diff options
| author | Matt Caswell <matt@openssl.org> | 2018-10-24 14:48:44 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2018-11-12 11:10:21 +0000 |
| commit | 24ae00388fb9e25af8f94d36b7c191ae90061586 (patch) | |
| tree | 5d10d28849e578517d428e33c82058681e62e68c | |
| parent | 83c81eebed52aa84b6b34d26e984c859158ca1c0 (diff) | |
Test use of a brainpool ECDSA certificate
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7442)
| -rw-r--r-- | test/ssl-tests/20-cert-select.conf | 853 | ||||
| -rw-r--r-- | test/ssl-tests/20-cert-select.conf.in | 39 |
2 files changed, 495 insertions, 397 deletions
diff --git a/test/ssl-tests/20-cert-select.conf b/test/ssl-tests/20-cert-select.conf index 1bf81c12d7..0bcd23d7f0 100644 --- a/test/ssl-tests/20-cert-select.conf +++ b/test/ssl-tests/20-cert-select.conf @@ -1,56 +1,58 @@ # Generated with generate_ssl_tests.pl -num_tests = 49 +num_tests = 51 test-0 = 0-ECDSA CipherString Selection test-1 = 1-ECDSA CipherString Selection test-2 = 2-ECDSA CipherString Selection test-3 = 3-Ed25519 CipherString and Signature Algorithm Selection test-4 = 4-Ed448 CipherString and Signature Algorithm Selection -test-5 = 5-RSA CipherString Selection -test-6 = 6-RSA-PSS Certificate CipherString Selection -test-7 = 7-P-256 CipherString and Signature Algorithm Selection -test-8 = 8-Ed25519 CipherString and Curves Selection -test-9 = 9-Ed448 CipherString and Curves Selection -test-10 = 10-ECDSA CipherString Selection, no ECDSA certificate -test-11 = 11-ECDSA Signature Algorithm Selection -test-12 = 12-ECDSA Signature Algorithm Selection SHA384 -test-13 = 13-ECDSA Signature Algorithm Selection SHA1 -test-14 = 14-ECDSA Signature Algorithm Selection compressed point -test-15 = 15-ECDSA Signature Algorithm Selection, no ECDSA certificate -test-16 = 16-RSA Signature Algorithm Selection -test-17 = 17-RSA-PSS Signature Algorithm Selection -test-18 = 18-RSA-PSS Certificate Legacy Signature Algorithm Selection -test-19 = 19-RSA-PSS Certificate Unified Signature Algorithm Selection -test-20 = 20-Only RSA-PSS Certificate -test-21 = 21-RSA-PSS Certificate, no PSS signature algorithms -test-22 = 22-RSA key exchange with all RSA certificate types -test-23 = 23-RSA key exchange with only RSA-PSS certificate -test-24 = 24-Suite B P-256 Hash Algorithm Selection -test-25 = 25-Suite B P-384 Hash Algorithm Selection -test-26 = 26-TLS 1.2 Ed25519 Client Auth -test-27 = 27-TLS 1.2 Ed448 Client Auth -test-28 = 28-Only RSA-PSS Certificate, TLS v1.1 -test-29 = 29-TLS 1.3 ECDSA Signature Algorithm Selection -test-30 = 30-TLS 1.3 ECDSA Signature Algorithm Selection compressed point -test-31 = 31-TLS 1.3 ECDSA Signature Algorithm Selection SHA1 -test-32 = 32-TLS 1.3 ECDSA Signature Algorithm Selection with PSS -test-33 = 33-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS -test-34 = 34-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate -test-35 = 35-TLS 1.3 RSA Signature Algorithm Selection, no PSS -test-36 = 36-TLS 1.3 RSA-PSS Signature Algorithm Selection -test-37 = 37-TLS 1.3 Ed25519 Signature Algorithm Selection -test-38 = 38-TLS 1.3 Ed448 Signature Algorithm Selection -test-39 = 39-TLS 1.3 Ed25519 CipherString and Groups Selection -test-40 = 40-TLS 1.3 Ed448 CipherString and Groups Selection -test-41 = 41-TLS 1.3 RSA Client Auth Signature Algorithm Selection -test-42 = 42-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names -test-43 = 43-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection -test-44 = 44-TLS 1.3 Ed25519 Client Auth -test-45 = 45-TLS 1.3 Ed448 Client Auth -test-46 = 46-TLS 1.2 DSA Certificate Test -test-47 = 47-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms -test-48 = 48-TLS 1.3 DSA Certificate Test +test-5 = 5-ECDSA with brainpool +test-6 = 6-RSA CipherString Selection +test-7 = 7-RSA-PSS Certificate CipherString Selection +test-8 = 8-P-256 CipherString and Signature Algorithm Selection +test-9 = 9-Ed25519 CipherString and Curves Selection +test-10 = 10-Ed448 CipherString and Curves Selection +test-11 = 11-ECDSA CipherString Selection, no ECDSA certificate +test-12 = 12-ECDSA Signature Algorithm Selection +test-13 = 13-ECDSA Signature Algorithm Selection SHA384 +test-14 = 14-ECDSA Signature Algorithm Selection SHA1 +test-15 = 15-ECDSA Signature Algorithm Selection compressed point +test-16 = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate +test-17 = 17-RSA Signature Algorithm Selection +test-18 = 18-RSA-PSS Signature Algorithm Selection +test-19 = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection +test-20 = 20-RSA-PSS Certificate Unified Signature Algorithm Selection +test-21 = 21-Only RSA-PSS Certificate +test-22 = 22-RSA-PSS Certificate, no PSS signature algorithms +test-23 = 23-RSA key exchange with all RSA certificate types +test-24 = 24-RSA key exchange with only RSA-PSS certificate +test-25 = 25-Suite B P-256 Hash Algorithm Selection +test-26 = 26-Suite B P-384 Hash Algorithm Selection +test-27 = 27-TLS 1.2 Ed25519 Client Auth +test-28 = 28-TLS 1.2 Ed448 Client Auth +test-29 = 29-Only RSA-PSS Certificate, TLS v1.1 +test-30 = 30-TLS 1.3 ECDSA Signature Algorithm Selection +test-31 = 31-TLS 1.3 ECDSA Signature Algorithm Selection compressed point +test-32 = 32-TLS 1.3 ECDSA Signature Algorithm Selection SHA1 +test-33 = 33-TLS 1.3 ECDSA Signature Algorithm Selection with PSS +test-34 = 34-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS +test-35 = 35-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate +test-36 = 36-TLS 1.3 RSA Signature Algorithm Selection, no PSS +test-37 = 37-TLS 1.3 RSA-PSS Signature Algorithm Selection +test-38 = 38-TLS 1.3 Ed25519 Signature Algorithm Selection +test-39 = 39-TLS 1.3 Ed448 Signature Algorithm Selection +test-40 = 40-TLS 1.3 Ed25519 CipherString and Groups Selection +test-41 = 41-TLS 1.3 Ed448 CipherString and Groups Selection +test-42 = 42-TLS 1.3 RSA Client Auth Signature Algorithm Selection +test-43 = 43-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names +test-44 = 44-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection +test-45 = 45-TLS 1.3 Ed25519 Client Auth +test-46 = 46-TLS 1.3 Ed448 Client Auth +test-47 = 47-TLS 1.3 ECDSA with brainpool +test-48 = 48-TLS 1.2 DSA Certificate Test +test-49 = 49-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms +test-50 = 50-TLS 1.3 DSA Certificate Test # =========================================================== [0-ECDSA CipherString Selection] @@ -223,14 +225,43 @@ ExpectedServerSignType = Ed448 # =========================================================== -[5-RSA CipherString Selection] -ssl_conf = 5-RSA CipherString Selection-ssl +[5-ECDSA with brainpool] +ssl_conf = 5-ECDSA with brainpool-ssl -[5-RSA CipherString Selection-ssl] -server = 5-RSA CipherString Selection-server -client = 5-RSA CipherString Selection-client +[5-ECDSA with brainpool-ssl] +server = 5-ECDSA with brainpool-server +client = 5-ECDSA with brainpool-client -[5-RSA CipherString Selection-server] +[5-ECDSA with brainpool-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem +CipherString = DEFAULT +Groups = brainpoolP256r1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem + +[5-ECDSA with brainpool-client] +CipherString = aECDSA +Groups = brainpoolP256r1 +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = Success +ExpectedServerCANames = empty +ExpectedServerCertType = brainpoolP256r1 +ExpectedServerSignType = EC + + +# =========================================================== + +[6-RSA CipherString Selection] +ssl_conf = 6-RSA CipherString Selection-ssl + +[6-RSA CipherString Selection-ssl] +server = 6-RSA CipherString Selection-server +client = 6-RSA CipherString Selection-client + +[6-RSA CipherString Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem @@ -242,13 +273,13 @@ Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[5-RSA CipherString Selection-client] +[6-RSA CipherString Selection-client] CipherString = aRSA MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-5] +[test-6] ExpectedResult = Success ExpectedServerCertType = RSA ExpectedServerSignType = RSA-PSS @@ -256,14 +287,14 @@ ExpectedServerSignType = RSA-PSS # =========================================================== -[6-RSA-PSS Certificate CipherString Selection] -ssl_conf = 6-RSA-PSS Certificate CipherString Selection-ssl +[7-RSA-PSS Certificate CipherString Selection] +ssl_conf = 7-RSA-PSS Certificate CipherString Selection-ssl -[6-RSA-PSS Certificate CipherString Selection-ssl] -server = 6-RSA-PSS Certificate CipherString Selection-server -client = 6-RSA-PSS Certificate CipherString Selection-client +[7-RSA-PSS Certificate CipherString Selection-ssl] +server = 7-RSA-PSS Certificate CipherString Selection-server +client = 7-RSA-PSS Certificate CipherString Selection-client -[6-RSA-PSS Certificate CipherString Selection-server] +[7-RSA-PSS Certificate CipherString Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem @@ -277,13 +308,13 @@ PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[6-RSA-PSS Certificate CipherString Selection-client] +[7-RSA-PSS Certificate CipherString Selection-client] CipherString = aRSA MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-6] +[test-7] ExpectedResult = Success ExpectedServerCertType = RSA-PSS ExpectedServerSignType = RSA-PSS @@ -291,14 +322,14 @@ ExpectedServerSignType = RSA-PSS # =========================================================== -[7-P-256 CipherString and Signature Algorithm Selection] -ssl_conf = 7-P-256 CipherString and Signature Algorithm Selection-ssl +[8-P-256 CipherString and Signature Algorithm Selection] +ssl_conf = 8-P-256 CipherString and Signature Algorithm Selection-ssl -[7-P-256 CipherString and Signature Algorithm Selection-ssl] -server = 7-P-256 CipherString and Signature Algorithm Selection-server -client = 7-P-256 CipherString and Signature Algorithm Selection-client +[8-P-256 CipherString and Signature Algorithm Selection-ssl] +server = 8-P-256 CipherString and Signature Algorithm Selection-server +client = 8-P-256 CipherString and Signature Algorithm Selection-client -[7-P-256 CipherString and Signature Algorithm Selection-server] +[8-P-256 CipherString and Signature Algorithm Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem @@ -310,14 +341,14 @@ Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[7-P-256 CipherString and Signature Algorithm Selection-client] +[8-P-256 CipherString and Signature Algorithm Selection-client] CipherString = aECDSA MaxProtocol = TLSv1.2 SignatureAlgorithms = ECDSA+SHA256:ed25519 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-7] +[test-8] ExpectedResult = Success ExpectedServerCertType = P-256 ExpectedServerSignHash = SHA256 @@ -326,14 +357,14 @@ ExpectedServerSignType = EC # =========================================================== -[8-Ed25519 CipherString and Curves Selection] -ssl_conf = 8-Ed25519 CipherString and Curves Selection-ssl +[9-Ed25519 CipherString and Curves Selection] +ssl_conf = 9-Ed25519 CipherString and Curves Selection-ssl -[8-Ed25519 CipherString and Curves Selection-ssl] -server = 8-Ed25519 CipherString and Curves Selection-server -client = 8-Ed25519 CipherString and Curves Selection-client +[9-Ed25519 CipherString and Curves Selection-ssl] +server = 9-Ed25519 CipherString and Curves Selection-server +client = 9-Ed25519 CipherString and Curves Selection-client -[8-Ed25519 CipherString and Curves Selection-server] +[9-Ed25519 CipherString and Curves Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem @@ -345,7 +376,7 @@ Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[8-Ed25519 CipherString and Curves Selection-client] +[9-Ed25519 CipherString and Curves Selection-client] CipherString = aECDSA Curves = X25519 MaxProtocol = TLSv1.2 @@ -353,7 +384,7 @@ SignatureAlgorithms = ECDSA+SHA256:ed25519 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-8] +[test-9] ExpectedResult = Success ExpectedServerCertType = Ed25519 ExpectedServerSignType = Ed25519 @@ -361,14 +392,14 @@ ExpectedServerSignType = Ed25519 # =========================================================== -[9-Ed448 CipherString and Curves Selection] -ssl_conf = 9-Ed448 CipherString and Curves Selection-ssl +[10-Ed448 CipherString and Curves Selection] +ssl_conf = 10-Ed448 CipherString and Curves Selection-ssl -[9-Ed448 CipherString and Curves Selection-ssl] -server = 9-Ed448 CipherString and Curves Selection-server -client = 9-Ed448 CipherString and Curves Selection-client +[10-Ed448 CipherString and Curves Selection-ssl] +server = 10-Ed448 CipherString and Curves Selection-server +client = 10-Ed448 CipherString and Curves Selection-client -[9-Ed448 CipherString and Curves Selection-server] +[10-Ed448 CipherString and Curves Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem @@ -380,7 +411,7 @@ Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[9-Ed448 CipherString and Curves Selection-client] +[10-Ed448 CipherString and Curves Selection-client] CipherString = aECDSA Curves = X448 MaxProtocol = TLSv1.2 @@ -388,7 +419,7 @@ SignatureAlgorithms = ECDSA+SHA256:ed448 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-9] +[test-10] ExpectedResult = Success ExpectedServerCertType = Ed448 ExpectedServerSignType = Ed448 @@ -396,39 +427,39 @@ ExpectedServerSignType = Ed448 # =========================================================== -[10-ECDSA CipherString Selection, no ECDSA certificate] -ssl_conf = 10-ECDSA CipherString Selection, no ECDSA certificate-ssl +[11-ECDSA CipherString Selection, no ECDSA certificate] +ssl_conf = 11-ECDSA CipherString Selection, no ECDSA certificate-ssl -[10-ECDSA CipherString Selection, no ECDSA certificate-ssl] -server = 10-ECDSA CipherString Selection, no ECDSA certificate-server -client = 10-ECDSA CipherString Selection, no ECDSA certificate-client +[11-ECDSA CipherString Selection, no ECDSA certificate-ssl] +server = 11-ECDSA CipherString Selection, no ECDSA certificate-server +client = 11-ECDSA CipherString Selection, no ECDSA certificate-client -[10-ECDSA CipherString Selection, no ECDSA certificate-server] +[11-ECDSA CipherString Selection, no ECDSA certificate-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[10-ECDSA CipherString Selection, no ECDSA certificate-client] +[11-ECDSA CipherString Selection, no ECDSA certificate-client] CipherString = aECDSA MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-10] +[test-11] ExpectedResult = ServerFail # =========================================================== -[11-ECDSA Signature Algorithm Selection] -ssl_conf = 11-ECDSA Signature Algorithm Selection-ssl +[12-ECDSA Signature Algorithm Selection] +ssl_conf = 12-ECDSA Signature Algorithm Selection-ssl -[11-ECDSA Signature Algorithm Selection-ssl] -server = 11-ECDSA Signature Algorithm Selection-server -client = 11-ECDSA Signature Algorithm Selection-client +[12-ECDSA Signature Algorithm Selection-ssl] +server = 12-ECDSA Signature Algorithm Selection-server +client = 12-ECDSA Signature Algorithm Selection-client -[11-ECDSA Signature Algorithm Selection-server] +[12-ECDSA Signature Algorithm Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem @@ -440,13 +471,13 @@ Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[11-ECDSA Signature Algorithm Selection-client] +[12-ECDSA Signature Algorithm Selection-client] CipherString = DEFAULT SignatureAlgorithms = ECDSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-11] +[test-12] ExpectedResult = Success ExpectedServerCertType = P-256 ExpectedServerSignHash = SHA256 @@ -455,14 +486,14 @@ ExpectedServerSignType = EC # =========================================================== -[12-ECDSA Signature Algorithm Selection SHA384] -ssl_conf = 12-ECDSA Signature Algorithm Selection SHA384-ssl +[13-ECDSA Signature Algorithm Selection SHA384] +ssl_conf = 13-ECDSA Signature Algorithm Selection SHA384-ssl -[12-ECDSA Signature Algorithm Selection SHA384-ssl] -server = 12-ECDSA Signature Algorithm Selection SHA384-server -client = 12-ECDSA Signature Algorithm Selection SHA384-client +[13-ECDSA Signature Algorithm Selection SHA384-ssl] +server = 13-ECDSA Signature Algorithm Selection SHA384-server +client = 13-ECDSA Signature Algorithm Selection SHA384-client -[12-ECDSA Signature Algorithm Selection SHA384-server] +[13-ECDSA Signature Algorithm Selection SHA384-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem @@ -474,13 +505,13 @@ Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[12-ECDSA Signature Algorithm Selection SHA384-client] +[13-ECDSA Signature Algorithm Selection SHA384-client] CipherString = DEFAULT SignatureAlgorithms = ECDSA+SHA384 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-12] +[test-13] ExpectedResult = Success ExpectedServerCertType = P-256 ExpectedServerSignHash = SHA384 @@ -489,14 +520,14 @@ ExpectedServerSignType = EC # =========================================================== -[13-ECDSA Signature Algorithm Selection SHA1] -ssl_conf = 13-ECDSA Signature Algorithm Selection SHA1-ssl +[14-ECDSA Signature Algorithm Selection SHA1] +ssl_conf = 14-ECDSA Signature Algorithm Selection SHA1-ssl -[13-ECDSA Signature Algorithm Selection SHA1-ssl] -server = 13-ECDSA Signature Algorithm Selection SHA1-server -client = 13-ECDSA Signature Algorithm Selection SHA1-client +[14-ECDSA Signature Algorithm Selection SHA1-ssl] +server = 14-ECDSA Signature Algorithm Selection SHA1-server +client = 14-ECDSA Signature Algorithm Selection SHA1-client -[13-ECDSA Signature Algorithm Selection SHA1-server] +[14-ECDSA Signature Algorithm Selection SHA1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem @@ -508,13 +539,13 @@ Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[13-ECDSA Signature Algorithm Selection SHA1-client] +[14-ECDSA Signature Algorithm Selection SHA1-client] CipherString = DEFAULT SignatureAlgorithms = ECDSA+SHA1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-13] +[test-14] ExpectedResult = Success ExpectedServerCertType = P-256 ExpectedServerSignHash = SHA1 @@ -523,14 +554,14 @@ ExpectedServerSignType = EC # =========================================================== -[14-ECDSA Signature Algorithm Selection compressed point] -ssl_conf = 14-ECDSA Signature Algorithm Selection compressed point-ssl +[15-ECDSA Signature Algorithm Selection compressed point] +ssl_conf = 15-ECDSA Signature Algorithm Selection compressed point-ssl -[14-ECDSA Signature Algorithm Selection compressed point-ssl] -server = 14-ECDSA Signature Algorithm Selection compressed point-server -client = 14-ECDSA Signature Algorithm Selection compressed point-client +[15-ECDSA Signature Algorithm Selection compressed point-ssl] +server = 15-ECDSA Signature Algorithm Selection compressed point-server +client = 15-ECDSA Signature Algorithm Selection compressed point-client -[14-ECDSA Signature Algorithm Selection compressed point-server] +[15-ECDSA Signature Algorithm Selection compressed point-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem @@ -538,13 +569,13 @@ ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[14-ECDSA Signature Algorithm Selection compressed point-client] +[15-ECDSA Signature Algorithm Selection compressed point-client] CipherString = DEFAULT SignatureAlgorithms = ECDSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-14] +[test-15] ExpectedResult = Success ExpectedServerCertType = P-256 ExpectedServerSignHash = SHA256 @@ -553,39 +584,39 @@ ExpectedServerSignType = EC # =========================================================== -[15-ECDSA Signature Algorithm Selection, no ECDSA certificate] -ssl_conf = 15-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl +[16-ECDSA Signature Algorithm Selection, no ECDSA certificate] +ssl_conf = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl -[15-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl] -server = 15-ECDSA Signature Algorithm Selection, no ECDSA certificate-server -client = 15-ECDSA Signature Algorithm Selection, no ECDSA certificate-client +[16-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl] +server = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-server +client = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-client -[15-ECDSA Signature Algorithm Selection, no ECDSA certificate-server] +[16-ECDSA Signature Algorithm Selection, no ECDSA certificate-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[15-ECDSA Signature Algorithm Selection, no ECDSA certificate-client] +[16-ECDSA Signature Algorithm Selection, no ECDSA certificate-client] CipherString = DEFAULT SignatureAlgorithms = ECDSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-15] +[test-16] ExpectedResult = ServerFail # =========================================================== -[16-RSA Signature Algorithm Selection] -ssl_conf = 16-RSA Signature Algorithm Selection-ssl +[17-RSA Signature Algorithm Selection] +ssl_conf = 17-RSA Signature Algorithm Selection-ssl -[16-RSA Signature Algorithm Selection-ssl] -server = 16-RSA Signature Algorithm Selection-server -client = 16-RSA Signature Algorithm Selection-client +[17-RSA Signature Algorithm Selection-ssl] +server = 17-RSA Signature Algorithm Selection-server +client = 17-RSA Signature Algorithm Selection-client -[16-RSA Signature Algorithm Selection-server] +[17-RSA Signature Algorithm Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem @@ -597,13 +628,13 @@ Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[16-RSA Signature Algorithm Selection-client] +[17-RSA Signature Algorithm Selection-client] CipherString = DEFAULT SignatureAlgorithms = RSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-16] +[test-17] ExpectedResult = Success ExpectedServerCertType = RSA ExpectedServerSignHash = SHA256 @@ -612,14 +643,14 @@ ExpectedServerSignType = RSA # =========================================================== -[17-RSA-PSS Signature Algorithm Selection] -ssl_conf = 17-RSA-PSS Signature Algorithm Selection-ssl +[18-RSA-PSS Signature Algorithm Selection] +ssl_conf = 18-RSA-PSS Signature Algorithm Selection-ssl -[17-RSA-PSS Signature Algorithm Selection-ssl] -server = 17-RSA-PSS Signature Algorithm Selection-server -client = 17-RSA-PSS Signature Algorithm Selection-client +[18-RSA-PSS Signature Algorithm Selection-ssl] +server = 18-RSA-PSS Signature Algorithm Selection-server +client = 18-RSA-PSS Signature Algorithm Selection-client -[17-RSA-PSS Signature Algorithm Selection-server] +[18-RSA-PSS Signature Algorithm Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem @@ -631,13 +662,13 @@ Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[17-RSA-PSS Signature Algorithm Selection-client] +[18-RSA-PSS Signature Algorithm Selection-client] CipherString = DEFAULT SignatureAlgorithms = RSA-PSS+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-17] +[test-18] ExpectedResult = Success ExpectedServerCertType = RSA ExpectedServerSignHash = SHA256 @@ -646,14 +677,14 @@ ExpectedServerSignType = RSA-PSS # =========================================================== -[18-RSA-PSS Certificate Legacy Signature Algorithm Selection] -ssl_conf = 18-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl +[19-RSA-PSS Certificate Legacy Signature Algorithm Selection] +ssl_conf = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl -[18-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl] -server = 18-RSA-PSS Certificate Legacy Signature Algorithm Selection-server -client = 18-RSA-PSS Certificate Legacy Signature Algorithm Selection-client +[19-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl] +server = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-server +client = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-client -[18-RSA-PSS Certificate Legacy Signature Algorithm Selection-server] +[19-RSA-PSS Certificate Legacy Signature Algorithm Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem @@ -667,13 +698,13 @@ PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[18-RSA-PSS Certificate Legacy Signature Algorithm Selection-client] +[19-RSA-PSS Certificate Legacy Signature Algorithm Selection-client] CipherString = DEFAULT SignatureAlgorithms = RSA-PSS+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-18] +[test-19] ExpectedResult = Success ExpectedServerCertType = RSA ExpectedServerSignHash = SHA256 @@ -682,14 +713,14 @@ ExpectedServerSignType = RSA-PSS # =========================================================== -[19-RSA-PSS Certificate Unified Signature Algorithm Selection] -ssl_conf = 19-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl +[20-RSA-PSS Certificate Unified Signature Algorithm Selection] +ssl_conf = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl -[19-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl] -server = 19-RSA-PSS Certificate Unified Signature Algorithm Selection-server -client = 19-RSA-PSS Certificate Unified Signature Algorithm Selection-client +[20-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl] +server = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-server +client = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-client -[19-RSA-PSS Certificate Unified Signature Algorithm Selection-server] +[20-RSA-PSS Certificate Unified Signature Algorithm Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem @@ -703,13 +734,13 @@ PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[19-RSA-PSS Certificate Unified Signature Algorithm Selection-client] +[20-RSA-PSS Certificate Unified Signature Algorithm Selection-client] CipherString = DEFAULT SignatureAlgorithms = rsa_pss_pss_sha256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-19] +[test-20] ExpectedResult = Success ExpectedServerCertType = RSA-PSS ExpectedServerSignHash = SHA256 @@ -718,24 +749,24 @@ ExpectedServerSignType = RSA-PSS # =========================================================== -[20-Only RSA-PSS Certificate] -ssl_conf = 20-Only RSA-PSS Certificate-ssl +[21-Only RSA-PSS Certificate] +ssl_conf = 21-Only RSA-PSS Certificate-ssl -[20-Only RSA-PSS Certificate-ssl] -server = 20-Only RSA-PSS Certificate-server -client = 20-Only RSA-PSS Certificate-client +[21-Only RSA-PSS Certificate-ssl] +server = 21-Only RSA-PSS Certificate-server +client = 21-Only RSA-PSS Certificate-client -[20-Only RSA-PSS Certificate-server] +[21-Only RSA-PSS Certificate-server] Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem -[20-Only RSA-PSS Certificate-client] +[21-Only RSA-PSS Certificate-client] CipherString = DEFAULT VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-20] +[test-21] ExpectedResult = Success ExpectedServerCertType = RSA-PSS ExpectedServerSignHash = SHA256 @@ -744,89 +775,89 @@ ExpectedServerSignType = RSA-PSS # =========================================================== -[21-RSA-PSS Certificate, no PSS signature algorithms] -ssl_conf = 21-RSA-PSS Certificate, no PSS signature algorithms-ssl +[22-RSA-PSS Certificate, no PSS signature algorithms] +ssl_conf = 22-RSA-PSS Certificate, no PSS signature algorithms-ssl -[21-RSA-PSS Certificate, no PSS signature algorithms-ssl] -server = 21-RSA-PSS Certificate, no PSS signature algorithms-server -client = 21-RSA-PSS Certificate, no PSS signature algorithms-client +[22-RSA-PSS Certificate, no PSS signature algorithms-ssl] +server = 22-RSA-PSS Certificate, no PSS signature algorithms-server +client = 22-RSA-PSS Certificate, no PSS signature algorithms-client -[21-RSA-PSS Certificate, no PSS signature algorithms-server] +[22-RSA-PSS Certificate, no PSS signature algorithms-server] Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem -[21-RSA-PSS Certificate, no PSS signature algorithms-client] +[22-RSA-PSS Certificate, no PSS signature algorithms-client] CipherString = DEFAULT SignatureAlgorithms = RSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-21] +[test-22] ExpectedResult = ServerFail # =========================================================== -[22-RSA key exchange with all RSA certificate types] -ssl_conf = 22-RSA key exchange with all RSA certificate types-ssl +[23-RSA key exchange with all RSA certificate types] +ssl_conf = 23-RSA key exchange with all RSA certificate types-ssl -[22-RSA key exchange with all RSA certificate types-ssl] -server = 22-RSA key exchange with all RSA certificate types-server -client = 22-RSA key exchange with all RSA certificate types-client +[23-RSA key exchange with all RSA certificate types-ssl] +server = 23-RSA key exchange with all RSA certificate types-server +client = 23-RSA key exchange with all RSA certificate types-client -[22-RSA key exchange with all RSA certificate types-server] +[23-RSA key exchange with all RSA certificate types-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[22-RSA key exchange with all RSA certificate types-client] +[23-RSA key exchange with all RSA certificate types-client] CipherString = kRSA MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-22] +[test-23] ExpectedResult = Success ExpectedServerCertType = RSA # =========================================================== -[23-RSA key exchange with only RSA-PSS certificate] -ssl_conf = 23-RSA key exchange with only RSA-PSS certificate-ssl +[24-RSA key exchange with only RSA-PSS certificate] +ssl_conf = 24-RSA key exchange with only RSA-PSS certificate-ssl -[23-RSA key exchange with only RSA-PSS certificate-ssl] -server = 23-RSA key exchange with only RSA-PSS certificate-server -client = 23-RSA key exchange with only RSA-PSS certificate-client +[24-RSA key exchange with only RSA-PSS certificate-ssl] +server = 24-RSA key exchange with only RSA-PSS certificate-server +client = 24-RSA key exchange with only RSA-PSS certificate-client -[23-RSA key exchange with only RSA-PSS certificate-server] +[24-RSA key exchange with only RSA-PSS certificate-server] Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem -[23-RSA key exchange with only RSA-PSS certificate-client] +[24-RSA key exchange with only RSA-PSS certificate-client] CipherString = kRSA MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-23] +[test-24] ExpectedResult = ServerFail # =========================================================== -[24-Suite B P-256 Hash Algorithm Selection] -ssl_conf = 24-Suite B P-256 Hash Algorithm Selection-ssl +[25-Suite B P-256 Hash Algorithm Selection] +ssl_conf = 25-Suite B P-256 Hash Algorithm Selection-ssl -[24-Suite B P-256 Hash Algorithm Selection-ssl] -server = 24-Suite B P-256 Hash Algorithm Selection-server -client = 24-Suite B P-256 Hash Algorithm Selection-client +[25-Suite B P-256 Hash Algorithm Selection-ssl] +server = 25-Suite B P-256 Hash Algorithm Selection-server +client = 25-Suite B P-256 Hash Algorithm Selection-client -[24-Suite B P-256 Hash Algorithm Selection-server] +[25-Suite B P-256 Hash Algorithm Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = SUITEB128 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p256-server-cert.pem @@ -834,13 +865,13 @@ ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p256-server-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[24-Suite B P-256 Hash Algorithm Selection-client] +[25-Suite B P-256 Hash Algorithm Selection-client] CipherString = DEFAULT SignatureAlgorithms = ECDSA+SHA384:ECDSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem VerifyMode = Peer -[test-24] +[test-25] ExpectedResult = Success ExpectedServerCertType = P-256 ExpectedServerSignHash = SHA256 @@ -849,14 +880,14 @@ ExpectedServerSignType = EC # =========================================================== -[25-Suite B P-384 Hash Algorithm Selection] -ssl_conf = 25-Suite B P-384 Hash Algorithm Selection-ssl +[26-Suite B P-384 Hash Algorithm Selection] +ssl_conf = 26-Suite B P-384 Hash Algorithm Selection-ssl -[25-Suite B P-384 Hash Algorithm Selection-ssl] -server = 25-Suite B P-384 Hash Algorithm Selection-server -client = 25-Suite B P-384 Hash Algorithm Selection-client +[26-Suite B P-384 Hash Algorithm Selection-ssl] +server = 26-Suite B P-384 Hash Algorithm Selection-server +client = 26-Suite B P-384 Hash Algorithm Selection-client -[25-Suite B P-384 Hash Algorithm Selection-server] +[26-Suite B P-384 Hash Algorithm Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = SUITEB128 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem @@ -864,13 +895,13 @@ ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[25-Suite B P-384 Hash Algorithm Selection-client] +[26-Suite B P-384 Hash Algorithm Selection-client] CipherString = DEFAULT SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem VerifyMode = Peer -[test-25] +[test-26] ExpectedResult = Success ExpectedServerCertType = P-384 ExpectedServerSignHash = SHA384 @@ -879,21 +910,21 @@ ExpectedServerSignType = EC # =========================================================== -[26-TLS 1.2 Ed25519 Client Auth] -ssl_conf = 26-TLS 1.2 Ed25519 Client Auth-ssl +[27-TLS 1.2 Ed25519 Client Auth] +ssl_conf = 27-TLS 1.2 Ed25519 Client Auth-ssl -[26-TLS 1.2 Ed25519 Client Auth-ssl] -server = 26-TLS 1.2 Ed25519 Client Auth-server -client = 26-TLS 1.2 Ed25519 Client Auth-client +[27-TLS 1.2 Ed25519 Client Auth-ssl] +server = 27-TLS 1.2 Ed25519 Client Auth-server +client = 27-TLS 1.2 Ed25519 Client Auth-client -[26-TL |