diff options
author | Matt Caswell <matt@openssl.org> | 2022-09-30 16:59:05 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2022-10-19 10:22:11 +0200 |
commit | c861c3ee142ac00d5facd112fd8891e87c50bc7b (patch) | |
tree | 9eb1920012a53cb4c363ae529e53a5b6bdd9b3e5 /test | |
parent | 78d00e05a537495287b979bcad79365d5d9607d4 (diff) |
Add a test for TLSv1.3 only client sending a correct key_share
Make sure that a TLSv1.3 only client does not send a TLSv1.3 key_share.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19404)
Diffstat (limited to 'test')
-rw-r--r-- | test/ssl-tests/14-curves.cnf | 1227 | ||||
-rw-r--r-- | test/ssl-tests/14-curves.cnf.in | 24 |
2 files changed, 1025 insertions, 226 deletions
diff --git a/test/ssl-tests/14-curves.cnf b/test/ssl-tests/14-curves.cnf index 824a9f9a0e..bafa4a65cd 100644 --- a/test/ssl-tests/14-curves.cnf +++ b/test/ssl-tests/14-curves.cnf @@ -1,6 +1,6 @@ # Generated with generate_ssl_tests.pl -num_tests = 55 +num_tests = 80 test-0 = 0-curve-prime256v1 test-1 = 1-curve-secp384r1 @@ -32,31 +32,56 @@ test-26 = 26-curve-secp256k1 test-27 = 27-curve-brainpoolP256r1 test-28 = 28-curve-brainpoolP384r1 test-29 = 29-curve-brainpoolP512r1 -test-30 = 30-curve-sect233k1-tls13 -test-31 = 31-curve-sect233r1-tls13 -test-32 = 32-curve-sect283k1-tls13 -test-33 = 33-curve-sect283r1-tls13 -test-34 = 34-curve-sect409k1-tls13 -test-35 = 35-curve-sect409r1-tls13 -test-36 = 36-curve-sect571k1-tls13 -test-37 = 37-curve-sect571r1-tls13 -test-38 = 38-curve-secp224r1-tls13 -test-39 = 39-curve-sect163k1-tls13 -test-40 = 40-curve-sect163r2-tls13 -test-41 = 41-curve-prime192v1-tls13 -test-42 = 42-curve-sect163r1-tls13 -test-43 = 43-curve-sect193r1-tls13 -test-44 = 44-curve-sect193r2-tls13 -test-45 = 45-curve-sect239k1-tls13 -test-46 = 46-curve-secp160k1-tls13 -test-47 = 47-curve-secp160r1-tls13 -test-48 = 48-curve-secp160r2-tls13 -test-49 = 49-curve-secp192k1-tls13 -test-50 = 50-curve-secp224k1-tls13 -test-51 = 51-curve-secp256k1-tls13 -test-52 = 52-curve-brainpoolP256r1-tls13 -test-53 = 53-curve-brainpoolP384r1-tls13 -test-54 = 54-curve-brainpoolP512r1-tls13 +test-30 = 30-curve-sect233k1-tls12-in-tls13 +test-31 = 31-curve-sect233r1-tls12-in-tls13 +test-32 = 32-curve-sect283k1-tls12-in-tls13 +test-33 = 33-curve-sect283r1-tls12-in-tls13 +test-34 = 34-curve-sect409k1-tls12-in-tls13 +test-35 = 35-curve-sect409r1-tls12-in-tls13 +test-36 = 36-curve-sect571k1-tls12-in-tls13 +test-37 = 37-curve-sect571r1-tls12-in-tls13 +test-38 = 38-curve-secp224r1-tls12-in-tls13 +test-39 = 39-curve-sect163k1-tls12-in-tls13 +test-40 = 40-curve-sect163r2-tls12-in-tls13 +test-41 = 41-curve-prime192v1-tls12-in-tls13 +test-42 = 42-curve-sect163r1-tls12-in-tls13 +test-43 = 43-curve-sect193r1-tls12-in-tls13 +test-44 = 44-curve-sect193r2-tls12-in-tls13 +test-45 = 45-curve-sect239k1-tls12-in-tls13 +test-46 = 46-curve-secp160k1-tls12-in-tls13 +test-47 = 47-curve-secp160r1-tls12-in-tls13 +test-48 = 48-curve-secp160r2-tls12-in-tls13 +test-49 = 49-curve-secp192k1-tls12-in-tls13 +test-50 = 50-curve-secp224k1-tls12-in-tls13 +test-51 = 51-curve-secp256k1-tls12-in-tls13 +test-52 = 52-curve-brainpoolP256r1-tls12-in-tls13 +test-53 = 53-curve-brainpoolP384r1-tls12-in-tls13 +test-54 = 54-curve-brainpoolP512r1-tls12-in-tls13 +test-55 = 55-curve-sect233k1-tls13 +test-56 = 56-curve-sect233r1-tls13 +test-57 = 57-curve-sect283k1-tls13 +test-58 = 58-curve-sect283r1-tls13 +test-59 = 59-curve-sect409k1-tls13 +test-60 = 60-curve-sect409r1-tls13 +test-61 = 61-curve-sect571k1-tls13 +test-62 = 62-curve-sect571r1-tls13 +test-63 = 63-curve-secp224r1-tls13 +test-64 = 64-curve-sect163k1-tls13 +test-65 = 65-curve-sect163r2-tls13 +test-66 = 66-curve-prime192v1-tls13 +test-67 = 67-curve-sect163r1-tls13 +test-68 = 68-curve-sect193r1-tls13 +test-69 = 69-curve-sect193r2-tls13 +test-70 = 70-curve-sect239k1-tls13 +test-71 = 71-curve-secp160k1-tls13 +test-72 = 72-curve-secp160r1-tls13 +test-73 = 73-curve-secp160r2-tls13 +test-74 = 74-curve-secp192k1-tls13 +test-75 = 75-curve-secp224k1-tls13 +test-76 = 76-curve-secp256k1-tls13 +test-77 = 77-curve-brainpoolP256r1-tls13 +test-78 = 78-curve-brainpoolP384r1-tls13 +test-79 = 79-curve-brainpoolP512r1-tls13 # =========================================================== [0-curve-prime256v1] @@ -929,676 +954,1426 @@ ExpectedTmpKeyType = brainpoolP512r1 # =========================================================== -[30-curve-sect233k1-tls13] -ssl_conf = 30-curve-sect233k1-tls13-ssl +[30-curve-sect233k1-tls12-in-tls13] +ssl_conf = 30-curve-sect233k1-tls12-in-tls13-ssl -[30-curve-sect233k1-tls13-ssl] -server = 30-curve-sect233k1-tls13-server -client = 30-curve-sect233k1-tls13-client +[30-curve-sect233k1-tls12-in-tls13-ssl] +server = 30-curve-sect233k1-tls12-in-tls13-server +client = 30-curve-sect233k1-tls12-in-tls13-client -[30-curve-sect233k1-tls13-server] +[30-curve-sect233k1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = sect233k1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[30-curve-sect233k1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = sect233k1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-30] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[31-curve-sect233r1-tls12-in-tls13] +ssl_conf = 31-curve-sect233r1-tls12-in-tls13-ssl + +[31-curve-sect233r1-tls12-in-tls13-ssl] +server = 31-curve-sect233r1-tls12-in-tls13-server +client = 31-curve-sect233r1-tls12-in-tls13-client + +[31-curve-sect233r1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = sect233r1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[31-curve-sect233r1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = sect233r1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-31] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[32-curve-sect283k1-tls12-in-tls13] +ssl_conf = 32-curve-sect283k1-tls12-in-tls13-ssl + +[32-curve-sect283k1-tls12-in-tls13-ssl] +server = 32-curve-sect283k1-tls12-in-tls13-server +client = 32-curve-sect283k1-tls12-in-tls13-client + +[32-curve-sect283k1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = sect283k1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[32-curve-sect283k1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = sect283k1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-32] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[33-curve-sect283r1-tls12-in-tls13] +ssl_conf = 33-curve-sect283r1-tls12-in-tls13-ssl + +[33-curve-sect283r1-tls12-in-tls13-ssl] +server = 33-curve-sect283r1-tls12-in-tls13-server +client = 33-curve-sect283r1-tls12-in-tls13-client + +[33-curve-sect283r1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = sect283r1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[33-curve-sect283r1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = sect283r1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-33] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[34-curve-sect409k1-tls12-in-tls13] +ssl_conf = 34-curve-sect409k1-tls12-in-tls13-ssl + +[34-curve-sect409k1-tls12-in-tls13-ssl] +server = 34-curve-sect409k1-tls12-in-tls13-server +client = 34-curve-sect409k1-tls12-in-tls13-client + +[34-curve-sect409k1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = sect409k1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[34-curve-sect409k1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = sect409k1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-34] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[35-curve-sect409r1-tls12-in-tls13] +ssl_conf = 35-curve-sect409r1-tls12-in-tls13-ssl + +[35-curve-sect409r1-tls12-in-tls13-ssl] +server = 35-curve-sect409r1-tls12-in-tls13-server +client = 35-curve-sect409r1-tls12-in-tls13-client + +[35-curve-sect409r1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = sect409r1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[35-curve-sect409r1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = sect409r1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-35] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[36-curve-sect571k1-tls12-in-tls13] +ssl_conf = 36-curve-sect571k1-tls12-in-tls13-ssl + +[36-curve-sect571k1-tls12-in-tls13-ssl] +server = 36-curve-sect571k1-tls12-in-tls13-server +client = 36-curve-sect571k1-tls12-in-tls13-client + +[36-curve-sect571k1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = sect571k1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[36-curve-sect571k1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = sect571k1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-36] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[37-curve-sect571r1-tls12-in-tls13] +ssl_conf = 37-curve-sect571r1-tls12-in-tls13-ssl + +[37-curve-sect571r1-tls12-in-tls13-ssl] +server = 37-curve-sect571r1-tls12-in-tls13-server +client = 37-curve-sect571r1-tls12-in-tls13-client + +[37-curve-sect571r1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = sect571r1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[37-curve-sect571r1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = sect571r1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-37] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[38-curve-secp224r1-tls12-in-tls13] +ssl_conf = 38-curve-secp224r1-tls12-in-tls13-ssl + +[38-curve-secp224r1-tls12-in-tls13-ssl] +server = 38-curve-secp224r1-tls12-in-tls13-server +client = 38-curve-secp224r1-tls12-in-tls13-client + +[38-curve-secp224r1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = secp224r1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[38-curve-secp224r1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = secp224r1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-38] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[39-curve-sect163k1-tls12-in-tls13] +ssl_conf = 39-curve-sect163k1-tls12-in-tls13-ssl + +[39-curve-sect163k1-tls12-in-tls13-ssl] +server = 39-curve-sect163k1-tls12-in-tls13-server +client = 39-curve-sect163k1-tls12-in-tls13-client + +[39-curve-sect163k1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = sect163k1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[39-curve-sect163k1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = sect163k1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-39] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[40-curve-sect163r2-tls12-in-tls13] +ssl_conf = 40-curve-sect163r2-tls12-in-tls13-ssl + +[40-curve-sect163r2-tls12-in-tls13-ssl] +server = 40-curve-sect163r2-tls12-in-tls13-server +client = 40-curve-sect163r2-tls12-in-tls13-client + +[40-curve-sect163r2-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = sect163r2:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[40-curve-sect163r2-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = sect163r2:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-40] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[41-curve-prime192v1-tls12-in-tls13] +ssl_conf = 41-curve-prime192v1-tls12-in-tls13-ssl + +[41-curve-prime192v1-tls12-in-tls13-ssl] +server = 41-curve-prime192v1-tls12-in-tls13-server +client = 41-curve-prime192v1-tls12-in-tls13-client + +[41-curve-prime192v1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = prime192v1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[41-curve-prime192v1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = prime192v1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-41] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[42-curve-sect163r1-tls12-in-tls13] +ssl_conf = 42-curve-sect163r1-tls12-in-tls13-ssl + +[42-curve-sect163r1-tls12-in-tls13-ssl] +server = 42-curve-sect163r1-tls12-in-tls13-server +client = 42-curve-sect163r1-tls12-in-tls13-client + +[42-curve-sect163r1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = sect163r1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[42-curve-sect163r1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = sect163r1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-42] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[43-curve-sect193r1-tls12-in-tls13] +ssl_conf = 43-curve-sect193r1-tls12-in-tls13-ssl + +[43-curve-sect193r1-tls12-in-tls13-ssl] +server = 43-curve-sect193r1-tls12-in-tls13-server +client = 43-curve-sect193r1-tls12-in-tls13-client + +[43-curve-sect193r1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = sect193r1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[43-curve-sect193r1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = sect193r1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-43] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[44-curve-sect193r2-tls12-in-tls13] +ssl_conf = 44-curve-sect193r2-tls12-in-tls13-ssl + +[44-curve-sect193r2-tls12-in-tls13-ssl] +server = 44-curve-sect193r2-tls12-in-tls13-server +client = 44-curve-sect193r2-tls12-in-tls13-client + +[44-curve-sect193r2-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = sect193r2:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[44-curve-sect193r2-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = sect193r2:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-44] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[45-curve-sect239k1-tls12-in-tls13] +ssl_conf = 45-curve-sect239k1-tls12-in-tls13-ssl + +[45-curve-sect239k1-tls12-in-tls13-ssl] +server = 45-curve-sect239k1-tls12-in-tls13-server +client = 45-curve-sect239k1-tls12-in-tls13-client + +[45-curve-sect239k1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = sect239k1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[45-curve-sect239k1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = sect239k1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-45] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[46-curve-secp160k1-tls12-in-tls13] +ssl_conf = 46-curve-secp160k1-tls12-in-tls13-ssl + +[46-curve-secp160k1-tls12-in-tls13-ssl] +server = 46-curve-secp160k1-tls12-in-tls13-server +client = 46-curve-secp160k1-tls12-in-tls13-client + +[46-curve-secp160k1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = secp160k1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[46-curve-secp160k1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = secp160k1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-46] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[47-curve-secp160r1-tls12-in-tls13] +ssl_conf = 47-curve-secp160r1-tls12-in-tls13-ssl + +[47-curve-secp160r1-tls12-in-tls13-ssl] +server = 47-curve-secp160r1-tls12-in-tls13-server +client = 47-curve-secp160r1-tls12-in-tls13-client + +[47-curve-secp160r1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = secp160r1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[47-curve-secp160r1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = secp160r1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-47] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[48-curve-secp160r2-tls12-in-tls13] +ssl_conf = 48-curve-secp160r2-tls12-in-tls13-ssl + +[48-curve-secp160r2-tls12-in-tls13-ssl] +server = 48-curve-secp160r2-tls12-in-tls13-server +client = 48-curve-secp160r2-tls12-in-tls13-client + +[48-curve-secp160r2-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = secp160r2:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[48-curve-secp160r2-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = secp160r2:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-48] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[49-curve-secp192k1-tls12-in-tls13] +ssl_conf = 49-curve-secp192k1-tls12-in-tls13-ssl + +[49-curve-secp192k1-tls12-in-tls13-ssl] +server = 49-curve-secp192k1-tls12-in-tls13-server +client = 49-curve-secp192k1-tls12-in-tls13-client + +[49-curve-secp192k1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = secp192k1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[49-curve-secp192k1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = secp192k1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-49] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[50-curve-secp224k1-tls12-in-tls13] +ssl_conf = 50-curve-secp224k1-tls12-in-tls13-ssl + +[50-curve-secp224k1-tls12-in-tls13-ssl] +server = 50-curve-secp224k1-tls12-in-tls13-server +client = 50-curve-secp224k1-tls12-in-tls13-client + +[50-curve-secp224k1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = secp224k1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[50-curve-secp224k1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = secp224k1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-50] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[51-curve-secp256k1-tls12-in-tls13] +ssl_conf = 51-curve-secp256k1-tls12-in-tls13-ssl + +[51-curve-secp256k1-tls12-in-tls13-ssl] +server = 51-curve-secp256k1-tls12-in-tls13-server +client = 51-curve-secp256k1-tls12-in-tls13-client + +[51-curve-secp256k1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = secp256k1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[51-curve-secp256k1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = secp256k1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-51] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[52-curve-brainpoolP256r1-tls12-in-tls13] +ssl_conf = 52-curve-brainpoolP256r1-tls12-in-tls13-ssl + +[52-curve-brainpoolP256r1-tls12-in-tls13-ssl] +server = 52-curve-brainpoolP256r1-tls12-in-tls13-server +client = 52-curve-brainpoolP256r1-tls12-in-tls13-client + +[52-curve-brainpoolP256r1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = brainpoolP256r1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[52-curve-brainpoolP256r1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = brainpoolP256r1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-52] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[53-curve-brainpoolP384r1-tls12-in-tls13] +ssl_conf = 53-curve-brainpoolP384r1-tls12-in-tls13-ssl + +[53-curve-brainpoolP384r1-tls12-in-tls13-ssl] +server = 53-curve-brainpoolP384r1-tls12-in-tls13-server +client = 53-curve-brainpoolP384r1-tls12-in-tls13-client + +[53-curve-brainpoolP384r1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = brainpoolP384r1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[53-curve-brainpoolP384r1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = brainpoolP384r1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-53] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[54-curve-brainpoolP512r1-tls12-in-tls13] +ssl_conf = 54-curve-brainpoolP512r1-tls12-in-tls13-ssl + +[54-curve-brainpoolP512r1-tls12-in-tls13-ssl] +server = 54-curve-brainpoolP512r1-tls12-in-tls13-server +client = 54-curve-brainpoolP512r1-tls12-in-tls13-client + +[54-curve-brainpoolP512r1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = brainpoolP512r1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[54-curve-brainpoolP512r1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = brainpoolP512r1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-54] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[55-curve-sect233k1-tls13] +ssl_conf = 55-curve-sect233k1-tls13-ssl + +[55-curve-sect233k1-tls13-ssl] +server = 55-curve-sect233k1-tls13-server +client = 55-curve-sect233k1-tls13-client + +[55-curve-sect233k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect233k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[30-curve-sect233k1-tls13-client] +[55-curve-sect233k1-tls13-client] CipherString = ECDHE Curves = sect233k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-30] +[test-55] ExpectedResult = ClientFail # =========================================================== -[31-curve-sect233r1-tls13] -ssl_conf = 31-curve-sect233r1-tls13-ssl +[56-curve-sect233r1-tls13] +ssl_conf = 56-curve-sect233r1-tls13-ssl -[31-curve-sect233r1-tls13-ssl] -server = 31-curve-sect233r1-tls13-server -client = 31-curve-sect233r1-tls13-client +[56-curve-sect233r1-tls13-ssl] +server = 56-curve-sect233r1-tls13-server +client = 56-curve-sect233r1-tls13-client -[31-curve-sect233r1-tls13-server] +[56-curve-sect233r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect233r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[31-curve-sect233r1-tls13-client] +[56-curve-sect233r1-tls13-client] CipherString = ECDHE Curves = sect233r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-31] +[test-56] ExpectedResult = ClientFail # =========================================================== -[32-curve-sect283k1-tls13] -ssl_conf = 32-curve-sect283k1-tls13-ssl +[57-curve-sect283k1-tls13] +ssl_conf = 57-curve-sect283k1-tls13-ssl -[32-curve-sect283k1-tls13-ssl] -server = 32-curve-sect283k1-tls13-server -client = 32-curve-sect283k1-tls13-client +[57-curve-sect283k1-tls13-ssl] +server = 57-curve-sect283k1-tls13-server +client = 57-curve-sect283k1-tls13-client -[32-curve-sect283k1-tls13-server] +[57-curve-sect283k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect283k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[32-curve-sect283k1-tls13-client] +[57-curve-sect283k1-tls13-client] CipherString = ECDHE Curves = sect283k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-32] +[test-57] ExpectedResult = ClientFail # =========================================================== -[33-curve-sect283r1-tls13] -ssl_conf = 33-curve-sect283r1-tls13-ssl +[58-curve-sect283r1-tls13] +ssl_conf = 58-curve-sect283r1-tls13-ssl -[33-curve-sect283r1-tls13-ssl] -server = 33-curve-sect283r1-tls13-server -client = 33-curve-sect283r1-tls13-client +[58-curve-sect283r1-tls13-ssl] +server = 58-curve-sect283r1-tls13-server +client = 58-curve-sect283r1-tls13-client -[33-curve-sect283r1-tls13-server] +[58-curve-sect283r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect283r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[33-curve-sect283r1-tls13-client] +[58-curve-sect283r1-tls13-client] CipherString = ECDHE Curves = sect283r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-33] +[test-58] ExpectedResult = ClientFail # =========================================================== -[34-curve-sect409k1-tls13] -ssl_conf = 34-curve-sect409k1-tls13-ssl +[59-curve-sect409k1-tls13] +ssl_conf = 59-curve-sect409k1-tls13-ssl -[34-curve-sect409k1-tls13-ssl] -server = 34-curve-sect409k1-tls13-server -client = 34-curve-sect409k1-tls13-client +[59-curve-sect409k1-tls13-ssl] +server = 59-curve-sect409k1-tls13-server +client = 59-curve-sect409k1-tls13-client -[34-curve-sect409k1-tls13-server] +[59-curve-sect409k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect409k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[34-curve-sect409k1-tls13-client] +[59-curve-sect409k1-tls13-client] CipherString = ECDHE Curves = sect409k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-34] +[test-59] ExpectedResult = ClientFail # =========================================================== -[35-curve-sect409r1-tls13] -ssl_conf = 35-curve-sect409r1-tls13-ssl +[60-curve-sect409r1-tls13] +ssl_conf = 60-curve-sect409r1-tls13-ssl -[35-curve-sect409r1-tls13-ssl] -server = 35-curve-sect409r1-tls13-server -client = 35-curve-sect409r1-tls13-client +[60-curve-sect409r1-tls13-ssl] +server = 60-curve-sect409r1-tls13-server +client = 60-curve-sect409r1-tls13-client -[35-curve-sect409r1-tls13-server] +[60-curve-sect409r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect409r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[35-curve-sect409r1-tls13-client] +[60-curve-sect409r1-tls13-client] CipherString = ECDHE Curves = sect409r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-35] +[test-60] ExpectedResult = ClientFail # =========================================================== -[36-curve-sect571k1-tls13] -ssl_conf = 36-curve-sect571k1-tls13-ssl +[61-curve-sect571k1-tls13] +ssl_conf = 61-curve-sect571k1-tls13-ssl -[36-curve-sect571k1-tls13-ssl] -server = 36-curve-sect571k1-tls13-server -client = 36-curve-sect571k1-tls13-client +[61-curve-sect571k1-tls13-ssl] +server = 61-curve-sect571k1-tls13-server +client = 61-curve-sect571k1-tls13-client -[36-curve-sect571k1-tls13-server] +[61-curve-sect571k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect571k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[36-curve-sect571k1-tls13-client] +[61-curve-sect571k1-tls13-client] CipherString = ECDHE Curves = sect571k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-36] +[test-61] ExpectedResult = ClientFail # =========================================================== -[37-curve-sect571r1-tls13] -ssl_conf = 37-curve-sect571r1-tls13-ssl +[62-curve-sect571r1-tls13] +ssl_conf = 62-curve-sect571r1-tls13-ssl -[37-curve-sect571r1-tls13-ssl] -server = 37-curve-sect571r1-tls13-server -client = 37-curve-sect571r1-tls13-client +[62-curve-sect571r1-tls13-ssl] +server = 62-curve-sect571r1-tls13-server +client = 62-curve-sect571r1-tls13-client -[37-curve-sect571r1-tls13-server] +[62-curve-sect571r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect571r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem < |