diff options
| -rw-r--r-- | ssl/statem/statem_srvr.c | 16 | ||||
| -rw-r--r-- | ssl/t1_lib.c | 3 | ||||
| -rw-r--r-- | test/README.ssltest.md | 14 | ||||
| -rw-r--r-- | test/generate_ssl_tests.pl | 6 | ||||
| -rw-r--r-- | test/handshake_helper.c | 50 | ||||
| -rw-r--r-- | test/handshake_helper.h | 9 | ||||
| -rw-r--r-- | test/recipes/80-test_ssl_new.t | 2 | ||||
| -rw-r--r-- | test/ssl-tests/01-simple.conf | 14 | ||||
| -rw-r--r-- | test/ssl-tests/02-protocol-version.conf | 3059 | ||||
| -rw-r--r-- | test/ssl-tests/03-custom_verify.conf | 63 | ||||
| -rw-r--r-- | test/ssl-tests/04-client_auth.conf | 179 | ||||
| -rw-r--r-- | test/ssl-tests/05-sni.conf | 38 | ||||
| -rw-r--r-- | test/ssl-tests/05-sni.conf.in | 25 | ||||
| -rw-r--r-- | test/ssl-tests/06-sni-ticket.conf | 650 | ||||
| -rw-r--r-- | test/ssl-tests/06-sni-ticket.conf.in | 83 | ||||
| -rw-r--r-- | test/ssl_test.c | 70 | ||||
| -rw-r--r-- | test/ssl_test.tmpl | 8 | ||||
| -rw-r--r-- | test/ssl_test_ctx.c | 58 | ||||
| -rw-r--r-- | test/ssl_test_ctx.h | 17 | ||||
| -rw-r--r-- | test/ssl_test_ctx_test.c | 18 | ||||
| -rw-r--r-- | test/ssl_test_ctx_test.conf | 8 |
21 files changed, 4380 insertions, 10 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 71dd27f7bc..f4fe2b9f40 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2950,7 +2950,21 @@ int tls_construct_new_session_ticket(SSL *s) * all the work otherwise use generated values from parent ctx. */ if (tctx->tlsext_ticket_key_cb) { - if (tctx->tlsext_ticket_key_cb(s, key_name, iv, ctx, hctx, 1) < 0) + /* if 0 is returned, write an empty ticket */ + int ret = tctx->tlsext_ticket_key_cb(s, key_name, iv, ctx, + hctx, 1); + + if (ret == 0) { + l2n(0, p); /* timeout */ + s2n(0, p); /* length */ + if (!ssl_set_handshake_header(s, SSL3_MT_NEWSESSION_TICKET, p - ssl_handshake_start(s))) + goto err; + OPENSSL_free(senc); + EVP_CIPHER_CTX_free(ctx); + HMAC_CTX_free(hctx); + return 1; + } + if (ret < 0) goto err; iv_len = EVP_CIPHER_CTX_iv_length(ctx); } else { diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 8f16668e9d..20d67876a0 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1502,6 +1502,9 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, return NULL; s2n(TLSEXT_TYPE_session_ticket, ret); s2n(0, ret); + } else { + /* if we don't add the above TLSEXT, we can't add a session ticket later */ + s->tlsext_ticket_expected = 0; } if (s->tlsext_status_expected) { diff --git a/test/README.ssltest.md b/test/README.ssltest.md index 2957d85d99..9cbfbc4f3b 100644 --- a/test/README.ssltest.md +++ b/test/README.ssltest.md @@ -64,6 +64,16 @@ The test section supports the following options: - AcceptAll - accepts all certificates. - RejectAll - rejects all certificates. +* ServerName - the server the client is expected to successfully connect to + - server1 - the initial context (default) + - server2 - the secondary context + +* SessionTicketExpected - whether or not a session ticket is expected + - Ignore - do not check for a session ticket (default) + - Yes - a session ticket is expected + - No - a session ticket is not expected + - Broken - a special test case where the session ticket callback does not initialize crypto + ## Configuring the client and server The client and server configurations can be any valid `SSL_CTX` @@ -78,6 +88,10 @@ server => { } ``` +A server2 section may optionally be defined to configure a secondary +context that is selected via the ServerName test option. If the server2 +section is not configured, then the configuration matches server. + ### Default server and client configurations The default server certificate and CA files are added to the configurations diff --git a/test/generate_ssl_tests.pl b/test/generate_ssl_tests.pl index ac584fd92d..db8fc74d44 100644 --- a/test/generate_ssl_tests.pl +++ b/test/generate_ssl_tests.pl @@ -43,6 +43,12 @@ sub print_templates { # Add the implicit base configuration. foreach my $test (@ssltests::tests) { $test->{"server"} = { (%ssltests::base_server, %{$test->{"server"}}) }; + # use server values if server2 is not defined + if (defined $test->{"server2"}) { + $test->{"server2"} = { (%ssltests::base_server, %{$test->{"server2"}}) }; + } else { + $test->{"server2"} = { (%ssltests::base_server, %{$test->{"server"}}) }; + } $test->{"client"} = { (%ssltests::base_client, %{$test->{"client"}}) }; } diff --git a/test/handshake_helper.c b/test/handshake_helper.c index 8f1359eb0b..f7ab841f57 100644 --- a/test/handshake_helper.c +++ b/test/handshake_helper.c @@ -23,6 +23,7 @@ typedef struct handshake_ex_data { int alert_sent; int alert_received; + int session_ticket_do_not_call; } HANDSHAKE_EX_DATA; static int ex_data_idx; @@ -49,12 +50,27 @@ static int verify_accept_callback(X509_STORE_CTX *ctx, void *arg) { return 1; } +static int broken_session_ticket_callback(SSL* s, unsigned char* key_name, unsigned char *iv, + EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc) +{ + return 0; +} + +int do_not_call_session_ticket_callback(SSL* s, unsigned char* key_name, unsigned char *iv, + EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc) +{ + HANDSHAKE_EX_DATA *ex_data = + (HANDSHAKE_EX_DATA*)(SSL_get_ex_data(s, ex_data_idx)); + ex_data->session_ticket_do_not_call = 1; + return 0; +} + /* * Configure callbacks and other properties that can't be set directly * in the server/client CONF. */ -static void configure_handshake(SSL_CTX *server_ctx, SSL_CTX *client_ctx, - const SSL_TEST_CTX *test_ctx) +static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *client_ctx, + const SSL_TEST_CTX *test_ctx) { switch (test_ctx->client_verify_callback) { case SSL_TEST_VERIFY_ACCEPT_ALL: @@ -68,6 +84,19 @@ static void configure_handshake(SSL_CTX *server_ctx, SSL_CTX *client_ctx, default: break; } + if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_BROKEN) { + SSL_CTX_set_tlsext_ticket_key_cb(server_ctx, broken_session_ticket_callback); + } +} + +/* + * Configure callbacks and other properties that can't be set directly + * in the server/client CONF. + */ +static void configure_handshake_ssl(SSL *server, SSL *client, + const SSL_TEST_CTX *test_ctx) +{ + SSL_set_tlsext_host_name(client, ssl_servername_name(test_ctx->servername)); } @@ -180,13 +209,18 @@ HANDSHAKE_RESULT do_handshake(SSL_CTX *server_ctx, SSL_CTX *client_ctx, int client_turn = 1; peer_status_t client_status = PEER_RETRY, server_status = PEER_RETRY; handshake_status_t status = HANDSHAKE_RETRY; + unsigned char* tick = NULL; + size_t len = 0; + SSL_SESSION* sess = NULL; - configure_handshake(server_ctx, client_ctx, test_ctx); + configure_handshake_ctx(server_ctx, client_ctx, test_ctx); server = SSL_new(server_ctx); client = SSL_new(client_ctx); OPENSSL_assert(server != NULL && client != NULL); + configure_handshake_ssl(server, client, test_ctx); + memset(&server_ex_data, 0, sizeof(server_ex_data)); memset(&client_ex_data, 0, sizeof(client_ex_data)); memset(&ret, 0, sizeof(ret)); @@ -266,6 +300,16 @@ HANDSHAKE_RESULT do_handshake(SSL_CTX *server_ctx, SSL_CTX *client_ctx, ret.client_alert_received = server_ex_data.alert_received; ret.server_protocol = SSL_version(server); ret.client_protocol = SSL_version(client); + ret.servername = ((SSL_get_SSL_CTX(server) == server_ctx) + ? SSL_TEST_SERVERNAME_SERVER1 + : SSL_TEST_SERVERNAME_SERVER2); + if ((sess = SSL_get0_session(client)) != NULL) + SSL_SESSION_get0_ticket(sess, &tick, &len); + if (tick == NULL || len == 0) + ret.session_ticket = SSL_TEST_SESSION_TICKET_NO; + else + ret.session_ticket = SSL_TEST_SESSION_TICKET_YES; + ret.session_ticket_do_not_call = server_ex_data.session_ticket_do_not_call; SSL_free(server); SSL_free(client); diff --git a/test/handshake_helper.h b/test/handshake_helper.h index 7f7484ab4a..d04655a9ed 100644 --- a/test/handshake_helper.h +++ b/test/handshake_helper.h @@ -26,10 +26,19 @@ typedef struct handshake_result { /* Negotiated protocol. On success, these should always match. */ int server_protocol; int client_protocol; + /* Server connection */ + int servername; + /* Session ticket status */ + int session_ticket; + /* Was this called on the second context? */ + int session_ticket_do_not_call; } HANDSHAKE_RESULT; /* Do a handshake and report some information about the result. */ HANDSHAKE_RESULT do_handshake(SSL_CTX *server_ctx, SSL_CTX *client_ctx, const SSL_TEST_CTX *test_ctx); +int do_not_call_session_ticket_callback(SSL* s, unsigned char* key_name, unsigned char *iv, + EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc); + #endif /* HEADER_HANDSHAKE_HELPER_H */ diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t index d432d1a5e8..b7ab408d14 100644 --- a/test/recipes/80-test_ssl_new.t +++ b/test/recipes/80-test_ssl_new.t @@ -42,7 +42,7 @@ foreach my $conf (@conf_files) { # We hard-code the number of tests to double-check that the globbing above # finds all files as expected. -plan tests => 4; # = scalar @conf_srcs +plan tests => 6; # = scalar @conf_srcs sub test_conf { plan tests => 3; diff --git a/test/ssl-tests/01-simple.conf b/test/ssl-tests/01-simple.conf index 8c8067dae2..29ac3e4ece 100644 --- a/test/ssl-tests/01-simple.conf +++ b/test/ssl-tests/01-simple.conf @@ -11,6 +11,7 @@ ssl_conf = 0-default-ssl [0-default-ssl] server = 0-default-server +server2 = 0-default-server2 client = 0-default-client [0-default-server] @@ -19,6 +20,12 @@ CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[0-default-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [0-default-client] CipherString = DEFAULT VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -36,6 +43,7 @@ ssl_conf = 1-verify-cert-ssl [1-verify-cert-ssl] server = 1-verify-cert-server +server2 = 1-verify-cert-server2 client = 1-verify-cert-client [1-verify-cert-server] @@ -44,6 +52,12 @@ CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[1-verify-cert-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [1-verify-cert-client] CipherString = DEFAULT VerifyMode = Peer diff --git a/test/ssl-tests/02-protocol-version.conf b/test/ssl-tests/02-protocol-version.conf index dc46bfad3f..3c103dfc5d 100644 --- a/test/ssl-tests/02-protocol-version.conf +++ b/test/ssl-tests/02-protocol-version.conf @@ -370,6 +370,7 @@ ssl_conf = 0-version-negotiation-ssl [0-version-negotiation-ssl] server = 0-version-negotiation-server +server2 = 0-version-negotiation-server2 client = 0-version-negotiation-client [0-version-negotiation-server] @@ -379,6 +380,13 @@ MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[0-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [0-version-negotiation-client] CipherString = DEFAULT MaxProtocol = SSLv3 @@ -397,6 +405,7 @@ ssl_conf = 1-version-negotiation-ssl [1-version-negotiation-ssl] server = 1-version-negotiation-server +server2 = 1-version-negotiation-server2 client = 1-version-negotiation-client [1-version-negotiation-server] @@ -406,6 +415,13 @@ MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[1-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [1-version-negotiation-client] CipherString = DEFAULT MaxProtocol = SSLv3 @@ -424,6 +440,7 @@ ssl_conf = 2-version-negotiation-ssl [2-version-negotiation-ssl] server = 2-version-negotiation-server +server2 = 2-version-negotiation-server2 client = 2-version-negotiation-client [2-version-negotiation-server] @@ -433,6 +450,13 @@ MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[2-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [2-version-negotiation-client] CipherString = DEFAULT MaxProtocol = SSLv3 @@ -451,6 +475,7 @@ ssl_conf = 3-version-negotiation-ssl [3-version-negotiation-ssl] server = 3-version-negotiation-server +server2 = 3-version-negotiation-server2 client = 3-version-negotiation-client [3-version-negotiation-server] @@ -460,6 +485,13 @@ MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[3-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [3-version-negotiation-client] CipherString = DEFAULT MaxProtocol = SSLv3 @@ -478,6 +510,7 @@ ssl_conf = 4-version-negotiation-ssl [4-version-negotiation-ssl] server = 4-version-negotiation-server +server2 = 4-version-negotiation-server2 client = 4-version-negotiation-client [4-version-negotiation-server] @@ -486,6 +519,12 @@ CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[4-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [4-version-negotiation-client] CipherString = DEFAULT MaxProtocol = SSLv3 @@ -504,6 +543,7 @@ ssl_conf = 5-version-negotiation-ssl [5-version-negotiation-ssl] server = 5-version-negotiation-server +server2 = 5-version-negotiation-server2 client = 5-version-negotiation-client [5-version-negotiation-server] @@ -514,6 +554,14 @@ MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[5-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [5-version-negotiation-client] CipherString = DEFAULT MaxProtocol = SSLv3 @@ -532,6 +580,7 @@ ssl_conf = 6-version-negotiation-ssl [6-version-negotiation-ssl] server = 6-version-negotiation-server +server2 = 6-version-negotiation-server2 client = 6-version-negotiation-client [6-version-negotiation-server] @@ -542,6 +591,14 @@ MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[6-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [6-version-negotiation-client] CipherString = DEFAULT MaxProtocol = SSLv3 @@ -560,6 +617,7 @@ ssl_conf = 7-version-negotiation-ssl [7-version-negotiation-ssl] server = 7-version-negotiation-server +server2 = 7-version-negotiation-server2 client = 7-version-negotiation-client [7-version-negotiation-server] @@ -570,6 +628,14 @@ MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[7-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [7-version-negotiation-client] CipherString = DEFAULT MaxProtocol = SSLv3 @@ -588,6 +654,7 @@ ssl_conf = 8-version-negotiation-ssl [8-version-negotiation-ssl] server = 8-version-negotiation-server +server2 = 8-version-negotiation-server2 client = 8-version-negotiation-client [8-version-negotiation-server] @@ -598,6 +665,14 @@ MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[8-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [8-version-negotiation-client] CipherString = DEFAULT MaxProtocol = SSLv3 @@ -616,6 +691,7 @@ ssl_conf = 9-version-negotiation-ssl [9-version-negotiation-ssl] server = 9-version-negotiation-server +server2 = 9-version-negotiation-server2 client = 9-version-negotiation-client [9-version-negotiation-server] @@ -625,6 +701,13 @@ MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[9-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [9-version-negotiation-client] CipherString = DEFAULT MaxProtocol = SSLv3 @@ -643,6 +726,7 @@ ssl_conf = 10-version-negotiation-ssl [10-version-negotiation-ssl] server = 10-version-negotiation-server +server2 = 10-version-negotiation-server2 client = 10-version-negotiation-client [10-version-negotiation-server] @@ -653,6 +737,14 @@ MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[10-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [10-version-negotiation-client] CipherString = DEFAULT MaxProtocol = SSLv3 @@ -671,6 +763,7 @@ ssl_conf = 11-version-negotiation-ssl [11-version-negotiation-ssl] server = 11-version-negotiation-server +server2 = 11-version-negotiation-server2 client = 11-version-negotiation-client [11-version-negotiation-server] @@ -681,6 +774,14 @@ MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[11-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [11-version-negotiation-client] CipherString = DEFAULT MaxProtocol = SSLv3 @@ -699,6 +800,7 @@ ssl_conf = 12-version-negotiation-ssl [12-version-negotiation-ssl] server = 12-version-negotiation-server +server2 = 12-version-negotiation-server2 client = 12-version-negotiation-client [12-version-negotiation-server] @@ -709,6 +811,14 @@ MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[12-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [12-version-negotiation-client] CipherString = DEFAULT MaxProtocol = SSLv3 @@ -727,6 +837,7 @@ ssl_conf = 13-version-negotiation-ssl [13-version-negotiation-ssl] server = 13-version-negotiation-server +server2 = 13-version-negotiation-server2 client = 13-version-negotiation-client [13-version-negotiation-server] @@ -736,6 +847,13 @@ MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[13-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [13-version-negotiation-client] CipherString = DEFAULT MaxProtocol = SSLv3 @@ -754,6 +872,7 @@ ssl_conf = 14-version-negotiation-ssl [14-version-negotiation-ssl] server = 14-version-negotiation-server +server2 = 14-version-negotiation-server2 client = 14-version-negotiation-client [14-version-negotiation-server] @@ -764,6 +883,14 @@ MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[14-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [14-version-negotiation-client] CipherString = DEFAULT MaxProtocol = SSLv3 @@ -782,6 +909,7 @@ ssl_conf = 15-version-negotiation-ssl [15-version-negotiation-ssl] server = 15-version-negotiation-server +server2 = 15-version-negotiation-server2 client = 15-version-negotiation-client [15-version-negotiation-server] @@ -792,6 +920,14 @@ MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[15-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [15-version-negotiation-client] CipherString = DEFAULT MaxProtocol = SSLv3 @@ -810,6 +946,7 @@ ssl_conf = 16-version-negotiation-ssl [16-version-negotiation-ssl] server = 16-version-negotiation-server +server2 = 16-version-negotiation-server2 client = 16-version-negotiation-client [16-version-negotiation-server] @@ -819,6 +956,13 @@ MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[16-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [16-version-negotiation-client] CipherString = DEFAULT MaxProtocol = SSLv3 @@ -837,6 +981,7 @@ ssl_conf = 17-version-negotiation-ssl [17-version-negotiation-ssl] server = 17-version-negotiation-server +server2 = 17-version-negotiation-server2 client = 17-version-negotiation-client [17-version-negotiation-server] @@ -847,6 +992,14 @@ MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[17-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [17-version-negotiation-client] CipherString = DEFAULT MaxProtocol = SSLv3 @@ -865,6 +1018,7 @@ ssl_conf = 18-version-negotiation-ssl [18-version-negotiation-ssl] server = 18-version-negotiation-server +server2 = 18-version-negotiation-server2 client = 18-version-negotiation-client [18-version-negotiation-server] @@ -874,6 +1028,13 @@ MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[18-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [18-version-negotiation-client] CipherString = DEFAULT MaxProtocol = SSLv3 @@ -892,6 +1053,7 @@ ssl_conf = 19-version-negotiation-ssl [19-version-negotiation-ssl] server = 19-version-negotiation-server +server2 = 19-version-negotiation-server2 client = 19-version-negotiation-client [19-version-negotiation-server] @@ -901,6 +1063,13 @@ MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[19-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [19-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 @@ -919,6 +1088,7 @@ ssl_conf = 20-version-negotiation-ssl [20-version-negotiation-ssl] server = 20-version-negotiation-server +server2 = 20-version-negotiation-server2 client = 20-version-negotiation-client [20-version-negotiation-server] @@ -928,6 +1098,13 @@ MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[20-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [20-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 @@ -947,6 +1124,7 @@ ssl_conf = 21-version-negotiation-ssl [21-version-negotiation-ssl] server = 21-version-negotiation-server +server2 = 21-version-negotiation-server2 client = 21-version-negotiation-client [21-version-negotiation-server] @@ -956,6 +1134,13 @@ MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[21-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [21-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 @@ -975,6 +1160,7 @@ ssl_conf = 22-version-negotiation-ssl [22-version-negotiation-ssl] server = 22-version-negotiation-server +server2 = 22-version-negotiation-server2 client = 22-version-negotiation-client [22-version-negotiation-server] @@ -984,6 +1170,13 @@ MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[22-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [22-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 @@ -1003,6 +1196,7 @@ ssl_conf = 23-version-negotiation-ssl [23-version-negotiation-ssl] server = 23-version-negotiation-server +server2 = 23-version-negotiation-server2 client = 23-version-negotiation-client [23-version-negotiation-server] @@ -1011,6 +1205,12 @@ CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[23-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [23-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 @@ -1030,6 +1230,7 @@ ssl_conf = 24-version-negotiation-ssl [24-version-negotiation-ssl] server = 24-version-negotiation-server +server2 = 24-version-negotiation-server2 client = 24-version-negotiation-client [24-version-negotiation-server] @@ -1040,6 +1241,14 @@ MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[24-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [24-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 @@ -1058,6 +1267,7 @@ ssl_conf = 25-version-negotiation-ssl [25-version-negotiation-ssl] server = 25-version-negotiation-server +server2 = 25-version-negotiation-server2 client = 25-version-negotiation-client [25-version-negotiation-server] @@ -1068,6 +1278,14 @@ MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[25-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [25-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 @@ -1087,6 +1305,7 @@ ssl_conf = 26-version-negotiation-ssl [26-version-negotiation-ssl] server = 26-version-negotiation-server +server2 = 26-version-negotiation-server2 client = 26-version-negotiation-client [26-version-negotiation-server] @@ -1097,6 +1316,14 @@ MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[26-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [26-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 @@ -1116,6 +1343,7 @@ ssl_conf = 27-version-negotiation-ssl [27-version-negotiation-ssl] server = 27-version-negotiation-server +server2 = 27-version-negotiation-server2 client = 27-version-negotiation-client [27-version-negotiation-server] @@ -1126,6 +1354,14 @@ MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[27-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [27-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 @@ -1145,6 +1381,7 @@ ssl_conf = 28-version-negotiation-ssl [28-version-negotiation-ssl] server = 28-version-negotiation-server +server2 = 28-version-negotiation-server2 client = 28-version-negotiation-client [28-version-negotiation-server] @@ -1154,6 +1391,13 @@ MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[28-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [28-version-negotiation-client] CipherString = DEFAULT |