[30-Suite B P-256 Hash Algorithm Selection-ssl] -server = 30-Suite B P-256 Hash Algorithm Selection-server -client = 30-Suite B P-256 Hash Algorithm Selection-client - -[30-Suite B P-256 Hash Algorithm Selection-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = SUITEB128 -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p256-server-cert.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p256-server-key.pem -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[30-Suite B P-256 Hash Algorithm Selection-client] -CipherString = DEFAULT -SignatureAlgorithms = ECDSA+SHA384:ECDSA+SHA256 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem -VerifyMode = Peer - -[test-30] -ExpectedResult = Success -ExpectedServerCertType = P-256 -ExpectedServerSignHash = SHA256 -ExpectedServerSignType = EC - - -# =========================================================== - -[31-Suite B P-384 Hash Algorithm Selection] -ssl_conf = 31-Suite B P-384 Hash Algorithm Selection-ssl - -[31-Suite B P-384 Hash Algorithm Selection-ssl] -server = 31-Suite B P-384 Hash Algorithm Selection-server -client = 31-Suite B P-384 Hash Algorithm Selection-client - -[31-Suite B P-384 Hash Algorithm Selection-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = SUITEB128 -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[31-Suite B P-384 Hash Algorithm Selection-client] -CipherString = DEFAULT -SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem -VerifyMode = Peer - -[test-31] -ExpectedResult = Success -ExpectedServerCertType = P-384 -ExpectedServerSignHash = SHA384 -ExpectedServerSignType = EC - - -# =========================================================== - -[32-TLS 1.2 Ed25519 Client Auth] -ssl_conf = 32-TLS 1.2 Ed25519 Client Auth-ssl - -[32-TLS 1.2 Ed25519 Client Auth-ssl] -server = 32-TLS 1.2 Ed25519 Client Auth-server -client = 32-TLS 1.2 Ed25519 Client Auth-client - -[32-TLS 1.2 Ed25519 Client Auth-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyMode = Require - -[32-TLS 1.2 Ed25519 Client Auth-client] -CipherString = DEFAULT -Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem -Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-32] -ExpectedClientCertType = Ed25519 -ExpectedClientSignType = Ed25519 -ExpectedResult = Success - - -# =========================================================== - -[33-TLS 1.2 Ed448 Client Auth] -ssl_conf = 33-TLS 1.2 Ed448 Client Auth-ssl - -[33-TLS 1.2 Ed448 Client Auth-ssl] -server = 33-TLS 1.2 Ed448 Client Auth-server -client = 33-TLS 1.2 Ed448 Client Auth-client - -[33-TLS 1.2 Ed448 Client Auth-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyMode = Require - -[33-TLS 1.2 Ed448 Client Auth-client] -CipherString = DEFAULT -Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem -Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-33] -ExpectedClientCertType = Ed448 -ExpectedClientSignType = Ed448 -ExpectedResult = Success - - -# =========================================================== - -[34-Only RSA-PSS Certificate, TLS v1.1] -ssl_conf = 34-Only RSA-PSS Certificate, TLS v1.1-ssl - -[34-Only RSA-PSS Certificate, TLS v1.1-ssl] -server = 34-Only RSA-PSS Certificate, TLS v1.1-server -client = 34-Only RSA-PSS Certificate, TLS v1.1-client - -[34-Only RSA-PSS Certificate, TLS v1.1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem - -[34-Only RSA-PSS Certificate, TLS v1.1-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-34] -ExpectedResult = ServerFail - - -# =========================================================== - -[35-TLS 1.3 ECDSA Signature Algorithm Selection] -ssl_conf = 35-TLS 1.3 ECDSA Signature Algorithm Selection-ssl - -[35-TLS 1.3 ECDSA Signature Algorithm Selection-ssl] -server = 35-TLS 1.3 ECDSA Signature Algorithm Selection-server -client = 35-TLS 1.3 ECDSA Signature Algorithm Selection-client - -[35-TLS 1.3 ECDSA Signature Algorithm Selection-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem -Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem -Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[35-TLS 1.3 ECDSA Signature Algorithm Selection-client] -CipherString = DEFAULT -SignatureAlgorithms = ECDSA+SHA256 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-35] -ExpectedResult = Success -ExpectedServerCANames = empty -ExpectedServerCertType = P-256 -ExpectedServerSignHash = SHA256 -ExpectedServerSignType = EC - - -# =========================================================== - -[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point] -ssl_conf = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl - -[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl] -server = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server -client = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client - -[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client] -CipherString = DEFAULT -SignatureAlgorithms = ECDSA+SHA256 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-36] -ExpectedResult = Success -ExpectedServerCANames = empty -ExpectedServerCertType = P-256 -ExpectedServerSignHash = SHA256 -ExpectedServerSignType = EC - - -# =========================================================== - -[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1] -ssl_conf = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl - -[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl] -server = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server -client = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client - -[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem -Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem -Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client] -CipherString = DEFAULT -SignatureAlgorithms = ECDSA+SHA1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-37] -ExpectedResult = ServerFail - - -# =========================================================== - -[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS] -ssl_conf = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl - -[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl] -server = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server -client = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client - -[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem -Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem -Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client] -CipherString = DEFAULT -RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -SignatureAlgorithms = ECDSA+SHA256:RSA-PSS+SHA256 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-38] -ExpectedResult = Success -ExpectedServerCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem -ExpectedServerCertType = P-256 -ExpectedServerSignHash = SHA256 -ExpectedServerSignType = EC - - -# =========================================================== - -[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS] -ssl_conf = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl - -[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl] -server = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server -client = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client - -[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem -Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem -Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client] -CipherString = DEFAULT -SignatureAlgorithms = ECDSA+SHA384:RSA-PSS+SHA384 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-39] -ExpectedResult = Success -ExpectedServerCertType = RSA -ExpectedServerSignHash = SHA384 -ExpectedServerSignType = RSA-PSS - - -# =========================================================== - -[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate] -ssl_conf = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl - -[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl] -server = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server -client = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client - -[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client] -CipherString = DEFAULT -SignatureAlgorithms = ECDSA+SHA256 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-40] -ExpectedResult = ServerFail - - -# =========================================================== - -[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS] -ssl_conf = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl - -[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl] -server = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server -client = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client - -[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem -Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem -Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client] -CipherString = DEFAULT -SignatureAlgorithms = RSA+SHA256 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-41] -ExpectedResult = ServerFail - - -# =========================================================== - -[42-TLS 1.3 RSA-PSS Signature Algorithm Selection] -ssl_conf = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl - -[42-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl] -server = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-server -client = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-client - -[42-TLS 1.3 RSA-PSS Signature Algorithm Selection-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem -Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem -Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[42-TLS 1.3 RSA-PSS Signature Algorithm Selection-client] -CipherString = DEFAULT -SignatureAlgorithms = RSA-PSS+SHA256 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-42] -ExpectedResult = Success -ExpectedServerCertType = RSA -ExpectedServerSignHash = SHA256 -ExpectedServerSignType = RSA-PSS - - -# =========================================================== - -[43-TLS 1.3 Ed25519 Signature Algorithm Selection] -ssl_conf = 43-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl - -[43-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl] -server = 43-TLS 1.3 Ed25519 Signature Algorithm Selection-server -client = 43-TLS 1.3 Ed25519 Signature Algorithm Selection-client - -[43-TLS 1.3 Ed25519 Signature Algorithm Selection-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem -Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem -Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[43-TLS 1.3 Ed25519 Signature Algorithm Selection-client] -CipherString = DEFAULT -SignatureAlgorithms = ed25519 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-43] -ExpectedResult = Success -ExpectedServerCertType = Ed25519 -ExpectedServerSignType = Ed25519 - - -# =========================================================== - -[44-TLS 1.3 Ed448 Signature Algorithm Selection] -ssl_conf = 44-TLS 1.3 Ed448 Signature Algorithm Selection-ssl - -[44-TLS 1.3 Ed448 Signature Algorithm Selection-ssl] -server = 44-TLS 1.3 Ed448 Signature Algorithm Selection-server -client = 44-TLS 1.3 Ed448 Signature Algorithm Selection-client - -[44-TLS 1.3 Ed448 Signature Algorithm Selection-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem -Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem -Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[44-TLS 1.3 Ed448 Signature Algorithm Selection-client] -CipherString = DEFAULT -SignatureAlgorithms = ed448 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem -VerifyMode = Peer - -[test-44] -ExpectedResult = Success -ExpectedServerCertType = Ed448 -ExpectedServerSignType = Ed448 - - -# =========================================================== - -[45-TLS 1.3 Ed25519 CipherString and Groups Selection] -ssl_conf = 45-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl - -[45-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl] -server = 45-TLS 1.3 Ed25519 CipherString and Groups Selection-server -client = 45-TLS 1.3 Ed25519 CipherString and Groups Selection-client - -[45-TLS 1.3 Ed25519 CipherString and Groups Selection-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem -Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem -Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[45-TLS 1.3 Ed25519 CipherString and Groups Selection-client] -CipherString = DEFAULT -Groups = X25519 -SignatureAlgorithms = ECDSA+SHA256:ed25519 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-45] -ExpectedResult = Success -ExpectedServerCertType = P-256 -ExpectedServerSignType = EC - - -# =========================================================== - -[46-TLS 1.3 Ed448 CipherString and Groups Selection] -ssl_conf = 46-TLS 1.3 Ed448 CipherString and Groups Selection-ssl - -[46-TLS 1.3 Ed448 CipherString and Groups Selection-ssl] -server = 46-TLS 1.3 Ed448 CipherString and Groups Selection-server -client = 46-TLS 1.3 Ed448 CipherString and Groups Selection-client - -[46-TLS 1.3 Ed448 CipherString and Groups Selection-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem -Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem -Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[46-TLS 1.3 Ed448 CipherString and Groups Selection-client] -CipherString = DEFAULT -Groups = X448 -SignatureAlgorithms = ECDSA+SHA256:ed448 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-46] -ExpectedResult = Success -ExpectedServerCertType = P-256 -ExpectedServerSignType = EC - - -# =========================================================== - -[47-TLS 1.3 RSA Client Auth Signature Algorithm Selection] -ssl_conf = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl - -[47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl] -server = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server -client = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client - -[47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ClientSignatureAlgorithms = PSS+SHA256 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyMode = Require - -[47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client] -CipherString = DEFAULT -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem -RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-47] -ExpectedClientCANames = empty -ExpectedClientCertType = RSA -ExpectedClientSignHash = SHA256 -ExpectedClientSignType = RSA-PSS -ExpectedResult = Success - - -# =========================================================== - -[48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names] -ssl_conf = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl - -[48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl] -server = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server -client = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client - -[48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ClientSignatureAlgorithms = PSS+SHA256 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyMode = Require - -[48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client] -CipherString = DEFAULT -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem -RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-48] -ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem -ExpectedClientCertType = RSA -ExpectedClientSignHash = SHA256 -ExpectedClientSignType = RSA-PSS -ExpectedResult = Success - - -# =========================================================== - -[49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection] -ssl_conf = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl - -[49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl] -server = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server -client = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client - -[49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ClientSignatureAlgorithms = ECDSA+SHA256 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyMode = Require - -[49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client] -CipherString = DEFAULT -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem -RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-49] -ExpectedClientCertType = P-256 -ExpectedClientSignHash = SHA256 -ExpectedClientSignType = EC -ExpectedResult = Success - - -# =========================================================== - -[50-TLS 1.3 Ed25519 Client Auth] -ssl_conf = 50-TLS 1.3 Ed25519 Client Auth-ssl - -[50-TLS 1.3 Ed25519 Client Auth-ssl] -server = 50-TLS 1.3 Ed25519 Client Auth-server -client = 50-TLS 1.3 Ed25519 Client Auth-client - -[50-TLS 1.3 Ed25519 Client Auth-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyMode = Require - -[50-TLS 1.3 Ed25519 Client Auth-client] -CipherString = DEFAULT -EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem -EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-50] -ExpectedClientCertType = Ed25519 -ExpectedClientSignType = Ed25519 -ExpectedResult = Success - - -# =========================================================== - -[51-TLS 1.3 Ed448 Client Auth] -ssl_conf = 51-TLS 1.3 Ed448 Client Auth-ssl - -[51-TLS 1.3 Ed448 Client Auth-ssl] -server = 51-TLS 1.3 Ed448 Client Auth-server -client = 51-TLS 1.3 Ed448 Client Auth-client - -[51-TLS 1.3 Ed448 Client Auth-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyMode = Require - -[51-TLS 1.3 Ed448 Client Auth-client] -CipherString = DEFAULT -EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem -EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-51] -ExpectedClientCertType = Ed448 -ExpectedClientSignType = Ed448 -ExpectedResult = Success - - -# =========================================================== - -[52-TLS 1.3 ECDSA with brainpool] -ssl_conf = 52-TLS 1.3 ECDSA with brainpool-ssl - -[52-TLS 1.3 ECDSA with brainpool-ssl] -server = 52-TLS 1.3 ECDSA with brainpool-server -client = 52-TLS 1.3 ECDSA with brainpool-client - -[52-TLS 1.3 ECDSA with brainpool-server] -Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem -CipherString = DEFAULT -Groups = brainpoolP256r1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem - -[52-TLS 1.3 ECDSA with brainpool-client] -CipherString = DEFAULT -Groups = brainpoolP256r1 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-52] -ExpectedResult = ServerFail - - -# =========================================================== - -[53-TLS 1.2 DSA Certificate Test] -ssl_conf = 53-TLS 1.2 DSA Certificate Test-ssl - -[53-TLS 1.2 DSA Certificate Test-ssl] -server = 53-TLS 1.2 DSA Certificate Test-server -client = 53-TLS 1.2 DSA Certificate Test-client - -[53-TLS 1.2 DSA Certificate Test-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = ALL -DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem -DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem -DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[53-TLS 1.2 DSA Certificate Test-client] -CipherString = ALL -SignatureAlgorithms = DSA+SHA256:DSA+SHA1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-53] -ExpectedResult = Success - - -# =========================================================== - -[54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms] -ssl_conf = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl - -[54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl] -server = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server -client = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client - -[54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ClientSignatureAlgorithms = ECDSA+SHA1:DSA+SHA256:RSA+SHA256 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyMode = Request - -[54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-54] -ExpectedResult = ServerFail - - -# =========================================================== - -[55-TLS 1.3 DSA Certificate Test] -ssl_conf = 55-TLS 1.3 DSA Certificate Test-ssl - -[55-TLS 1.3 DSA Certificate Test-ssl] -server = 55-TLS 1.3 DSA Certificate Test-server -client = 55-TLS 1.3 DSA Certificate Test-client - -[55-TLS 1.3 DSA Certificate Test-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = ALL -DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem -DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[55-TLS 1.3 DSA Certificate Test-client] -CipherString = ALL -SignatureAlgorithms = DSA+SHA1:DSA+SHA256:ECDSA+SHA256 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-55] -ExpectedResult = ServerFail - - diff --git a/test/ssl-tests/20-cert-select.conf.in b/test/ssl-tests/20-cert-select.conf.in deleted file mode 100644 index 24093548cd..0000000000 --- a/test/ssl-tests/20-cert-select.conf.in +++ /dev/null @@ -1,933 +0,0 @@ -# -*- mode: perl; -*- - -## SSL test configurations - - -use strict; -use warnings; - -package ssltests; -use OpenSSL::Test::Utils; - -my $server = { - "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), - "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), - "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"), - "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"), - "Ed448.Certificate" => test_pem("server-ed448-cert.pem"), - "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"), - "MaxProtocol" => "TLSv1.2" -}; - -my $server_pss = { - "PSS.Certificate" => test_pem("server-pss-cert.pem"), - "PSS.PrivateKey" => test_pem("server-pss-key.pem"), - "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), - "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), - "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"), - "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"), - "Ed448.Certificate" => test_pem("server-ed448-cert.pem"), - "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"), - "MaxProtocol" => "TLSv1.2" -}; - -my $server_pss_only = { - "Certificate" => test_pem("server-pss-cert.pem"), - "PrivateKey" => test_pem("server-pss-key.pem"), -}; - -my $server_pss_restrict_only = { - "Certificate" => test_pem("server-pss-restrict-cert.pem"), - "PrivateKey" => test_pem("server-pss-restrict-key.pem"), -}; - - -my $server_rsa_all = { - "PSS.Certificate" => test_pem("server-pss-cert.pem"), - "PSS.PrivateKey" => test_pem("server-pss-key.pem"), - "Certificate" => test_pem("servercert.pem"), - "PrivateKey" => test_pem("serverkey.pem"), -}; - -our @tests = ( - { - name => "ECDSA CipherString Selection", - server => $server, - client => { - "CipherString" => "aECDSA", - "MaxProtocol" => "TLSv1.2", - "RequestCAFile" => test_pem("root-cert.pem"), - }, - test => { - "ExpectedServerCertType" =>, "P-256", - "ExpectedServerSignType" =>, "EC", - # Note: certificate_authorities not sent for TLS < 1.3 - "ExpectedServerCANames" =>, "empty", - "ExpectedResult" => "Success" - }, - }, - { - name => "ECDSA CipherString Selection", - server => { - "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), - "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), - "MaxProtocol" => "TLSv1.2", - #Deliberately set supported_groups to one not in the cert. This - #should be tolerated - "Groups" => "P-384" - }, - client => { - "CipherString" => "aECDSA", - "MaxProtocol" => "TLSv1.2", - "Groups" => "P-256:P-384", - "RequestCAFile" => test_pem("root-cert.pem"), - }, - test => { - "ExpectedServerCertType" =>, "P-256", - "ExpectedServerSignType" =>, "EC", - # Note: certificate_authorities not sent for TLS < 1.3 - "ExpectedServerCANames" =>, "empty", - "ExpectedResult" => "Success" - }, - }, - { - name => "ECDSA CipherString Selection", - server => { - "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), - "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), - "MaxProtocol" => "TLSv1.2", - "Groups" => "P-256:P-384" - }, - client => { - "CipherString" => "aECDSA", - "MaxProtocol" => "TLSv1.2", - #Deliberately set groups to not include the certificate group. This - #should fail - "Groups" => "P-384", - "RequestCAFile" => test_pem("root-cert.pem"), - }, - test => { - "ExpectedResult" => "ServerFail" - }, - }, - { - name => "Ed25519 CipherString and Signature Algorithm Selection", - server => $server, - client => { - "CipherString" => "aECDSA", - "MaxProtocol" => "TLSv1.2", - "SignatureAlgorithms" => "ed25519:ECDSA+SHA256", - "RequestCAFile" => test_pem("root-cert.pem"), - }, - test => { - "ExpectedServerCertType" =>, "Ed25519", - "ExpectedServerSignType" =>, "Ed25519", - # Note: certificate_authorities not sent for TLS < 1.3 - "ExpectedServerCANames" =>, "empty", - "ExpectedResult" => "Success" - }, - }, - { - name => "Ed448 CipherString and Signature Algorithm Selection", - server => $server, - client => { - "CipherString" => "aECDSA", - "MaxProtocol" => "TLSv1.2", - "SignatureAlgorithms" => "ed448:ECDSA+SHA256", - "RequestCAFile" => test_pem("root-ed448-cert.pem"), - "VerifyCAFile" => test_pem("root-ed448-cert.pem"), - }, - test => { - "ExpectedServerCertType" =>, "Ed448", - "ExpectedServerSignType" =>, "Ed448", - # Note: certificate_authorities not sent for TLS < 1.3 - "ExpectedServerCANames" =>, "empty", - "ExpectedResult" => "Success" - }, - }, - { - name => "ECDSA with brainpool", - server => { - "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), - "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), - "Groups" => "brainpoolP256r1", - }, - client => { - #We don't restrict this to TLSv1.2, although use of brainpool - #should force this anyway so that this should succeed - "CipherString" => "aECDSA", - "RequestCAFile" => test_pem("root-cert.pem"), - "Groups" => "brainpoolP256r1", - }, - test => { - "ExpectedServerCertType" =>, "brainpoolP256r1", - "ExpectedServerSignType" =>, "EC", - # Note: certificate_authorities not sent for TLS < 1.3 - "ExpectedServerCANames" =>, "empty", - "ExpectedResult" => "Success" - }, - }, - { - name => "RSA CipherString Selection", - server => $server, - client => { - "CipherString" => "aRSA", - "MaxProtocol" => "TLSv1.2", - }, - test => { - "ExpectedServerCertType" =>, "RSA", - "ExpectedServerSignType" =>, "RSA-PSS", - "ExpectedResult" => "Success" - }, - }, - { - name => "RSA-PSS Certificate CipherString Selection", - server => $server_pss, - client => { - "CipherString" => "aRSA", - "MaxProtocol" => "TLSv1.2", - }, - test => { - "ExpectedServerCertType" =>, "RSA-PSS", - "ExpectedServerSignType" =>, "RSA-PSS", - "ExpectedResult" => "Success" - }, - }, - { - name => "P-256 CipherString and Signature Algorithm Selection", - server => $server, - client => { - "CipherString" => "aECDSA", - "MaxProtocol" => "TLSv1.2", - "SignatureAlgorithms" => "ECDSA+SHA256:ed25519", - }, - test => { - "ExpectedServerCertType" => "P-256", - "ExpectedServerSignHash" => "SHA256", - "ExpectedServerSignType" => "EC", - "ExpectedResult" => "Success" - }, - }, - { - name => "Ed25519 CipherString and Curves Selection", - server => $server, - client => { - "CipherString" => "aECDSA", - "MaxProtocol" => "TLSv1.2", - "SignatureAlgorithms" => "ECDSA+SHA256:ed25519", - # Excluding P-256 from the supported curves list means server - # certificate should be Ed25519 and not P-256 - "Curves" => "X25519" - }, - test => { - "ExpectedServerCertType" =>, "Ed25519", - "ExpectedServerSignType" =>, "Ed25519", - "ExpectedResult" => "Success" - }, - }, - { - name => "Ed448 CipherString and Curves Selection", - server => $server, - client => { - "CipherString" => "aECDSA", - "MaxProtocol" => "TLSv1.2", - "SignatureAlgorithms" => "ECDSA+SHA256:ed448", - "VerifyCAFile" => test_pem("root-ed448-cert.pem"), - # Excluding P-256 from the supported curves list means server - # certificate should be Ed25519 and not P-256 - "Curves" => "X448" - }, - test => { - "ExpectedServerCertType" =>, "Ed448", - "ExpectedServerSignType" =>, "Ed448", - "ExpectedResult" => "Success" - }, - }, - { - name => "ECDSA CipherString Selection, no ECDSA certificate", - server => { - "MaxProtocol" => "TLSv1.2" - }, - client => { - "CipherString" => "aECDSA", - "MaxProtocol" => "TLSv1.2" - }, - test => { - "ExpectedResult" => "ServerFail" - }, - }, - { - name => "ECDSA Signature Algorithm Selection", - server => $server, - client => { - "SignatureAlgorithms" => "ECDSA+SHA256", - }, - test => { - "ExpectedServerCertType" => "P-256", - "ExpectedServerSignHash" => "SHA256", - "ExpectedServerSignType" => "EC", - "ExpectedResult" => "Success" - }, - }, - { - name => "ECDSA Signature Algorithm Selection SHA384", - server => $server, - client => { - "SignatureAlgorithms" => "ECDSA+SHA384", - }, - test => { - "ExpectedServerCertType" => "P-256", - "ExpectedServerSignHash" => "SHA384", - "ExpectedServerSignType" => "EC", - "ExpectedResult" => "Success" - }, - }, - { - name => "ECDSA Signature Algorithm Selection SHA1", - server => $server, - client => { - "SignatureAlgorithms" => "ECDSA+SHA1", - }, - test => { - "ExpectedServerCertType" => "P-256", - "ExpectedServerSignHash" => "SHA1", - "ExpectedServerSignType" => "EC", - "ExpectedResult" => "Success" - }, - }, - { - name => "ECDSA Signature Algorithm Selection compressed point", - server => { - "ECDSA.Certificate" => test_pem("server-cecdsa-cert.pem"), - "ECDSA.PrivateKey" => test_pem("server-cecdsa-key.pem"), - "MaxProtocol" => "TLSv1.2" - }, - client => { - "SignatureAlgorithms" => "ECDSA+SHA256", - }, - test => { - "ExpectedServerCertType" => "P-256", - "ExpectedServerSignHash" => "SHA256", - "ExpectedServerSignType" => "EC", - "ExpectedResult" => "Success" - }, - }, - { - name => "ECDSA Signature Algorithm Selection, no ECDSA certificate", - server => { - "MaxProtocol" => "TLSv1.2" - }, - client => { - "SignatureAlgorithms" => "ECDSA+SHA256", - }, - test => { - "ExpectedResult" => "ServerFail" - }, - }, - { - name => "RSA Signature Algorithm Selection", - server => $server, - client => { - "SignatureAlgorithms" => "RSA+SHA256", - }, - test => { - "ExpectedServerCertType" => "RSA", - "ExpectedServerSignHash" => "SHA256", - "ExpectedServerSignType" => "RSA", - "ExpectedResult" => "Success" - }, - }, - { - name => "RSA-PSS Signature Algorithm Selection", - server => $server, - client => { - "SignatureAlgorithms" => "RSA-PSS+SHA256", - }, - test => { - "ExpectedServerCertType" => "RSA", - "ExpectedServerSignHash" => "SHA256", - "ExpectedServerSignType" => "RSA-PSS", - "ExpectedResult" => "Success" - }, - }, - { - name => "RSA-PSS Certificate Legacy Signature Algorithm Selection", - server => $server_pss, - client => { - "SignatureAlgorithms" => "RSA-PSS+SHA256", - }, - test => { - "ExpectedServerCertType" => "RSA", - "ExpectedServerSignHash" => "SHA256", - "ExpectedServerSignType" => "RSA-PSS", - "ExpectedResult" => "Success" - }, - }, - { - name => "RSA-PSS Certificate Unified Signature Algorithm Selection", - server => $server_pss, - client => { - "SignatureAlgorithms" => "rsa_pss_pss_sha256", - }, - test => { - "ExpectedServerCertType" => "RSA-PSS", - "ExpectedServerSignHash" => "SHA256", - "ExpectedServerSignType" => "RSA-PSS", - "ExpectedResult" => "Success" - }, - }, - { - name => "Only RSA-PSS Certificate", - server => $server_pss_only, - client => {}, - test => { - "ExpectedServerCertType" => "RSA-PSS", - "ExpectedServerSignHash" => "SHA256", - "ExpectedServerSignType" => "RSA-PSS", - "ExpectedResult" => "Success" - }, - }, - { - name => "Only RSA-PSS Certificate Valid Signature Algorithms", - server => $server_pss_only, - client => { - "SignatureAlgorithms" => "rsa_pss_pss_sha512", - }, - test => { - "ExpectedServerCertType" => "RSA-PSS", - "ExpectedServerSignHash" => "SHA512", - "ExpectedServerSignType" => "RSA-PSS", - "ExpectedResult" => "Success" - }, - }, - { - name => "RSA-PSS Certificate, no PSS signature algorithms", - server => $server_pss_only, - client => { - "SignatureAlgorithms" => "RSA+SHA256", - }, - test => { - "ExpectedResult" => "ServerFail" - }, - }, - { - name => "Only RSA-PSS Restricted Certificate", - server => $server_pss_restrict_only, - client => {}, - test => { - "ExpectedServerCertType" => "RSA-PSS", - "ExpectedServerSignHash" => "SHA256", - "ExpectedServerSignType" => "RSA-PSS", - "ExpectedResult" => "Success" - }, - }, - { - name => "RSA-PSS Restricted Certificate Valid Signature Algorithms", - server => $server_pss_restrict_only, - client => { - "SignatureAlgorithms" => "rsa_pss_pss_sha256:rsa_pss_pss_sha512", - }, - test => { - "ExpectedServerCertType" => "RSA-PSS", - "ExpectedServerSignHash" => "SHA256", - "ExpectedServerSignType" => "RSA-PSS", - "ExpectedResult" => "Success" - }, - }, - { - name => "RSA-PSS Restricted Cert client prefers invalid Signature Algorithm", - server => $server_pss_restrict_only, - client => { - "SignatureAlgorithms" => "rsa_pss_pss_sha512:rsa_pss_pss_sha256", - }, - test => { - "ExpectedServerCertType" => "RSA-PSS", - "ExpectedServerSignHash" => "SHA256", - "ExpectedServerSignType" => "RSA-PSS", - "ExpectedResult" => "Success" - }, - }, - { - name => "RSA-PSS Restricted Certificate Invalid Signature Algorithms", - server => $server_pss_restrict_only, - client => { - "SignatureAlgorithms" => "rsa_pss_pss_sha512", - }, - test => { - "ExpectedResult" => "ServerFail" - }, - }, - { - name => "RSA key exchange with all RSA certificate types", - server => $server_rsa_all, - client => { - "CipherString" => "kRSA", - "MaxProtocol" => "TLSv1.2", - }, - test => { - "ExpectedServerCertType" =>, "RSA", - "ExpectedResult" => "Success" - }, - }, - { - name => "RSA key exchange with only RSA-PSS certificate", - server => $server_pss_only, - client => { - "CipherString" => "kRSA", - "MaxProtocol" => "TLSv1.2", - }, - test => { - "ExpectedResult" => "ServerFail" - }, - }, - { - name => "Suite B P-256 Hash Algorithm Selection", - server => { - "ECDSA.Certificate" => test_pem("p256-server-cert.pem"), - "ECDSA.PrivateKey" => test_pem("p256-server-key.pem"), - "MaxProtocol" => "TLSv1.2", - "CipherString" => "SUITEB128" - }, - client => { - "VerifyCAFile" => test_pem("p384-root.pem"), - "SignatureAlgorithms" => "ECDSA+SHA384:ECDSA+SHA256" - }, - test => { - "ExpectedServerCertType" => "P-256", - "ExpectedServerSignHash" => "SHA256", - "ExpectedServerSignType" => "EC", - "ExpectedResult" => "Success" - }, - }, - { - name => "Suite B P-384 Hash Algorithm Selection", - server => { - "ECDSA.Certificate" => test_pem("p384-server-cert.pem"), - "ECDSA.PrivateKey" => test_pem("p384-server-key.pem"), - "MaxProtocol" => "TLSv1.2", - "CipherString" => "SUITEB128" - }, - client => { - "VerifyCAFile" => test_pem("p384-root.pem"), - "SignatureAlgorithms" => "ECDSA+SHA256:ECDSA+SHA384" - }, - test => { - "ExpectedServerCertType" => "P-384", - "ExpectedServerSignHash" => "SHA384", - "ExpectedServerSignType" => "EC", - "ExpectedResult" => "Success" - }, - }, - { - name => "TLS 1.2 Ed25519 Client Auth", - server => { - "VerifyCAFile" => test_pem("root-cert.pem"), - "VerifyMode" => "Require" - }, - client => { - "Ed25519.Certificate" => test_pem("client-ed25519-cert.pem"), - "Ed25519.PrivateKey" => test_pem("client-ed25519-key.pem"), - "MinProtocol" => "TLSv1.2", - "MaxProtocol" => "TLSv1.2" - }, - test => { - "ExpectedClientCertType" => "Ed25519", - "ExpectedClientSignType" => "Ed25519", - "ExpectedResult" => "Success" - }, - }, - { - name => "TLS 1.2 Ed448 Client Auth", - server => { - "VerifyCAFile" => test_pem("root-cert.pem"), - "VerifyMode" => "Require" - }, - client => { - "Ed448.Certificate" => test_pem("client-ed448-cert.pem"), - "Ed448.PrivateKey" => test_pem("client-ed448-key.pem"), - "MinProtocol" => "TLSv1.2", - "MaxProtocol" => "TLSv1.2" - }, - test => { - "ExpectedClientCertType" => "Ed448", - "ExpectedClientSignType" => "Ed448", - "ExpectedResult" => "Success" - }, - }, -); - -my @tests_tls_1_1 = ( - { - name => "Only RSA-PSS Certificate, TLS v1.1", - server => $server_pss_only, - client => { - "MaxProtocol" => "TLSv1.1", - }, - test => { - "ExpectedResult" => "ServerFail" - }, - }, -); - -push @tests, @tests_tls_1_1 unless disabled("tls1_1"); - -my $server_tls_1_3 = { - "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), - "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), - "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"), - "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"), - "Ed448.Certificate" => test_pem("server-ed448-cert.pem"), - "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"), - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3" -}; - -my $server_tls_1_3_pss = { - "PSS.Certificate" => test_pem("server-pss-cert.pem"), - "PSS.PrivateKey" => test_pem("server-pss-key.pem"), - "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), - "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), - "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"), - "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"), - "Ed448.Certificate" => test_pem("server-ed448-cert.pem"), - "Ed448.PrivateKey" => test_pem("server-ed449-key.pem"), - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3" -}; - -my $client_tls_1_3 = { - "RSA.Certificate" => test_pem("ee-client-chain.pem"), - "RSA.PrivateKey" => test_pem("ee-key.pem"), - "ECDSA.Certificate" => test_pem("ee-ecdsa-client-chain.pem"), - "ECDSA.PrivateKey" => test_pem("ee-ecdsa-key.pem"), - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3" -}; - -my @tests_tls_1_3 = ( - { - name => "TLS 1.3 ECDSA Signature Algorithm Selection", - server => $server_tls_1_3, - client => { - "SignatureAlgorithms" => "ECDSA+SHA256", - }, - test => { - "ExpectedServerCertType" => "P-256", - "ExpectedServerSignHash" => "SHA256", - "ExpectedServerSignType" => "EC", - "ExpectedServerCANames" => "empty", - "ExpectedResult" => "Success" - }, - }, - { - name => "TLS 1.3 ECDSA Signature Algorithm Selection compressed point", - server => { - "ECDSA.Certificate" => test_pem("server-cecdsa-cert.pem"), - "ECDSA.PrivateKey" => test_pem("server-cecdsa-key.pem"), - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3" - }, - client => { - "SignatureAlgorithms" => "ECDSA+SHA256", - }, - test => { - "ExpectedServerCertType" => "P-256", - "ExpectedServerSignHash" => "SHA256", - "ExpectedServerSignType" => "EC", - "ExpectedServerCANames" => "empty", - "ExpectedResult" => "Success" - }, - }, - { - name => "TLS 1.3 ECDSA Signature Algorithm Selection SHA1", - server => $server_tls_1_3, - client => { - "SignatureAlgorithms" => "ECDSA+SHA1", - }, - test => { - "ExpectedResult" => "ServerFail" - }, - }, - { - name => "TLS 1.3 ECDSA Signature Algorithm Selection with PSS", - server => $server_tls_1_3, - client => { - "SignatureAlgorithms" => "ECDSA+SHA256:RSA-PSS+SHA256", - "RequestCAFile" => test_pem("root-cert.pem"), - }, - test => { - "ExpectedServerCertType" => "P-256", - "ExpectedServerSignHash" => "SHA256", - "ExpectedServerSignType" => "EC", - "ExpectedServerCANames" => test_pem("root-cert.pem"), - "ExpectedResult" => "Success" - }, - }, - { - name => "TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS", - server => $server_tls_1_3, - client => { - "SignatureAlgorithms" => "ECDSA+SHA384:RSA-PSS+SHA384", - }, - test => { - "ExpectedServerCertType" => "RSA", - "ExpectedServerSignHash" => "SHA384", - "ExpectedServerSignType" => "RSA-PSS", - "ExpectedResult" => "Success" - }, - }, - { - name => "TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate", - server => { - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3" - }, - client => { - "SignatureAlgorithms" => "ECDSA+SHA256", - }, - test => { - "ExpectedResult" => "ServerFail" - }, - }, - { - name => "TLS 1.3 RSA Signature Algorithm Selection, no PSS", - server => $server_tls_1_3, - client => { - "SignatureAlgorithms" => "RSA+SHA256", - }, - test => { - "ExpectedResult" => "ServerFail" - }, - }, - { - name => "TLS 1.3 RSA-PSS Signature Algorithm Selection", - server => $server_tls_1_3, - client => { - "SignatureAlgorithms" => "RSA-PSS+SHA256", - }, - test => { - "ExpectedServerCertType" => "RSA", - "ExpectedServerSignHash" => "SHA256", - "ExpectedServerSignType" => "RSA-PSS", - "ExpectedResult" => "Success" - }, - }, - { - name => "TLS 1.3 Ed25519 Signature Algorithm Selection", - server => $server_tls_1_3, - client => { - "SignatureAlgorithms" => "ed25519", - }, - test => { - "ExpectedServerCertType" => "Ed25519", - "ExpectedServerSignType" => "Ed25519", - "ExpectedResult" => "Success" - }, - }, - { - name => "TLS 1.3 Ed448 Signature Algorithm Selection", - server => $server_tls_1_3, - client => { - "SignatureAlgorithms" => "ed448", - "VerifyCAFile" => test_pem("root-ed448-cert.pem"), - }, - test => { - "ExpectedServerCertType" => "Ed448", - "ExpectedServerSignType" => "Ed448", - "ExpectedResult" => "Success" - }, - }, - { - name => "TLS 1.3 Ed25519 CipherString and Groups Selection", - server => $server_tls_1_3, - client => { - "SignatureAlgorithms" => "ECDSA+SHA256:ed25519", - # Excluding P-256 from the supported groups list should - # mean server still uses a P-256 certificate because supported - # groups is not used in signature selection for TLS 1.3 - "Groups" => "X25519" - }, - test => { - "ExpectedServerCertType" =>, "P-256", - "ExpectedServerSignType" =>, "EC", - "ExpectedResult" => "Success" - }, - }, - { - name => "TLS 1.3 Ed448 CipherString and Groups Selection", - server => $server_tls_1_3, - client => { - "SignatureAlgorithms" => "ECDSA+SHA256:ed448", - # Excluding P-256 from the supported groups list should - # mean server still uses a P-256 certificate because supported - # groups is not used in signature selection for TLS 1.3 - "Groups" => "X448" - }, - test => { - "ExpectedServerCertType" =>, "P-256", - "ExpectedServerSignType" =>, "EC", - "ExpectedResult" => "Success" - }, - }, - { - name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection", - server => { - "ClientSignatureAlgorithms" => "PSS+SHA256", - "VerifyCAFile" => test_pem("root-cert.pem"), - "VerifyMode" => "Require" - }, - client => $client_tls_1_3, - test => { - "ExpectedClientCertType" => "RSA", - "ExpectedClientSignHash" => "SHA256", - "ExpectedClientSignType" => "RSA-PSS", - "ExpectedClientCANames" => "empty", - "ExpectedResult" => "Success" - }, - }, - { - name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names", - server => { - "ClientSignatureAlgorithms" => "PSS+SHA256", - "VerifyCAFile" => test_pem("root-cert.pem"), - "RequestCAFile" => test_pem("root-cert.pem"), - "VerifyMode" => "Require" - }, - client => $client_tls_1_3, - test => { - "ExpectedClientCertType" => "RSA", - "ExpectedClientSignHash" => "SHA256", - "ExpectedClientSignType" => "RSA-PSS", - "ExpectedClientCANames" => test_pem("root-cert.pem"), - "ExpectedResult" => "Success" - }, - }, - { - name => "TLS 1.3 ECDSA Client Auth Signature Algorithm Selection", - server => { - "ClientSignatureAlgorithms" => "ECDSA+SHA256", - "VerifyCAFile" => test_pem("root-cert.pem"), - "VerifyMode" => "Require" - }, - client => $client_tls_1_3, - test => { - "ExpectedClientCertType" => "P-256", - "ExpectedClientSignHash" => "SHA256", - "ExpectedClientSignType" => "EC", - "ExpectedResult" => "Success" - }, - }, - { - name => "TLS 1.3 Ed25519 Client Auth", - server => { - "VerifyCAFile" => test_pem("root-cert.pem"), - "VerifyMode" => "Require" - }, - client => { - "EdDSA.Certificate" => test_pem("client-ed25519-cert.pem"), - "EdDSA.PrivateKey" => test_pem("client-ed25519-key.pem"), - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3" - }, - test => { - "ExpectedClientCertType" => "Ed25519", - "ExpectedClientSignType" => "Ed25519", - "ExpectedResult" => "Success" - }, - }, - { - name => "TLS 1.3 Ed448 Client Auth", - server => { - "VerifyCAFile" => test_pem("root-cert.pem"), - "VerifyMode" => "Require" - }, - client => { - "EdDSA.Certificate" => test_pem("client-ed448-cert.pem"), - "EdDSA.PrivateKey" => test_pem("client-ed448-key.pem"), - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3" - }, - test => { - "ExpectedClientCertType" => "Ed448", - "ExpectedClientSignType" => "Ed448", - "ExpectedResult" => "Success" - }, - }, - { - name => "TLS 1.3 ECDSA with brainpool", - server => { - "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), - "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), - "Groups" => "brainpoolP256r1", - }, - client => { - "RequestCAFile" => test_pem("root-cert.pem"), - "Groups" => "brainpoolP256r1", - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3" - }, - test => { - "ExpectedResult" => "ServerFail" - }, - }, -); - -push @tests, @tests_tls_1_3 unless disabled("tls1_3"); - -my @tests_dsa_tls_1_2 = ( - { - name => "TLS 1.2 DSA Certificate Test", - server => { - "DSA.Certificate" => test_pem("server-dsa-cert.pem"), - "DSA.PrivateKey" => test_pem("server-dsa-key.pem"), - "DHParameters" => test_pem("dhp2048.pem"), - "MinProtocol" => "TLSv1.2", - "MaxProtocol" => "TLSv1.2", - "CipherString" => "ALL", - }, - client => { - "SignatureAlgorithms" => "DSA+SHA256:DSA+SHA1", - "CipherString" => "ALL", - }, - test => { - "ExpectedResult" => "Success" - }, - }, -); - -my @tests_dsa_tls_1_3 = ( - { - name => "TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms", - server => { - "ClientSignatureAlgorithms" => "ECDSA+SHA1:DSA+SHA256:RSA+SHA256", - "VerifyCAFile" => test_pem("root-cert.pem"), - "VerifyMode" => "Request" - }, - client => {}, - test => { - "ExpectedResult" => "ServerFail" - }, - }, - { - name => "TLS 1.3 DSA Certificate Test", - server => { - "DSA.Certificate" => test_pem("server-dsa-cert.pem"), - "DSA.PrivateKey" => test_pem("server-dsa-key.pem"), - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3", - "CipherString" => "ALL", - }, - client => { - "SignatureAlgorithms" => "DSA+SHA1:DSA+SHA256:ECDSA+SHA256", - "CipherString" => "ALL", - }, - test => { - "ExpectedResult" => "ServerFail" - }, - }, -); - -if (!disabled("dsa")) { - push @tests, @tests_dsa_tls_1_2 unless disabled("dh"); - push @tests, @tests_dsa_tls_1_3 unless disabled("tls1_3"); -} diff --git a/test/ssl-tests/21-key-update.cnf b/test/ssl-tests/21-key-update.cnf new file mode 100644 index 0000000000..b79eb44494 --- /dev/null +++ b/test/ssl-tests/21-key-update.cnf @@ -0,0 +1,112 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 4 + +test-0 = 0-update-key-client-update-not-requested +test-1 = 1-update-key-server-update-not-requested +test-2 = 2-update-key-client-update-requested +test-3 = 3-update-key-server-update-requested +# =========================================================== + +[0-update-key-client-update-not-requested] +ssl_conf = 0-update-key-client-update-not-requested-ssl + +[0-update-key-client-update-not-requested-ssl] +server = 0-update-key-client-update-not-requested-server +client = 0-update-key-client-update-not-requested-client + +[0-update-key-client-update-not-requested-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-update-key-client-update-not-requested-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +HandshakeMode = KeyUpdateClient +KeyUpdateType = KeyUpdateNotRequested +ResumptionExpected = No + + +# =========================================================== + +[1-update-key-server-update-not-requested] +ssl_conf = 1-update-key-server-update-not-requested-ssl + +[1-update-key-server-update-not-requested-ssl] +server = 1-update-key-server-update-not-requested-server +client = 1-update-key-server-update-not-requested-client + +[1-update-key-server-update-not-requested-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-update-key-server-update-not-requested-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success +HandshakeMode = KeyUpdateServer +KeyUpdateType = KeyUpdateNotRequested +ResumptionExpected = No + + +# =========================================================== + +[2-update-key-client-update-requested] +ssl_conf = 2-update-key-client-update-requested-ssl + +[2-update-key-client-update-requested-ssl] +server = 2-update-key-client-update-requested-server +client = 2-update-key-client-update-requested-client + +[2-update-key-client-update-requested-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-update-key-client-update-requested-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success +HandshakeMode = KeyUpdateClient +KeyUpdateType = KeyUpdateRequested +ResumptionExpected = No + + +# =========================================================== + +[3-update-key-server-update-requested] +ssl_conf = 3-update-key-server-update-requested-ssl + +[3-update-key-server-update-requested-ssl] +server = 3-update-key-server-update-requested-server +client = 3-update-key-server-update-requested-client + +[3-update-key-server-update-requested-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-update-key-server-update-requested-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +HandshakeMode = KeyUpdateServer +KeyUpdateType = KeyUpdateRequested +ResumptionExpected = No + + diff --git a/test/ssl-tests/21-key-update.cnf.in b/test/ssl-tests/21-key-update.cnf.in new file mode 100644 index 0000000000..f864d9c87e --- /dev/null +++ b/test/ssl-tests/21-key-update.cnf.in @@ -0,0 +1,62 @@ +# -*- mode: perl; -*- +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test KeyUpdate + +use strict; +use warnings; + +package ssltests; + +our @tests = ( + { + name => "update-key-client-update-not-requested", + server => {}, + client => {}, + test => { + "HandshakeMode" => "KeyUpdateClient", + "KeyUpdateType" => "KeyUpdateNotRequested", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "update-key-server-update-not-requested", + server => {}, + client => {}, + test => { + "HandshakeMode" => "KeyUpdateServer", + "KeyUpdateType" => "KeyUpdateNotRequested", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "update-key-client-update-requested", + server => {}, + client => {}, + test => { + "HandshakeMode" => "KeyUpdateClient", + "KeyUpdateType" => "KeyUpdateRequested", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "update-key-server-update-requested", + server => {}, + client => {}, + test => { + "HandshakeMode" => "KeyUpdateServer", + "KeyUpdateType" => "KeyUpdateRequested", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + } +); diff --git a/test/ssl-tests/21-key-update.conf b/test/ssl-tests/21-key-update.conf deleted file mode 100644 index b79eb44494..0000000000 --- a/test/ssl-tests/21-key-update.conf +++ /dev/null @@ -1,112 +0,0 @@ -# Generated with generate_ssl_tests.pl - -num_tests = 4 - -test-0 = 0-update-key-client-update-not-requested -test-1 = 1-update-key-server-update-not-requested -test-2 = 2-update-key-client-update-requested -test-3 = 3-update-key-server-update-requested -# =========================================================== - -[0-update-key-client-update-not-requested] -ssl_conf = 0-update-key-client-update-not-requested-ssl - -[0-update-key-client-update-not-requested-ssl] -server = 0-update-key-client-update-not-requested-server -client = 0-update-key-client-update-not-requested-client - -[0-update-key-client-update-not-requested-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[0-update-key-client-update-not-requested-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-0] -ExpectedResult = Success -HandshakeMode = KeyUpdateClient -KeyUpdateType = KeyUpdateNotRequested -ResumptionExpected = No - - -# =========================================================== - -[1-update-key-server-update-not-requested] -ssl_conf = 1-update-key-server-update-not-requested-ssl - -[1-update-key-server-update-not-requested-ssl] -server = 1-update-key-server-update-not-requested-server -client = 1-update-key-server-update-not-requested-client - -[1-update-key-server-update-not-requested-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[1-update-key-server-update-not-requested-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-1] -ExpectedResult = Success -HandshakeMode = KeyUpdateServer -KeyUpdateType = KeyUpdateNotRequested -ResumptionExpected = No - - -# =========================================================== - -[2-update-key-client-update-requested] -ssl_conf = 2-update-key-client-update-requested-ssl - -[2-update-key-client-update-requested-ssl] -server = 2-update-key-client-update-requested-server -client = 2-update-key-client-update-requested-client - -[2-update-key-client-update-requested-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[2-update-key-client-update-requested-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-2] -ExpectedResult = Success -HandshakeMode = KeyUpdateClient -KeyUpdateType = KeyUpdateRequested -ResumptionExpected = No - - -# =========================================================== - -[3-update-key-server-update-requested] -ssl_conf = 3-update-key-server-update-requested-ssl - -[3-update-key-server-update-requested-ssl] -server = 3-update-key-server-update-requested-server -client = 3-update-key-server-update-requested-client - -[3-update-key-server-update-requested-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[3-update-key-server-update-requested-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-3] -ExpectedResult = Success -HandshakeMode = KeyUpdateServer -KeyUpdateType = KeyUpdateRequested -ResumptionExpected = No - - diff --git a/test/ssl-tests/21-key-update.conf.in b/test/ssl-tests/21-key-update.conf.in deleted file mode 100644 index f864d9c87e..0000000000 --- a/test/ssl-tests/21-key-update.conf.in +++ /dev/null @@ -1,62 +0,0 @@ -# -*- mode: perl; -*- -# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -## Test KeyUpdate - -use strict; -use warnings; - -package ssltests; - -our @tests = ( - { - name => "update-key-client-update-not-requested", - server => {}, - client => {}, - test => { - "HandshakeMode" => "KeyUpdateClient", - "KeyUpdateType" => "KeyUpdateNotRequested", - "ResumptionExpected" => "No", - "ExpectedResult" => "Success" - } - }, - { - name => "update-key-server-update-not-requested", - server => {}, - client => {}, - test => { - "HandshakeMode" => "KeyUpdateServer", - "KeyUpdateType" => "KeyUpdateNotRequested", - "ResumptionExpected" => "No", - "ExpectedResult" => "Success" - } - }, - { - name => "update-key-client-update-requested", - server => {}, - client => {}, - test => { - "HandshakeMode" => "KeyUpdateClient", - "KeyUpdateType" => "KeyUpdateRequested", - "ResumptionExpected" => "No", - "ExpectedResult" => "Success" - } - }, - { - name => "update-key-server-update-requested", - server => {}, - client => {}, - test => { - "HandshakeMode" => "KeyUpdateServer", - "KeyUpdateType" => "KeyUpdateRequested", - "ResumptionExpected" => "No", - "ExpectedResult" => "Success" - } - } -); diff --git a/test/ssl-tests/22-compression.cnf b/test/ssl-tests/22-compression.cnf new file mode 100644 index 0000000000..c85d3129ab --- /dev/null +++ b/test/ssl-tests/22-compression.cnf @@ -0,0 +1,216 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 8 + +test-0 = 0-tlsv1_3-both-compress +test-1 = 1-tlsv1_3-client-compress +test-2 = 2-tlsv1_3-server-compress +test-3 = 3-tlsv1_3-neither-compress +test-4 = 4-tlsv1_2-both-compress +test-5 = 5-tlsv1_2-client-compress +test-6 = 6-tlsv1_2-server-compress +test-7 = 7-tlsv1_2-neither-compress +# =========================================================== + +[0-tlsv1_3-both-compress] +ssl_conf = 0-tlsv1_3-both-compress-ssl + +[0-tlsv1_3-both-compress-ssl] +server = 0-tlsv1_3-both-compress-server +client = 0-tlsv1_3-both-compress-client + +[0-tlsv1_3-both-compress-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = Compression +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-tlsv1_3-both-compress-client] +CipherString = DEFAULT +Options = Compression +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +CompressionExpected = No +ExpectedResult = Success + + +# =========================================================== + +[1-tlsv1_3-client-compress] +ssl_conf = 1-tlsv1_3-client-compress-ssl + +[1-tlsv1_3-client-compress-ssl] +server = 1-tlsv1_3-client-compress-server +client = 1-tlsv1_3-client-compress-client + +[1-tlsv1_3-client-compress-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-tlsv1_3-client-compress-client] +CipherString = DEFAULT +Options = Compression +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +CompressionExpected = No +ExpectedResult = Success + + +# =========================================================== + +[2-tlsv1_3-server-compress] +ssl_conf = 2-tlsv1_3-server-compress-ssl + +[2-tlsv1_3-server-compress-ssl] +server = 2-tlsv1_3-server-compress-server +client = 2-tlsv1_3-server-compress-client + +[2-tlsv1_3-server-compress-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = Compression +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-tlsv1_3-server-compress-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +CompressionExpected = No +ExpectedResult = Success + + +# =========================================================== + +[3-tlsv1_3-neither-compress] +ssl_conf = 3-tlsv1_3-neither-compress-ssl + +[3-tlsv1_3-neither-compress-ssl] +server = 3-tlsv1_3-neither-compress-server +client = 3-tlsv1_3-neither-compress-client + +[3-tlsv1_3-neither-compress-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-tlsv1_3-neither-compress-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +CompressionExpected = No +ExpectedResult = Success + + +# =========================================================== + +[4-tlsv1_2-both-compress] +ssl_conf = 4-tlsv1_2-both-compress-ssl + +[4-tlsv1_2-both-compress-ssl] +server = 4-tlsv1_2-both-compress-server +client = 4-tlsv1_2-both-compress-client + +[4-tlsv1_2-both-compress-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = Compression +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-tlsv1_2-both-compress-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = Compression +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +CompressionExpected = Yes +ExpectedResult = Success + + +# =========================================================== + +[5-tlsv1_2-client-compress] +ssl_conf = 5-tlsv1_2-client-compress-ssl + +[5-tlsv1_2-client-compress-ssl] +server = 5-tlsv1_2-client-compress-server +client = 5-tlsv1_2-client-compress-client + +[5-tlsv1_2-client-compress-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-tlsv1_2-client-compress-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = Compression +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +CompressionExpected = No +ExpectedResult = Success + + +# =========================================================== + +[6-tlsv1_2-server-compress] +ssl_conf = 6-tlsv1_2-server-compress-ssl + +[6-tlsv1_2-server-compress-ssl] +server = 6-tlsv1_2-server-compress-server +client = 6-tlsv1_2-server-compress-client + +[6-tlsv1_2-server-compress-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = Compression +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-tlsv1_2-server-compress-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +CompressionExpected = No +ExpectedResult = Success + + +# =========================================================== + +[7-tlsv1_2-neither-compress] +ssl_conf = 7-tlsv1_2-neither-compress-ssl + +[7-tlsv1_2-neither-compress-ssl] +server = 7-tlsv1_2-neither-compress-server +client = 7-tlsv1_2-neither-compress-client + +[7-tlsv1_2-neither-compress-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-tlsv1_2-neither-compress-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +CompressionExpected = No +ExpectedResult = Success + + diff --git a/test/ssl-tests/22-compression.cnf.in b/test/ssl-tests/22-compression.cnf.in new file mode 100644 index 0000000000..bc7b293b46 --- /dev/null +++ b/test/ssl-tests/22-compression.cnf.in @@ -0,0 +1,127 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test Compression + +use strict; +use warnings; + +package ssltests; +use OpenSSL::Test::Utils; + +our @tests = (); + +our @tests_tls1_3 = ( + { + name => "tlsv1_3-both-compress", + server => { + "Options" => "Compression" + }, + client => { + "Options" => "Compression" + }, + test => { + "CompressionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "tlsv1_3-client-compress", + server => { + }, + client => { + "Options" => "Compression" + }, + test => { + "CompressionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "tlsv1_3-server-compress", + server => { + "Options" => "Compression" + }, + client => { + }, + test => { + "CompressionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "tlsv1_3-neither-compress", + server => { + }, + client => { + }, + test => { + "CompressionExpected" => "No", + "ExpectedResult" => "Success" + } + }, +); +our @tests_tls1_2 = ( + { + name => "tlsv1_2-both-compress", + server => { + "Options" => "Compression" + }, + client => { + "Options" => "Compression", + "MaxProtocol" => "TLSv1.2" + }, + test => { + "CompressionExpected" => "Yes", + "ExpectedResult" => "Success" + } + }, + { + name => "tlsv1_2-client-compress", + server => { + }, + client => { + "Options" => "Compression", + "MaxProtocol" => "TLSv1.2" + }, + test => { + "CompressionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "tlsv1_2-server-compress", + server => { + "Options" => "Compression" + }, + client => { + "MaxProtocol" => "TLSv1.2" + }, + test => { + "CompressionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "tlsv1_2-neither-compress", + server => { + }, + client => { + "MaxProtocol" => "TLSv1.2" + }, + test => { + "CompressionExpected" => "No", + "ExpectedResult" => "Success" + } + }, +); + +push @tests, @tests_tls1_3 unless disabled("tls1_3"); +push @tests, @tests_tls1_2 unless alldisabled(("tls1_2", "tls1_1", "tls1", + "ssl3")); diff --git a/test/ssl-tests/22-compression.conf b/test/ssl-tests/22-compression.conf deleted file mode 100644 index c85d3129ab..0000000000 --- a/test/ssl-tests/22-compression.conf +++ /dev/null @@ -1,216 +0,0 @@ -# Generated with generate_ssl_tests.pl - -num_tests = 8 - -test-0 = 0-tlsv1_3-both-compress -test-1 = 1-tlsv1_3-client-compress -test-2 = 2-tlsv1_3-server-compress -test-3 = 3-tlsv1_3-neither-compress -test-4 = 4-tlsv1_2-both-compress -test-5 = 5-tlsv1_2-client-compress -test-6 = 6-tlsv1_2-server-compress -test-7 = 7-tlsv1_2-neither-compress -# =========================================================== - -[0-tlsv1_3-both-compress] -ssl_conf = 0-tlsv1_3-both-compress-ssl - -[0-tlsv1_3-both-compress-ssl] -server = 0-tlsv1_3-both-compress-server -client = 0-tlsv1_3-both-compress-client - -[0-tlsv1_3-both-compress-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = Compression -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[0-tlsv1_3-both-compress-client] -CipherString = DEFAULT -Options = Compression -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-0] -CompressionExpected = No -ExpectedResult = Success - - -# =========================================================== - -[1-tlsv1_3-client-compress] -ssl_conf = 1-tlsv1_3-client-compress-ssl - -[1-tlsv1_3-client-compress-ssl] -server = 1-tlsv1_3-client-compress-server -client = 1-tlsv1_3-client-compress-client - -[1-tlsv1_3-client-compress-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[1-tlsv1_3-client-compress-client] -CipherString = DEFAULT -Options = Compression -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-1] -CompressionExpected = No -ExpectedResult = Success - - -# =========================================================== - -[2-tlsv1_3-server-compress] -ssl_conf = 2-tlsv1_3-server-compress-ssl - -[2-tlsv1_3-server-compress-ssl] -server = 2-tlsv1_3-server-compress-server -client = 2-tlsv1_3-server-compress-client - -[2-tlsv1_3-server-compress-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = Compression -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[2-tlsv1_3-server-compress-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-2] -CompressionExpected = No -ExpectedResult = Success - - -# =========================================================== - -[3-tlsv1_3-neither-compress] -ssl_conf = 3-tlsv1_3-neither-compress-ssl - -[3-tlsv1_3-neither-compress-ssl] -server = 3-tlsv1_3-neither-compress-server -client = 3-tlsv1_3-neither-compress-client - -[3-tlsv1_3-neither-compress-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[3-tlsv1_3-neither-compress-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-3] -CompressionExpected = No -ExpectedResult = Success - - -# =========================================================== - -[4-tlsv1_2-both-compress] -ssl_conf = 4-tlsv1_2-both-compress-ssl - -[4-tlsv1_2-both-compress-ssl] -server = 4-tlsv1_2-both-compress-server -client = 4-tlsv1_2-both-compress-client - -[4-tlsv1_2-both-compress-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = Compression -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[4-tlsv1_2-both-compress-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -Options = Compression -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-4] -CompressionExpected = Yes -ExpectedResult = Success - - -# =========================================================== - -[5-tlsv1_2-client-compress] -ssl_conf = 5-tlsv1_2-client-compress-ssl - -[5-tlsv1_2-client-compress-ssl] -server = 5-tlsv1_2-client-compress-server -client = 5-tlsv1_2-client-compress-client - -[5-tlsv1_2-client-compress-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[5-tlsv1_2-client-compress-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -Options = Compression -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-5] -CompressionExpected = No -ExpectedResult = Success - - -# =========================================================== - -[6-tlsv1_2-server-compress] -ssl_conf = 6-tlsv1_2-server-compress-ssl - -[6-tlsv1_2-server-compress-ssl] -server = 6-tlsv1_2-server-compress-server -client = 6-tlsv1_2-server-compress-client - -[6-tlsv1_2-server-compress-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = Compression -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[6-tlsv1_2-server-compress-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-6] -CompressionExpected = No -ExpectedResult = Success - - -# =========================================================== - -[7-tlsv1_2-neither-compress] -ssl_conf = 7-tlsv1_2-neither-compress-ssl - -[7-tlsv1_2-neither-compress-ssl] -server = 7-tlsv1_2-neither-compress-server -client = 7-tlsv1_2-neither-compress-client - -[7-tlsv1_2-neither-compress-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[7-tlsv1_2-neither-compress-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-7] -CompressionExpected = No -ExpectedResult = Success - - diff --git a/test/ssl-tests/22-compression.conf.in b/test/ssl-tests/22-compression.conf.in deleted file mode 100644 index bc7b293b46..0000000000 --- a/test/ssl-tests/22-compression.conf.in +++ /dev/null @@ -1,127 +0,0 @@ -# -*- mode: perl; -*- -# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -## Test Compression - -use strict; -use warnings; - -package ssltests; -use OpenSSL::Test::Utils; - -our @tests = (); - -our @tests_tls1_3 = ( - { - name => "tlsv1_3-both-compress", - server => { - "Options" => "Compression" - }, - client => { - "Options" => "Compression" - }, - test => { - "CompressionExpected" => "No", - "ExpectedResult" => "Success" - } - }, - { - name => "tlsv1_3-client-compress", - server => { - }, - client => { - "Options" => "Compression" - }, - test => { - "CompressionExpected" => "No", - "ExpectedResult" => "Success" - } - }, - { - name => "tlsv1_3-server-compress", - server => { - "Options" => "Compression" - }, - client => { - }, - test => { - "CompressionExpected" => "No", - "ExpectedResult" => "Success" - } - }, - { - name => "tlsv1_3-neither-compress", - server => { - }, - client => { - }, - test => { - "CompressionExpected" => "No", - "ExpectedResult" => "Success" - } - }, -); -our @tests_tls1_2 = ( - { - name => "tlsv1_2-both-compress", - server => { - "Options" => "Compression" - }, - client => { - "Options" => "Compression", - "MaxProtocol" => "TLSv1.2" - }, - test => { - "CompressionExpected" => "Yes", - "ExpectedResult" => "Success" - } - }, - { - name => "tlsv1_2-client-compress", - server => { - }, - client => { - "Options" => "Compression", - "MaxProtocol" => "TLSv1.2" - }, - test => { - "CompressionExpected" => "No", - "ExpectedResult" => "Success" - } - }, - { - name => "tlsv1_2-server-compress", - server => { - "Options" => "Compression" - }, - client => { - "MaxProtocol" => "TLSv1.2" - }, - test => { - "CompressionExpected" => "No", - "ExpectedResult" => "Success" - } - }, - { - name => "tlsv1_2-neither-compress", - server => { - }, - client => { - "MaxProtocol" => "TLSv1.2" - }, - test => { - "CompressionExpected" => "No", - "ExpectedResult" => "Success" - } - }, -); - -push @tests, @tests_tls1_3 unless disabled("tls1_3"); -push @tests, @tests_tls1_2 unless alldisabled(("tls1_2", "tls1_1", "tls1", - "ssl3")); diff --git a/test/ssl-tests/23-srp.cnf b/test/ssl-tests/23-srp.cnf new file mode 100644 index 0000000000..610a0bb08a --- /dev/null +++ b/test/ssl-tests/23-srp.cnf @@ -0,0 +1,148 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 4 + +test-0 = 0-srp +test-1 = 1-srp-bad-password +test-2 = 2-srp-auth +test-3 = 3-srp-auth-bad-password +# =========================================================== + +[0-srp] +ssl_conf = 0-srp-ssl + +[0-srp-ssl] +server = 0-srp-server +client = 0-srp-client + +[0-srp-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = SRP +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-srp-client] +CipherString = SRP +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +server = 0-srp-server-extra +client = 0-srp-client-extra + +[0-srp-server-extra] +SRPPassword = password +SRPUser = user + +[0-srp-client-extra] +SRPPassword = password +SRPUser = user + + +# =========================================================== + +[1-srp-bad-password] +ssl_conf = 1-srp-bad-password-ssl + +[1-srp-bad-password-ssl] +server = 1-srp-bad-password-server +client = 1-srp-bad-password-client + +[1-srp-bad-password-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = SRP +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-srp-bad-password-client] +CipherString = SRP +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = ServerFail +server = 1-srp-bad-password-server-extra +client = 1-srp-bad-password-client-extra + +[1-srp-bad-password-server-extra] +SRPPassword = password +SRPUser = user + +[1-srp-bad-password-client-extra] +SRPPassword = passw0rd +SRPUser = user + + +# =========================================================== + +[2-srp-auth] +ssl_conf = 2-srp-auth-ssl + +[2-srp-auth-ssl] +server = 2-srp-auth-server +client = 2-srp-auth-client + +[2-srp-auth-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = aSRP +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-srp-auth-client] +CipherString = aSRP +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success +server = 2-srp-auth-server-extra +client = 2-srp-auth-client-extra + +[2-srp-auth-server-extra] +SRPPassword = password +SRPUser = user + +[2-srp-auth-client-extra] +SRPPassword = password +SRPUser = user + + +# =========================================================== + +[3-srp-auth-bad-password] +ssl_conf = 3-srp-auth-bad-password-ssl + +[3-srp-auth-bad-password-ssl] +server = 3-srp-auth-bad-password-server +client = 3-srp-auth-bad-password-client + +[3-srp-auth-bad-password-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = aSRP +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-srp-auth-bad-password-client] +CipherString = aSRP +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = ServerFail +server = 3-srp-auth-bad-password-server-extra +client = 3-srp-auth-bad-password-client-extra + +[3-srp-auth-bad-password-server-extra] +SRPPassword = password +SRPUser = user + +[3-srp-auth-bad-password-client-extra] +SRPPassword = passw0rd +SRPUser = user + + diff --git a/test/ssl-tests/23-srp.cnf.in b/test/ssl-tests/23-srp.cnf.in new file mode 100644 index 0000000000..4abfb42df1 --- /dev/null +++ b/test/ssl-tests/23-srp.cnf.in @@ -0,0 +1,107 @@ +# -*- mode: perl; -*- +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use warnings; + +package ssltests; + +# SRP is only supported up to TLSv1.2 + +our @tests = ( + { + name => "srp", + server => { + "CipherString" => "SRP", + "MaxProtocol" => "TLSv1.2", + extra => { + "SRPUser" => "user", + "SRPPassword" => "password", + }, + }, + client => { + "CipherString" => "SRP", + "MaxProtocol" => "TLSv1.2", + extra => { + "SRPUser" => "user", + "SRPPassword" => "password", + }, + }, + test => { + "ExpectedResult" => "Success" + }, + }, + { + name => "srp-bad-password", + server => { + "CipherString" => "SRP", + "MaxProtocol" => "TLSv1.2", + extra => { + "SRPUser" => "user", + "SRPPassword" => "password", + }, + }, + client => { + "CipherString" => "SRP", + "MaxProtocol" => "TLSv1.2", + extra => { + "SRPUser" => "user", + "SRPPassword" => "passw0rd", + }, + }, + test => { + # Server fails first with bad client Finished. + "ExpectedResult" => "ServerFail" + }, + }, + { + name => "srp-auth", + server => { + "CipherString" => "aSRP", + "MaxProtocol" => "TLSv1.2", + extra => { + "SRPUser" => "user", + "SRPPassword" => "password", + }, + }, + client => { + "CipherString" => "aSRP", + "MaxProtocol" => "TLSv1.2", + extra => { + "SRPUser" => "user", + "SRPPassword" => "password", + }, + }, + test => { + "ExpectedResult" => "Success" + }, + }, + { + name => "srp-auth-bad-password", + server => { + "CipherString" => "aSRP", + "MaxProtocol" => "TLSv1.2", + extra => { + "SRPUser" => "user", + "SRPPassword" => "password", + }, + }, + client => { + "CipherString" => "aSRP", + "MaxProtocol" => "TLSv1.2", + extra => { + "SRPUser" => "user", + "SRPPassword" => "passw0rd", + }, + }, + test => { + # Server fails first with bad client Finished. + "ExpectedResult" => "ServerFail" + }, + }, +); diff --git a/test/ssl-tests/23-srp.conf b/test/ssl-tests/23-srp.conf deleted file mode 100644 index 610a0bb08a..0000000000 --- a/test/ssl-tests/23-srp.conf +++ /dev/null @@ -1,148 +0,0 @@ -# Generated with generate_ssl_tests.pl - -num_tests = 4 - -test-0 = 0-srp -test-1 = 1-srp-bad-password -test-2 = 2-srp-auth -test-3 = 3-srp-auth-bad-password -# =========================================================== - -[0-srp] -ssl_conf = 0-srp-ssl - -[0-srp-ssl] -server = 0-srp-server -client = 0-srp-client - -[0-srp-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = SRP -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[0-srp-client] -CipherString = SRP -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-0] -ExpectedResult = Success -server = 0-srp-server-extra -client = 0-srp-client-extra - -[0-srp-server-extra] -SRPPassword = password -SRPUser = user - -[0-srp-client-extra] -SRPPassword = password -SRPUser = user - - -# =========================================================== - -[1-srp-bad-password] -ssl_conf = 1-srp-bad-password-ssl - -[1-srp-bad-password-ssl] -server = 1-srp-bad-password-server -client = 1-srp-bad-password-client - -[1-srp-bad-password-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = SRP -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[1-srp-bad-password-client] -CipherString = SRP -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-1] -ExpectedResult = ServerFail -server = 1-srp-bad-password-server-extra -client = 1-srp-bad-password-client-extra - -[1-srp-bad-password-server-extra] -SRPPassword = password -SRPUser = user - -[1-srp-bad-password-client-extra] -SRPPassword = passw0rd -SRPUser = user - - -# =========================================================== - -[2-srp-auth] -ssl_conf = 2-srp-auth-ssl - -[2-srp-auth-ssl] -server = 2-srp-auth-server -client = 2-srp-auth-client - -[2-srp-auth-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = aSRP -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[2-srp-auth-client] -CipherString = aSRP -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-2] -ExpectedResult = Success -server = 2-srp-auth-server-extra -client = 2-srp-auth-client-extra - -[2-srp-auth-server-extra] -SRPPassword = password -SRPUser = user - -[2-srp-auth-client-extra] -SRPPassword = password -SRPUser = user - - -# =========================================================== - -[3-srp-auth-bad-password] -ssl_conf = 3-srp-auth-bad-password-ssl - -[3-srp-auth-bad-password-ssl] -server = 3-srp-auth-bad-password-server -client = 3-srp-auth-bad-password-client - -[3-srp-auth-bad-password-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = aSRP -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[3-srp-auth-bad-password-client] -CipherString = aSRP -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-3] -ExpectedResult = ServerFail -server = 3-srp-auth-bad-password-server-extra -client = 3-srp-auth-bad-password-client-extra - -[3-srp-auth-bad-password-server-extra] -SRPPassword = password -SRPUser = user - -[3-srp-auth-bad-password-client-extra] -SRPPassword = passw0rd -SRPUser = user - - diff --git a/test/ssl-tests/23-srp.conf.in b/test/ssl-tests/23-srp.conf.in deleted file mode 100644 index 4abfb42df1..0000000000 --- a/test/ssl-tests/23-srp.conf.in +++ /dev/null @@ -1,107 +0,0 @@ -# -*- mode: perl; -*- -# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -use strict; -use warnings; - -package ssltests; - -# SRP is only supported up to TLSv1.2 - -our @tests = ( - { - name => "srp", - server => { - "CipherString" => "SRP", - "MaxProtocol" => "TLSv1.2", - extra => { - "SRPUser" => "user", - "SRPPassword" => "password", - }, - }, - client => { - "CipherString" => "SRP", - "MaxProtocol" => "TLSv1.2", - extra => { - "SRPUser" => "user", - "SRPPassword" => "password", - }, - }, - test => { - "ExpectedResult" => "Success" - }, - }, - { - name => "srp-bad-password", - server => { - "CipherString" => "SRP", - "MaxProtocol" => "TLSv1.2", - extra => { - "SRPUser" => "user", - "SRPPassword" => "password", - }, - }, - client => { - "CipherString" => "SRP", - "MaxProtocol" => "TLSv1.2", - extra => { - "SRPUser" => "user", - "SRPPassword" => "passw0rd", - }, - }, - test => { - # Server fails first with bad client Finished. - "ExpectedResult" => "ServerFail" - }, - }, - { - name => "srp-auth", - server => { - "CipherString" => "aSRP", - "MaxProtocol" => "TLSv1.2", - extra => { - "SRPUser" => "user", - "SRPPassword" => "password", - }, - }, - client => { - "CipherString" => "aSRP", - "MaxProtocol" => "TLSv1.2", - extra => { - "SRPUser" => "user", - "SRPPassword" => "password", - }, - }, - test => { - "ExpectedResult" => "Success" - }, - }, - { - name => "srp-auth-bad-password", - server => { - "CipherString" => "aSRP", - "MaxProtocol" => "TLSv1.2", - extra => { - "SRPUser" => "user", - "SRPPassword" => "password", - }, - }, - client => { - "CipherString" => "aSRP", - "MaxProtocol" => "TLSv1.2", - extra => { - "SRPUser" => "user", - "SRPPassword" => "passw0rd", - }, - }, - test => { - # Server fails first with bad client Finished. - "ExpectedResult" => "ServerFail" - }, - }, -); diff --git a/test/ssl-tests/24-padding.cnf b/test/ssl-tests/24-padding.cnf new file mode 100644 index 0000000000..3c9f450102 --- /dev/null +++ b/test/ssl-tests/24-padding.cnf @@ -0,0 +1,34 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 1 + +test-0 = 0-default +# =========================================================== + +[0-default] +ssl_conf = 0-default-ssl + +[0-default-ssl] +server = 0-default-server +client = 0-default-client + +[0-default-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +RecordPadding = 64 + +[0-default-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +RecordPadding = 11 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success + + diff --git a/test/ssl-tests/24-padding.cnf.in b/test/ssl-tests/24-padding.cnf.in new file mode 100644 index 0000000000..5d76b0b045 --- /dev/null +++ b/test/ssl-tests/24-padding.cnf.in @@ -0,0 +1,25 @@ +# -*- mode: perl; -*- +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## SSL test configurations + +package ssltests; + +our @tests = ( + { + name => "default", + server => { "RecordPadding" => 64, + "MaxProtocol" => "TLSv1.3", + "MinProtocol" => "TLSv1.3" }, + client => { "RecordPadding" => 11, + "MaxProtocol" => "TLSv1.3", + "MinProtocol" => "TLSv1.3" }, + test => { "ExpectedResult" => "Success" }, + }, +); diff --git a/test/ssl-tests/24-padding.conf b/test/ssl-tests/24-padding.conf deleted file mode 100644 index 3c9f450102..0000000000 --- a/test/ssl-tests/24-padding.conf +++ /dev/null @@ -1,34 +0,0 @@ -# Generated with generate_ssl_tests.pl - -num_tests = 1 - -test-0 = 0-default -# =========================================================== - -[0-default] -ssl_conf = 0-default-ssl - -[0-default-ssl] -server = 0-default-server -client = 0-default-client - -[0-default-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -RecordPadding = 64 - -[0-default-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -RecordPadding = 11 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-0] -ExpectedResult = Success - - diff --git a/test/ssl-tests/24-padding.conf.in b/test/ssl-tests/24-padding.conf.in deleted file mode 100644 index 5d76b0b045..0000000000 --- a/test/ssl-tests/24-padding.conf.in +++ /dev/null @@ -1,25 +0,0 @@ -# -*- mode: perl; -*- -# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -## SSL test configurations - -package ssltests; - -our @tests = ( - { - name => "default", - server => { "RecordPadding" => 64, - "MaxProtocol" => "TLSv1.3", - "MinProtocol" => "TLSv1.3" }, - client => { "RecordPadding" => 11, - "MaxProtocol" => "TLSv1.3", - "MinProtocol" => "TLSv1.3" }, - test => { "ExpectedResult" => "Success" }, - }, -); diff --git a/test/ssl-tests/25-cipher.cnf b/test/ssl-tests/25-cipher.cnf new file mode 100644 index 0000000000..a28c1f7bed --- /dev/null +++ b/test/ssl-tests/25-cipher.cnf @@ -0,0 +1,244 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 9 + +test-0 = 0-cipher-server-1 +test-1 = 1-cipher-server-2 +test-2 = 2-cipher-server-client-list +test-3 = 3-cipher-server-pref-1 +test-4 = 4-cipher-server-pref-2 +test-5 = 5-cipher-server-pref-client-list +test-6 = 6-cipher-server-pref-not-mobile +test-7 = 7-cipher-server-pref-mobile +test-8 = 8-cipher-server-pref-mobile2 +# =========================================================== + +[0-cipher-server-1] +ssl_conf = 0-cipher-server-1-ssl + +[0-cipher-server-1-ssl] +server = 0-cipher-server-1-server +client = 0-cipher-server-1-client + +[0-cipher-server-1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-cipher-server-1-client] +CipherString = ECDHE-RSA-AES256-SHA384 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedCipher = ECDHE-RSA-AES256-SHA384 + + +# =========================================================== + +[1-cipher-server-2] +ssl_conf = 1-cipher-server-2-ssl + +[1-cipher-server-2-ssl] +server = 1-cipher-server-2-server +client = 1-cipher-server-2-client + +[1-cipher-server-2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-cipher-server-2-client] +CipherString = ECDHE-RSA-AES128-SHA256 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedCipher = ECDHE-RSA-AES128-SHA256 + + +# =========================================================== + +[2-cipher-server-client-list] +ssl_conf = 2-cipher-server-client-list-ssl + +[2-cipher-server-client-list-ssl] +server = 2-cipher-server-client-list-server +client = 2-cipher-server-client-list-client + +[2-cipher-server-client-list-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-cipher-server-client-list-client] +CipherString = ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedCipher = ECDHE-RSA-AES128-SHA256 + + +# =========================================================== + +[3-cipher-server-pref-1] +ssl_conf = 3-cipher-server-pref-1-ssl + +[3-cipher-server-pref-1-ssl] +server = 3-cipher-server-pref-1-server +client = 3-cipher-server-pref-1-client + +[3-cipher-server-pref-1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256 +MaxProtocol = TLSv1.2 +Options = ServerPreference +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-cipher-server-pref-1-client] +CipherString = ECDHE-RSA-AES256-SHA384 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedCipher = ECDHE-RSA-AES256-SHA384 + + +# =========================================================== + +[4-cipher-server-pref-2] +ssl_conf = 4-cipher-server-pref-2-ssl + +[4-cipher-server-pref-2-ssl] +server = 4-cipher-server-pref-2-server +client = 4-cipher-server-pref-2-client + +[4-cipher-server-pref-2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256 +MaxProtocol = TLSv1.2 +Options = ServerPreference +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-cipher-server-pref-2-client] +CipherString = ECDHE-RSA-AES128-SHA256 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedCipher = ECDHE-RSA-AES128-SHA256 + + +# =========================================================== + +[5-cipher-server-pref-client-list] +ssl_conf = 5-cipher-server-pref-client-list-ssl + +[5-cipher-server-pref-client-list-ssl] +server = 5-cipher-server-pref-client-list-server +client = 5-cipher-server-pref-client-list-client + +[5-cipher-server-pref-client-list-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256 +MaxProtocol = TLSv1.2 +Options = ServerPreference +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-cipher-server-pref-client-list-client] +CipherString = ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedCipher = ECDHE-RSA-AES256-SHA384 + + +# =========================================================== + +[6-cipher-server-pref-not-mobile] +ssl_conf = 6-cipher-server-pref-not-mobile-ssl + +[6-cipher-server-pref-not-mobile-ssl] +server = 6-cipher-server-pref-not-mobile-server +client = 6-cipher-server-pref-not-mobile-client + +[6-cipher-server-pref-not-mobile-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305 +MaxProtocol = TLSv1.2 +Options = ServerPreference +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-cipher-server-pref-not-mobile-client] +CipherString = ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedCipher = ECDHE-RSA-AES256-SHA384 + + +# =========================================================== + +[7-cipher-server-pref-mobile] +ssl_conf = 7-cipher-server-pref-mobile-ssl + +[7-cipher-server-pref-mobile-ssl] +server = 7-cipher-server-pref-mobile-server +client = 7-cipher-server-pref-mobile-client + +[7-cipher-server-pref-mobile-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305 +MaxProtocol = TLSv1.2 +Options = ServerPreference,PrioritizeChaCha +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-cipher-server-pref-mobile-client] +CipherString = ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedCipher = ECDHE-RSA-AES256-SHA384 + + +# =========================================================== + +[8-cipher-server-pref-mobile2] +ssl_conf = 8-cipher-server-pref-mobile2-ssl + +[8-cipher-server-pref-mobile2-ssl] +server = 8-cipher-server-pref-mobile2-server +client = 8-cipher-server-pref-mobile2-client + +[8-cipher-server-pref-mobile2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305 +MaxProtocol = TLSv1.2 +Options = ServerPreference,PrioritizeChaCha +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-cipher-server-pref-mobile2-client] +CipherString = ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedCipher = ECDHE-RSA-CHACHA20-POLY1305 + + diff --git a/test/ssl-tests/25-cipher.cnf.in b/test/ssl-tests/25-cipher.cnf.in new file mode 100644 index 0000000000..c7bfc61c9e --- /dev/null +++ b/test/ssl-tests/25-cipher.cnf.in @@ -0,0 +1,156 @@ +# -*- mode: perl; -*- +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test version negotiation + +use strict; +use warnings; + +package ssltests; +use OpenSSL::Test::Utils; + +our @tests = ( + { + name => "cipher-server-1", + server => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256", + }, + client => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES256-SHA384" + }, + test => { + "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384", + }, + }, + { + name => "cipher-server-2", + server => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256", + }, + client => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES128-SHA256" + }, + test => { + "ExpectedCipher" => "ECDHE-RSA-AES128-SHA256", + }, + }, + { + name => "cipher-server-client-list", + server => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256", + }, + client => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", + }, + test => { + "ExpectedCipher" => "ECDHE-RSA-AES128-SHA256", + }, + }, + { + name => "cipher-server-pref-1", + server => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256", + "Options" => "ServerPreference", + }, + client => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES256-SHA384" + }, + test => { + "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384", + }, + }, + { + name => "cipher-server-pref-2", + server => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256", + "Options" => "ServerPreference", + }, + client => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES128-SHA256" + }, + test => { + "ExpectedCipher" => "ECDHE-RSA-AES128-SHA256", + }, + }, + { + name => "cipher-server-pref-client-list", + server => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256", + "Options" => "ServerPreference", + }, + client => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", + }, + test => { + "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384", + }, + }, + { + name => "cipher-server-pref-not-mobile", + server => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305", + "Options" => "ServerPreference", + }, + client => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", + }, + test => { + "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384", + }, + }, + { + name => "cipher-server-pref-mobile", + server => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305", + "Options" => "ServerPreference,PrioritizeChaCha", + }, + client => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305", + }, + test => { + "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384", + }, + }, +); + +my @tests_poly1305 = ( + { + name => "cipher-server-pref-mobile2", + server => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305", + "Options" => "ServerPreference,PrioritizeChaCha", + }, + client => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", + }, + test => { + "ExpectedCipher" => "ECDHE-RSA-CHACHA20-POLY1305", + }, + }, +); + +push @tests, @tests_poly1305 unless disabled("poly1305") || disabled("chacha"); diff --git a/test/ssl-tests/25-cipher.conf b/test/ssl-tests/25-cipher.conf deleted file mode 100644 index a28c1f7bed..0000000000 --- a/test/ssl-tests/25-cipher.conf +++ /dev/null @@ -1,244 +0,0 @@ -# Generated with generate_ssl_tests.pl - -num_tests = 9 - -test-0 = 0-cipher-server-1 -test-1 = 1-cipher-server-2 -test-2 = 2-cipher-server-client-list -test-3 = 3-cipher-server-pref-1 -test-4 = 4-cipher-server-pref-2 -test-5 = 5-cipher-server-pref-client-list -test-6 = 6-cipher-server-pref-not-mobile -test-7 = 7-cipher-server-pref-mobile -test-8 = 8-cipher-server-pref-mobile2 -# =========================================================== - -[0-cipher-server-1] -ssl_conf = 0-cipher-server-1-ssl - -[0-cipher-server-1-ssl] -server = 0-cipher-server-1-server -client = 0-cipher-server-1-client - -[0-cipher-server-1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[0-cipher-server-1-client] -CipherString = ECDHE-RSA-AES256-SHA384 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-0] -ExpectedCipher = ECDHE-RSA-AES256-SHA384 - - -# =========================================================== - -[1-cipher-server-2] -ssl_conf = 1-cipher-server-2-ssl - -[1-cipher-server-2-ssl] -server = 1-cipher-server-2-server -client = 1-cipher-server-2-client - -[1-cipher-server-2-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[1-cipher-server-2-client] -CipherString = ECDHE-RSA-AES128-SHA256 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-1] -ExpectedCipher = ECDHE-RSA-AES128-SHA256 - - -# =========================================================== - -[2-cipher-server-client-list] -ssl_conf = 2-cipher-server-client-list-ssl - -[2-cipher-server-client-list-ssl] -server = 2-cipher-server-client-list-server -client = 2-cipher-server-client-list-client - -[2-cipher-server-client-list-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[2-cipher-server-client-list-client] -CipherString = ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-2] -ExpectedCipher = ECDHE-RSA-AES128-SHA256 - - -# =========================================================== - -[3-cipher-server-pref-1] -ssl_conf = 3-cipher-server-pref-1-ssl - -[3-cipher-server-pref-1-ssl] -server = 3-cipher-server-pref-1-server -client = 3-cipher-server-pref-1-client - -[3-cipher-server-pref-1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256 -MaxProtocol = TLSv1.2 -Options = ServerPreference -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[3-cipher-server-pref-1-client] -CipherString = ECDHE-RSA-AES256-SHA384 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-3] -ExpectedCipher = ECDHE-RSA-AES256-SHA384 - - -# =========================================================== - -[4-cipher-server-pref-2] -ssl_conf = 4-cipher-server-pref-2-ssl - -[4-cipher-server-pref-2-ssl] -server = 4-cipher-server-pref-2-server -client = 4-cipher-server-pref-2-client - -[4-cipher-server-pref-2-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256 -MaxProtocol = TLSv1.2 -Options = ServerPreference -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[4-cipher-server-pref-2-client] -CipherString = ECDHE-RSA-AES128-SHA256 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-4] -ExpectedCipher = ECDHE-RSA-AES128-SHA256 - - -# =========================================================== - -[5-cipher-server-pref-client-list] -ssl_conf = 5-cipher-server-pref-client-list-ssl - -[5-cipher-server-pref-client-list-ssl] -server = 5-cipher-server-pref-client-list-server -client = 5-cipher-server-pref-client-list-client - -[5-cipher-server-pref-client-list-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256 -MaxProtocol = TLSv1.2 -Options = ServerPreference -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[5-cipher-server-pref-client-list-client] -CipherString = ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-5] -ExpectedCipher = ECDHE-RSA-AES256-SHA384 - - -# =========================================================== - -[6-cipher-server-pref-not-mobile] -ssl_conf = 6-cipher-server-pref-not-mobile-ssl - -[6-cipher-server-pref-not-mobile-ssl] -server = 6-cipher-server-pref-not-mobile-server -client = 6-cipher-server-pref-not-mobile-client - -[6-cipher-server-pref-not-mobile-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305 -MaxProtocol = TLSv1.2 -Options = ServerPreference -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[6-cipher-server-pref-not-mobile-client] -CipherString = ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-6] -ExpectedCipher = ECDHE-RSA-AES256-SHA384 - - -# =========================================================== - -[7-cipher-server-pref-mobile] -ssl_conf = 7-cipher-server-pref-mobile-ssl - -[7-cipher-server-pref-mobile-ssl] -server = 7-cipher-server-pref-mobile-server -client = 7-cipher-server-pref-mobile-client - -[7-cipher-server-pref-mobile-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305 -MaxProtocol = TLSv1.2 -Options = ServerPreference,PrioritizeChaCha -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[7-cipher-server-pref-mobile-client] -CipherString = ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-7] -ExpectedCipher = ECDHE-RSA-AES256-SHA384 - - -# =========================================================== - -[8-cipher-server-pref-mobile2] -ssl_conf = 8-cipher-server-pref-mobile2-ssl - -[8-cipher-server-pref-mobile2-ssl] -server = 8-cipher-server-pref-mobile2-server -client = 8-cipher-server-pref-mobile2-client - -[8-cipher-server-pref-mobile2-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305 -MaxProtocol = TLSv1.2 -Options = ServerPreference,PrioritizeChaCha -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[8-cipher-server-pref-mobile2-client] -CipherString = ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-8] -ExpectedCipher = ECDHE-RSA-CHACHA20-POLY1305 - - diff --git a/test/ssl-tests/25-cipher.conf.in b/test/ssl-tests/25-cipher.conf.in deleted file mode 100644 index c7bfc61c9e..0000000000 --- a/test/ssl-tests/25-cipher.conf.in +++ /dev/null @@ -1,156 +0,0 @@ -# -*- mode: perl; -*- -# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -## Test version negotiation - -use strict; -use warnings; - -package ssltests; -use OpenSSL::Test::Utils; - -our @tests = ( - { - name => "cipher-server-1", - server => { - "MaxProtocol" => "TLSv1.2", - "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256", - }, - client => { - "MaxProtocol" => "TLSv1.2", - "CipherString" => "ECDHE-RSA-AES256-SHA384" - }, - test => { - "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384", - }, - }, - { - name => "cipher-server-2", - server => { - "MaxProtocol" => "TLSv1.2", - "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256", - }, - client => { - "MaxProtocol" => "TLSv1.2", - "CipherString" => "ECDHE-RSA-AES128-SHA256" - }, - test => { - "ExpectedCipher" => "ECDHE-RSA-AES128-SHA256", - }, - }, - { - name => "cipher-server-client-list", - server => { - "MaxProtocol" => "TLSv1.2", - "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256", - }, - client => { - "MaxProtocol" => "TLSv1.2", - "CipherString" => "ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", - }, - test => { - "ExpectedCipher" => "ECDHE-RSA-AES128-SHA256", - }, - }, - { - name => "cipher-server-pref-1", - server => { - "MaxProtocol" => "TLSv1.2", - "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256", - "Options" => "ServerPreference", - }, - client => { - "MaxProtocol" => "TLSv1.2", - "CipherString" => "ECDHE-RSA-AES256-SHA384" - }, - test => { - "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384", - }, - }, - { - name => "cipher-server-pref-2", - server => { - "MaxProtocol" => "TLSv1.2", - "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256", - "Options" => "ServerPreference", - }, - client => { - "MaxProtocol" => "TLSv1.2", - "CipherString" => "ECDHE-RSA-AES128-SHA256" - }, - test => { - "ExpectedCipher" => "ECDHE-RSA-AES128-SHA256", - }, - }, - { - name => "cipher-server-pref-client-list", - server => { - "MaxProtocol" => "TLSv1.2", - "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256", - "Options" => "ServerPreference", - }, - client => { - "MaxProtocol" => "TLSv1.2", - "CipherString" => "ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", - }, - test => { - "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384", - }, - }, - { - name => "cipher-server-pref-not-mobile", - server => { - "MaxProtocol" => "TLSv1.2", - "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305", - "Options" => "ServerPreference", - }, - client => { - "MaxProtocol" => "TLSv1.2", - "CipherString" => "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", - }, - test => { - "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384", - }, - }, - { - name => "cipher-server-pref-mobile", - server => { - "MaxProtocol" => "TLSv1.2", - "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305", - "Options" => "ServerPreference,PrioritizeChaCha", - }, - client => { - "MaxProtocol" => "TLSv1.2", - "CipherString" => "ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305", - }, - test => { - "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384", - }, - }, -); - -my @tests_poly1305 = ( - { - name => "cipher-server-pref-mobile2", - server => { - "MaxProtocol" => "TLSv1.2", - "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305", - "Options" => "ServerPreference,PrioritizeChaCha", - }, - client => { - "MaxProtocol" => "TLSv1.2", - "CipherString" => "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", - }, - test => { - "ExpectedCipher" => "ECDHE-RSA-CHACHA20-POLY1305", - }, - }, -); - -push @tests, @tests_poly1305 unless disabled("poly1305") || disabled("chacha"); diff --git a/test/ssl-tests/26-tls13_client_auth.cnf b/test/ssl-tests/26-tls13_client_auth.cnf new file mode 100644 index 0000000000..9c42391906 --- /dev/null +++ b/test/ssl-tests/26-tls13_client_auth.cnf @@ -0,0 +1,488 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 14 + +test-0 = 0-server-auth-TLSv1.3 +test-1 = 1-client-auth-TLSv1.3-request +test-2 = 2-client-auth-TLSv1.3-require-fail +test-3 = 3-client-auth-TLSv1.3-require +test-4 = 4-client-auth-TLSv1.3-require-non-empty-names +test-5 = 5-client-auth-TLSv1.3-noroot +test-6 = 6-client-auth-TLSv1.3-request-post-handshake +test-7 = 7-client-auth-TLSv1.3-require-fail-post-handshake +test-8 = 8-client-auth-TLSv1.3-require-post-handshake +test-9 = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake +test-10 = 10-client-auth-TLSv1.3-noroot-post-handshake +test-11 = 11-client-auth-TLSv1.3-request-force-client-post-handshake +test-12 = 12-client-auth-TLSv1.3-request-force-server-post-handshake +test-13 = 13-client-auth-TLSv1.3-request-force-both-post-handshake +# =========================================================== + +[0-server-auth-TLSv1.3] +ssl_conf = 0-server-auth-TLSv1.3-ssl + +[0-server-auth-TLSv1.3-ssl] +server = 0-server-auth-TLSv1.3-server +client = 0-server-auth-TLSv1.3-client + +[0-server-auth-TLSv1.3-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-server-auth-TLSv1.3-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success + + +# =========================================================== + +[1-client-auth-TLSv1.3-request] +ssl_conf = 1-client-auth-TLSv1.3-request-ssl + +[1-client-auth-TLSv1.3-request-ssl] +server = 1-client-auth-TLSv1.3-request-server +client = 1-client-auth-TLSv1.3-request-client + +[1-client-auth-TLSv1.3-request-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Request + +[1-client-auth-TLSv1.3-request-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success + + +# =========================================================== + +[2-client-auth-TLSv1.3-require-fail] +ssl_conf = 2-client-auth-TLSv1.3-require-fail-ssl + +[2-client-auth-TLSv1.3-require-fail-ssl] +server = 2-client-auth-TLSv1.3-require-fail-server +client = 2-client-auth-TLSv1.3-require-fail-client + +[2-client-auth-TLSv1.3-require-fail-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[2-client-auth-TLSv1.3-require-fail-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = ServerFail +ExpectedServerAlert = CertificateRequired + + +# =========================================================== + +[3-client-auth-TLSv1.3-require] +ssl_conf = 3-client-auth-TLSv1.3-require-ssl + +[3-client-auth-TLSv1.3-require-ssl] +server = 3-client-auth-TLSv1.3-require-server +client = 3-client-auth-TLSv1.3-require-client + +[3-client-auth-TLSv1.3-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientSignatureAlgorithms = PSS+SHA256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[3-client-auth-TLSv1.3-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedClientCANames = empty +ExpectedClientCertType = RSA +ExpectedClientSignHash = SHA256 +ExpectedClientSignType = RSA-PSS +ExpectedResult = Success + + +# =========================================================== + +[4-client-auth-TLSv1.3-require-non-empty-names] +ssl_conf = 4-client-auth-TLSv1.3-require-non-empty-names-ssl + +[4-client-auth-TLSv1.3-require-non-empty-names-ssl] +server = 4-client-auth-TLSv1.3-require-non-empty-names-server +client = 4-client-auth-TLSv1.3-require-non-empty-names-client + +[4-client-auth-TLSv1.3-require-non-empty-names-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ClientSignatureAlgorithms = PSS+SHA256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[4-client-auth-TLSv1.3-require-non-empty-names-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedClientCertType = RSA +ExpectedClientSignHash = SHA256 +ExpectedClientSignType = RSA-PSS +ExpectedResult = Success + + +# =========================================================== + +[5-client-auth-TLSv1.3-noroot] +ssl_conf = 5-client-auth-TLSv1.3-noroot-ssl + +[5-client-auth-TLSv1.3-noroot-ssl] +server = 5-client-auth-TLSv1.3-noroot-server +client = 5-client-auth-TLSv1.3-noroot-client + +[5-client-auth-TLSv1.3-noroot-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Require + +[5-client-auth-TLSv1.3-noroot-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA + + +# =========================================================== + +[6-client-auth-TLSv1.3-request-post-handshake] +ssl_conf = 6-client-auth-TLSv1.3-request-post-handshake-ssl + +[6-client-auth-TLSv1.3-request-post-handshake-ssl] +server = 6-client-auth-TLSv1.3-request-post-handshake-server +client = 6-client-auth-TLSv1.3-request-post-handshake-client + +[6-client-auth-TLSv1.3-request-post-handshake-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = RequestPostHandshake + +[6-client-auth-TLSv1.3-request-post-handshake-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = ServerFail +HandshakeMode = PostHandshakeAuth + + +# =========================================================== + +[7-client-auth-TLSv1.3-require-fail-post-handshake] +ssl_conf = 7-client-auth-TLSv1.3-require-fail-post-handshake-ssl + +[7-client-auth-TLSv1.3-require-fail-post-handshake-ssl] +server = 7-client-auth-TLSv1.3-require-fail-post-handshake-server +client = 7-client-auth-TLSv1.3-require-fail-post-handshake-client + +[7-client-auth-TLSv1.3-require-fail-post-handshake-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = RequirePostHandshake + +[7-client-auth-TLSv1.3-require-fail-post-handshake-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = ServerFail +HandshakeMode = PostHandshakeAuth + + +# =========================================================== + +[8-client-auth-TLSv1.3-require-post-handshake] +ssl_conf = 8-client-auth-TLSv1.3-require-post-handshake-ssl + +[8-client-auth-TLSv1.3-require-post-handshake-ssl] +server = 8-client-auth-TLSv1.3-require-post-handshake-server +client = 8-client-auth-TLSv1.3-require-post-handshake-client + +[8-client-auth-TLSv1.3-require-post-handshake-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientSignatureAlgorithms = PSS+SHA256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = RequestPostHandshake + +[8-client-auth-TLSv1.3-require-post-handshake-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedClientCANames = empty +ExpectedClientCertType = RSA +ExpectedClientSignHash = SHA256 +ExpectedClientSignType = RSA-PSS +ExpectedResult = Success +HandshakeMode = PostHandshakeAuth +client = 8-client-auth-TLSv1.3-require-post-handshake-client-extra + +[8-client-auth-TLSv1.3-require-post-handshake-client-extra] +EnablePHA = Yes + + +# =========================================================== + +[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake] +ssl_conf = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-ssl + +[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-ssl] +server = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-server +client = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client + +[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ClientSignatureAlgorithms = PSS+SHA256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = RequestPostHandshake + +[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedClientCertType = RSA +ExpectedClientSignHash = SHA256 +ExpectedClientSignType = RSA-PSS +ExpectedResult = Success +HandshakeMode = PostHandshakeAuth +client = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client-extra + +[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client-extra] +EnablePHA = Yes + + +# =========================================================== + +[10-client-auth-TLSv1.3-noroot-post-handshake] +ssl_conf = 10-client-auth-TLSv1.3-noroot-post-handshake-ssl + +[10-client-auth-TLSv1.3-noroot-post-handshake-ssl] +server = 10-client-auth-TLSv1.3-noroot-post-handshake-server +client = 10-client-auth-TLSv1.3-noroot-post-handshake-client + +[10-client-auth-TLSv1.3-noroot-post-handshake-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = RequirePostHandshake + +[10-client-auth-TLSv1.3-noroot-post-handshake-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA +HandshakeMode = PostHandshakeAuth +client = 10-client-auth-TLSv1.3-noroot-post-handshake-client-extra + +[10-client-auth-TLSv1.3-noroot-post-handshake-client-extra] +EnablePHA = Yes + + +# =========================================================== + +[11-client-auth-TLSv1.3-request-force-client-post-handshake] +ssl_conf = 11-client-auth-TLSv1.3-request-force-client-post-handshake-ssl + +[11-client-auth-TLSv1.3-request-force-client-post-handshake-ssl] +server = 11-client-auth-TLSv1.3-request-force-client-post-handshake-server +client = 11-client-auth-TLSv1.3-request-force-client-post-handshake-client + +[11-client-auth-TLSv1.3-request-force-client-post-handshake-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = RequestPostHandshake + +[11-client-auth-TLSv1.3-request-force-client-post-handshake-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedResult = Success +HandshakeMode = PostHandshakeAuth +client = 11-client-auth-TLSv1.3-request-force-client-post-handshake-client-extra + +[11-client-auth-TLSv1.3-request-force-client-post-handshake-client-extra] +EnablePHA = Yes + + +# =========================================================== + +[12-client-auth-TLSv1.3-request-force-server-post-handshake] +ssl_conf = 12-client-auth-TLSv1.3-request-force-server-post-handshake-ssl + +[12-client-auth-TLSv1.3-request-force-server-post-handshake-ssl] +server = 12-client-auth-TLSv1.3-request-force-server-post-handshake-server +client = 12-client-auth-TLSv1.3-request-force-server-post-handshake-client + +[12-client-auth-TLSv1.3-request-force-server-post-handshake-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = RequestPostHandshake + +[12-client-auth-TLSv1.3-request-force-server-post-handshake-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedResult = ClientFail +HandshakeMode = PostHandshakeAuth +server = 12-client-auth-TLSv1.3-request-force-server-post-handshake-server-extra + +[12-client-auth-TLSv1.3-request-force-server-post-handshake-server-extra] +ForcePHA = Yes + + +# =========================================================== + +[13-client-auth-TLSv1.3-request-force-both-post-handshake] +ssl_conf = 13-client-auth-TLSv1.3-request-force-both-post-handshake-ssl + +[13-client-auth-TLSv1.3-request-force-both-post-handshake-ssl] +server = 13-client-auth-TLSv1.3-request-force-both-post-handshake-server +client = 13-client-auth-TLSv1.3-request-force-both-post-handshake-client + +[13-client-auth-TLSv1.3-request-force-both-post-handshake-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = RequestPostHandshake + +[13-client-auth-TLSv1.3-request-force-both-post-handshake-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedResult = Success +HandshakeMode = PostHandshakeAuth +server = 13-client-auth-TLSv1.3-request-force-both-post-handshake-server-extra +client = 13-client-auth-TLSv1.3-request-force-both-post-handshake-client-extra + +[13-client-auth-TLSv1.3-request-force-both-post-handshake-server-extra] +ForcePHA = Yes + +[13-client-auth-TLSv1.3-request-force-both-post-handshake-client-extra] +EnablePHA = Yes + + diff --git a/test/ssl-tests/26-tls13_client_auth.cnf.in b/test/ssl-tests/26-tls13_client_auth.cnf.in new file mode 100644 index 0000000000..82d3ac2d2b --- /dev/null +++ b/test/ssl-tests/26-tls13_client_auth.cnf.in @@ -0,0 +1,302 @@ +# -*- mode: perl; -*- +# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test TLSv1.3 certificate authentication +## Similar to 04-client_auth.cnf.in output, but specific for +## TLSv1.3 and post-handshake authentication + +use strict; +use warnings; + +package ssltests; +use OpenSSL::Test::Utils; + +our @tests = ( + { + name => "server-auth-TLSv1.3", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "client-auth-TLSv1.3-request", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "VerifyMode" => "Request", + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "client-auth-TLSv1.3-require-fail", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require", + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + }, + test => { + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => "CertificateRequired", + }, + }, + { + name => "client-auth-TLSv1.3-require", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "ClientSignatureAlgorithms" => "PSS+SHA256", + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Request", + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "ExpectedResult" => "Success", + "ExpectedClientCertType" => "RSA", + "ExpectedClientSignType" => "RSA-PSS", + "ExpectedClientSignHash" => "SHA256", + "ExpectedClientCANames" => "empty" + }, + }, + { + name => "client-auth-TLSv1.3-require-non-empty-names", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "ClientSignatureAlgorithms" => "PSS+SHA256", + "ClientCAFile" => test_pem("root-cert.pem"), + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Request", + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "ExpectedResult" => "Success", + "ExpectedClientCertType" => "RSA", + "ExpectedClientSignType" => "RSA-PSS", + "ExpectedClientSignHash" => "SHA256", + "ExpectedClientCANames" => test_pem("root-cert.pem"), + }, + }, + { + name => "client-auth-TLSv1.3-noroot", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "VerifyMode" => "Require", + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => "UnknownCA", + }, + }, + { + name => "client-auth-TLSv1.3-request-post-handshake", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "VerifyMode" => "RequestPostHandshake", + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + }, + test => { + "ExpectedResult" => "ServerFail", + "HandshakeMode" => "PostHandshakeAuth", + }, + }, + { + name => "client-auth-TLSv1.3-require-fail-post-handshake", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "RequirePostHandshake", + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + }, + test => { + "ExpectedResult" => "ServerFail", + "HandshakeMode" => "PostHandshakeAuth", + }, + }, + { + name => "client-auth-TLSv1.3-require-post-handshake", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "ClientSignatureAlgorithms" => "PSS+SHA256", + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "RequestPostHandshake", + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + extra => { + "EnablePHA" => "Yes", + }, + }, + test => { + "ExpectedResult" => "Success", + "HandshakeMode" => "PostHandshakeAuth", + "ExpectedClientCertType" => "RSA", + "ExpectedClientSignType" => "RSA-PSS", + "ExpectedClientSignHash" => "SHA256", + "ExpectedClientCANames" => "empty" + }, + }, + { + name => "client-auth-TLSv1.3-require-non-empty-names-post-handshake", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "ClientSignatureAlgorithms" => "PSS+SHA256", + "ClientCAFile" => test_pem("root-cert.pem"), + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "RequestPostHandshake", + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + extra => { + "EnablePHA" => "Yes", + }, + }, + test => { + "ExpectedResult" => "Success", + "HandshakeMode" => "PostHandshakeAuth", + "ExpectedClientCertType" => "RSA", + "ExpectedClientSignType" => "RSA-PSS", + "ExpectedClientSignHash" => "SHA256", + "ExpectedClientCANames" => test_pem("root-cert.pem"), + }, + }, + { + name => "client-auth-TLSv1.3-noroot-post-handshake", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "VerifyMode" => "RequirePostHandshake", + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + extra => { + "EnablePHA" => "Yes", + }, + }, + test => { + "ExpectedResult" => "ServerFail", + "HandshakeMode" => "PostHandshakeAuth", + "ExpectedServerAlert" => "UnknownCA", + }, + }, + { + name => "client-auth-TLSv1.3-request-force-client-post-handshake", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "VerifyMode" => "RequestPostHandshake", + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + extra => { + "EnablePHA" => "Yes", + }, + }, + test => { + "ExpectedResult" => "Success", + "HandshakeMode" => "PostHandshakeAuth", + }, + }, + { + name => "client-auth-TLSv1.3-request-force-server-post-handshake", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "VerifyMode" => "RequestPostHandshake", + extra => { + "ForcePHA" => "Yes", + }, + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + }, + test => { + "ExpectedResult" => "ClientFail", + "HandshakeMode" => "PostHandshakeAuth", + }, + }, + { + name => "client-auth-TLSv1.3-request-force-both-post-handshake", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "VerifyMode" => "RequestPostHandshake", + extra => { + "ForcePHA" => "Yes", + }, + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + extra => { + "EnablePHA" => "Yes", + }, + }, + test => { + "ExpectedResult" => "Success", + "HandshakeMode" => "PostHandshakeAuth", + }, + }, +); diff --git a/test/ssl-tests/26-tls13_client_auth.conf b/test/ssl-tests/26-tls13_client_auth.conf deleted file mode 100644 index 9c42391906..0000000000 --- a/test/ssl-tests/26-tls13_client_auth.conf +++ /dev/null @@ -1,488 +0,0 @@ -# Generated with generate_ssl_tests.pl - -num_tests = 14 - -test-0 = 0-server-auth-TLSv1.3 -test-1 = 1-client-auth-TLSv1.3-request -test-2 = 2-client-auth-TLSv1.3-require-fail -test-3 = 3-client-auth-TLSv1.3-require -test-4 = 4-client-auth-TLSv1.3-require-non-empty-names -test-5 = 5-client-auth-TLSv1.3-noroot -test-6 = 6-client-auth-TLSv1.3-request-post-handshake -test-7 = 7-client-auth-TLSv1.3-require-fail-post-handshake -test-8 = 8-client-auth-TLSv1.3-require-post-handshake -test-9 = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake -test-10 = 10-client-auth-TLSv1.3-noroot-post-handshake -test-11 = 11-client-auth-TLSv1.3-request-force-client-post-handshake -test-12 = 12-client-auth-TLSv1.3-request-force-server-post-handshake -test-13 = 13-client-auth-TLSv1.3-request-force-both-post-handshake -# =========================================================== - -[0-server-auth-TLSv1.3] -ssl_conf = 0-server-auth-TLSv1.3-ssl - -[0-server-auth-TLSv1.3-ssl] -server = 0-server-auth-TLSv1.3-server -client = 0-server-auth-TLSv1.3-client - -[0-server-auth-TLSv1.3-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[0-server-auth-TLSv1.3-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-0] -ExpectedResult = Success - - -# =========================================================== - -[1-client-auth-TLSv1.3-request] -ssl_conf = 1-client-auth-TLSv1.3-request-ssl - -[1-client-auth-TLSv1.3-request-ssl] -server = 1-client-auth-TLSv1.3-request-server -client = 1-client-auth-TLSv1.3-request-client - -[1-client-auth-TLSv1.3-request-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyMode = Request - -[1-client-auth-TLSv1.3-request-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-1] -ExpectedResult = Success - - -# =========================================================== - -[2-client-auth-TLSv1.3-require-fail] -ssl_conf = 2-client-auth-TLSv1.3-require-fail-ssl - -[2-client-auth-TLSv1.3-require-fail-ssl] -server = 2-client-auth-TLSv1.3-require-fail-server -client = 2-client-auth-TLSv1.3-require-fail-client - -[2-client-auth-TLSv1.3-require-fail-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyMode = Require - -[2-client-auth-TLSv1.3-require-fail-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-2] -ExpectedResult = ServerFail -ExpectedServerAlert = CertificateRequired - - -# =========================================================== - -[3-client-auth-TLSv1.3-require] -ssl_conf = 3-client-auth-TLSv1.3-require-ssl - -[3-client-auth-TLSv1.3-require-ssl] -server = 3-client-auth-TLSv1.3-require-server -client = 3-client-auth-TLSv1.3-require-client - -[3-client-auth-TLSv1.3-require-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ClientSignatureAlgorithms = PSS+SHA256 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyMode = Request - -[3-client-auth-TLSv1.3-require-client] -Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-3] -ExpectedClientCANames = empty -ExpectedClientCertType = RSA -ExpectedClientSignHash = SHA256 -ExpectedClientSignType = RSA-PSS -ExpectedResult = Success - - -# =========================================================== - -[4-client-auth-TLSv1.3-require-non-empty-names] -ssl_conf = 4-client-auth-TLSv1.3-require-non-empty-names-ssl - -[4-client-auth-TLSv1.3-require-non-empty-names-ssl] -server = 4-client-auth-TLSv1.3-require-non-empty-names-server -client = 4-client-auth-TLSv1.3-require-non-empty-names-client - -[4-client-auth-TLSv1.3-require-non-empty-names-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -ClientSignatureAlgorithms = PSS+SHA256 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyMode = Request - -[4-client-auth-TLSv1.3-require-non-empty-names-client] -Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-4] -ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem -ExpectedClientCertType = RSA -ExpectedClientSignHash = SHA256 -ExpectedClientSignType = RSA-PSS -ExpectedResult = Success - - -# =========================================================== - -[5-client-auth-TLSv1.3-noroot] -ssl_conf = 5-client-auth-TLSv1.3-noroot-ssl - -[5-client-auth-TLSv1.3-noroot-ssl] -server = 5-client-auth-TLSv1.3-noroot-server -client = 5-client-auth-TLSv1.3-noroot-client - -[5-client-auth-TLSv1.3-noroot-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyMode = Require - -[5-client-auth-TLSv1.3-noroot-client] -Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-5] -ExpectedResult = ServerFail -ExpectedServerAlert = UnknownCA - - -# =========================================================== - -[6-client-auth-TLSv1.3-request-post-handshake] -ssl_conf = 6-client-auth-TLSv1.3-request-post-handshake-ssl - -[6-client-auth-TLSv1.3-request-post-handshake-ssl] -server = 6-client-auth-TLSv1.3-request-post-handshake-server -client = 6-client-auth-TLSv1.3-request-post-handshake-client - -[6-client-auth-TLSv1.3-request-post-handshake-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyMode = RequestPostHandshake - -[6-client-auth-TLSv1.3-request-post-handshake-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-6] -ExpectedResult = ServerFail -HandshakeMode = PostHandshakeAuth - - -# =========================================================== - -[7-client-auth-TLSv1.3-require-fail-post-handshake] -ssl_conf = 7-client-auth-TLSv1.3-require-fail-post-handshake-ssl - -[7-client-auth-TLSv1.3-require-fail-post-handshake-ssl] -server = 7-client-auth-TLSv1.3-require-fail-post-handshake-server -client = 7-client-auth-TLSv1.3-require-fail-post-handshake-client - -[7-client-auth-TLSv1.3-require-fail-post-handshake-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyMode = RequirePostHandshake - -[7-client-auth-TLSv1.3-require-fail-post-handshake-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-7] -ExpectedResult = ServerFail -HandshakeMode = PostHandshakeAuth - - -# =========================================================== - -[8-client-auth-TLSv1.3-require-post-handshake] -ssl_conf = 8-client-auth-TLSv1.3-require-post-handshake-ssl - -[8-client-auth-TLSv1.3-require-post-handshake-ssl] -server = 8-client-auth-TLSv1.3-require-post-handshake-server -client = 8-client-auth-TLSv1.3-require-post-handshake-client - -[8-client-auth-TLSv1.3-require-post-handshake-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ClientSignatureAlgorithms = PSS+SHA256 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyMode = RequestPostHandshake - -[8-client-auth-TLSv1.3-require-post-handshake-client] -Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-8] -ExpectedClientCANames = empty -ExpectedClientCertType = RSA -ExpectedClientSignHash = SHA256 -ExpectedClientSignType = RSA-PSS -ExpectedResult = Success -HandshakeMode = PostHandshakeAuth -client = 8-client-auth-TLSv1.3-require-post-handshake-client-extra - -[8-client-auth-TLSv1.3-require-post-handshake-client-extra] -EnablePHA = Yes - - -# =========================================================== - -[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake] -ssl_conf = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-ssl - -[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-ssl] -server = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-server -client = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client - -[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -ClientSignatureAlgorithms = PSS+SHA256 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -VerifyMode = RequestPostHandshake - -[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client] -Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-9] -ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem -ExpectedClientCertType = RSA -ExpectedClientSignHash = SHA256 -ExpectedClientSignType = RSA-PSS -ExpectedResult = Success -HandshakeMode = PostHandshakeAuth -client = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client-extra - -[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client-extra] -EnablePHA = Yes - - -# =========================================================== - -[10-client-auth-TLSv1.3-noroot-post-handshake] -ssl_conf = 10-client-auth-TLSv1.3-noroot-post-handshake-ssl - -[10-client-auth-TLSv1.3-noroot-post-handshake-ssl] -server = 10-client-auth-TLSv1.3-noroot-post-handshake-server -client = 10-client-auth-TLSv1.3-noroot-post-handshake-client - -[10-client-auth-TLSv1.3-noroot-post-handshake-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyMode = RequirePostHandshake - -[10-client-auth-TLSv1.3-noroot-post-handshake-client] -Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-10] -ExpectedResult = ServerFail -ExpectedServerAlert = UnknownCA -HandshakeMode = PostHandshakeAuth -client = 10-client-auth-TLSv1.3-noroot-post-handshake-client-extra - -[10-client-auth-TLSv1.3-noroot-post-handshake-client-extra] -EnablePHA = Yes - - -# =========================================================== - -[11-client-auth-TLSv1.3-request-force-client-post-handshake] -ssl_conf = 11-client-auth-TLSv1.3-request-force-client-post-handshake-ssl - -[11-client-auth-TLSv1.3-request-force-client-post-handshake-ssl] -server = 11-client-auth-TLSv1.3-request-force-client-post-handshake-server -client = 11-client-auth-TLSv1.3-request-force-client-post-handshake-client - -[11-client-auth-TLSv1.3-request-force-client-post-handshake-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyMode = RequestPostHandshake - -[11-client-auth-TLSv1.3-request-force-client-post-handshake-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-11] -ExpectedResult = Success -HandshakeMode = PostHandshakeAuth -client = 11-client-auth-TLSv1.3-request-force-client-post-handshake-client-extra - -[11-client-auth-TLSv1.3-request-force-client-post-handshake-client-extra] -EnablePHA = Yes - - -# =========================================================== - -[12-client-auth-TLSv1.3-request-force-server-post-handshake] -ssl_conf = 12-client-auth-TLSv1.3-request-force-server-post-handshake-ssl - -[12-client-auth-TLSv1.3-request-force-server-post-handshake-ssl] -server = 12-client-auth-TLSv1.3-request-force-server-post-handshake-server -client = 12-client-auth-TLSv1.3-request-force-server-post-handshake-client - -[12-client-auth-TLSv1.3-request-force-server-post-handshake-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyMode = RequestPostHandshake - -[12-client-auth-TLSv1.3-request-force-server-post-handshake-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-12] -ExpectedResult = ClientFail -HandshakeMode = PostHandshakeAuth -server = 12-client-auth-TLSv1.3-request-force-server-post-handshake-server-extra - -[12-client-auth-TLSv1.3-request-force-server-post-handshake-server-extra] -ForcePHA = Yes - - -# =========================================================== - -[13-client-auth-TLSv1.3-request-force-both-post-handshake] -ssl_conf = 13-client-auth-TLSv1.3-request-force-both-post-handshake-ssl - -[13-client-auth-TLSv1.3-request-force-both-post-handshake-ssl] -server = 13-client-auth-TLSv1.3-request-force-both-post-handshake-server -client = 13-client-auth-TLSv1.3-request-force-both-post-handshake-client - -[13-client-auth-TLSv1.3-request-force-both-post-handshake-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyMode = RequestPostHandshake - -[13-client-auth-TLSv1.3-request-force-both-post-handshake-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-13] -ExpectedResult = Success -HandshakeMode = PostHandshakeAuth -server = 13-client-auth-TLSv1.3-request-force-both-post-handshake-server-extra -client = 13-client-auth-TLSv1.3-request-force-both-post-handshake-client-extra - -[13-client-auth-TLSv1.3-request-force-both-post-handshake-server-extra] -ForcePHA = Yes - -[13-client-auth-TLSv1.3-request-force-both-post-handshake-client-extra] -EnablePHA = Yes - - diff --git a/test/ssl-tests/26-tls13_client_auth.conf.in b/test/ssl-tests/26-tls13_client_auth.conf.in deleted file mode 100644 index 02a1ee2d27..0000000000 --- a/test/ssl-tests/26-tls13_client_auth.conf.in +++ /dev/null @@ -1,302 +0,0 @@ -# -*- mode: perl; -*- -# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -## Test TLSv1.3 certificate authentication -## Similar to 04-client_auth.conf.in output, but specific for -## TLSv1.3 and post-handshake authentication - -use strict; -use warnings; - -package ssltests; -use OpenSSL::Test::Utils; - -our @tests = ( - { - name => "server-auth-TLSv1.3", - server => { - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3", - }, - client => { - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3", - }, - test => { - "ExpectedResult" => "Success", - }, - }, - { - name => "client-auth-TLSv1.3-request", - server => { - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3", - "VerifyMode" => "Request", - }, - client => { - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3", - }, - test => { - "ExpectedResult" => "Success", - }, - }, - { - name => "client-auth-TLSv1.3-require-fail", - server => { - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3", - "VerifyCAFile" => test_pem("root-cert.pem"), - "VerifyMode" => "Require", - }, - client => { - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3", - }, - test => { - "ExpectedResult" => "ServerFail", - "ExpectedServerAlert" => "CertificateRequired", - }, - }, - { - name => "client-auth-TLSv1.3-require", - server => { - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3", - "ClientSignatureAlgorithms" => "PSS+SHA256", - "VerifyCAFile" => test_pem("root-cert.pem"), - "VerifyMode" => "Request", - }, - client => { - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3", - "Certificate" => test_pem("ee-client-chain.pem"), - "PrivateKey" => test_pem("ee-key.pem"), - }, - test => { - "ExpectedResult" => "Success", - "ExpectedClientCertType" => "RSA", - "ExpectedClientSignType" => "RSA-PSS", - "ExpectedClientSignHash" => "SHA256", - "ExpectedClientCANames" => "empty" - }, - }, - { - name => "client-auth-TLSv1.3-require-non-empty-names", - server => { - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3", - "ClientSignatureAlgorithms" => "PSS+SHA256", - "ClientCAFile" => test_pem("root-cert.pem"), - "VerifyCAFile" => test_pem("root-cert.pem"), - "VerifyMode" => "Request", - }, - client => { - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3", - "Certificate" => test_pem("ee-client-chain.pem"), - "PrivateKey" => test_pem("ee-key.pem"), - }, - test => { - "ExpectedResult" => "Success", - "ExpectedClientCertType" => "RSA", - "ExpectedClientSignType" => "RSA-PSS", - "ExpectedClientSignHash" => "SHA256", - "ExpectedClientCANames" => test_pem("root-cert.pem"), - }, - }, - { - name => "client-auth-TLSv1.3-noroot", - server => { - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3", - "VerifyMode" => "Require", - }, - client => { - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3", - "Certificate" => test_pem("ee-client-chain.pem"), - "PrivateKey" => test_pem("ee-key.pem"), - }, - test => { - "ExpectedResult" => "ServerFail", - "ExpectedServerAlert" => "UnknownCA", - }, - }, - { - name => "client-auth-TLSv1.3-request-post-handshake", - server => { - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3", - "VerifyMode" => "RequestPostHandshake", - }, - client => { - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3", - }, - test => { - "ExpectedResult" => "ServerFail", - "HandshakeMode" => "PostHandshakeAuth", - }, - }, - { - name => "client-auth-TLSv1.3-require-fail-post-handshake", - server => { - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3", - "VerifyCAFile" => test_pem("root-cert.pem"), - "VerifyMode" => "RequirePostHandshake", - }, - client => { - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3", - }, - test => { - "ExpectedResult" => "ServerFail", - "HandshakeMode" => "PostHandshakeAuth", - }, - }, - { - name => "client-auth-TLSv1.3-require-post-handshake", - server => { - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3", - "ClientSignatureAlgorithms" => "PSS+SHA256", - "VerifyCAFile" => test_pem("root-cert.pem"), - "VerifyMode" => "RequestPostHandshake", - }, - client => { - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3", - "Certificate" => test_pem("ee-client-chain.pem"), - "PrivateKey" => test_pem("ee-key.pem"), - extra => { - "EnablePHA" => "Yes", - }, - }, - test => { - "ExpectedResult" => "Success", - "HandshakeMode" => "PostHandshakeAuth", - "ExpectedClientCertType" => "RSA", - "ExpectedClientSignType" => "RSA-PSS", - "ExpectedClientSignHash" => "SHA256", - "ExpectedClientCANames" => "empty" - }, - }, - { - name => "client-auth-TLSv1.3-require-non-empty-names-post-handshake", - server => { - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3", - "ClientSignatureAlgorithms" => "PSS+SHA256", - "ClientCAFile" => test_pem("root-cert.pem"), - "VerifyCAFile" => test_pem("root-cert.pem"), - "VerifyMode" => "RequestPostHandshake", - }, - client => { - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3", - "Certificate" => test_pem("ee-client-chain.pem"), - "PrivateKey" => test_pem("ee-key.pem"), - extra => { - "EnablePHA" => "Yes", - }, - }, - test => { - "ExpectedResult" => "Success", - "HandshakeMode" => "PostHandshakeAuth", - "ExpectedClientCertType" => "RSA", - "ExpectedClientSignType" => "RSA-PSS", - "ExpectedClientSignHash" => "SHA256", - "ExpectedClientCANames" => test_pem("root-cert.pem"), - }, - }, - { - name => "client-auth-TLSv1.3-noroot-post-handshake", - server => { - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3", - "VerifyMode" => "RequirePostHandshake", - }, - client => { - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3", - "Certificate" => test_pem("ee-client-chain.pem"), - "PrivateKey" => test_pem("ee-key.pem"), - extra => { - "EnablePHA" => "Yes", - }, - }, - test => { - "ExpectedResult" => "ServerFail", - "HandshakeMode" => "PostHandshakeAuth", - "ExpectedServerAlert" => "UnknownCA", - }, - }, - { - name => "client-auth-TLSv1.3-request-force-client-post-handshake", - server => { - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3", - "VerifyMode" => "RequestPostHandshake", - }, - client => { - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3", - extra => { - "EnablePHA" => "Yes", - }, - }, - test => { - "ExpectedResult" => "Success", - "HandshakeMode" => "PostHandshakeAuth", - }, - }, - { - name => "client-auth-TLSv1.3-request-force-server-post-handshake", - server => { - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3", - "VerifyMode" => "RequestPostHandshake", - extra => { - "ForcePHA" => "Yes", - }, - }, - client => { - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3", - }, - test => { - "ExpectedResult" => "ClientFail", - "HandshakeMode" => "PostHandshakeAuth", - }, - }, - { - name => "client-auth-TLSv1.3-request-force-both-post-handshake", - server => { - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3", - "VerifyMode" => "RequestPostHandshake", - extra => { - "ForcePHA" => "Yes", - }, - }, - client => { - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3", - extra => { - "EnablePHA" => "Yes", - }, - }, - test => { - "ExpectedResult" => "Success", - "HandshakeMode" => "PostHandshakeAuth", - }, - }, -); diff --git a/test/ssl-tests/27-ticket-appdata.cnf b/test/ssl-tests/27-ticket-appdata.cnf new file mode 100644 index 0000000000..863ca7a901 --- /dev/null +++ b/test/ssl-tests/27-ticket-appdata.cnf @@ -0,0 +1,146 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 4 + +test-0 = 0-session-ticket-app-data12 +test-1 = 1-session-ticket-app-data12 +test-2 = 2-session-ticket-app-data13 +test-3 = 3-session-ticket-app-data13 +# =========================================================== + +[0-session-ticket-app-data12] +ssl_conf = 0-session-ticket-app-data12-ssl + +[0-session-ticket-app-data12-ssl] +server = 0-session-ticket-app-data12-server +client = 0-session-ticket-app-data12-client +resume-server = 0-session-ticket-app-data12-server +resume-client = 0-session-ticket-app-data12-client + +[0-session-ticket-app-data12-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-session-ticket-app-data12-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +ExpectedSessionTicketAppData = HelloWorld +HandshakeMode = Resume +ResumptionExpected = Yes +SessionTicketExpected = Yes +server = 0-session-ticket-app-data12-server-extra +resume-server = 0-session-ticket-app-data12-server-extra + +[0-session-ticket-app-data12-server-extra] +SessionTicketAppData = HelloWorld + + +# =========================================================== + +[1-session-ticket-app-data12] +ssl_conf = 1-session-ticket-app-data12-ssl + +[1-session-ticket-app-data12-ssl] +server = 1-session-ticket-app-data12-server +client = 1-session-ticket-app-data12-client +resume-server = 1-session-ticket-app-data12-server +resume-client = 1-session-ticket-app-data12-client + +[1-session-ticket-app-data12-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-session-ticket-app-data12-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success +ExpectedSessionTicketAppData = +HandshakeMode = Resume +ResumptionExpected = Yes +SessionTicketExpected = Yes + + +# =========================================================== + +[2-session-ticket-app-data13] +ssl_conf = 2-session-ticket-app-data13-ssl + +[2-session-ticket-app-data13-ssl] +server = 2-session-ticket-app-data13-server +client = 2-session-ticket-app-data13-client +resume-server = 2-session-ticket-app-data13-server +resume-client = 2-session-ticket-app-data13-client + +[2-session-ticket-app-data13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-session-ticket-app-data13-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success +ExpectedSessionTicketAppData = HelloWorld +HandshakeMode = Resume +ResumptionExpected = Yes +SessionTicketExpected = Yes +server = 2-session-ticket-app-data13-server-extra +resume-server = 2-session-ticket-app-data13-server-extra + +[2-session-ticket-app-data13-server-extra] +SessionTicketAppData = HelloWorld + + +# =========================================================== + +[3-session-ticket-app-data13] +ssl_conf = 3-session-ticket-app-data13-ssl + +[3-session-ticket-app-data13-ssl] +server = 3-session-ticket-app-data13-server +client = 3-session-ticket-app-data13-client +resume-server = 3-session-ticket-app-data13-server +resume-client = 3-session-ticket-app-data13-client + +[3-session-ticket-app-data13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-session-ticket-app-data13-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +ExpectedSessionTicketAppData = +HandshakeMode = Resume +ResumptionExpected = Yes +SessionTicketExpected = Yes + + diff --git a/test/ssl-tests/27-ticket-appdata.cnf.in b/test/ssl-tests/27-ticket-appdata.cnf.in new file mode 100644 index 0000000000..c51585924e --- /dev/null +++ b/test/ssl-tests/27-ticket-appdata.cnf.in @@ -0,0 +1,99 @@ +# -*- mode: perl; -*- +# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test session ticket app data + +use strict; +use warnings; + +package ssltests; +use OpenSSL::Test::Utils; + +our @tests12 = ( + { + "name" => "session-ticket-app-data12", + "client" => { + "MaxProtocol" => "TLSv1.2", + "Options" => "SessionTicket", + }, + "server" => { + "Options" => "SessionTicket", + "extra" => { + "SessionTicketAppData" => "HelloWorld", + }, + }, + "test" => { + "HandshakeMode" => "Resume", + "ExpectedResult" => "Success", + "SessionTicketExpected" => "Yes", + "ResumptionExpected" => "Yes", + "ExpectedSessionTicketAppData" => "HelloWorld", + } + }, + { + "name" => "session-ticket-app-data12", + "client" => { + "MaxProtocol" => "TLSv1.2", + "Options" => "SessionTicket", + }, + "server" => { + "Options" => "SessionTicket", + }, + "test" => { + "HandshakeMode" => "Resume", + "ExpectedResult" => "Success", + "SessionTicketExpected" => "Yes", + "ResumptionExpected" => "Yes", + "ExpectedSessionTicketAppData" => "", + } + } +); +our @tests13 = ( + { + "name" => "session-ticket-app-data13", + "client" => { + "MaxProtocol" => "TLSv1.3", + "Options" => "SessionTicket", + }, + "server" => { + "Options" => "SessionTicket", + "extra" => { + "SessionTicketAppData" => "HelloWorld", + }, + }, + "test" => { + "HandshakeMode" => "Resume", + "ExpectedResult" => "Success", + "SessionTicketExpected" => "Yes", + "ResumptionExpected" => "Yes", + "ExpectedSessionTicketAppData" => "HelloWorld", + } + }, + { + "name" => "session-ticket-app-data13", + "client" => { + "MaxProtocol" => "TLSv1.3", + "Options" => "SessionTicket", + }, + "server" => { + "Options" => "SessionTicket", + }, + "test" => { + "HandshakeMode" => "Resume", + "ExpectedResult" => "Success", + "SessionTicketExpected" => "Yes", + "ResumptionExpected" => "Yes", + "ExpectedSessionTicketAppData" => "", + } + } +); + +our @tests = (); +push @tests, @tests12 unless disabled("tls1_2"); +push @tests, @tests13 unless disabled("tls1_3"); diff --git a/test/ssl-tests/27-ticket-appdata.conf b/test/ssl-tests/27-ticket-appdata.conf deleted file mode 100644 index 863ca7a901..0000000000 --- a/test/ssl-tests/27-ticket-appdata.conf +++ /dev/null @@ -1,146 +0,0 @@ -# Generated with generate_ssl_tests.pl - -num_tests = 4 - -test-0 = 0-session-ticket-app-data12 -test-1 = 1-session-ticket-app-data12 -test-2 = 2-session-ticket-app-data13 -test-3 = 3-session-ticket-app-data13 -# =========================================================== - -[0-session-ticket-app-data12] -ssl_conf = 0-session-ticket-app-data12-ssl - -[0-session-ticket-app-data12-ssl] -server = 0-session-ticket-app-data12-server -client = 0-session-ticket-app-data12-client -resume-server = 0-session-ticket-app-data12-server -resume-client = 0-session-ticket-app-data12-client - -[0-session-ticket-app-data12-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[0-session-ticket-app-data12-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -Options = SessionTicket -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-0] -ExpectedResult = Success -ExpectedSessionTicketAppData = HelloWorld -HandshakeMode = Resume -ResumptionExpected = Yes -SessionTicketExpected = Yes -server = 0-session-ticket-app-data12-server-extra -resume-server = 0-session-ticket-app-data12-server-extra - -[0-session-ticket-app-data12-server-extra] -SessionTicketAppData = HelloWorld - - -# =========================================================== - -[1-session-ticket-app-data12] -ssl_conf = 1-session-ticket-app-data12-ssl - -[1-session-ticket-app-data12-ssl] -server = 1-session-ticket-app-data12-server -client = 1-session-ticket-app-data12-client -resume-server = 1-session-ticket-app-data12-server -resume-client = 1-session-ticket-app-data12-client - -[1-session-ticket-app-data12-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[1-session-ticket-app-data12-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -Options = SessionTicket -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-1] -ExpectedResult = Success -ExpectedSessionTicketAppData = -HandshakeMode = Resume -ResumptionExpected = Yes -SessionTicketExpected = Yes - - -# =========================================================== - -[2-session-ticket-app-data13] -ssl_conf = 2-session-ticket-app-data13-ssl - -[2-session-ticket-app-data13-ssl] -server = 2-session-ticket-app-data13-server -client = 2-session-ticket-app-data13-client -resume-server = 2-session-ticket-app-data13-server -resume-client = 2-session-ticket-app-data13-client - -[2-session-ticket-app-data13-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[2-session-ticket-app-data13-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -Options = SessionTicket -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-2] -ExpectedResult = Success -ExpectedSessionTicketAppData = HelloWorld -HandshakeMode = Resume -ResumptionExpected = Yes -SessionTicketExpected = Yes -server = 2-session-ticket-app-data13-server-extra -resume-server = 2-session-ticket-app-data13-server-extra - -[2-session-ticket-app-data13-server-extra] -SessionTicketAppData = HelloWorld - - -# =========================================================== - -[3-session-ticket-app-data13] -ssl_conf = 3-session-ticket-app-data13-ssl - -[3-session-ticket-app-data13-ssl] -server = 3-session-ticket-app-data13-server -client = 3-session-ticket-app-data13-client -resume-server = 3-session-ticket-app-data13-server -resume-client = 3-session-ticket-app-data13-client - -[3-session-ticket-app-data13-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = SessionTicket -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[3-session-ticket-app-data13-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.3 -Options = SessionTicket -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-3] -ExpectedResult = Success -ExpectedSessionTicketAppData = -HandshakeMode = Resume -ResumptionExpected = Yes -SessionTicketExpected = Yes - - diff --git a/test/ssl-tests/27-ticket-appdata.conf.in b/test/ssl-tests/27-ticket-appdata.conf.in deleted file mode 100644 index c51585924e..0000000000 --- a/test/ssl-tests/27-ticket-appdata.conf.in +++ /dev/null @@ -1,99 +0,0 @@ -# -*- mode: perl; -*- -# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -## Test session ticket app data - -use strict; -use warnings; - -package ssltests; -use OpenSSL::Test::Utils; - -our @tests12 = ( - { - "name" => "session-ticket-app-data12", - "client" => { - "MaxProtocol" => "TLSv1.2", - "Options" => "SessionTicket", - }, - "server" => { - "Options" => "SessionTicket", - "extra" => { - "SessionTicketAppData" => "HelloWorld", - }, - }, - "test" => { - "HandshakeMode" => "Resume", - "ExpectedResult" => "Success", - "SessionTicketExpected" => "Yes", - "ResumptionExpected" => "Yes", - "ExpectedSessionTicketAppData" => "HelloWorld", - } - }, - { - "name" => "session-ticket-app-data12", - "client" => { - "MaxProtocol" => "TLSv1.2", - "Options" => "SessionTicket", - }, - "server" => { - "Options" => "SessionTicket", - }, - "test" => { - "HandshakeMode" => "Resume", - "ExpectedResult" => "Success", - "SessionTicketExpected" => "Yes", - "ResumptionExpected" => "Yes", - "ExpectedSessionTicketAppData" => "", - } - } -); -our @tests13 = ( - { - "name" => "session-ticket-app-data13", - "client" => { - "MaxProtocol" => "TLSv1.3", - "Options" => "SessionTicket", - }, - "server" => { - "Options" => "SessionTicket", - "extra" => { - "SessionTicketAppData" => "HelloWorld", - }, - }, - "test" => { - "HandshakeMode" => "Resume", - "ExpectedResult" => "Success", - "SessionTicketExpected" => "Yes", - "ResumptionExpected" => "Yes", - "ExpectedSessionTicketAppData" => "HelloWorld", - } - }, - { - "name" => "session-ticket-app-data13", - "client" => { - "MaxProtocol" => "TLSv1.3", - "Options" => "SessionTicket", - }, - "server" => { - "Options" => "SessionTicket", - }, - "test" => { - "HandshakeMode" => "Resume", - "ExpectedResult" => "Success", - "SessionTicketExpected" => "Yes", - "ResumptionExpected" => "Yes", - "ExpectedSessionTicketAppData" => "", - } - } -); - -our @tests = (); -push @tests, @tests12 unless disabled("tls1_2"); -push @tests, @tests13 unless disabled("tls1_3"); diff --git a/test/ssl-tests/28-seclevel.cnf b/test/ssl-tests/28-seclevel.cnf new file mode 100644 index 0000000000..99fa8109c3 --- /dev/null +++ b/test/ssl-tests/28-seclevel.cnf @@ -0,0 +1,150 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 6 + +test-0 = 0-SECLEVEL 3 with default key +test-1 = 1-SECLEVEL 4 with ED448 key +test-2 = 2-SECLEVEL 5 server with ED448 key +test-3 = 3-SECLEVEL 5 client with ED448 key +test-4 = 4-SECLEVEL 3 with P-384 key, X25519 ECDHE +test-5 = 5-SECLEVEL 3 with ED448 key, TLSv1.2 +# =========================================================== + +[0-SECLEVEL 3 with default key] +ssl_conf = 0-SECLEVEL 3 with default key-ssl + +[0-SECLEVEL 3 with default key-ssl] +server = 0-SECLEVEL 3 with default key-server +client = 0-SECLEVEL 3 with default key-client + +[0-SECLEVEL 3 with default key-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT:@SECLEVEL=3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-SECLEVEL 3 with default key-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = ServerFail + + +# =========================================================== + +[1-SECLEVEL 4 with ED448 key] +ssl_conf = 1-SECLEVEL 4 with ED448 key-ssl + +[1-SECLEVEL 4 with ED448 key-ssl] +server = 1-SECLEVEL 4 with ED448 key-server +client = 1-SECLEVEL 4 with ED448 key-client + +[1-SECLEVEL 4 with ED448 key-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +CipherString = DEFAULT:@SECLEVEL=4 +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem + +[1-SECLEVEL 4 with ED448 key-client] +CipherString = DEFAULT:@SECLEVEL=4 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success + + +# =========================================================== + +[2-SECLEVEL 5 server with ED448 key] +ssl_conf = 2-SECLEVEL 5 server with ED448 key-ssl + +[2-SECLEVEL 5 server with ED448 key-ssl] +server = 2-SECLEVEL 5 server with ED448 key-server +client = 2-SECLEVEL 5 server with ED448 key-client + +[2-SECLEVEL 5 server with ED448 key-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +CipherString = DEFAULT:@SECLEVEL=5 +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem + +[2-SECLEVEL 5 server with ED448 key-client] +CipherString = DEFAULT:@SECLEVEL=4 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = ServerFail + + +# =========================================================== + +[3-SECLEVEL 5 client with ED448 key] +ssl_conf = 3-SECLEVEL 5 client with ED448 key-ssl + +[3-SECLEVEL 5 client with ED448 key-ssl] +server = 3-SECLEVEL 5 client with ED448 key-server +client = 3-SECLEVEL 5 client with ED448 key-client + +[3-SECLEVEL 5 client with ED448 key-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +CipherString = DEFAULT:@SECLEVEL=4 +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem + +[3-SECLEVEL 5 client with ED448 key-client] +CipherString = DEFAULT:@SECLEVEL=5 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = ServerFail + + +# =========================================================== + +[4-SECLEVEL 3 with P-384 key, X25519 ECDHE] +ssl_conf = 4-SECLEVEL 3 with P-384 key, X25519 ECDHE-ssl + +[4-SECLEVEL 3 with P-384 key, X25519 ECDHE-ssl] +server = 4-SECLEVEL 3 with P-384 key, X25519 ECDHE-server +client = 4-SECLEVEL 3 with P-384 key, X25519 ECDHE-client + +[4-SECLEVEL 3 with P-384 key, X25519 ECDHE-server] +Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem +CipherString = DEFAULT:@SECLEVEL=3 +Groups = X25519 +PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem + +[4-SECLEVEL 3 with P-384 key, X25519 ECDHE-client] +CipherString = ECDHE:@SECLEVEL=3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success + + +# =========================================================== + +[5-SECLEVEL 3 with ED448 key, TLSv1.2] +ssl_conf = 5-SECLEVEL 3 with ED448 key, TLSv1.2-ssl + +[5-SECLEVEL 3 with ED448 key, TLSv1.2-ssl] +server = 5-SECLEVEL 3 with ED448 key, TLSv1.2-server +client = 5-SECLEVEL 3 with ED448 key, TLSv1.2-client + +[5-SECLEVEL 3 with ED448 key, TLSv1.2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +CipherString = DEFAULT:@SECLEVEL=3 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem + +[5-SECLEVEL 3 with ED448 key, TLSv1.2-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = Success + + diff --git a/test/ssl-tests/28-seclevel.cnf.in b/test/ssl-tests/28-seclevel.cnf.in new file mode 100644 index 0000000000..aba5007947 --- /dev/null +++ b/test/ssl-tests/28-seclevel.cnf.in @@ -0,0 +1,83 @@ +# -*- mode: perl; -*- +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## SSL test configurations + +package ssltests; +use OpenSSL::Test::Utils; + +our @tests = ( + { + name => "SECLEVEL 3 with default key", + server => { "CipherString" => "DEFAULT:\@SECLEVEL=3" }, + client => { }, + test => { "ExpectedResult" => "ServerFail" }, + }, +); + +our @tests_ec = ( + { + name => "SECLEVEL 4 with ED448 key", + server => { "CipherString" => "DEFAULT:\@SECLEVEL=4", + "Certificate" => test_pem("server-ed448-cert.pem"), + "PrivateKey" => test_pem("server-ed448-key.pem") }, + client => { "CipherString" => "DEFAULT:\@SECLEVEL=4", + "VerifyCAFile" => test_pem("root-ed448-cert.pem") }, + test => { "ExpectedResult" => "Success" }, + }, + { + # The Ed488 signature algorithm will not be enabled. + # Because of the config order, the certificate is first loaded, and + # then the security level is chaged. If you try this with s_server + # the order will be reversed and it will instead fail to load the key. + name => "SECLEVEL 5 server with ED448 key", + server => { "CipherString" => "DEFAULT:\@SECLEVEL=5", + "Certificate" => test_pem("server-ed448-cert.pem"), + "PrivateKey" => test_pem("server-ed448-key.pem") }, + client => { "CipherString" => "DEFAULT:\@SECLEVEL=4", + "VerifyCAFile" => test_pem("root-ed448-cert.pem") }, + test => { "ExpectedResult" => "ServerFail" }, + }, + { + # The client will not sent the Ed488 signature algorithm, so the server + # doesn't have a useable signature algorithm for the certificate. + name => "SECLEVEL 5 client with ED448 key", + server => { "CipherString" => "DEFAULT:\@SECLEVEL=4", + "Certificate" => test_pem("server-ed448-cert.pem"), + "PrivateKey" => test_pem("server-ed448-key.pem") }, + client => { "CipherString" => "DEFAULT:\@SECLEVEL=5", + "VerifyCAFile" => test_pem("root-ed448-cert.pem") }, + test => { "ExpectedResult" => "ServerFail" }, + }, + { + name => "SECLEVEL 3 with P-384 key, X25519 ECDHE", + server => { "CipherString" => "DEFAULT:\@SECLEVEL=3", + "Certificate" => test_pem("p384-server-cert.pem"), + "PrivateKey" => test_pem("p384-server-key.pem"), + "Groups" => "X25519" }, + client => { "CipherString" => "ECDHE:\@SECLEVEL=3", + "VerifyCAFile" => test_pem("p384-root.pem") }, + test => { "ExpectedResult" => "Success" }, + }, +); + +our @tests_tls1_2 = ( + { + name => "SECLEVEL 3 with ED448 key, TLSv1.2", + server => { "CipherString" => "DEFAULT:\@SECLEVEL=3", + "Certificate" => test_pem("server-ed448-cert.pem"), + "PrivateKey" => test_pem("server-ed448-key.pem"), + "MaxProtocol" => "TLSv1.2" }, + client => { "VerifyCAFile" => test_pem("root-ed448-cert.pem") }, + test => { "ExpectedResult" => "Success" }, + }, +); + +push @tests, @tests_ec unless disabled("ec"); +push @tests, @tests_tls1_2 unless disabled("tls1_2") || disabled("ec"); diff --git a/test/ssl-tests/28-seclevel.conf b/test/ssl-tests/28-seclevel.conf deleted file mode 100644 index 99fa8109c3..0000000000 --- a/test/ssl-tests/28-seclevel.conf +++ /dev/null @@ -1,150 +0,0 @@ -# Generated with generate_ssl_tests.pl - -num_tests = 6 - -test-0 = 0-SECLEVEL 3 with default key -test-1 = 1-SECLEVEL 4 with ED448 key -test-2 = 2-SECLEVEL 5 server with ED448 key -test-3 = 3-SECLEVEL 5 client with ED448 key -test-4 = 4-SECLEVEL 3 with P-384 key, X25519 ECDHE -test-5 = 5-SECLEVEL 3 with ED448 key, TLSv1.2 -# =========================================================== - -[0-SECLEVEL 3 with default key] -ssl_conf = 0-SECLEVEL 3 with default key-ssl - -[0-SECLEVEL 3 with default key-ssl] -server = 0-SECLEVEL 3 with default key-server -client = 0-SECLEVEL 3 with default key-client - -[0-SECLEVEL 3 with default key-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[0-SECLEVEL 3 with default key-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-0] -ExpectedResult = ServerFail - - -# =========================================================== - -[1-SECLEVEL 4 with ED448 key] -ssl_conf = 1-SECLEVEL 4 with ED448 key-ssl - -[1-SECLEVEL 4 with ED448 key-ssl] -server = 1-SECLEVEL 4 with ED448 key-server -client = 1-SECLEVEL 4 with ED448 key-client - -[1-SECLEVEL 4 with ED448 key-server] -Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem -CipherString = DEFAULT:@SECLEVEL=4 -PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem - -[1-SECLEVEL 4 with ED448 key-client] -CipherString = DEFAULT:@SECLEVEL=4 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem -VerifyMode = Peer - -[test-1] -ExpectedResult = Success - - -# =========================================================== - -[2-SECLEVEL 5 server with ED448 key] -ssl_conf = 2-SECLEVEL 5 server with ED448 key-ssl - -[2-SECLEVEL 5 server with ED448 key-ssl] -server = 2-SECLEVEL 5 server with ED448 key-server -client = 2-SECLEVEL 5 server with ED448 key-client - -[2-SECLEVEL 5 server with ED448 key-server] -Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem -CipherString = DEFAULT:@SECLEVEL=5 -PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem - -[2-SECLEVEL 5 server with ED448 key-client] -CipherString = DEFAULT:@SECLEVEL=4 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem -VerifyMode = Peer - -[test-2] -ExpectedResult = ServerFail - - -# =========================================================== - -[3-SECLEVEL 5 client with ED448 key] -ssl_conf = 3-SECLEVEL 5 client with ED448 key-ssl - -[3-SECLEVEL 5 client with ED448 key-ssl] -server = 3-SECLEVEL 5 client with ED448 key-server -client = 3-SECLEVEL 5 client with ED448 key-client - -[3-SECLEVEL 5 client with ED448 key-server] -Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem -CipherString = DEFAULT:@SECLEVEL=4 -PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem - -[3-SECLEVEL 5 client with ED448 key-client] -CipherString = DEFAULT:@SECLEVEL=5 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem -VerifyMode = Peer - -[test-3] -ExpectedResult = ServerFail - - -# =========================================================== - -[4-SECLEVEL 3 with P-384 key, X25519 ECDHE] -ssl_conf = 4-SECLEVEL 3 with P-384 key, X25519 ECDHE-ssl - -[4-SECLEVEL 3 with P-384 key, X25519 ECDHE-ssl] -server = 4-SECLEVEL 3 with P-384 key, X25519 ECDHE-server -client = 4-SECLEVEL 3 with P-384 key, X25519 ECDHE-client - -[4-SECLEVEL 3 with P-384 key, X25519 ECDHE-server] -Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem -CipherString = DEFAULT:@SECLEVEL=3 -Groups = X25519 -PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem - -[4-SECLEVEL 3 with P-384 key, X25519 ECDHE-client] -CipherString = ECDHE:@SECLEVEL=3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem -VerifyMode = Peer - -[test-4] -ExpectedResult = Success - - -# =========================================================== - -[5-SECLEVEL 3 with ED448 key, TLSv1.2] -ssl_conf = 5-SECLEVEL 3 with ED448 key, TLSv1.2-ssl - -[5-SECLEVEL 3 with ED448 key, TLSv1.2-ssl] -server = 5-SECLEVEL 3 with ED448 key, TLSv1.2-server -client = 5-SECLEVEL 3 with ED448 key, TLSv1.2-client - -[5-SECLEVEL 3 with ED448 key, TLSv1.2-server] -Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem -CipherString = DEFAULT:@SECLEVEL=3 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem - -[5-SECLEVEL 3 with ED448 key, TLSv1.2-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem -VerifyMode = Peer - -[test-5] -ExpectedResult = Success - - diff --git a/test/ssl-tests/28-seclevel.conf.in b/test/ssl-tests/28-seclevel.conf.in deleted file mode 100644 index aba5007947..0000000000 --- a/test/ssl-tests/28-seclevel.conf.in +++ /dev/null @@ -1,83 +0,0 @@ -# -*- mode: perl; -*- -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -## SSL test configurations - -package ssltests; -use OpenSSL::Test::Utils; - -our @tests = ( - { - name => "SECLEVEL 3 with default key", - server => { "CipherString" => "DEFAULT:\@SECLEVEL=3" }, - client => { }, - test => { "ExpectedResult" => "ServerFail" }, - }, -); - -our @tests_ec = ( - { - name => "SECLEVEL 4 with ED448 key", - server => { "CipherString" => "DEFAULT:\@SECLEVEL=4", - "Certificate" => test_pem("server-ed448-cert.pem"), - "PrivateKey" => test_pem("server-ed448-key.pem") }, - client => { "CipherString" => "DEFAULT:\@SECLEVEL=4", - "VerifyCAFile" => test_pem("root-ed448-cert.pem") }, - test => { "ExpectedResult" => "Success" }, - }, - { - # The Ed488 signature algorithm will not be enabled. - # Because of the config order, the certificate is first loaded, and - # then the security level is chaged. If you try this with s_server - # the order will be reversed and it will instead fail to load the key. - name => "SECLEVEL 5 server with ED448 key", - server => { "CipherString" => "DEFAULT:\@SECLEVEL=5", - "Certificate" => test_pem("server-ed448-cert.pem"), - "PrivateKey" => test_pem("server-ed448-key.pem") }, - client => { "CipherString" => "DEFAULT:\@SECLEVEL=4", - "VerifyCAFile" => test_pem("root-ed448-cert.pem") }, - test => { "ExpectedResult" => "ServerFail" }, - }, - { - # The client will not sent the Ed488 signature algorithm, so the server - # doesn't have a useable signature algorithm for the certificate. - name => "SECLEVEL 5 client with ED448 key", - server => { "CipherString" => "DEFAULT:\@SECLEVEL=4", - "Certificate" => test_pem("server-ed448-cert.pem"), - "PrivateKey" => test_pem("server-ed448-key.pem") }, - client => { "CipherString" => "DEFAULT:\@SECLEVEL=5", - "VerifyCAFile" => test_pem("root-ed448-cert.pem") }, - test => { "ExpectedResult" => "ServerFail" }, - }, - { - name => "SECLEVEL 3 with P-384 key, X25519 ECDHE", - server => { "CipherString" => "DEFAULT:\@SECLEVEL=3", - "Certificate" => test_pem("p384-server-cert.pem"), - "PrivateKey" => test_pem("p384-server-key.pem"), - "Groups" => "X25519" }, - client => { "CipherString" => "ECDHE:\@SECLEVEL=3", - "VerifyCAFile" => test_pem("p384-root.pem") }, - test => { "ExpectedResult" => "Success" }, - }, -); - -our @tests_tls1_2 = ( - { - name => "SECLEVEL 3 with ED448 key, TLSv1.2", - server => { "CipherString" => "DEFAULT:\@SECLEVEL=3", - "Certificate" => test_pem("server-ed448-cert.pem"), - "PrivateKey" => test_pem("server-ed448-key.pem"), - "MaxProtocol" => "TLSv1.2" }, - client => { "VerifyCAFile" => test_pem("root-ed448-cert.pem") }, - test => { "ExpectedResult" => "Success" }, - }, -); - -push @tests, @tests_ec unless disabled("ec"); -push @tests, @tests_tls1_2 unless disabled("tls1_2") || disabled("ec"); diff --git a/test/ssl-tests/29-dtls-sctp-label-bug.cnf b/test/ssl-tests/29-dtls-sctp-label-bug.cnf new file mode 100644 index 0000000000..24f9e04f16 --- /dev/null +++ b/test/ssl-tests/29-dtls-sctp-label-bug.cnf @@ -0,0 +1,116 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 4 + +test-0 = 0-SCTPLabelBug-good1 +test-1 = 1-SCTPLabelBug-good2 +test-2 = 2-SCTPLabelBug-bad1 +test-3 = 3-SCTPLabelBug-bad2 +# =========================================================== + +[0-SCTPLabelBug-good1] +ssl_conf = 0-SCTPLabelBug-good1-ssl + +[0-SCTPLabelBug-good1-ssl] +server = 0-SCTPLabelBug-good1-server +client = 0-SCTPLabelBug-good1-client + +[0-SCTPLabelBug-good1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-SCTPLabelBug-good1-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +EnableClientSCTPLabelBug = No +EnableServerSCTPLabelBug = No +ExpectedResult = Success +Method = DTLS +UseSCTP = Yes + + +# =========================================================== + +[1-SCTPLabelBug-good2] +ssl_conf = 1-SCTPLabelBug-good2-ssl + +[1-SCTPLabelBug-good2-ssl] +server = 1-SCTPLabelBug-good2-server +client = 1-SCTPLabelBug-good2-client + +[1-SCTPLabelBug-good2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-SCTPLabelBug-good2-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +EnableClientSCTPLabelBug = Yes +EnableServerSCTPLabelBug = Yes +ExpectedResult = Success +Method = DTLS +UseSCTP = Yes + + +# =========================================================== + +[2-SCTPLabelBug-bad1] +ssl_conf = 2-SCTPLabelBug-bad1-ssl + +[2-SCTPLabelBug-bad1-ssl] +server = 2-SCTPLabelBug-bad1-server +client = 2-SCTPLabelBug-bad1-client + +[2-SCTPLabelBug-bad1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-SCTPLabelBug-bad1-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +EnableClientSCTPLabelBug = Yes +EnableServerSCTPLabelBug = No +ExpectedResult = ClientFail +Method = DTLS +UseSCTP = Yes + + +# =========================================================== + +[3-SCTPLabelBug-bad2] +ssl_conf = 3-SCTPLabelBug-bad2-ssl + +[3-SCTPLabelBug-bad2-ssl] +server = 3-SCTPLabelBug-bad2-server +client = 3-SCTPLabelBug-bad2-client + +[3-SCTPLabelBug-bad2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-SCTPLabelBug-bad2-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +EnableClientSCTPLabelBug = No +EnableServerSCTPLabelBug = Yes +ExpectedResult = ClientFail +Method = DTLS +UseSCTP = Yes + + diff --git a/test/ssl-tests/29-dtls-sctp-label-bug.cnf.in b/test/ssl-tests/29-dtls-sctp-label-bug.cnf.in new file mode 100644 index 0000000000..ab04d05264 --- /dev/null +++ b/test/ssl-tests/29-dtls-sctp-label-bug.cnf.in @@ -0,0 +1,67 @@ +# -*- mode: perl; -*- +# Copyright 2019-2019 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG handling + +use strict; +use warnings; + +package ssltests; +use OpenSSL::Test::Utils; + +our @tests = ( + { + name => "SCTPLabelBug-good1", + server => {}, + client => {}, + test => { + "Method" => "DTLS", + "UseSCTP" => "Yes", + "EnableClientSCTPLabelBug" => "No", + "EnableServerSCTPLabelBug" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "SCTPLabelBug-good2", + server => {}, + client => {}, + test => { + "Method" => "DTLS", + "UseSCTP" => "Yes", + "EnableClientSCTPLabelBug" => "Yes", + "EnableServerSCTPLabelBug" => "Yes", + "ExpectedResult" => "Success" + } + }, + { + name => "SCTPLabelBug-bad1", + server => {}, + client => {}, + test => { + "Method" => "DTLS", + "UseSCTP" => "Yes", + "EnableClientSCTPLabelBug" => "Yes", + "EnableServerSCTPLabelBug" => "No", + "ExpectedResult" => "ClientFail" + } + }, + { + name => "SCTPLabelBug-bad2", + server => {}, + client => {}, + test => { + "Method" => "DTLS", + "UseSCTP" => "Yes", + "EnableClientSCTPLabelBug" => "No", + "EnableServerSCTPLabelBug" => "Yes", + "ExpectedResult" => "ClientFail" + } + }, +); diff --git a/test/ssl-tests/29-dtls-sctp-label-bug.conf b/test/ssl-tests/29-dtls-sctp-label-bug.conf deleted file mode 100644 index 24f9e04f16..0000000000 --- a/test/ssl-tests/29-dtls-sctp-label-bug.conf +++ /dev/null @@ -1,116 +0,0 @@ -# Generated with generate_ssl_tests.pl - -num_tests = 4 - -test-0 = 0-SCTPLabelBug-good1 -test-1 = 1-SCTPLabelBug-good2 -test-2 = 2-SCTPLabelBug-bad1 -test-3 = 3-SCTPLabelBug-bad2 -# =========================================================== - -[0-SCTPLabelBug-good1] -ssl_conf = 0-SCTPLabelBug-good1-ssl - -[0-SCTPLabelBug-good1-ssl] -server = 0-SCTPLabelBug-good1-server -client = 0-SCTPLabelBug-good1-client - -[0-SCTPLabelBug-good1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[0-SCTPLabelBug-good1-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-0] -EnableClientSCTPLabelBug = No -EnableServerSCTPLabelBug = No -ExpectedResult = Success -Method = DTLS -UseSCTP = Yes - - -# =========================================================== - -[1-SCTPLabelBug-good2] -ssl_conf = 1-SCTPLabelBug-good2-ssl - -[1-SCTPLabelBug-good2-ssl] -server = 1-SCTPLabelBug-good2-server -client = 1-SCTPLabelBug-good2-client - -[1-SCTPLabelBug-good2-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[1-SCTPLabelBug-good2-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-1] -EnableClientSCTPLabelBug = Yes -EnableServerSCTPLabelBug = Yes -ExpectedResult = Success -Method = DTLS -UseSCTP = Yes - - -# =========================================================== - -[2-SCTPLabelBug-bad1] -ssl_conf = 2-SCTPLabelBug-bad1-ssl - -[2-SCTPLabelBug-bad1-ssl] -server = 2-SCTPLabelBug-bad1-server -client = 2-SCTPLabelBug-bad1-client - -[2-SCTPLabelBug-bad1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[2-SCTPLabelBug-bad1-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-2] -EnableClientSCTPLabelBug = Yes -EnableServerSCTPLabelBug = No -ExpectedResult = ClientFail -Method = DTLS -UseSCTP = Yes - - -# =========================================================== - -[3-SCTPLabelBug-bad2] -ssl_conf = 3-SCTPLabelBug-bad2-ssl - -[3-SCTPLabelBug-bad2-ssl] -server = 3-SCTPLabelBug-bad2-server -client = 3-SCTPLabelBug-bad2-client - -[3-SCTPLabelBug-bad2-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[3-SCTPLabelBug-bad2-client] -CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-3] -EnableClientSCTPLabelBug = No -EnableServerSCTPLabelBug = Yes -ExpectedResult = ClientFail -Method = DTLS -UseSCTP = Yes - - diff --git a/test/ssl-tests/29-dtls-sctp-label-bug.conf.in b/test/ssl-tests/29-dtls-sctp-label-bug.conf.in deleted file mode 100644 index ab04d05264..0000000000 --- a/test/ssl-tests/29-dtls-sctp-label-bug.conf.in +++ /dev/null @@ -1,67 +0,0 @@ -# -*- mode: perl; -*- -# Copyright 2019-2019 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -## Test SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG handling - -use strict; -use warnings; - -package ssltests; -use OpenSSL::Test::Utils; - -our @tests = ( - { - name => "SCTPLabelBug-good1", - server => {}, - client => {}, - test => { - "Method" => "DTLS", - "UseSCTP" => "Yes", - "EnableClientSCTPLabelBug" => "No", - "EnableServerSCTPLabelBug" => "No", - "ExpectedResult" => "Success" - } - }, - { - name => "SCTPLabelBug-good2", - server => {}, - client => {}, - test => { - "Method" => "DTLS", - "UseSCTP" => "Yes", - "EnableClientSCTPLabelBug" => "Yes", - "EnableServerSCTPLabelBug" => "Yes", - "ExpectedResult" => "Success" - } - }, - { - name => "SCTPLabelBug-bad1", - server => {}, - client => {}, - test => { - "Method" => "DTLS", - "UseSCTP" => "Yes", - "EnableClientSCTPLabelBug" => "Yes", - "EnableServerSCTPLabelBug" => "No", - "ExpectedResult" => "ClientFail" - } - }, - { - name => "SCTPLabelBug-bad2", - server => {}, - client => {}, - test => { - "Method" => "DTLS", - "UseSCTP" => "Yes", - "EnableClientSCTPLabelBug" => "No", - "EnableServerSCTPLabelBug" => "Yes", - "ExpectedResult" => "ClientFail" - } - }, -); diff --git a/test/ssl-tests/30-extended-master-secret.cnf b/test/ssl-tests/30-extended-master-secret.cnf new file mode 100644 index 0000000000..9dae431d21 --- /dev/null +++ b/test/ssl-tests/30-extended-master-secret.cnf @@ -0,0 +1,203 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 7 + +test-0 = 0-disable-extended-master-secret-server-sha +test-1 = 1-disable-extended-master-secret-client-sha +test-2 = 2-disable-extended-master-secret-both-sha +test-3 = 3-disable-extended-master-secret-both-resume +test-4 = 4-disable-extended-master-secret-server-sha2 +test-5 = 5-disable-extended-master-secret-client-sha2 +test-6 = 6-disable-extended-master-secret-both-sha2 +# =========================================================== + +[0-disable-extended-master-secret-server-sha] +ssl_conf = 0-disable-extended-master-secret-server-sha-ssl + +[0-disable-extended-master-secret-server-sha-ssl] +server = 0-disable-extended-master-secret-server-sha-server +client = 0-disable-extended-master-secret-server-sha-client + +[0-disable-extended-master-secret-server-sha-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -ExtendedMasterSecret +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-disable-extended-master-secret-server-sha-client] +CipherString = AES128-SHA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success + + +# =========================================================== + +[1-disable-extended-master-secret-client-sha] +ssl_conf = 1-disable-extended-master-secret-client-sha-ssl + +[1-disable-extended-master-secret-client-sha-ssl] +server = 1-disable-extended-master-secret-client-sha-server +client = 1-disable-extended-master-secret-client-sha-client + +[1-disable-extended-master-secret-client-sha-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-disable-extended-master-secret-client-sha-client] +CipherString = AES128-SHA +MaxProtocol = TLSv1.2 +Options = -ExtendedMasterSecret +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success + + +# =========================================================== + +[2-disable-extended-master-secret-both-sha] +ssl_conf = 2-disable-extended-master-secret-both-sha-ssl + +[2-disable-extended-master-secret-both-sha-ssl] +server = 2-disable-extended-master-secret-both-sha-server +client = 2-disable-extended-master-secret-both-sha-client + +[2-disable-extended-master-secret-both-sha-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -ExtendedMasterSecret +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-disable-extended-master-secret-both-sha-client] +CipherString = AES128-SHA +MaxProtocol = TLSv1.2 +Options = -ExtendedMasterSecret +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success + + +# =========================================================== + +[3-disable-extended-master-secret-both-resume] +ssl_conf = 3-disable-extended-master-secret-both-resume-ssl + +[3-disable-extended-master-secret-both-resume-ssl] +server = 3-disable-extended-master-secret-both-resume-server +client = 3-disable-extended-master-secret-both-resume-client +resume-server = 3-disable-extended-master-secret-both-resume-resume-server +resume-client = 3-disable-extended-master-secret-both-resume-resume-client + +[3-disable-extended-master-secret-both-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -ExtendedMasterSecret +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-disable-extended-master-secret-both-resume-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-disable-extended-master-secret-both-resume-client] +CipherString = AES128-SHA +MaxProtocol = TLSv1.2 +Options = -ExtendedMasterSecret +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[3-disable-extended-master-secret-both-resume-resume-client] +CipherString = AES128-SHA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +HandshakeMode = Resume + + +# =========================================================== + +[4-disable-extended-master-secret-server-sha2] +ssl_conf = 4-disable-extended-master-secret-server-sha2-ssl + +[4-disable-extended-master-secret-server-sha2-ssl] +server = 4-disable-extended-master-secret-server-sha2-server +client = 4-disable-extended-master-secret-server-sha2-client + +[4-disable-extended-master-secret-server-sha2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -ExtendedMasterSecret +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-disable-extended-master-secret-server-sha2-client] +CipherString = AES128-SHA256 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success + + +# =========================================================== + +[5-disable-extended-master-secret-client-sha2] +ssl_conf = 5-disable-extended-master-secret-client-sha2-ssl + +[5-disable-extended-master-secret-client-sha2-ssl] +server = 5-disable-extended-master-secret-client-sha2-server +client = 5-disable-extended-master-secret-client-sha2-client + +[5-disable-extended-master-secret-client-sha2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-disable-extended-master-secret-client-sha2-client] +CipherString = AES128-SHA256 +MaxProtocol = TLSv1.2 +Options = -ExtendedMasterSecret +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = Success + + +# =========================================================== + +[6-disable-extended-master-secret-both-sha2] +ssl_conf = 6-disable-extended-master-secret-both-sha2-ssl + +[6-disable-extended-master-secret-both-sha2-ssl] +server = 6-disable-extended-master-secret-both-sha2-server +client = 6-disable-extended-master-secret-both-sha2-client + +[6-disable-extended-master-secret-both-sha2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -ExtendedMasterSecret +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-disable-extended-master-secret-both-sha2-client] +CipherString = AES128-SHA256 +MaxProtocol = TLSv1.2 +Options = -ExtendedMasterSecret +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = Success + + diff --git a/test/ssl-tests/30-extended-master-secret.cnf.in b/test/ssl-tests/30-extended-master-secret.cnf.in new file mode 100644 index 0000000000..2386c98a2a --- /dev/null +++ b/test/ssl-tests/30-extended-master-secret.cnf.in @@ -0,0 +1,122 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## SSL test configurations + +package ssltests; + +use OpenSSL::Test::Utils; + +our @tests = (); + +my @tests_tls1_2 = ( + { + name => "disable-extended-master-secret-server-sha", + server => { + "Options" => "-ExtendedMasterSecret", + }, + client => { + "CipherString" => "AES128-SHA", + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "disable-extended-master-secret-client-sha", + server => { + }, + client => { + "CipherString" => "AES128-SHA", + "Options" => "-ExtendedMasterSecret", + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "disable-extended-master-secret-both-sha", + server => { + "Options" => "-ExtendedMasterSecret", + }, + client => { + "CipherString" => "AES128-SHA", + "Options" => "-ExtendedMasterSecret", + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "disable-extended-master-secret-both-resume", + server => { + "Options" => "-ExtendedMasterSecret", + }, + resume_server => { + }, + client => { + "CipherString" => "AES128-SHA", + "Options" => "-ExtendedMasterSecret", + "MaxProtocol" => "TLSv1.2" + }, + resume_client => { + "CipherString" => "AES128-SHA", + "MaxProtocol" => "TLSv1.2" + }, + test => { + "HandshakeMode" => "Resume", + "ExpectedResult" => "Success", + }, + }, + { + name => "disable-extended-master-secret-server-sha2", + server => { + "Options" => "-ExtendedMasterSecret", + }, + client => { + "CipherString" => "AES128-SHA256", + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "disable-extended-master-secret-client-sha2", + server => { + }, + client => { + "CipherString" => "AES128-SHA256", + "Options" => "-ExtendedMasterSecret", + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "disable-extended-master-secret-both-sha2", + server => { + "Options" => "-ExtendedMasterSecret", + }, + client => { + "CipherString" => "AES128-SHA256", + "Options" => "-ExtendedMasterSecret", + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedResult" => "Success", + }, + }, +); + +push @tests, @tests_tls1_2 unless disabled("tls1_2"); diff --git a/test/ssl-tests/30-extended-master-secret.conf b/test/ssl-tests/30-extended-master-secret.conf deleted file mode 100644 index 9dae431d21..0000000000 --- a/test/ssl-tests/30-extended-master-secret.conf +++ /dev/null @@ -1,203 +0,0 @@ -# Generated with generate_ssl_tests.pl - -num_tests = 7 - -test-0 = 0-disable-extended-master-secret-server-sha -test-1 = 1-disable-extended-master-secret-client-sha -test-2 = 2-disable-extended-master-secret-both-sha -test-3 = 3-disable-extended-master-secret-both-resume -test-4 = 4-disable-extended-master-secret-server-sha2 -test-5 = 5-disable-extended-master-secret-client-sha2 -test-6 = 6-disable-extended-master-secret-both-sha2 -# =========================================================== - -[0-disable-extended-master-secret-server-sha] -ssl_conf = 0-disable-extended-master-secret-server-sha-ssl - -[0-disable-extended-master-secret-server-sha-ssl] -server = 0-disable-extended-master-secret-server-sha-server -client = 0-disable-extended-master-secret-server-sha-client - -[0-disable-extended-master-secret-server-sha-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -ExtendedMasterSecret -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[0-disable-extended-master-secret-server-sha-client] -CipherString = AES128-SHA -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-0] -ExpectedResult = Success - - -# =========================================================== - -[1-disable-extended-master-secret-client-sha] -ssl_conf = 1-disable-extended-master-secret-client-sha-ssl - -[1-disable-extended-master-secret-client-sha-ssl] -server = 1-disable-extended-master-secret-client-sha-server -client = 1-disable-extended-master-secret-client-sha-client - -[1-disable-extended-master-secret-client-sha-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[1-disable-extended-master-secret-client-sha-client] -CipherString = AES128-SHA -MaxProtocol = TLSv1.2 -Options = -ExtendedMasterSecret -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-1] -ExpectedResult = Success - - -# =========================================================== - -[2-disable-extended-master-secret-both-sha] -ssl_conf = 2-disable-extended-master-secret-both-sha-ssl - -[2-disable-extended-master-secret-both-sha-ssl] -server = 2-disable-extended-master-secret-both-sha-server -client = 2-disable-extended-master-secret-both-sha-client - -[2-disable-extended-master-secret-both-sha-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -ExtendedMasterSecret -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[2-disable-extended-master-secret-both-sha-client] -CipherString = AES128-SHA -MaxProtocol = TLSv1.2 -Options = -ExtendedMasterSecret -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-2] -ExpectedResult = Success - - -# =========================================================== - -[3-disable-extended-master-secret-both-resume] -ssl_conf = 3-disable-extended-master-secret-both-resume-ssl - -[3-disable-extended-master-secret-both-resume-ssl] -server = 3-disable-extended-master-secret-both-resume-server -client = 3-disable-extended-master-secret-both-resume-client -resume-server = 3-disable-extended-master-secret-both-resume-resume-server -resume-client = 3-disable-extended-master-secret-both-resume-resume-client - -[3-disable-extended-master-secret-both-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -ExtendedMasterSecret -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[3-disable-extended-master-secret-both-resume-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[3-disable-extended-master-secret-both-resume-client] -CipherString = AES128-SHA -MaxProtocol = TLSv1.2 -Options = -ExtendedMasterSecret -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[3-disable-extended-master-secret-both-resume-resume-client] -CipherString = AES128-SHA -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-3] -ExpectedResult = Success -HandshakeMode = Resume - - -# =========================================================== - -[4-disable-extended-master-secret-server-sha2] -ssl_conf = 4-disable-extended-master-secret-server-sha2-ssl - -[4-disable-extended-master-secret-server-sha2-ssl] -server = 4-disable-extended-master-secret-server-sha2-server -client = 4-disable-extended-master-secret-server-sha2-client - -[4-disable-extended-master-secret-server-sha2-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -ExtendedMasterSecret -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[4-disable-extended-master-secret-server-sha2-client] -CipherString = AES128-SHA256 -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-4] -ExpectedResult = Success - - -# =========================================================== - -[5-disable-extended-master-secret-client-sha2] -ssl_conf = 5-disable-extended-master-secret-client-sha2-ssl - -[5-disable-extended-master-secret-client-sha2-ssl] -server = 5-disable-extended-master-secret-client-sha2-server -client = 5-disable-extended-master-secret-client-sha2-client - -[5-disable-extended-master-secret-client-sha2-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[5-disable-extended-master-secret-client-sha2-client] -CipherString = AES128-SHA256 -MaxProtocol = TLSv1.2 -Options = -ExtendedMasterSecret -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-5] -ExpectedResult = Success - - -# =========================================================== - -[6-disable-extended-master-secret-both-sha2] -ssl_conf = 6-disable-extended-master-secret-both-sha2-ssl - -[6-disable-extended-master-secret-both-sha2-ssl] -server = 6-disable-extended-master-secret-both-sha2-server -client = 6-disable-extended-master-secret-both-sha2-client - -[6-disable-extended-master-secret-both-sha2-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -Options = -ExtendedMasterSecret -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[6-disable-extended-master-secret-both-sha2-client] -CipherString = AES128-SHA256 -MaxProtocol = TLSv1.2 -Options = -ExtendedMasterSecret -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-6] -ExpectedResult = Success - - diff --git a/test/ssl-tests/30-extended-master-secret.conf.in b/test/ssl-tests/30-extended-master-secret.conf.in deleted file mode 100644 index 2386c98a2a..0000000000 --- a/test/ssl-tests/30-extended-master-secret.conf.in +++ /dev/null @@ -1,122 +0,0 @@ -# -*- mode: perl; -*- -# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the OpenSSL license (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -## SSL test configurations - -package ssltests; - -use OpenSSL::Test::Utils; - -our @tests = (); - -my @tests_tls1_2 = ( - { - name => "disable-extended-master-secret-server-sha", - server => { - "Options" => "-ExtendedMasterSecret", - }, - client => { - "CipherString" => "AES128-SHA", - "MaxProtocol" => "TLSv1.2" - }, - test => { - "ExpectedResult" => "Success", - }, - }, - { - name => "disable-extended-master-secret-client-sha", - server => { - }, - client => { - "CipherString" => "AES128-SHA", - "Options" => "-ExtendedMasterSecret", - "MaxProtocol" => "TLSv1.2" - }, - test => { - "ExpectedResult" => "Success", - }, - }, - { - name => "disable-extended-master-secret-both-sha", - server => { - "Options" => "-ExtendedMasterSecret", - }, - client => { - "CipherString" => "AES128-SHA", - "Options" => "-ExtendedMasterSecret", - "MaxProtocol" => "TLSv1.2" - }, - test => { - "ExpectedResult" => "Success", - }, - }, - { - name => "disable-extended-master-secret-both-resume", - server => { - "Options" => "-ExtendedMasterSecret", - }, - resume_server => { - }, - client => { - "CipherString" => "AES128-SHA", - "Options" => "-ExtendedMasterSecret", - "MaxProtocol" => "TLSv1.2" - }, - resume_client => { - "CipherString" => "AES128-SHA", - "MaxProtocol" => "TLSv1.2" - }, - test => { - "HandshakeMode" => "Resume", - "ExpectedResult" => "Success", - }, - }, - { - name => "disable-extended-master-secret-server-sha2", - server => { - "Options" => "-ExtendedMasterSecret", - }, - client => { - "CipherString" => "AES128-SHA256", - "MaxProtocol" => "TLSv1.2" - }, - test => { - "ExpectedResult" => "Success", - }, - }, - { - name => "disable-extended-master-secret-client-sha2", - server => { - }, - client => { - "CipherString" => "AES128-SHA256", - "Options" => "-ExtendedMasterSecret", - "MaxProtocol" => "TLSv1.2" - }, - test => { - "ExpectedResult" => "Success", - }, - }, - { - name => "disable-extended-master-secret-both-sha2", - server => { - "Options" => "-ExtendedMasterSecret", - }, - client => { - "CipherString" => "AES128-SHA256", - "Options" => "-ExtendedMasterSecret", - "MaxProtocol" => "TLSv1.2" - }, - test => { - "ExpectedResult" => "Success", - }, - }, -); - -push @tests, @tests_tls1_2 unless disabled("tls1_2"); diff --git a/test/ssl_test_ctx_test.c b/test/ssl_test_ctx_test.c index fc7ec68f29..877c8607e3 100644 --- a/test/ssl_test_ctx_test.c +++ b/test/ssl_test_ctx_test.c @@ -251,7 +251,7 @@ int setup_tests(void) if (!TEST_ptr(conf = NCONF_new(NULL))) return 0; - /* argument should point to test/ssl_test_ctx_test.conf */ + /* argument should point to test/ssl_test_ctx_test.cnf */ if (!TEST_int_gt(NCONF_load(conf, test_get_argument(0), NULL), 0)) return 0; diff --git a/test/ssl_test_ctx_test.cnf b/test/ssl_test_ctx_test.cnf new file mode 100644 index 0000000000..91e1465ffe --- /dev/null +++ b/test/ssl_test_ctx_test.cnf @@ -0,0 +1,97 @@ +[ssltest_default] + +[ssltest_good] +client = ssltest_good_client_extra +server = ssltest_good_server_extra +resume-server2 = ssltest_good_resume_server2_extra +resume-client = ssltest_good_resume_client_extra + +Method = DTLS +HandshakeMode = Resume +ApplicationData = 1024 +MaxFragmentSize = 2048 + +ExpectedResult = ServerFail +ExpectedClientAlert = UnknownCA +ExpectedProtocol = TLSv1.1 +ExpectedServerName = server2 +SessionTicketExpected = Yes +ResumptionExpected = Yes + +[ssltest_good_client_extra] +VerifyCallback = RejectAll +ServerName = server2 +NPNProtocols = foo,bar + +[ssltest_good_resume_client_extra] +CTValidation = Strict + +[ssltest_good_server_extra] +ServerNameCallback = IgnoreMismatch +BrokenSessionTicket = Yes + +[ssltest_good_resume_server2_extra] +ALPNProtocols = baz + +[ssltest_unknown_option] +UnknownOption = Foo + +[ssltest_wrong_section] +server = ssltest_wrong_section_server + +[ssltest_wrong_section_server] +VerifyCallback = RejectAll + +[ssltest_unknown_expected_result] +ExpectedResult = Foo + +[ssltest_unknown_alert] +ExpectedServerAlert = Foo + +[ssltest_unknown_protocol] +Protocol = Foo + +[ssltest_unknown_verify_callback] +client = ssltest_unknown_verify_callback_client + +[ssltest_unknown_verify_callback_client] +VerifyCallback = Foo + +[ssltest_unknown_servername] +client = ssltest_unknown_servername_client + +[ssltest_unknown_servername_client] +ServerName = Foo + +[ssltest_unknown_servername_callback] +server = ssltest_unknown_servername_server + +[ssltest_unknown_servername_server] +ServerNameCallback = Foo + +[ssltest_unknown_session_ticket_expected] +SessionTicketExpected = Foo + +[ssltest_unknown_compression_expected] +CompressionExpected = Foo + +[ssltest_unknown_session_id_expected] +SessionIdExpected = Foo + +[ssltest_unknown_method] +Method = TLS2 + +[ssltest_unknown_handshake_mode] +HandshakeMode = Foo + +[ssltest_unknown_resumption_expected] +ResumptionExpected = Foo + +[ssltest_unknown_ct_validation] +client = ssltest_unknown_ct_validation_client + +[ssltest_unknown_ct_validation_client] +CTCallback = Foo + +[ssltest_invalid_max_fragment_len] +MaxFragmentLenExt = 421 diff --git a/test/ssl_test_ctx_test.conf b/test/ssl_test_ctx_test.conf deleted file mode 100644 index 91e1465ffe..0000000000 --- a/test/ssl_test_ctx_test.conf +++ /dev/null @@ -1,97 +0,0 @@ -[ssltest_default] - -[ssltest_good] -client = ssltest_good_client_extra -server = ssltest_good_server_extra -resume-server2 = ssltest_good_resume_server2_extra -resume-client = ssltest_good_resume_client_extra - -Method = DTLS -HandshakeMode = Resume -ApplicationData = 1024 -MaxFragmentSize = 2048 - -ExpectedResult = ServerFail -ExpectedClientAlert = UnknownCA -ExpectedProtocol = TLSv1.1 -ExpectedServerName = server2 -SessionTicketExpected = Yes -ResumptionExpected = Yes - -[ssltest_good_client_extra] -VerifyCallback = RejectAll -ServerName = server2 -NPNProtocols = foo,bar - -[ssltest_good_resume_client_extra] -CTValidation = Strict - -[ssltest_good_server_extra] -ServerNameCallback = IgnoreMismatch -BrokenSessionTicket = Yes - -[ssltest_good_resume_server2_extra] -ALPNProtocols = baz - -[ssltest_unknown_option] -UnknownOption = Foo - -[ssltest_wrong_section] -server = ssltest_wrong_section_server - -[ssltest_wrong_section_server] -VerifyCallback = RejectAll - -[ssltest_unknown_expected_result] -ExpectedResult = Foo - -[ssltest_unknown_alert] -ExpectedServerAlert = Foo - -[ssltest_unknown_protocol] -Protocol = Foo - -[ssltest_unknown_verify_callback] -client = ssltest_unknown_verify_callback_client - -[ssltest_unknown_verify_callback_client] -VerifyCallback = Foo - -[ssltest_unknown_servername] -client = ssltest_unknown_servername_client - -[ssltest_unknown_servername_client] -ServerName = Foo - -[ssltest_unknown_servername_callback] -server = ssltest_unknown_servername_server - -[ssltest_unknown_servername_server] -ServerNameCallback = Foo - -[ssltest_unknown_session_ticket_expected] -SessionTicketExpected = Foo - -[ssltest_unknown_compression_expected] -CompressionExpected = Foo - -[ssltest_unknown_session_id_expected] -SessionIdExpected = Foo - -[ssltest_unknown_method] -Method = TLS2 - -[ssltest_unknown_handshake_mode] -HandshakeMode = Foo - -[ssltest_unknown_resumption_expected] -ResumptionExpected = Foo - -[ssltest_unknown_ct_validation] -client = ssltest_unknown_ct_validation_client - -[ssltest_unknown_ct_validation_client] -CTCallback = Foo - -[ssltest_invalid_max_fragment_len] -MaxFragmentLenExt = 421 -- cgit v1.2.3