diff options
| author | Tomas Mraz <tomas@openssl.org> | 2021-02-11 18:18:49 +0100 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2021-02-12 19:05:17 +0100 |
| commit | 9ff5bd612a415571b12cc9febe22c710d9d2d42a (patch) | |
| tree | 1207519769f902a7b84fd2ff027a7bdf5313802a /test | |
| parent | 89e14ca7c7003b3b5874a8dac3f21521a4f844b4 (diff) | |
ssl_test: Add testcases for disallowing non-TLS1.3 curves with TLS1.3
Also correctly mark max protocol version for some curves.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14154)
Diffstat (limited to 'test')
| -rw-r--r-- | test/ssl-tests/14-curves.cnf | 1112 | ||||
| -rw-r--r-- | test/ssl-tests/14-curves.cnf.in | 53 |
2 files changed, 967 insertions, 198 deletions
diff --git a/test/ssl-tests/14-curves.cnf b/test/ssl-tests/14-curves.cnf index 1982c99db7..824a9f9a0e 100644 --- a/test/ssl-tests/14-curves.cnf +++ b/test/ssl-tests/14-curves.cnf @@ -1,21 +1,21 @@ # Generated with generate_ssl_tests.pl -num_tests = 30 - -test-0 = 0-curve-sect233k1 -test-1 = 1-curve-sect233r1 -test-2 = 2-curve-sect283k1 -test-3 = 3-curve-sect283r1 -test-4 = 4-curve-sect409k1 -test-5 = 5-curve-sect409r1 -test-6 = 6-curve-sect571k1 -test-7 = 7-curve-sect571r1 -test-8 = 8-curve-secp224r1 -test-9 = 9-curve-prime256v1 -test-10 = 10-curve-secp384r1 -test-11 = 11-curve-secp521r1 -test-12 = 12-curve-X25519 -test-13 = 13-curve-X448 +num_tests = 55 + +test-0 = 0-curve-prime256v1 +test-1 = 1-curve-secp384r1 +test-2 = 2-curve-secp521r1 +test-3 = 3-curve-X25519 +test-4 = 4-curve-X448 +test-5 = 5-curve-sect233k1 +test-6 = 6-curve-sect233r1 +test-7 = 7-curve-sect283k1 +test-8 = 8-curve-sect283r1 +test-9 = 9-curve-sect409k1 +test-10 = 10-curve-sect409r1 +test-11 = 11-curve-sect571k1 +test-12 = 12-curve-sect571r1 +test-13 = 13-curve-secp224r1 test-14 = 14-curve-sect163k1 test-15 = 15-curve-sect163r2 test-16 = 16-curve-prime192v1 @@ -32,396 +32,435 @@ test-26 = 26-curve-secp256k1 test-27 = 27-curve-brainpoolP256r1 test-28 = 28-curve-brainpoolP384r1 test-29 = 29-curve-brainpoolP512r1 +test-30 = 30-curve-sect233k1-tls13 +test-31 = 31-curve-sect233r1-tls13 +test-32 = 32-curve-sect283k1-tls13 +test-33 = 33-curve-sect283r1-tls13 +test-34 = 34-curve-sect409k1-tls13 +test-35 = 35-curve-sect409r1-tls13 +test-36 = 36-curve-sect571k1-tls13 +test-37 = 37-curve-sect571r1-tls13 +test-38 = 38-curve-secp224r1-tls13 +test-39 = 39-curve-sect163k1-tls13 +test-40 = 40-curve-sect163r2-tls13 +test-41 = 41-curve-prime192v1-tls13 +test-42 = 42-curve-sect163r1-tls13 +test-43 = 43-curve-sect193r1-tls13 +test-44 = 44-curve-sect193r2-tls13 +test-45 = 45-curve-sect239k1-tls13 +test-46 = 46-curve-secp160k1-tls13 +test-47 = 47-curve-secp160r1-tls13 +test-48 = 48-curve-secp160r2-tls13 +test-49 = 49-curve-secp192k1-tls13 +test-50 = 50-curve-secp224k1-tls13 +test-51 = 51-curve-secp256k1-tls13 +test-52 = 52-curve-brainpoolP256r1-tls13 +test-53 = 53-curve-brainpoolP384r1-tls13 +test-54 = 54-curve-brainpoolP512r1-tls13 # =========================================================== -[0-curve-sect233k1] -ssl_conf = 0-curve-sect233k1-ssl +[0-curve-prime256v1] +ssl_conf = 0-curve-prime256v1-ssl -[0-curve-sect233k1-ssl] -server = 0-curve-sect233k1-server -client = 0-curve-sect233k1-client +[0-curve-prime256v1-ssl] +server = 0-curve-prime256v1-server +client = 0-curve-prime256v1-client -[0-curve-sect233k1-server] +[0-curve-prime256v1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -Curves = sect233k1 -MaxProtocol = TLSv1.2 +Curves = prime256v1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[0-curve-sect233k1-client] +[0-curve-prime256v1-client] CipherString = ECDHE -Curves = sect233k1 -MaxProtocol = TLSv1.2 +Curves = prime256v1 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-0] +ExpectedProtocol = TLSv1.3 ExpectedResult = Success -ExpectedTmpKeyType = sect233k1 +ExpectedTmpKeyType = prime256v1 # =========================================================== -[1-curve-sect233r1] -ssl_conf = 1-curve-sect233r1-ssl +[1-curve-secp384r1] +ssl_conf = 1-curve-secp384r1-ssl -[1-curve-sect233r1-ssl] -server = 1-curve-sect233r1-server -client = 1-curve-sect233r1-client +[1-curve-secp384r1-ssl] +server = 1-curve-secp384r1-server +client = 1-curve-secp384r1-client -[1-curve-sect233r1-server] +[1-curve-secp384r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -Curves = sect233r1 -MaxProtocol = TLSv1.2 +Curves = secp384r1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[1-curve-sect233r1-client] +[1-curve-secp384r1-client] CipherString = ECDHE -Curves = sect233r1 -MaxProtocol = TLSv1.2 +Curves = secp384r1 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-1] +ExpectedProtocol = TLSv1.3 ExpectedResult = Success -ExpectedTmpKeyType = sect233r1 +ExpectedTmpKeyType = secp384r1 # =========================================================== -[2-curve-sect283k1] -ssl_conf = 2-curve-sect283k1-ssl +[2-curve-secp521r1] +ssl_conf = 2-curve-secp521r1-ssl -[2-curve-sect283k1-ssl] -server = 2-curve-sect283k1-server -client = 2-curve-sect283k1-client +[2-curve-secp521r1-ssl] +server = 2-curve-secp521r1-server +client = 2-curve-secp521r1-client -[2-curve-sect283k1-server] +[2-curve-secp521r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -Curves = sect283k1 -MaxProtocol = TLSv1.2 +Curves = secp521r1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[2-curve-sect283k1-client] +[2-curve-secp521r1-client] CipherString = ECDHE -Curves = sect283k1 -MaxProtocol = TLSv1.2 +Curves = secp521r1 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-2] +ExpectedProtocol = TLSv1.3 ExpectedResult = Success -ExpectedTmpKeyType = sect283k1 +ExpectedTmpKeyType = secp521r1 # =========================================================== -[3-curve-sect283r1] -ssl_conf = 3-curve-sect283r1-ssl +[3-curve-X25519] +ssl_conf = 3-curve-X25519-ssl -[3-curve-sect283r1-ssl] -server = 3-curve-sect283r1-server -client = 3-curve-sect283r1-client +[3-curve-X25519-ssl] +server = 3-curve-X25519-server +client = 3-curve-X25519-client -[3-curve-sect283r1-server] +[3-curve-X25519-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -Curves = sect283r1 -MaxProtocol = TLSv1.2 +Curves = X25519 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[3-curve-sect283r1-client] +[3-curve-X25519-client] CipherString = ECDHE -Curves = sect283r1 -MaxProtocol = TLSv1.2 +Curves = X25519 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-3] +ExpectedProtocol = TLSv1.3 ExpectedResult = Success -ExpectedTmpKeyType = sect283r1 +ExpectedTmpKeyType = X25519 # =========================================================== -[4-curve-sect409k1] -ssl_conf = 4-curve-sect409k1-ssl +[4-curve-X448] +ssl_conf = 4-curve-X448-ssl -[4-curve-sect409k1-ssl] -server = 4-curve-sect409k1-server -client = 4-curve-sect409k1-client +[4-curve-X448-ssl] +server = 4-curve-X448-server +client = 4-curve-X448-client -[4-curve-sect409k1-server] +[4-curve-X448-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -Curves = sect409k1 -MaxProtocol = TLSv1.2 +Curves = X448 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[4-curve-sect409k1-client] +[4-curve-X448-client] CipherString = ECDHE -Curves = sect409k1 -MaxProtocol = TLSv1.2 +Curves = X448 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-4] +ExpectedProtocol = TLSv1.3 ExpectedResult = Success -ExpectedTmpKeyType = sect409k1 +ExpectedTmpKeyType = X448 # =========================================================== -[5-curve-sect409r1] -ssl_conf = 5-curve-sect409r1-ssl +[5-curve-sect233k1] +ssl_conf = 5-curve-sect233k1-ssl -[5-curve-sect409r1-ssl] -server = 5-curve-sect409r1-server -client = 5-curve-sect409r1-client +[5-curve-sect233k1-ssl] +server = 5-curve-sect233k1-server +client = 5-curve-sect233k1-client -[5-curve-sect409r1-server] +[5-curve-sect233k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -Curves = sect409r1 -MaxProtocol = TLSv1.2 +Curves = sect233k1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[5-curve-sect409r1-client] +[5-curve-sect233k1-client] CipherString = ECDHE -Curves = sect409r1 +Curves = sect233k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-5] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -ExpectedTmpKeyType = sect409r1 +ExpectedTmpKeyType = sect233k1 # =========================================================== -[6-curve-sect571k1] -ssl_conf = 6-curve-sect571k1-ssl +[6-curve-sect233r1] +ssl_conf = 6-curve-sect233r1-ssl -[6-curve-sect571k1-ssl] -server = 6-curve-sect571k1-server -client = 6-curve-sect571k1-client +[6-curve-sect233r1-ssl] +server = 6-curve-sect233r1-server +client = 6-curve-sect233r1-client -[6-curve-sect571k1-server] +[6-curve-sect233r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -Curves = sect571k1 -MaxProtocol = TLSv1.2 +Curves = sect233r1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[6-curve-sect571k1-client] +[6-curve-sect233r1-client] CipherString = ECDHE -Curves = sect571k1 +Curves = sect233r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-6] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -ExpectedTmpKeyType = sect571k1 +ExpectedTmpKeyType = sect233r1 # =========================================================== -[7-curve-sect571r1] -ssl_conf = 7-curve-sect571r1-ssl +[7-curve-sect283k1] +ssl_conf = 7-curve-sect283k1-ssl -[7-curve-sect571r1-ssl] -server = 7-curve-sect571r1-server -client = 7-curve-sect571r1-client +[7-curve-sect283k1-ssl] +server = 7-curve-sect283k1-server +client = 7-curve-sect283k1-client -[7-curve-sect571r1-server] +[7-curve-sect283k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -Curves = sect571r1 -MaxProtocol = TLSv1.2 +Curves = sect283k1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[7-curve-sect571r1-client] +[7-curve-sect283k1-client] CipherString = ECDHE -Curves = sect571r1 +Curves = sect283k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-7] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -ExpectedTmpKeyType = sect571r1 +ExpectedTmpKeyType = sect283k1 # =========================================================== -[8-curve-secp224r1] -ssl_conf = 8-curve-secp224r1-ssl +[8-curve-sect283r1] +ssl_conf = 8-curve-sect283r1-ssl -[8-curve-secp224r1-ssl] -server = 8-curve-secp224r1-server -client = 8-curve-secp224r1-client +[8-curve-sect283r1-ssl] +server = 8-curve-sect283r1-server +client = 8-curve-sect283r1-client -[8-curve-secp224r1-server] +[8-curve-sect283r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -Curves = secp224r1 -MaxProtocol = TLSv1.2 +Curves = sect283r1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[8-curve-secp224r1-client] +[8-curve-sect283r1-client] CipherString = ECDHE -Curves = secp224r1 +Curves = sect283r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-8] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -ExpectedTmpKeyType = secp224r1 +ExpectedTmpKeyType = sect283r1 # =========================================================== -[9-curve-prime256v1] -ssl_conf = 9-curve-prime256v1-ssl +[9-curve-sect409k1] +ssl_conf = 9-curve-sect409k1-ssl -[9-curve-prime256v1-ssl] -server = 9-curve-prime256v1-server -client = 9-curve-prime256v1-client +[9-curve-sect409k1-ssl] +server = 9-curve-sect409k1-server +client = 9-curve-sect409k1-client -[9-curve-prime256v1-server] +[9-curve-sect409k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -Curves = prime256v1 -MaxProtocol = TLSv1.2 +Curves = sect409k1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[9-curve-prime256v1-client] +[9-curve-sect409k1-client] CipherString = ECDHE -Curves = prime256v1 +Curves = sect409k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-9] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -ExpectedTmpKeyType = prime256v1 +ExpectedTmpKeyType = sect409k1 # =========================================================== -[10-curve-secp384r1] -ssl_conf = 10-curve-secp384r1-ssl +[10-curve-sect409r1] +ssl_conf = 10-curve-sect409r1-ssl -[10-curve-secp384r1-ssl] -server = 10-curve-secp384r1-server -client = 10-curve-secp384r1-client +[10-curve-sect409r1-ssl] +server = 10-curve-sect409r1-server +client = 10-curve-sect409r1-client -[10-curve-secp384r1-server] +[10-curve-sect409r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -Curves = secp384r1 -MaxProtocol = TLSv1.2 +Curves = sect409r1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[10-curve-secp384r1-client] +[10-curve-sect409r1-client] CipherString = ECDHE -Curves = secp384r1 +Curves = sect409r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-10] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -ExpectedTmpKeyType = secp384r1 +ExpectedTmpKeyType = sect409r1 # =========================================================== -[11-curve-secp521r1] -ssl_conf = 11-curve-secp521r1-ssl +[11-curve-sect571k1] +ssl_conf = 11-curve-sect571k1-ssl -[11-curve-secp521r1-ssl] -server = 11-curve-secp521r1-server -client = 11-curve-secp521r1-client +[11-curve-sect571k1-ssl] +server = 11-curve-sect571k1-server +client = 11-curve-sect571k1-client -[11-curve-secp521r1-server] +[11-curve-sect571k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -Curves = secp521r1 -MaxProtocol = TLSv1.2 +Curves = sect571k1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[11-curve-secp521r1-client] +[11-curve-sect571k1-client] CipherString = ECDHE -Curves = secp521r1 +Curves = sect571k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-11] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -ExpectedTmpKeyType = secp521r1 +ExpectedTmpKeyType = sect571k1 # =========================================================== -[12-curve-X25519] -ssl_conf = 12-curve-X25519-ssl +[12-curve-sect571r1] +ssl_conf = 12-curve-sect571r1-ssl -[12-curve-X25519-ssl] -server = 12-curve-X25519-server -client = 12-curve-X25519-client +[12-curve-sect571r1-ssl] +server = 12-curve-sect571r1-server +client = 12-curve-sect571r1-client -[12-curve-X25519-server] +[12-curve-sect571r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -Curves = X25519 -MaxProtocol = TLSv1.2 +Curves = sect571r1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[12-curve-X25519-client] +[12-curve-sect571r1-client] CipherString = ECDHE -Curves = X25519 +Curves = sect571r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-12] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -ExpectedTmpKeyType = X25519 +ExpectedTmpKeyType = sect571r1 # =========================================================== -[13-curve-X448] -ssl_conf = 13-curve-X448-ssl +[13-curve-secp224r1] +ssl_conf = 13-curve-secp224r1-ssl -[13-curve-X448-ssl] -server = 13-curve-X448-server -client = 13-curve-X448-client +[13-curve-secp224r1-ssl] +server = 13-curve-secp224r1-server +client = 13-curve-secp224r1-client -[13-curve-X448-server] +[13-curve-secp224r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -Curves = X448 -MaxProtocol = TLSv1.2 +Curves = secp224r1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[13-curve-X448-client] +[13-curve-secp224r1-client] CipherString = ECDHE -Curves = X448 +Curves = secp224r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-13] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -ExpectedTmpKeyType = X448 +ExpectedTmpKeyType = secp224r1 # =========================================================== @@ -437,7 +476,7 @@ client = 14-curve-sect163k1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect163k1 -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [14-curve-sect163k1-client] @@ -448,6 +487,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-14] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect163k1 @@ -465,7 +505,7 @@ client = 15-curve-sect163r2-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect163r2 -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [15-curve-sect163r2-client] @@ -476,6 +516,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-15] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect163r2 @@ -493,7 +534,7 @@ client = 16-curve-prime192v1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = prime192v1 -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [16-curve-prime192v1-client] @@ -504,6 +545,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-16] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = prime192v1 @@ -521,7 +563,7 @@ client = 17-curve-sect163r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect163r1 -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [17-curve-sect163r1-client] @@ -532,6 +574,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-17] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect163r1 @@ -549,7 +592,7 @@ client = 18-curve-sect193r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect193r1 -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [18-curve-sect193r1-client] @@ -560,6 +603,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-18] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect193r1 @@ -577,7 +621,7 @@ client = 19-curve-sect193r2-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect193r2 -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [19-curve-sect193r2-client] @@ -588,6 +632,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-19] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect193r2 @@ -605,7 +650,7 @@ client = 20-curve-sect239k1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect239k1 -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [20-curve-sect239k1-client] @@ -616,6 +661,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-20] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect239k1 @@ -633,7 +679,7 @@ client = 21-curve-secp160k1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp160k1 -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [21-curve-secp160k1-client] @@ -644,6 +690,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-21] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = secp160k1 @@ -661,7 +708,7 @@ client = 22-curve-secp160r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp160r1 -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [22-curve-secp160r1-client] @@ -672,6 +719,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-22] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = secp160r1 @@ -689,7 +737,7 @@ client = 23-curve-secp160r2-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp160r2 -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [23-curve-secp160r2-client] @@ -700,6 +748,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-23] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = secp160r2 @@ -717,7 +766,7 @@ client = 24-curve-secp192k1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp192k1 -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [24-curve-secp192k1-client] @@ -728,6 +777,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-24] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = secp192k1 @@ -745,7 +795,7 @@ client = 25-curve-secp224k1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp224k1 -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [25-curve-secp224k1-client] @@ -756,6 +806,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-25] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = secp224k1 @@ -773,7 +824,7 @@ client = 26-curve-secp256k1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp256k1 -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [26-curve-secp256k1-client] @@ -784,6 +835,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-26] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = secp256k1 @@ -801,7 +853,7 @@ client = 27-curve-brainpoolP256r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = brainpoolP256r1 -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [27-curve-brainpoolP256r1-client] @@ -812,6 +864,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-27] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = brainpoolP256r1 @@ -829,7 +882,7 @@ client = 28-curve-brainpoolP384r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = brainpoolP384r1 -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [28-curve-brainpoolP384r1-client] @@ -840,6 +893,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-28] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = brainpoolP384r1 @@ -857,7 +911,7 @@ client = 29-curve-brainpoolP512r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = brainpoolP512r1 -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [29-curve-brainpoolP512r1-client] @@ -868,7 +922,683 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-29] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = brainpoolP512r1 +# =========================================================== + +[30-curve-sect233k1-tls13] +ssl_conf = 30-curve-sect233k1-tls13-ssl + +[30-curve-sect233k1-tls13-ssl] +server = 30-curve-sect233k1-tls13-server +client = 30-curve-sect233k1-tls13-client + +[30-curve-sect233k1-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect233k1 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[30-curve-sect233k1-tls13-client] +CipherString = ECDHE +Curves = sect233k1 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-30] +ExpectedResult = ClientFail + + +# =========================================================== + +[31-curve-sect233r1-tls13] +ssl_conf = 31-curve-sect233r1-tls13-ssl + +[31-curve-sect233r1-tls13-ssl] +server = 31-curve-sect233r1-tls13-server +client = 31-curve-sect233r1-tls13-client + +[31-curve-sect233r1-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect233r1 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[31-curve-sect233r1-tls13-client] +CipherString = ECDHE +Curves = sect233r1 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-31] +ExpectedResult = ClientFail + + +# =========================================================== + +[32-curve-sect283k1-tls13] +ssl_conf = 32-curve-sect283k1-tls13-ssl + +[32-curve-sect283k1-tls13-ssl] +server = 32-curve-sect283k1-tls13-server +client = 32-curve-sect283k1-tls13-client + +[32-curve-sect283k1-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect283k1 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[32-curve-sect283k1-tls13-client] +CipherString = ECDHE +Curves = sect283k1 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-32] +ExpectedResult = ClientFail + + +# =========================================================== + +[33-curve-sect283r1-tls13] +ssl_conf = 33-curve-sect283r1-tls13-ssl + +[33-curve-sect283r1-tls13-ssl] +server = 33-curve-sect283r1-tls13-server +client = 33-curve-sect283r1-tls13-client + +[33-curve-sect283r1-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect283r1 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[33-curve-sect283r1-tls13-client] +CipherString = ECDHE +Curves = sect283r1 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-33] +ExpectedResult = ClientFail + + +# =========================================================== + +[34-curve-sect409k1-tls13] +ssl_conf = 34-curve-sect409k1-tls13-ssl + +[34-curve-sect409k1-tls13-ssl] +server = 34-curve-sect409k1-tls13-server +client = 34-curve-sect409k1-tls13-client + +[34-curve-sect409k1-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect409k1 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[34-curve-sect409k1-tls13-client] +CipherString = ECDHE +Curves = sect409k1 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-34] +ExpectedResult = ClientFail + + +# =========================================================== + +[35-curve-sect409r1-tls13] +ssl_conf = 35-curve-sect409r1-tls13-ssl + +[35-curve-sect409r1-tls13-ssl] +server = 35-curve-sect409r1-tls13-server +client = 35-curve-sect409r1-tls13-client + +[35-curve-sect409r1-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect409r1 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[35-curve-sect409r1-tls13-client] +CipherString = ECDHE +Curves = sect409r1 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-35] +ExpectedResult = ClientFail + + +# =========================================================== + +[36-curve-sect571k1-tls13] +ssl_conf = 36-curve-sect571k1-tls13-ssl + +[36-curve-sect571k1-tls13-ssl] +server = 36-curve-sect571k1-tls13-server +client = 36-curve-sect571k1-tls13-client + +[36-curve-sect571k1-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect571k1 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[36-curve-sect571k1-tls13-client] +CipherString = ECDHE +Curves = sect571k1 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-36] +ExpectedResult = ClientFail + + +# =========================================================== + +[37-curve-sect571r1-tls13] +ssl_conf = 37-curve-sect571r1-tls13-ssl + +[37-curve-sect571r1-tls13-ssl] +server = 37-curve-sect571r1-tls13-server +client = 37-curve-sect571r1-tls13-client + +[37-curve-sect571r1-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect571r1 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[37-curve-sect571r1-tls13-client] +CipherString = ECDHE +Curves = sect571r1 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-37] +ExpectedResult = ClientFail + + +# =========================================================== + +[38-curve-secp224r1-tls13] +ssl_conf = 38-curve-secp224r1-tls13-ssl + +[38-curve-secp224r1-tls13-ssl] +server = 38-curve-secp224r1-tls13-server +client = 38-curve-secp224r1-tls13-client + +[38-curve-secp224r1-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp224r1 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[38-curve-secp224r1-tls13-client] +CipherString = ECDHE +Curves = secp224r1 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-38] +ExpectedResult = ClientFail + + +# =========================================================== + +[39-curve-sect163k1-tls13] +ssl_conf = 39-curve-sect163k1-tls13-ssl + +[39-curve-sect163k1-tls13-ssl] +server = 39-curve-sect163k1-tls13-server +client = 39-curve-sect163k1-tls13-client + +[39-curve-sect163k1-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect163k1 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[39-curve-sect163k1-tls13-client] +CipherString = ECDHE +Curves = sect163k1 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-39] +ExpectedResult = ClientFail + |