diff options
Diffstat (limited to 'roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests')
61 files changed, 38677 insertions, 0 deletions
diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/01-simple.conf b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/01-simple.conf new file mode 100644 index 000000000..7fc23f0b6 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/01-simple.conf @@ -0,0 +1,78 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 3 + +test-0 = 0-default +test-1 = 1-Server signature algorithms bug +test-2 = 2-verify-cert +# =========================================================== + +[0-default] +ssl_conf = 0-default-ssl + +[0-default-ssl] +server = 0-default-server +client = 0-default-client + +[0-default-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-default-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success + + +# =========================================================== + +[1-Server signature algorithms bug] +ssl_conf = 1-Server signature algorithms bug-ssl + +[1-Server signature algorithms bug-ssl] +server = 1-Server signature algorithms bug-server +client = 1-Server signature algorithms bug-client + +[1-Server signature algorithms bug-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientSignatureAlgorithms = PSS+SHA512:RSA+SHA512 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-Server signature algorithms bug-client] +CipherString = DEFAULT +SignatureAlgorithms = PSS+SHA256:RSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success + + +# =========================================================== + +[2-verify-cert] +ssl_conf = 2-verify-cert-ssl + +[2-verify-cert-ssl] +server = 2-verify-cert-server +client = 2-verify-cert-client + +[2-verify-cert-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-verify-cert-client] +CipherString = DEFAULT +VerifyMode = Peer + +[test-2] +ExpectedClientAlert = UnknownCA +ExpectedResult = ClientFail + + diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/01-simple.conf.in b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/01-simple.conf.in new file mode 100644 index 000000000..54dc451f3 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/01-simple.conf.in @@ -0,0 +1,42 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## SSL test configurations + +package ssltests; + +our @tests = ( + { + name => "default", + server => { }, + client => { }, + test => { "ExpectedResult" => "Success" }, + }, + + { + name => "Server signature algorithms bug", + # Should have no effect as we aren't doing client auth + server => { "ClientSignatureAlgorithms" => "PSS+SHA512:RSA+SHA512" }, + client => { "SignatureAlgorithms" => "PSS+SHA256:RSA+SHA256" }, + test => { "ExpectedResult" => "Success" }, + }, + + { + name => "verify-cert", + server => { }, + client => { + # Don't set up the client root file. + "VerifyCAFile" => undef, + }, + test => { + "ExpectedResult" => "ClientFail", + "ExpectedClientAlert" => "UnknownCA", + }, + }, +); diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/02-protocol-version.conf b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/02-protocol-version.conf new file mode 100644 index 000000000..4b7d7df21 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/02-protocol-version.conf @@ -0,0 +1,18822 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 678 + +test-0 = 0-version-negotiation +test-1 = 1-version-negotiation +test-2 = 2-version-negotiation +test-3 = 3-version-negotiation +test-4 = 4-version-negotiation +test-5 = 5-version-negotiation +test-6 = 6-version-negotiation +test-7 = 7-version-negotiation +test-8 = 8-version-negotiation +test-9 = 9-version-negotiation +test-10 = 10-version-negotiation +test-11 = 11-version-negotiation +test-12 = 12-version-negotiation +test-13 = 13-version-negotiation +test-14 = 14-version-negotiation +test-15 = 15-version-negotiation +test-16 = 16-version-negotiation +test-17 = 17-version-negotiation +test-18 = 18-version-negotiation +test-19 = 19-version-negotiation +test-20 = 20-version-negotiation +test-21 = 21-version-negotiation +test-22 = 22-version-negotiation +test-23 = 23-version-negotiation +test-24 = 24-version-negotiation +test-25 = 25-version-negotiation +test-26 = 26-version-negotiation +test-27 = 27-version-negotiation +test-28 = 28-version-negotiation +test-29 = 29-version-negotiation +test-30 = 30-version-negotiation +test-31 = 31-version-negotiation +test-32 = 32-version-negotiation +test-33 = 33-version-negotiation +test-34 = 34-version-negotiation +test-35 = 35-version-negotiation +test-36 = 36-version-negotiation +test-37 = 37-version-negotiation +test-38 = 38-version-negotiation +test-39 = 39-version-negotiation +test-40 = 40-version-negotiation +test-41 = 41-version-negotiation +test-42 = 42-version-negotiation +test-43 = 43-version-negotiation +test-44 = 44-version-negotiation +test-45 = 45-version-negotiation +test-46 = 46-version-negotiation +test-47 = 47-version-negotiation +test-48 = 48-version-negotiation +test-49 = 49-version-negotiation +test-50 = 50-version-negotiation +test-51 = 51-version-negotiation +test-52 = 52-version-negotiation +test-53 = 53-version-negotiation +test-54 = 54-version-negotiation +test-55 = 55-version-negotiation +test-56 = 56-version-negotiation +test-57 = 57-version-negotiation +test-58 = 58-version-negotiation +test-59 = 59-version-negotiation +test-60 = 60-version-negotiation +test-61 = 61-version-negotiation +test-62 = 62-version-negotiation +test-63 = 63-version-negotiation +test-64 = 64-version-negotiation +test-65 = 65-version-negotiation +test-66 = 66-version-negotiation +test-67 = 67-version-negotiation +test-68 = 68-version-negotiation +test-69 = 69-version-negotiation +test-70 = 70-version-negotiation +test-71 = 71-version-negotiation +test-72 = 72-version-negotiation +test-73 = 73-version-negotiation +test-74 = 74-version-negotiation +test-75 = 75-version-negotiation +test-76 = 76-version-negotiation +test-77 = 77-version-negotiation +test-78 = 78-version-negotiation +test-79 = 79-version-negotiation +test-80 = 80-version-negotiation +test-81 = 81-version-negotiation +test-82 = 82-version-negotiation +test-83 = 83-version-negotiation +test-84 = 84-version-negotiation +test-85 = 85-version-negotiation +test-86 = 86-version-negotiation +test-87 = 87-version-negotiation +test-88 = 88-version-negotiation +test-89 = 89-version-negotiation +test-90 = 90-version-negotiation +test-91 = 91-version-negotiation +test-92 = 92-version-negotiation +test-93 = 93-version-negotiation +test-94 = 94-version-negotiation +test-95 = 95-version-negotiation +test-96 = 96-version-negotiation +test-97 = 97-version-negotiation +test-98 = 98-version-negotiation +test-99 = 99-version-negotiation +test-100 = 100-version-negotiation +test-101 = 101-version-negotiation +test-102 = 102-version-negotiation +test-103 = 103-version-negotiation +test-104 = 104-version-negotiation +test-105 = 105-version-negotiation +test-106 = 106-version-negotiation +test-107 = 107-version-negotiation +test-108 = 108-version-negotiation +test-109 = 109-version-negotiation +test-110 = 110-version-negotiation +test-111 = 111-version-negotiation +test-112 = 112-version-negotiation +test-113 = 113-version-negotiation +test-114 = 114-version-negotiation +test-115 = 115-version-negotiation +test-116 = 116-version-negotiation +test-117 = 117-version-negotiation +test-118 = 118-version-negotiation +test-119 = 119-version-negotiation +test-120 = 120-version-negotiation +test-121 = 121-version-negotiation +test-122 = 122-version-negotiation +test-123 = 123-version-negotiation +test-124 = 124-version-negotiation +test-125 = 125-version-negotiation +test-126 = 126-version-negotiation +test-127 = 127-version-negotiation +test-128 = 128-version-negotiation +test-129 = 129-version-negotiation +test-130 = 130-version-negotiation +test-131 = 131-version-negotiation +test-132 = 132-version-negotiation +test-133 = 133-version-negotiation +test-134 = 134-version-negotiation +test-135 = 135-version-negotiation +test-136 = 136-version-negotiation +test-137 = 137-version-negotiation +test-138 = 138-version-negotiation +test-139 = 139-version-negotiation +test-140 = 140-version-negotiation +test-141 = 141-version-negotiation +test-142 = 142-version-negotiation +test-143 = 143-version-negotiation +test-144 = 144-version-negotiation +test-145 = 145-version-negotiation +test-146 = 146-version-negotiation +test-147 = 147-version-negotiation +test-148 = 148-version-negotiation +test-149 = 149-version-negotiation +test-150 = 150-version-negotiation +test-151 = 151-version-negotiation +test-152 = 152-version-negotiation +test-153 = 153-version-negotiation +test-154 = 154-version-negotiation +test-155 = 155-version-negotiation +test-156 = 156-version-negotiation +test-157 = 157-version-negotiation +test-158 = 158-version-negotiation +test-159 = 159-version-negotiation +test-160 = 160-version-negotiation +test-161 = 161-version-negotiation +test-162 = 162-version-negotiation +test-163 = 163-version-negotiation +test-164 = 164-version-negotiation +test-165 = 165-version-negotiation +test-166 = 166-version-negotiation +test-167 = 167-version-negotiation +test-168 = 168-version-negotiation +test-169 = 169-version-negotiation +test-170 = 170-version-negotiation +test-171 = 171-version-negotiation +test-172 = 172-version-negotiation +test-173 = 173-version-negotiation +test-174 = 174-version-negotiation +test-175 = 175-version-negotiation +test-176 = 176-version-negotiation +test-177 = 177-version-negotiation +test-178 = 178-version-negotiation +test-179 = 179-version-negotiation +test-180 = 180-version-negotiation +test-181 = 181-version-negotiation +test-182 = 182-version-negotiation +test-183 = 183-version-negotiation +test-184 = 184-version-negotiation +test-185 = 185-version-negotiation +test-186 = 186-version-negotiation +test-187 = 187-version-negotiation +test-188 = 188-version-negotiation +test-189 = 189-version-negotiation +test-190 = 190-version-negotiation +test-191 = 191-version-negotiation +test-192 = 192-version-negotiation +test-193 = 193-version-negotiation +test-194 = 194-version-negotiation +test-195 = 195-version-negotiation +test-196 = 196-version-negotiation +test-197 = 197-version-negotiation +test-198 = 198-version-negotiation +test-199 = 199-version-negotiation +test-200 = 200-version-negotiation +test-201 = 201-version-negotiation +test-202 = 202-version-negotiation +test-203 = 203-version-negotiation +test-204 = 204-version-negotiation +test-205 = 205-version-negotiation +test-206 = 206-version-negotiation +test-207 = 207-version-negotiation +test-208 = 208-version-negotiation +test-209 = 209-version-negotiation +test-210 = 210-version-negotiation +test-211 = 211-version-negotiation +test-212 = 212-version-negotiation +test-213 = 213-version-negotiation +test-214 = 214-version-negotiation +test-215 = 215-version-negotiation +test-216 = 216-version-negotiation +test-217 = 217-version-negotiation +test-218 = 218-version-negotiation +test-219 = 219-version-negotiation +test-220 = 220-version-negotiation +test-221 = 221-version-negotiation +test-222 = 222-version-negotiation +test-223 = 223-version-negotiation +test-224 = 224-version-negotiation +test-225 = 225-version-negotiation +test-226 = 226-version-negotiation +test-227 = 227-version-negotiation +test-228 = 228-version-negotiation +test-229 = 229-version-negotiation +test-230 = 230-version-negotiation +test-231 = 231-version-negotiation +test-232 = 232-version-negotiation +test-233 = 233-version-negotiation +test-234 = 234-version-negotiation +test-235 = 235-version-negotiation +test-236 = 236-version-negotiation +test-237 = 237-version-negotiation +test-238 = 238-version-negotiation +test-239 = 239-version-negotiation +test-240 = 240-version-negotiation +test-241 = 241-version-negotiation +test-242 = 242-version-negotiation +test-243 = 243-version-negotiation +test-244 = 244-version-negotiation +test-245 = 245-version-negotiation +test-246 = 246-version-negotiation +test-247 = 247-version-negotiation +test-248 = 248-version-negotiation +test-249 = 249-version-negotiation +test-250 = 250-version-negotiation +test-251 = 251-version-negotiation +test-252 = 252-version-negotiation +test-253 = 253-version-negotiation +test-254 = 254-version-negotiation +test-255 = 255-version-negotiation +test-256 = 256-version-negotiation +test-257 = 257-version-negotiation +test-258 = 258-version-negotiation +test-259 = 259-version-negotiation +test-260 = 260-version-negotiation +test-261 = 261-version-negotiation +test-262 = 262-version-negotiation +test-263 = 263-version-negotiation +test-264 = 264-version-negotiation +test-265 = 265-version-negotiation +test-266 = 266-version-negotiation +test-267 = 267-version-negotiation +test-268 = 268-version-negotiation +test-269 = 269-version-negotiation +test-270 = 270-version-negotiation +test-271 = 271-version-negotiation +test-272 = 272-version-negotiation +test-273 = 273-version-negotiation +test-274 = 274-version-negotiation +test-275 = 275-version-negotiation +test-276 = 276-version-negotiation +test-277 = 277-version-negotiation +test-278 = 278-version-negotiation +test-279 = 279-version-negotiation +test-280 = 280-version-negotiation +test-281 = 281-version-negotiation +test-282 = 282-version-negotiation +test-283 = 283-version-negotiation +test-284 = 284-version-negotiation +test-285 = 285-version-negotiation +test-286 = 286-version-negotiation +test-287 = 287-version-negotiation +test-288 = 288-version-negotiation +test-289 = 289-version-negotiation +test-290 = 290-version-negotiation +test-291 = 291-version-negotiation +test-292 = 292-version-negotiation +test-293 = 293-version-negotiation +test-294 = 294-version-negotiation +test-295 = 295-version-negotiation +test-296 = 296-version-negotiation +test-297 = 297-version-negotiation +test-298 = 298-version-negotiation +test-299 = 299-version-negotiation +test-300 = 300-version-negotiation +test-301 = 301-version-negotiation +test-302 = 302-version-negotiation +test-303 = 303-version-negotiation +test-304 = 304-version-negotiation +test-305 = 305-version-negotiation +test-306 = 306-version-negotiation +test-307 = 307-version-negotiation +test-308 = 308-version-negotiation +test-309 = 309-version-negotiation +test-310 = 310-version-negotiation +test-311 = 311-version-negotiation +test-312 = 312-version-negotiation +test-313 = 313-version-negotiation +test-314 = 314-version-negotiation +test-315 = 315-version-negotiation +test-316 = 316-version-negotiation +test-317 = 317-version-negotiation +test-318 = 318-version-negotiation +test-319 = 319-version-negotiation +test-320 = 320-version-negotiation +test-321 = 321-version-negotiation +test-322 = 322-version-negotiation +test-323 = 323-version-negotiation +test-324 = 324-version-negotiation +test-325 = 325-version-negotiation +test-326 = 326-version-negotiation +test-327 = 327-version-negotiation +test-328 = 328-version-negotiation +test-329 = 329-version-negotiation +test-330 = 330-version-negotiation +test-331 = 331-version-negotiation +test-332 = 332-version-negotiation +test-333 = 333-version-negotiation +test-334 = 334-version-negotiation +test-335 = 335-version-negotiation +test-336 = 336-version-negotiation +test-337 = 337-version-negotiation +test-338 = 338-version-negotiation +test-339 = 339-version-negotiation +test-340 = 340-version-negotiation +test-341 = 341-version-negotiation +test-342 = 342-version-negotiation +test-343 = 343-version-negotiation +test-344 = 344-version-negotiation +test-345 = 345-version-negotiation +test-346 = 346-version-negotiation +test-347 = 347-version-negotiation +test-348 = 348-version-negotiation +test-349 = 349-version-negotiation +test-350 = 350-version-negotiation +test-351 = 351-version-negotiation +test-352 = 352-version-negotiation +test-353 = 353-version-negotiation +test-354 = 354-version-negotiation +test-355 = 355-version-negotiation +test-356 = 356-version-negotiation +test-357 = 357-version-negotiation +test-358 = 358-version-negotiation +test-359 = 359-version-negotiation +test-360 = 360-version-negotiation +test-361 = 361-version-negotiation +test-362 = 362-version-negotiation +test-363 = 363-version-negotiation +test-364 = 364-version-negotiation +test-365 = 365-version-negotiation +test-366 = 366-version-negotiation +test-367 = 367-version-negotiation +test-368 = 368-version-negotiation +test-369 = 369-version-negotiation +test-370 = 370-version-negotiation +test-371 = 371-version-negotiation +test-372 = 372-version-negotiation +test-373 = 373-version-negotiation +test-374 = 374-version-negotiation +test-375 = 375-version-negotiation +test-376 = 376-version-negotiation +test-377 = 377-version-negotiation +test-378 = 378-version-negotiation +test-379 = 379-version-negotiation +test-380 = 380-version-negotiation +test-381 = 381-version-negotiation +test-382 = 382-version-negotiation +test-383 = 383-version-negotiation +test-384 = 384-version-negotiation +test-385 = 385-version-negotiation +test-386 = 386-version-negotiation +test-387 = 387-version-negotiation +test-388 = 388-version-negotiation +test-389 = 389-version-negotiation +test-390 = 390-version-negotiation +test-391 = 391-version-negotiation +test-392 = 392-version-negotiation +test-393 = 393-version-negotiation +test-394 = 394-version-negotiation +test-395 = 395-version-negotiation +test-396 = 396-version-negotiation +test-397 = 397-version-negotiation +test-398 = 398-version-negotiation +test-399 = 399-version-negotiation +test-400 = 400-version-negotiation +test-401 = 401-version-negotiation +test-402 = 402-version-negotiation +test-403 = 403-version-negotiation +test-404 = 404-version-negotiation +test-405 = 405-version-negotiation +test-406 = 406-version-negotiation +test-407 = 407-version-negotiation +test-408 = 408-version-negotiation +test-409 = 409-version-negotiation +test-410 = 410-version-negotiation +test-411 = 411-version-negotiation +test-412 = 412-version-negotiation +test-413 = 413-version-negotiation +test-414 = 414-version-negotiation +test-415 = 415-version-negotiation +test-416 = 416-version-negotiation +test-417 = 417-version-negotiation +test-418 = 418-version-negotiation +test-419 = 419-version-negotiation +test-420 = 420-version-negotiation +test-421 = 421-version-negotiation +test-422 = 422-version-negotiation +test-423 = 423-version-negotiation +test-424 = 424-version-negotiation +test-425 = 425-version-negotiation +test-426 = 426-version-negotiation +test-427 = 427-version-negotiation +test-428 = 428-version-negotiation +test-429 = 429-version-negotiation +test-430 = 430-version-negotiation +test-431 = 431-version-negotiation +test-432 = 432-version-negotiation +test-433 = 433-version-negotiation +test-434 = 434-version-negotiation +test-435 = 435-version-negotiation +test-436 = 436-version-negotiation +test-437 = 437-version-negotiation +test-438 = 438-version-negotiation +test-439 = 439-version-negotiation +test-440 = 440-version-negotiation +test-441 = 441-version-negotiation +test-442 = 442-version-negotiation +test-443 = 443-version-negotiation +test-444 = 444-version-negotiation +test-445 = 445-version-negotiation +test-446 = 446-version-negotiation +test-447 = 447-version-negotiation +test-448 = 448-version-negotiation +test-449 = 449-version-negotiation +test-450 = 450-version-negotiation +test-451 = 451-version-negotiation +test-452 = 452-version-negotiation +test-453 = 453-version-negotiation +test-454 = 454-version-negotiation +test-455 = 455-version-negotiation +test-456 = 456-version-negotiation +test-457 = 457-version-negotiation +test-458 = 458-version-negotiation +test-459 = 459-version-negotiation +test-460 = 460-version-negotiation +test-461 = 461-version-negotiation +test-462 = 462-version-negotiation +test-463 = 463-version-negotiation +test-464 = 464-version-negotiation +test-465 = 465-version-negotiation +test-466 = 466-version-negotiation +test-467 = 467-version-negotiation +test-468 = 468-version-negotiation +test-469 = 469-version-negotiation +test-470 = 470-version-negotiation +test-471 = 471-version-negotiation +test-472 = 472-version-negotiation +test-473 = 473-version-negotiation +test-474 = 474-version-negotiation +test-475 = 475-version-negotiation +test-476 = 476-version-negotiation +test-477 = 477-version-negotiation +test-478 = 478-version-negotiation +test-479 = 479-version-negotiation +test-480 = 480-version-negotiation +test-481 = 481-version-negotiation +test-482 = 482-version-negotiation +test-483 = 483-version-negotiation +test-484 = 484-version-negotiation +test-485 = 485-version-negotiation +test-486 = 486-version-negotiation +test-487 = 487-version-negotiation +test-488 = 488-version-negotiation +test-489 = 489-version-negotiation +test-490 = 490-version-negotiation +test-491 = 491-version-negotiation +test-492 = 492-version-negotiation +test-493 = 493-version-negotiation +test-494 = 494-version-negotiation +test-495 = 495-version-negotiation +test-496 = 496-version-negotiation +test-497 = 497-version-negotiation +test-498 = 498-version-negotiation +test-499 = 499-version-negotiation +test-500 = 500-version-negotiation +test-501 = 501-version-negotiation +test-502 = 502-version-negotiation +test-503 = 503-version-negotiation +test-504 = 504-version-negotiation +test-505 = 505-version-negotiation +test-506 = 506-version-negotiation +test-507 = 507-version-negotiation +test-508 = 508-version-negotiation +test-509 = 509-version-negotiation +test-510 = 510-version-negotiation +test-511 = 511-version-negotiation +test-512 = 512-version-negotiation +test-513 = 513-version-negotiation +test-514 = 514-version-negotiation +test-515 = 515-version-negotiation +test-516 = 516-version-negotiation +test-517 = 517-version-negotiation +test-518 = 518-version-negotiation +test-519 = 519-version-negotiation +test-520 = 520-version-negotiation +test-521 = 521-version-negotiation +test-522 = 522-version-negotiation +test-523 = 523-version-negotiation +test-524 = 524-version-negotiation +test-525 = 525-version-negotiation +test-526 = 526-version-negotiation +test-527 = 527-version-negotiation +test-528 = 528-version-negotiation +test-529 = 529-version-negotiation +test-530 = 530-version-negotiation +test-531 = 531-version-negotiation +test-532 = 532-version-negotiation +test-533 = 533-version-negotiation +test-534 = 534-version-negotiation +test-535 = 535-version-negotiation +test-536 = 536-version-negotiation +test-537 = 537-version-negotiation +test-538 = 538-version-negotiation +test-539 = 539-version-negotiation +test-540 = 540-version-negotiation +test-541 = 541-version-negotiation +test-542 = 542-version-negotiation +test-543 = 543-version-negotiation +test-544 = 544-version-negotiation +test-545 = 545-version-negotiation +test-546 = 546-version-negotiation +test-547 = 547-version-negotiation +test-548 = 548-version-negotiation +test-549 = 549-version-negotiation +test-550 = 550-version-negotiation +test-551 = 551-version-negotiation +test-552 = 552-version-negotiation +test-553 = 553-version-negotiation +test-554 = 554-version-negotiation +test-555 = 555-version-negotiation +test-556 = 556-version-negotiation +test-557 = 557-version-negotiation +test-558 = 558-version-negotiation +test-559 = 559-version-negotiation +test-560 = 560-version-negotiation +test-561 = 561-version-negotiation +test-562 = 562-version-negotiation +test-563 = 563-version-negotiation +test-564 = 564-version-negotiation +test-565 = 565-version-negotiation +test-566 = 566-version-negotiation +test-567 = 567-version-negotiation +test-568 = 568-version-negotiation +test-569 = 569-version-negotiation +test-570 = 570-version-negotiation +test-571 = 571-version-negotiation +test-572 = 572-version-negotiation +test-573 = 573-version-negotiation +test-574 = 574-version-negotiation +test-575 = 575-version-negotiation +test-576 = 576-version-negotiation +test-577 = 577-version-negotiation +test-578 = 578-version-negotiation +test-579 = 579-version-negotiation +test-580 = 580-version-negotiation +test-581 = 581-version-negotiation +test-582 = 582-version-negotiation +test-583 = 583-version-negotiation +test-584 = 584-version-negotiation +test-585 = 585-version-negotiation +test-586 = 586-version-negotiation +test-587 = 587-version-negotiation +test-588 = 588-version-negotiation +test-589 = 589-version-negotiation +test-590 = 590-version-negotiation +test-591 = 591-version-negotiation +test-592 = 592-version-negotiation +test-593 = 593-version-negotiation +test-594 = 594-version-negotiation +test-595 = 595-version-negotiation +test-596 = 596-version-negotiation +test-597 = 597-version-negotiation +test-598 = 598-version-negotiation +test-599 = 599-version-negotiation +test-600 = 600-version-negotiation +test-601 = 601-version-negotiation +test-602 = 602-version-negotiation +test-603 = 603-version-negotiation +test-604 = 604-version-negotiation +test-605 = 605-version-negotiation +test-606 = 606-version-negotiation +test-607 = 607-version-negotiation +test-608 = 608-version-negotiation +test-609 = 609-version-negotiation +test-610 = 610-version-negotiation +test-611 = 611-version-negotiation +test-612 = 612-version-negotiation +test-613 = 613-version-negotiation +test-614 = 614-version-negotiation +test-615 = 615-version-negotiation +test-616 = 616-version-negotiation +test-617 = 617-version-negotiation +test-618 = 618-version-negotiation +test-619 = 619-version-negotiation +test-620 = 620-version-negotiation +test-621 = 621-version-negotiation +test-622 = 622-version-negotiation +test-623 = 623-version-negotiation +test-624 = 624-version-negotiation +test-625 = 625-version-negotiation +test-626 = 626-version-negotiation +test-627 = 627-version-negotiation +test-628 = 628-version-negotiation +test-629 = 629-version-negotiation +test-630 = 630-version-negotiation +test-631 = 631-version-negotiation +test-632 = 632-version-negotiation +test-633 = 633-version-negotiation +test-634 = 634-version-negotiation +test-635 = 635-version-negotiation +test-636 = 636-version-negotiation +test-637 = 637-version-negotiation +test-638 = 638-version-negotiation +test-639 = 639-version-negotiation +test-640 = 640-version-negotiation +test-641 = 641-version-negotiation +test-642 = 642-version-negotiation +test-643 = 643-version-negotiation +test-644 = 644-version-negotiation +test-645 = 645-version-negotiation +test-646 = 646-version-negotiation +test-647 = 647-version-negotiation +test-648 = 648-version-negotiation +test-649 = 649-version-negotiation +test-650 = 650-version-negotiation +test-651 = 651-version-negotiation +test-652 = 652-version-negotiation +test-653 = 653-version-negotiation +test-654 = 654-version-negotiation +test-655 = 655-version-negotiation +test-656 = 656-version-negotiation +test-657 = 657-version-negotiation +test-658 = 658-version-negotiation +test-659 = 659-version-negotiation +test-660 = 660-version-negotiation +test-661 = 661-version-negotiation +test-662 = 662-version-negotiation +test-663 = 663-version-negotiation +test-664 = 664-version-negotiation +test-665 = 665-version-negotiation +test-666 = 666-version-negotiation +test-667 = 667-version-negotiation +test-668 = 668-version-negotiation +test-669 = 669-version-negotiation +test-670 = 670-version-negotiation +test-671 = 671-version-negotiation +test-672 = 672-version-negotiation +test-673 = 673-version-negotiation +test-674 = 674-version-negotiation +test-675 = 675-version-negotiation +test-676 = 676-ciphersuite-sanity-check-client +test-677 = 677-ciphersuite-sanity-check-server +# =========================================================== + +[0-version-negotiation] +ssl_conf = 0-version-negotiation-ssl + +[0-version-negotiation-ssl] +server = 0-version-negotiation-server +client = 0-version-negotiation-client + +[0-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = ClientFail + + +# =========================================================== + +[1-version-negotiation] +ssl_conf = 1-version-negotiation-ssl + +[1-version-negotiation-ssl] +server = 1-version-negotiation-server +client = 1-version-negotiation-client + +[1-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = ClientFail + + +# =========================================================== + +[2-version-negotiation] +ssl_conf = 2-version-negotiation-ssl + +[2-version-negotiation-ssl] +server = 2-version-negotiation-server +client = 2-version-negotiation-client + +[2-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = ClientFail + + +# =========================================================== + +[3-version-negotiation] +ssl_conf = 3-version-negotiation-ssl + +[3-version-negotiation-ssl] +server = 3-version-negotiation-server +client = 3-version-negotiation-client + +[3-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = ClientFail + + +# =========================================================== + +[4-version-negotiation] +ssl_conf = 4-version-negotiation-ssl + +[4-version-negotiation-ssl] +server = 4-version-negotiation-server +client = 4-version-negotiation-client + +[4-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = ClientFail + + +# =========================================================== + +[5-version-negotiation] +ssl_conf = 5-version-negotiation-ssl + +[5-version-negotiation-ssl] +server = 5-version-negotiation-server +client = 5-version-negotiation-client + +[5-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = ClientFail + + +# =========================================================== + +[6-version-negotiation] +ssl_conf = 6-version-negotiation-ssl + +[6-version-negotiation-ssl] +server = 6-version-negotiation-server +client = 6-version-negotiation-client + +[6-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = ClientFail + + +# =========================================================== + +[7-version-negotiation] +ssl_conf = 7-version-negotiation-ssl + +[7-version-negotiation-ssl] +server = 7-version-negotiation-server +client = 7-version-negotiation-client + +[7-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = ClientFail + + +# =========================================================== + +[8-version-negotiation] +ssl_conf = 8-version-negotiation-ssl + +[8-version-negotiation-ssl] +server = 8-version-negotiation-server +client = 8-version-negotiation-client + +[8-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedResult = ClientFail + + +# =========================================================== + +[9-version-negotiation] +ssl_conf = 9-version-negotiation-ssl + +[9-version-negotiation-ssl] +server = 9-version-negotiation-server +client = 9-version-negotiation-client + +[9-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedResult = ClientFail + + +# =========================================================== + +[10-version-negotiation] +ssl_conf = 10-version-negotiation-ssl + +[10-version-negotiation-ssl] +server = 10-version-negotiation-server +client = 10-version-negotiation-client + +[10-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedResult = ClientFail + + +# =========================================================== + +[11-version-negotiation] +ssl_conf = 11-version-negotiation-ssl + +[11-version-negotiation-ssl] +server = 11-version-negotiation-server +client = 11-version-negotiation-client + +[11-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedResult = ClientFail + + +# =========================================================== + +[12-version-negotiation] +ssl_conf = 12-version-negotiation-ssl + +[12-version-negotiation-ssl] +server = 12-version-negotiation-server +client = 12-version-negotiation-client + +[12-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedResult = ClientFail + + +# =========================================================== + +[13-version-negotiation] +ssl_conf = 13-version-negotiation-ssl + +[13-version-negotiation-ssl] +server = 13-version-negotiation-server +client = 13-version-negotiation-client + +[13-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedResult = ClientFail + + +# =========================================================== + +[14-version-negotiation] +ssl_conf = 14-version-negotiation-ssl + +[14-version-negotiation-ssl] +server = 14-version-negotiation-server +client = 14-version-negotiation-client + +[14-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedResult = ClientFail + + +# =========================================================== + +[15-version-negotiation] +ssl_conf = 15-version-negotiation-ssl + +[15-version-negotiation-ssl] +server = 15-version-negotiation-server +client = 15-version-negotiation-client + +[15-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedResult = ClientFail + + +# =========================================================== + +[16-version-negotiation] +ssl_conf = 16-version-negotiation-ssl + +[16-version-negotiation-ssl] +server = 16-version-negotiation-server +client = 16-version-negotiation-client + +[16-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +ExpectedResult = ClientFail + + +# =========================================================== + +[17-version-negotiation] +ssl_conf = 17-version-negotiation-ssl + +[17-version-negotiation-ssl] +server = 17-version-negotiation-server +client = 17-version-negotiation-client + +[17-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[17-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-17] +ExpectedResult = ClientFail + + +# =========================================================== + +[18-version-negotiation] +ssl_conf = 18-version-negotiation-ssl + +[18-version-negotiation-ssl] +server = 18-version-negotiation-server +client = 18-version-negotiation-client + +[18-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-18] +ExpectedResult = ClientFail + + +# =========================================================== + +[19-version-negotiation] +ssl_conf = 19-version-negotiation-ssl + +[19-version-negotiation-ssl] +server = 19-version-negotiation-server +client = 19-version-negotiation-client + +[19-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-19] +ExpectedResult = ClientFail + + +# =========================================================== + +[20-version-negotiation] +ssl_conf = 20-version-negotiation-ssl + +[20-version-negotiation-ssl] +server = 20-version-negotiation-server +client = 20-version-negotiation-client + +[20-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[20-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-20] +ExpectedResult = ClientFail + + +# =========================================================== + +[21-version-negotiation] +ssl_conf = 21-version-negotiation-ssl + +[21-version-negotiation-ssl] +server = 21-version-negotiation-server +client = 21-version-negotiation-client + +[21-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[21-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-21] +ExpectedResult = ClientFail + + +# =========================================================== + +[22-version-negotiation] +ssl_conf = 22-version-negotiation-ssl + +[22-version-negotiation-ssl] +server = 22-version-negotiation-server +client = 22-version-negotiation-client + +[22-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[22-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-22] +ExpectedResult = ClientFail + + +# =========================================================== + +[23-version-negotiation] +ssl_conf = 23-version-negotiation-ssl + +[23-version-negotiation-ssl] +server = 23-version-negotiation-server +client = 23-version-negotiation-client + +[23-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[23-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-23] +ExpectedResult = ClientFail + + +# =========================================================== + +[24-version-negotiation] +ssl_conf = 24-version-negotiation-ssl + +[24-version-negotiation-ssl] +server = 24-version-negotiation-server +client = 24-version-negotiation-client + +[24-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[24-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-24] +ExpectedResult = ClientFail + + +# =========================================================== + +[25-version-negotiation] +ssl_conf = 25-version-negotiation-ssl + +[25-version-negotiation-ssl] +server = 25-version-negotiation-server +client = 25-version-negotiation-client + +[25-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[25-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-25] +ExpectedResult = ClientFail + + +# =========================================================== + +[26-version-negotiation] +ssl_conf = 26-version-negotiation-ssl + +[26-version-negotiation-ssl] +server = 26-version-negotiation-server +client = 26-version-negotiation-client + +[26-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[26-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-26] +ExpectedResult = ServerFail + + +# =========================================================== + +[27-version-negotiation] +ssl_conf = 27-version-negotiation-ssl + +[27-version-negotiation-ssl] +server = 27-version-negotiation-server +client = 27-version-negotiation-client + +[27-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[27-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-27] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[28-version-negotiation] +ssl_conf = 28-version-negotiation-ssl + +[28-version-negotiation-ssl] +server = 28-version-negotiation-server +client = 28-version-negotiation-client + +[28-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[28-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-28] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[29-version-negotiation] +ssl_conf = 29-version-negotiation-ssl + +[29-version-negotiation-ssl] +server = 29-version-negotiation-server +client = 29-version-negotiation-client + +[29-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[29-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-29] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[30-version-negotiation] +ssl_conf = 30-version-negotiation-ssl + +[30-version-negotiation-ssl] +server = 30-version-negotiation-server +client = 30-version-negotiation-client + +[30-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[30-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-30] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[31-version-negotiation] +ssl_conf = 31-version-negotiation-ssl + +[31-version-negotiation-ssl] +server = 31-version-negotiation-server +client = 31-version-negotiation-client + +[31-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[31-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-31] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[32-version-negotiation] +ssl_conf = 32-version-negotiation-ssl + +[32-version-negotiation-ssl] +server = 32-version-negotiation-server +client = 32-version-negotiation-client + +[32-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[32-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-32] +ExpectedResult = ServerFail + + +# =========================================================== + +[33-version-negotiation] +ssl_conf = 33-version-negotiation-ssl + +[33-version-negotiation-ssl] +server = 33-version-negotiation-server +client = 33-version-negotiation-client + +[33-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[33-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-33] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[34-version-negotiation] +ssl_conf = 34-version-negotiation-ssl + +[34-version-negotiation-ssl] +server = 34-version-negotiation-server +client = 34-version-negotiation-client + +[34-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[34-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-34] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[35-version-negotiation] +ssl_conf = 35-version-negotiation-ssl + +[35-version-negotiation-ssl] +server = 35-version-negotiation-server +client = 35-version-negotiation-client + +[35-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[35-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-35] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[36-version-negotiation] +ssl_conf = 36-version-negotiation-ssl + +[36-version-negotiation-ssl] +server = 36-version-negotiation-server +client = 36-version-negotiation-client + +[36-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[36-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-36] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[37-version-negotiation] +ssl_conf = 37-version-negotiation-ssl + +[37-version-negotiation-ssl] +server = 37-version-negotiation-server +client = 37-version-negotiation-client + +[37-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[37-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-37] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[38-version-negotiation] +ssl_conf = 38-version-negotiation-ssl + +[38-version-negotiation-ssl] +server = 38-version-negotiation-server +client = 38-version-negotiation-client + +[38-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[38-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-38] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[39-version-negotiation] +ssl_conf = 39-version-negotiation-ssl + +[39-version-negotiation-ssl] +server = 39-version-negotiation-server +client = 39-version-negotiation-client + +[39-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[39-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-39] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[40-version-negotiation] +ssl_conf = 40-version-negotiation-ssl + +[40-version-negotiation-ssl] +server = 40-version-negotiation-server +client = 40-version-negotiation-client + +[40-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[40-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-40] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[41-version-negotiation] +ssl_conf = 41-version-negotiation-ssl + +[41-version-negotiation-ssl] +server = 41-version-negotiation-server +client = 41-version-negotiation-client + +[41-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[41-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-41] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[42-version-negotiation] +ssl_conf = 42-version-negotiation-ssl + +[42-version-negotiation-ssl] +server = 42-version-negotiation-server +client = 42-version-negotiation-client + +[42-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[42-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-42] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[43-version-negotiation] +ssl_conf = 43-version-negotiation-ssl + +[43-version-negotiation-ssl] +server = 43-version-negotiation-server +client = 43-version-negotiation-client + +[43-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[43-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-43] +ExpectedResult = ServerFail + + +# =========================================================== + +[44-version-negotiation] +ssl_conf = 44-version-negotiation-ssl + +[44-version-negotiation-ssl] +server = 44-version-negotiation-server +client = 44-version-negotiation-client + +[44-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[44-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-44] +ExpectedResult = ServerFail + + +# =========================================================== + +[45-version-negotiation] +ssl_conf = 45-version-negotiation-ssl + +[45-version-negotiation-ssl] +server = 45-version-negotiation-server +client = 45-version-negotiation-client + +[45-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[45-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-45] +ExpectedResult = ServerFail + + +# =========================================================== + +[46-version-negotiation] +ssl_conf = 46-version-negotiation-ssl + +[46-version-negotiation-ssl] +server = 46-version-negotiation-server +client = 46-version-negotiation-client + +[46-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[46-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-46] +ExpectedResult = ServerFail + + +# =========================================================== + +[47-version-negotiation] +ssl_conf = 47-version-negotiation-ssl + +[47-version-negotiation-ssl] +server = 47-version-negotiation-server +client = 47-version-negotiation-client + +[47-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[47-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-47] +ExpectedResult = ServerFail + + +# =========================================================== + +[48-version-negotiation] +ssl_conf = 48-version-negotiation-ssl + +[48-version-negotiation-ssl] +server = 48-version-negotiation-server +client = 48-version-negotiation-client + +[48-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[48-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-48] +ExpectedResult = ServerFail + + +# =========================================================== + +[49-version-negotiation] +ssl_conf = 49-version-negotiation-ssl + +[49-version-negotiation-ssl] +server = 49-version-negotiation-server +client = 49-version-negotiation-client + +[49-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[49-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-49] +ExpectedResult = ServerFail + + +# =========================================================== + +[50-version-negotiation] +ssl_conf = 50-version-negotiation-ssl + +[50-version-negotiation-ssl] +server = 50-version-negotiation-server +client = 50-version-negotiation-client + +[50-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[50-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-50] +ExpectedResult = ServerFail + + +# =========================================================== + +[51-version-negotiation] +ssl_conf = 51-version-negotiation-ssl + +[51-version-negotiation-ssl] +server = 51-version-negotiation-server +client = 51-version-negotiation-client + +[51-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[51-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-51] +ExpectedResult = ServerFail + + +# =========================================================== + +[52-version-negotiation] +ssl_conf = 52-version-negotiation-ssl + +[52-version-negotiation-ssl] +server = 52-version-negotiation-server +client = 52-version-negotiation-client + +[52-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[52-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-52] +ExpectedResult = ServerFail + + +# =========================================================== + +[53-version-negotiation] +ssl_conf = 53-version-negotiation-ssl + +[53-version-negotiation-ssl] +server = 53-version-negotiation-server +client = 53-version-negotiation-client + +[53-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[53-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-53] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[54-version-negotiation] +ssl_conf = 54-version-negotiation-ssl + +[54-version-negotiation-ssl] +server = 54-version-negotiation-server +client = 54-version-negotiation-client + +[54-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[54-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-54] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[55-version-negotiation] +ssl_conf = 55-version-negotiation-ssl + +[55-version-negotiation-ssl] +server = 55-version-negotiation-server +client = 55-version-negotiation-client + +[55-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[55-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-55] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[56-version-negotiation] +ssl_conf = 56-version-negotiation-ssl + +[56-version-negotiation-ssl] +server = 56-version-negotiation-server +client = 56-version-negotiation-client + +[56-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[56-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-56] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[57-version-negotiation] +ssl_conf = 57-version-negotiation-ssl + +[57-version-negotiation-ssl] +server = 57-version-negotiation-server +client = 57-version-negotiation-client + +[57-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[57-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-57] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[58-version-negotiation] +ssl_conf = 58-version-negotiation-ssl + +[58-version-negotiation-ssl] +server = 58-version-negotiation-server +client = 58-version-negotiation-client + +[58-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[58-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-58] +ExpectedResult = ServerFail + + +# =========================================================== + +[59-version-negotiation] +ssl_conf = 59-version-negotiation-ssl + +[59-version-negotiation-ssl] +server = 59-version-negotiation-server +client = 59-version-negotiation-client + +[59-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[59-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-59] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[60-version-negotiation] +ssl_conf = 60-version-negotiation-ssl + +[60-version-negotiation-ssl] +server = 60-version-negotiation-server +client = 60-version-negotiation-client + +[60-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[60-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-60] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[61-version-negotiation] +ssl_conf = 61-version-negotiation-ssl + +[61-version-negotiation-ssl] +server = 61-version-negotiation-server +client = 61-version-negotiation-client + +[61-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[61-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-61] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[62-version-negotiation] +ssl_conf = 62-version-negotiation-ssl + +[62-version-negotiation-ssl] +server = 62-version-negotiation-server +client = 62-version-negotiation-client + +[62-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[62-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-62] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[63-version-negotiation] +ssl_conf = 63-version-negotiation-ssl + +[63-version-negotiation-ssl] +server = 63-version-negotiation-server +client = 63-version-negotiation-client + +[63-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[63-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-63] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[64-version-negotiation] +ssl_conf = 64-version-negotiation-ssl + +[64-version-negotiation-ssl] +server = 64-version-negotiation-server +client = 64-version-negotiation-client + +[64-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[64-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-64] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[65-version-negotiation] +ssl_conf = 65-version-negotiation-ssl + +[65-version-negotiation-ssl] +server = 65-version-negotiation-server +client = 65-version-negotiation-client + +[65-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[65-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-65] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[66-version-negotiation] +ssl_conf = 66-version-negotiation-ssl + +[66-version-negotiation-ssl] +server = 66-version-negotiation-server +client = 66-version-negotiation-client + +[66-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[66-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-66] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[67-version-negotiation] +ssl_conf = 67-version-negotiation-ssl + +[67-version-negotiation-ssl] +server = 67-version-negotiation-server +client = 67-version-negotiation-client + +[67-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[67-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-67] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[68-version-negotiation] +ssl_conf = 68-version-negotiation-ssl + +[68-version-negotiation-ssl] +server = 68-version-negotiation-server +client = 68-version-negotiation-client + +[68-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[68-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-68] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[69-version-negotiation] +ssl_conf = 69-version-negotiation-ssl + +[69-version-negotiation-ssl] +server = 69-version-negotiation-server +client = 69-version-negotiation-client + +[69-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[69-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-69] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[70-version-negotiation] +ssl_conf = 70-version-negotiation-ssl + +[70-version-negotiation-ssl] +server = 70-version-negotiation-server +client = 70-version-negotiation-client + +[70-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[70-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-70] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[71-version-negotiation] +ssl_conf = 71-version-negotiation-ssl + +[71-version-negotiation-ssl] +server = 71-version-negotiation-server +client = 71-version-negotiation-client + +[71-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[71-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-71] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[72-version-negotiation] +ssl_conf = 72-version-negotiation-ssl + +[72-version-negotiation-ssl] +server = 72-version-negotiation-server +client = 72-version-negotiation-client + +[72-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[72-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-72] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[73-version-negotiation] +ssl_conf = 73-version-negotiation-ssl + +[73-version-negotiation-ssl] +server = 73-version-negotiation-server +client = 73-version-negotiation-client + +[73-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[73-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-73] +ExpectedResult = ServerFail + + +# =========================================================== + +[74-version-negotiation] +ssl_conf = 74-version-negotiation-ssl + +[74-version-negotiation-ssl] +server = 74-version-negotiation-server +client = 74-version-negotiation-client + +[74-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[74-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-74] +ExpectedResult = ServerFail + + +# =========================================================== + +[75-version-negotiation] +ssl_conf = 75-version-negotiation-ssl + +[75-version-negotiation-ssl] +server = 75-version-negotiation-server +client = 75-version-negotiation-client + +[75-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[75-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-75] +ExpectedResult = ServerFail + + +# =========================================================== + +[76-version-negotiation] +ssl_conf = 76-version-negotiation-ssl + +[76-version-negotiation-ssl] +server = 76-version-negotiation-server +client = 76-version-negotiation-client + +[76-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[76-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-76] +ExpectedResult = ServerFail + + +# =========================================================== + +[77-version-negotiation] +ssl_conf = 77-version-negotiation-ssl + +[77-version-negotiation-ssl] +server = 77-version-negotiation-server +client = 77-version-negotiation-client + +[77-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[77-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-77] +ExpectedResult = ServerFail + + +# =========================================================== + +[78-version-negotiation] +ssl_conf = 78-version-negotiation-ssl + +[78-version-negotiation-ssl] +server = 78-version-negotiation-server +client = 78-version-negotiation-client + +[78-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[78-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-78] +ExpectedResult = ServerFail + + +# =========================================================== + +[79-version-negotiation] +ssl_conf = 79-version-negotiation-ssl + +[79-version-negotiation-ssl] +server = 79-version-negotiation-server +client = 79-version-negotiation-client + +[79-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[79-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-79] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[80-version-negotiation] +ssl_conf = 80-version-negotiation-ssl + +[80-version-negotiation-ssl] +server = 80-version-negotiation-server +client = 80-version-negotiation-client + +[80-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[80-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-80] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[81-version-negotiation] +ssl_conf = 81-version-negotiation-ssl + +[81-version-negotiation-ssl] +server = 81-version-negotiation-server +client = 81-version-negotiation-client + +[81-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[81-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-81] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[82-version-negotiation] +ssl_conf = 82-version-negotiation-ssl + +[82-version-negotiation-ssl] +server = 82-version-negotiation-server +client = 82-version-negotiation-client + +[82-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[82-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-82] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[83-version-negotiation] +ssl_conf = 83-version-negotiation-ssl + +[83-version-negotiation-ssl] +server = 83-version-negotiation-server +client = 83-version-negotiation-client + +[83-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[83-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-83] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[84-version-negotiation] +ssl_conf = 84-version-negotiation-ssl + +[84-version-negotiation-ssl] +server = 84-version-negotiation-server +client = 84-version-negotiation-client + +[84-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[84-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-84] +ExpectedResult = ServerFail + + +# =========================================================== + +[85-version-negotiation] +ssl_conf = 85-version-negotiation-ssl + +[85-version-negotiation-ssl] +server = 85-version-negotiation-server +client = 85-version-negotiation-client + +[85-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[85-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-85] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[86-version-negotiation] +ssl_conf = 86-version-negotiation-ssl + +[86-version-negotiation-ssl] +server = 86-version-negotiation-server +client = 86-version-negotiation-client + +[86-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[86-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-86] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[87-version-negotiation] +ssl_conf = 87-version-negotiation-ssl + +[87-version-negotiation-ssl] +server = 87-version-negotiation-server +client = 87-version-negotiation-client + +[87-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[87-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-87] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[88-version-negotiation] +ssl_conf = 88-version-negotiation-ssl + +[88-version-negotiation-ssl] +server = 88-version-negotiation-server +client = 88-version-negotiation-client + +[88-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[88-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-88] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[89-version-negotiation] +ssl_conf = 89-version-negotiation-ssl + +[89-version-negotiation-ssl] +server = 89-version-negotiation-server +client = 89-version-negotiation-client + +[89-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[89-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-89] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[90-version-negotiation] +ssl_conf = 90-version-negotiation-ssl + +[90-version-negotiation-ssl] +server = 90-version-negotiation-server +client = 90-version-negotiation-client + +[90-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[90-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-90] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[91-version-negotiation] +ssl_conf = 91-version-negotiation-ssl + +[91-version-negotiation-ssl] +server = 91-version-negotiation-server +client = 91-version-negotiation-client + +[91-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[91-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-91] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[92-version-negotiation] +ssl_conf = 92-version-negotiation-ssl + +[92-version-negotiation-ssl] +server = 92-version-negotiation-server +client = 92-version-negotiation-client + +[92-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[92-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-92] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[93-version-negotiation] +ssl_conf = 93-version-negotiation-ssl + +[93-version-negotiation-ssl] +server = 93-version-negotiation-server +client = 93-version-negotiation-client + +[93-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[93-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-93] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[94-version-negotiation] +ssl_conf = 94-version-negotiation-ssl + +[94-version-negotiation-ssl] +server = 94-version-negotiation-server +client = 94-version-negotiation-client + +[94-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[94-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-94] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[95-version-negotiation] +ssl_conf = 95-version-negotiation-ssl + +[95-version-negotiation-ssl] +server = 95-version-negotiation-server +client = 95-version-negotiation-client + +[95-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[95-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-95] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[96-version-negotiation] +ssl_conf = 96-version-negotiation-ssl + +[96-version-negotiation-ssl] +server = 96-version-negotiation-server +client = 96-version-negotiation-client + +[96-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[96-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-96] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[97-version-negotiation] +ssl_conf = 97-version-negotiation-ssl + +[97-version-negotiation-ssl] +server = 97-version-negotiation-server +client = 97-version-negotiation-client + +[97-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[97-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-97] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[98-version-negotiation] +ssl_conf = 98-version-negotiation-ssl + +[98-version-negotiation-ssl] +server = 98-version-negotiation-server +client = 98-version-negotiation-client + +[98-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[98-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-98] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[99-version-negotiation] +ssl_conf = 99-version-negotiation-ssl + +[99-version-negotiation-ssl] +server = 99-version-negotiation-server +client = 99-version-negotiation-client + +[99-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[99-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-99] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[100-version-negotiation] +ssl_conf = 100-version-negotiation-ssl + +[100-version-negotiation-ssl] +server = 100-version-negotiation-server +client = 100-version-negotiation-client + +[100-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[100-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-100] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[101-version-negotiation] +ssl_conf = 101-version-negotiation-ssl + +[101-version-negotiation-ssl] +server = 101-version-negotiation-server +client = 101-version-negotiation-client + +[101-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[101-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-101] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[102-version-negotiation] +ssl_conf = 102-version-negotiation-ssl + +[102-version-negotiation-ssl] +server = 102-version-negotiation-server +client = 102-version-negotiation-client + +[102-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[102-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-102] +ExpectedResult = ServerFail + + +# =========================================================== + +[103-version-negotiation] +ssl_conf = 103-version-negotiation-ssl + +[103-version-negotiation-ssl] +server = 103-version-negotiation-server +client = 103-version-negotiation-client + +[103-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[103-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-103] +ExpectedResult = ServerFail + + +# =========================================================== + +[104-version-negotiation] +ssl_conf = 104-version-negotiation-ssl + +[104-version-negotiation-ssl] +server = 104-version-negotiation-server +client = 104-version-negotiation-client + +[104-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[104-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-104] +ExpectedResult = ServerFail + + +# =========================================================== + +[105-version-negotiation] +ssl_conf = 105-version-negotiation-ssl + +[105-version-negotiation-ssl] +server = 105-version-negotiation-server +client = 105-version-negotiation-client + +[105-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[105-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-105] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[106-version-negotiation] +ssl_conf = 106-version-negotiation-ssl + +[106-version-negotiation-ssl] +server = 106-version-negotiation-server +client = 106-version-negotiation-client + +[106-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[106-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-106] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[107-version-negotiation] +ssl_conf = 107-version-negotiation-ssl + +[107-version-negotiation-ssl] +server = 107-version-negotiation-server +client = 107-version-negotiation-client + +[107-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[107-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-107] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[108-version-negotiation] +ssl_conf = 108-version-negotiation-ssl + +[108-version-negotiation-ssl] +server = 108-version-negotiation-server +client = 108-version-negotiation-client + +[108-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[108-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-108] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[109-version-negotiation] +ssl_conf = 109-version-negotiation-ssl + +[109-version-negotiation-ssl] +server = 109-version-negotiation-server +client = 109-version-negotiation-client + +[109-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[109-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-109] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[110-version-negotiation] +ssl_conf = 110-version-negotiation-ssl + +[110-version-negotiation-ssl] +server = 110-version-negotiation-server +client = 110-version-negotiation-client + +[110-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[110-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-110] +ExpectedResult = ServerFail + + +# =========================================================== + +[111-version-negotiation] +ssl_conf = 111-version-negotiation-ssl + +[111-version-negotiation-ssl] +server = 111-version-negotiation-server +client = 111-version-negotiation-client + +[111-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[111-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-111] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[112-version-negotiation] +ssl_conf = 112-version-negotiation-ssl + +[112-version-negotiation-ssl] +server = 112-version-negotiation-server +client = 112-version-negotiation-client + +[112-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[112-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-112] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[113-version-negotiation] +ssl_conf = 113-version-negotiation-ssl + +[113-version-negotiation-ssl] +server = 113-version-negotiation-server +client = 113-version-negotiation-client + +[113-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[113-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-113] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[114-version-negotiation] +ssl_conf = 114-version-negotiation-ssl + +[114-version-negotiation-ssl] +server = 114-version-negotiation-server +client = 114-version-negotiation-client + +[114-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[114-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-114] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[115-version-negotiation] +ssl_conf = 115-version-negotiation-ssl + +[115-version-negotiation-ssl] +server = 115-version-negotiation-server +client = 115-version-negotiation-client + +[115-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[115-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-115] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[116-version-negotiation] +ssl_conf = 116-version-negotiation-ssl + +[116-version-negotiation-ssl] +server = 116-version-negotiation-server +client = 116-version-negotiation-client + +[116-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[116-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-116] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[117-version-negotiation] +ssl_conf = 117-version-negotiation-ssl + +[117-version-negotiation-ssl] +server = 117-version-negotiation-server +client = 117-version-negotiation-client + +[117-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[117-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-117] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[118-version-negotiation] +ssl_conf = 118-version-negotiation-ssl + +[118-version-negotiation-ssl] +server = 118-version-negotiation-server +client = 118-version-negotiation-client + +[118-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[118-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-118] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[119-version-negotiation] +ssl_conf = 119-version-negotiation-ssl + +[119-version-negotiation-ssl] +server = 119-version-negotiation-server +client = 119-version-negotiation-client + +[119-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[119-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-119] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[120-version-negotiation] +ssl_conf = 120-version-negotiation-ssl + +[120-version-negotiation-ssl] +server = 120-version-negotiation-server +client = 120-version-negotiation-client + +[120-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[120-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-120] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[121-version-negotiation] +ssl_conf = 121-version-negotiation-ssl + +[121-version-negotiation-ssl] +server = 121-version-negotiation-server +client = 121-version-negotiation-client + +[121-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[121-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-121] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[122-version-negotiation] +ssl_conf = 122-version-negotiation-ssl + +[122-version-negotiation-ssl] +server = 122-version-negotiation-server +client = 122-version-negotiation-client + +[122-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[122-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-122] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[123-version-negotiation] +ssl_conf = 123-version-negotiation-ssl + +[123-version-negotiation-ssl] +server = 123-version-negotiation-server +client = 123-version-negotiation-client + +[123-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[123-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-123] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[124-version-negotiation] +ssl_conf = 124-version-negotiation-ssl + +[124-version-negotiation-ssl] +server = 124-version-negotiation-server +client = 124-version-negotiation-client + +[124-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[124-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-124] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[125-version-negotiation] +ssl_conf = 125-version-negotiation-ssl + +[125-version-negotiation-ssl] +server = 125-version-negotiation-server +client = 125-version-negotiation-client + +[125-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[125-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-125] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[126-version-negotiation] +ssl_conf = 126-version-negotiation-ssl + +[126-version-negotiation-ssl] +server = 126-version-negotiation-server +client = 126-version-negotiation-client + +[126-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[126-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-126] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[127-version-negotiation] +ssl_conf = 127-version-negotiation-ssl + +[127-version-negotiation-ssl] +server = 127-version-negotiation-server +client = 127-version-negotiation-client + +[127-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[127-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-127] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[128-version-negotiation] +ssl_conf = 128-version-negotiation-ssl + +[128-version-negotiation-ssl] +server = 128-version-negotiation-server +client = 128-version-negotiation-client + +[128-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[128-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-128] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[129-version-negotiation] +ssl_conf = 129-version-negotiation-ssl + +[129-version-negotiation-ssl] +server = 129-version-negotiation-server +client = 129-version-negotiation-client + +[129-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[129-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-129] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[130-version-negotiation] +ssl_conf = 130-version-negotiation-ssl + +[130-version-negotiation-ssl] +server = 130-version-negotiation-server +client = 130-version-negotiation-client + +[130-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[130-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-130] +ExpectedResult = ServerFail + + +# =========================================================== + +[131-version-negotiation] +ssl_conf = 131-version-negotiation-ssl + +[131-version-negotiation-ssl] +server = 131-version-negotiation-server +client = 131-version-negotiation-client + +[131-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[131-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-131] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[132-version-negotiation] +ssl_conf = 132-version-negotiation-ssl + +[132-version-negotiation-ssl] +server = 132-version-negotiation-server +client = 132-version-negotiation-client + +[132-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[132-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-132] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[133-version-negotiation] +ssl_conf = 133-version-negotiation-ssl + +[133-version-negotiation-ssl] +server = 133-version-negotiation-server +client = 133-version-negotiation-client + +[133-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[133-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-133] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[134-version-negotiation] +ssl_conf = 134-version-negotiation-ssl + +[134-version-negotiation-ssl] +server = 134-version-negotiation-server +client = 134-version-negotiation-client + +[134-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[134-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-134] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[135-version-negotiation] +ssl_conf = 135-version-negotiation-ssl + +[135-version-negotiation-ssl] +server = 135-version-negotiation-server +client = 135-version-negotiation-client + +[135-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[135-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-135] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[136-version-negotiation] +ssl_conf = 136-version-negotiation-ssl + +[136-version-negotiation-ssl] +server = 136-version-negotiation-server +client = 136-version-negotiation-client + +[136-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[136-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-136] +ExpectedResult = ServerFail + + +# =========================================================== + +[137-version-negotiation] +ssl_conf = 137-version-negotiation-ssl + +[137-version-negotiation-ssl] +server = 137-version-negotiation-server +client = 137-version-negotiation-client + +[137-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[137-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-137] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[138-version-negotiation] +ssl_conf = 138-version-negotiation-ssl + +[138-version-negotiation-ssl] +server = 138-version-negotiation-server +client = 138-version-negotiation-client + +[138-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[138-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-138] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[139-version-negotiation] +ssl_conf = 139-version-negotiation-ssl + +[139-version-negotiation-ssl] +server = 139-version-negotiation-server +client = 139-version-negotiation-client + +[139-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[139-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-139] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[140-version-negotiation] +ssl_conf = 140-version-negotiation-ssl + +[140-version-negotiation-ssl] +server = 140-version-negotiation-server +client = 140-version-negotiation-client + +[140-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[140-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-140] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[141-version-negotiation] +ssl_conf = 141-version-negotiation-ssl + +[141-version-negotiation-ssl] +server = 141-version-negotiation-server +client = 141-version-negotiation-client + +[141-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[141-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-141] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[142-version-negotiation] +ssl_conf = 142-version-negotiation-ssl + +[142-version-negotiation-ssl] +server = 142-version-negotiation-server +client = 142-version-negotiation-client + +[142-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[142-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-142] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[143-version-negotiation] +ssl_conf = 143-version-negotiation-ssl + +[143-version-negotiation-ssl] +server = 143-version-negotiation-server +client = 143-version-negotiation-client + +[143-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[143-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-143] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[144-version-negotiation] +ssl_conf = 144-version-negotiation-ssl + +[144-version-negotiation-ssl] +server = 144-version-negotiation-server +client = 144-version-negotiation-client + +[144-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[144-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-144] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[145-version-negotiation] +ssl_conf = 145-version-negotiation-ssl + +[145-version-negotiation-ssl] +server = 145-version-negotiation-server +client = 145-version-negotiation-client + +[145-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[145-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-145] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[146-version-negotiation] +ssl_conf = 146-version-negotiation-ssl + +[146-version-negotiation-ssl] +server = 146-version-negotiation-server +client = 146-version-negotiation-client + +[146-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[146-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-146] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[147-version-negotiation] +ssl_conf = 147-version-negotiation-ssl + +[147-version-negotiation-ssl] +server = 147-version-negotiation-server +client = 147-version-negotiation-client + +[147-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[147-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-147] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[148-version-negotiation] +ssl_conf = 148-version-negotiation-ssl + +[148-version-negotiation-ssl] +server = 148-version-negotiation-server +client = 148-version-negotiation-client + +[148-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[148-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-148] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[149-version-negotiation] +ssl_conf = 149-version-negotiation-ssl + +[149-version-negotiation-ssl] +server = 149-version-negotiation-server +client = 149-version-negotiation-client + +[149-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[149-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-149] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[150-version-negotiation] +ssl_conf = 150-version-negotiation-ssl + +[150-version-negotiation-ssl] +server = 150-version-negotiation-server +client = 150-version-negotiation-client + +[150-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[150-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-150] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[151-version-negotiation] +ssl_conf = 151-version-negotiation-ssl + +[151-version-negotiation-ssl] +server = 151-version-negotiation-server +client = 151-version-negotiation-client + +[151-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[151-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-151] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[152-version-negotiation] +ssl_conf = 152-version-negotiation-ssl + +[152-version-negotiation-ssl] +server = 152-version-negotiation-server +client = 152-version-negotiation-client + +[152-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[152-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-152] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[153-version-negotiation] +ssl_conf = 153-version-negotiation-ssl + +[153-version-negotiation-ssl] +server = 153-version-negotiation-server +client = 153-version-negotiation-client + +[153-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[153-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-153] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[154-version-negotiation] +ssl_conf = 154-version-negotiation-ssl + +[154-version-negotiation-ssl] +server = 154-version-negotiation-server +client = 154-version-negotiation-client + +[154-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[154-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-154] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[155-version-negotiation] +ssl_conf = 155-version-negotiation-ssl + +[155-version-negotiation-ssl] +server = 155-version-negotiation-server +client = 155-version-negotiation-client + +[155-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[155-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-155] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[156-version-negotiation] +ssl_conf = 156-version-negotiation-ssl + +[156-version-negotiation-ssl] +server = 156-version-negotiation-server +client = 156-version-negotiation-client + +[156-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[156-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-156] +ExpectedResult = ClientFail + + +# =========================================================== + +[157-version-negotiation] +ssl_conf = 157-version-negotiation-ssl + +[157-version-negotiation-ssl] +server = 157-version-negotiation-server +client = 157-version-negotiation-client + +[157-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[157-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-157] +ExpectedResult = ClientFail + + +# =========================================================== + +[158-version-negotiation] +ssl_conf = 158-version-negotiation-ssl + +[158-version-negotiation-ssl] +server = 158-version-negotiation-server +client = 158-version-negotiation-client + +[158-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[158-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-158] +ExpectedResult = ClientFail + + +# =========================================================== + +[159-version-negotiation] +ssl_conf = 159-version-negotiation-ssl + +[159-version-negotiation-ssl] +server = 159-version-negotiation-server +client = 159-version-negotiation-client + +[159-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[159-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-159] +ExpectedResult = ClientFail + + +# =========================================================== + +[160-version-negotiation] +ssl_conf = 160-version-negotiation-ssl + +[160-version-negotiation-ssl] +server = 160-version-negotiation-server +client = 160-version-negotiation-client + +[160-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[160-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-160] +ExpectedResult = ClientFail + + +# =========================================================== + +[161-version-negotiation] +ssl_conf = 161-version-negotiation-ssl + +[161-version-negotiation-ssl] +server = 161-version-negotiation-server +client = 161-version-negotiation-client + +[161-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[161-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-161] +ExpectedResult = ClientFail + + +# =========================================================== + +[162-version-negotiation] +ssl_conf = 162-version-negotiation-ssl + +[162-version-negotiation-ssl] +server = 162-version-negotiation-server +client = 162-version-negotiation-client + +[162-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[162-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-162] +ExpectedResult = ClientFail + + +# =========================================================== + +[163-version-negotiation] +ssl_conf = 163-version-negotiation-ssl + +[163-version-negotiation-ssl] +server = 163-version-negotiation-server +client = 163-version-negotiation-client + +[163-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[163-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-163] +ExpectedResult = ClientFail + + +# =========================================================== + +[164-version-negotiation] +ssl_conf = 164-version-negotiation-ssl + +[164-version-negotiation-ssl] +server = 164-version-negotiation-server +client = 164-version-negotiation-client + +[164-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[164-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-164] +ExpectedResult = ClientFail + + +# =========================================================== + +[165-version-negotiation] +ssl_conf = 165-version-negotiation-ssl + +[165-version-negotiation-ssl] +server = 165-version-negotiation-server +client = 165-version-negotiation-client + +[165-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[165-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-165] +ExpectedResult = ClientFail + + +# =========================================================== + +[166-version-negotiation] +ssl_conf = 166-version-negotiation-ssl + +[166-version-negotiation-ssl] +server = 166-version-negotiation-server +client = 166-version-negotiation-client + +[166-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[166-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-166] +ExpectedResult = ClientFail + + +# =========================================================== + +[167-version-negotiation] +ssl_conf = 167-version-negotiation-ssl + +[167-version-negotiation-ssl] +server = 167-version-negotiation-server +client = 167-version-negotiation-client + +[167-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[167-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-167] +ExpectedResult = ClientFail + + +# =========================================================== + +[168-version-negotiation] +ssl_conf = 168-version-negotiation-ssl + +[168-version-negotiation-ssl] +server = 168-version-negotiation-server +client = 168-version-negotiation-client + +[168-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[168-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-168] +ExpectedResult = ClientFail + + +# =========================================================== + +[169-version-negotiation] +ssl_conf = 169-version-negotiation-ssl + +[169-version-negotiation-ssl] +server = 169-version-negotiation-server +client = 169-version-negotiation-client + +[169-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[169-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-169] +ExpectedResult = ClientFail + + +# =========================================================== + +[170-version-negotiation] +ssl_conf = 170-version-negotiation-ssl + +[170-version-negotiation-ssl] +server = 170-version-negotiation-server +client = 170-version-negotiation-client + +[170-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[170-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-170] +ExpectedResult = ClientFail + + +# =========================================================== + +[171-version-negotiation] +ssl_conf = 171-version-negotiation-ssl + +[171-version-negotiation-ssl] +server = 171-version-negotiation-server +client = 171-version-negotiation-client + +[171-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[171-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-171] +ExpectedResult = ClientFail + + +# =========================================================== + +[172-version-negotiation] +ssl_conf = 172-version-negotiation-ssl + +[172-version-negotiation-ssl] +server = 172-version-negotiation-server +client = 172-version-negotiation-client + +[172-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[172-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-172] +ExpectedResult = ClientFail + + +# =========================================================== + +[173-version-negotiation] +ssl_conf = 173-version-negotiation-ssl + +[173-version-negotiation-ssl] +server = 173-version-negotiation-server +client = 173-version-negotiation-client + +[173-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[173-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-173] +ExpectedResult = ClientFail + + +# =========================================================== + +[174-version-negotiation] +ssl_conf = 174-version-negotiation-ssl + +[174-version-negotiation-ssl] +server = 174-version-negotiation-server +client = 174-version-negotiation-client + +[174-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[174-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-174] +ExpectedResult = ClientFail + + +# =========================================================== + +[175-version-negotiation] +ssl_conf = 175-version-negotiation-ssl + +[175-version-negotiation-ssl] +server = 175-version-negotiation-server +client = 175-version-negotiation-client + +[175-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[175-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-175] +ExpectedResult = ClientFail + + +# =========================================================== + +[176-version-negotiation] +ssl_conf = 176-version-negotiation-ssl + +[176-version-negotiation-ssl] +server = 176-version-negotiation-server +client = 176-version-negotiation-client + +[176-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[176-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-176] +ExpectedResult = ClientFail + + +# =========================================================== + +[177-version-negotiation] +ssl_conf = 177-version-negotiation-ssl + +[177-version-negotiation-ssl] +server = 177-version-negotiation-server +client = 177-version-negotiation-client + +[177-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[177-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-177] +ExpectedResult = ClientFail + + +# =========================================================== + +[178-version-negotiation] +ssl_conf = 178-version-negotiation-ssl + +[178-version-negotiation-ssl] +server = 178-version-negotiation-server +client = 178-version-negotiation-client + +[178-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[178-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-178] +ExpectedResult = ClientFail + + +# =========================================================== + +[179-version-negotiation] +ssl_conf = 179-version-negotiation-ssl + +[179-version-negotiation-ssl] +server = 179-version-negotiation-server +client = 179-version-negotiation-client + +[179-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[179-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-179] +ExpectedResult = ClientFail + + +# =========================================================== + +[180-version-negotiation] +ssl_conf = 180-version-negotiation-ssl + +[180-version-negotiation-ssl] +server = 180-version-negotiation-server +client = 180-version-negotiation-client + +[180-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[180-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-180] +ExpectedResult = ClientFail + + +# =========================================================== + +[181-version-negotiation] +ssl_conf = 181-version-negotiation-ssl + +[181-version-negotiation-ssl] +server = 181-version-negotiation-server +client = 181-version-negotiation-client + +[181-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[181-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-181] +ExpectedResult = ClientFail + + +# =========================================================== + +[182-version-negotiation] +ssl_conf = 182-version-negotiation-ssl + +[182-version-negotiation-ssl] +server = 182-version-negotiation-server +client = 182-version-negotiation-client + +[182-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[182-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-182] +ExpectedResult = ServerFail + + +# =========================================================== + +[183-version-negotiation] +ssl_conf = 183-version-negotiation-ssl + +[183-version-negotiation-ssl] +server = 183-version-negotiation-server +client = 183-version-negotiation-client + +[183-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[183-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-183] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[184-version-negotiation] +ssl_conf = 184-version-negotiation-ssl + +[184-version-negotiation-ssl] +server = 184-version-negotiation-server +client = 184-version-negotiation-client + +[184-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[184-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-184] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[185-version-negotiation] +ssl_conf = 185-version-negotiation-ssl + +[185-version-negotiation-ssl] +server = 185-version-negotiation-server +client = 185-version-negotiation-client + +[185-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[185-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-185] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[186-version-negotiation] +ssl_conf = 186-version-negotiation-ssl + +[186-version-negotiation-ssl] +server = 186-version-negotiation-server +client = 186-version-negotiation-client + +[186-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[186-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-186] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[187-version-negotiation] +ssl_conf = 187-version-negotiation-ssl + +[187-version-negotiation-ssl] +server = 187-version-negotiation-server +client = 187-version-negotiation-client + +[187-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[187-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-187] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[188-version-negotiation] +ssl_conf = 188-version-negotiation-ssl + +[188-version-negotiation-ssl] +server = 188-version-negotiation-server +client = 188-version-negotiation-client + +[188-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[188-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-188] +ExpectedResult = ServerFail + + +# =========================================================== + +[189-version-negotiation] +ssl_conf = 189-version-negotiation-ssl + +[189-version-negotiation-ssl] +server = 189-version-negotiation-server +client = 189-version-negotiation-client + +[189-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[189-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-189] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[190-version-negotiation] +ssl_conf = 190-version-negotiation-ssl + +[190-version-negotiation-ssl] +server = 190-version-negotiation-server +client = 190-version-negotiation-client + +[190-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[190-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-190] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[191-version-negotiation] +ssl_conf = 191-version-negotiation-ssl + +[191-version-negotiation-ssl] +server = 191-version-negotiation-server +client = 191-version-negotiation-client + +[191-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[191-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-191] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[192-version-negotiation] +ssl_conf = 192-version-negotiation-ssl + +[192-version-negotiation-ssl] +server = 192-version-negotiation-server +client = 192-version-negotiation-client + +[192-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[192-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-192] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[193-version-negotiation] +ssl_conf = 193-version-negotiation-ssl + +[193-version-negotiation-ssl] +server = 193-version-negotiation-server +client = 193-version-negotiation-client + +[193-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[193-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-193] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[194-version-negotiation] +ssl_conf = 194-version-negotiation-ssl + +[194-version-negotiation-ssl] +server = 194-version-negotiation-server +client = 194-version-negotiation-client + +[194-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[194-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-194] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[195-version-negotiation] +ssl_conf = 195-version-negotiation-ssl + +[195-version-negotiation-ssl] +server = 195-version-negotiation-server +client = 195-version-negotiation-client + +[195-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[195-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-195] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[196-version-negotiation] +ssl_conf = 196-version-negotiation-ssl + +[196-version-negotiation-ssl] +server = 196-version-negotiation-server +client = 196-version-negotiation-client + +[196-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[196-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-196] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[197-version-negotiation] +ssl_conf = 197-version-negotiation-ssl + +[197-version-negotiation-ssl] +server = 197-version-negotiation-server +client = 197-version-negotiation-client + +[197-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[197-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-197] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[198-version-negotiation] +ssl_conf = 198-version-negotiation-ssl + +[198-version-negotiation-ssl] +server = 198-version-negotiation-server +client = 198-version-negotiation-client + +[198-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[198-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-198] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[199-version-negotiation] +ssl_conf = 199-version-negotiation-ssl + +[199-version-negotiation-ssl] +server = 199-version-negotiation-server +client = 199-version-negotiation-client + +[199-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[199-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-199] +ExpectedResult = ServerFail + + +# =========================================================== + +[200-version-negotiation] +ssl_conf = 200-version-negotiation-ssl + +[200-version-negotiation-ssl] +server = 200-version-negotiation-server +client = 200-version-negotiation-client + +[200-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[200-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-200] +ExpectedResult = ServerFail + + +# =========================================================== + +[201-version-negotiation] +ssl_conf = 201-version-negotiation-ssl + +[201-version-negotiation-ssl] +server = 201-version-negotiation-server +client = 201-version-negotiation-client + +[201-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[201-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-201] +ExpectedResult = ServerFail + + +# =========================================================== + +[202-version-negotiation] +ssl_conf = 202-version-negotiation-ssl + +[202-version-negotiation-ssl] +server = 202-version-negotiation-server +client = 202-version-negotiation-client + +[202-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[202-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-202] +ExpectedResult = ServerFail + + +# =========================================================== + +[203-version-negotiation] +ssl_conf = 203-version-negotiation-ssl + +[203-version-negotiation-ssl] +server = 203-version-negotiation-server +client = 203-version-negotiation-client + +[203-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[203-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-203] +ExpectedResult = ServerFail + + +# =========================================================== + +[204-version-negotiation] +ssl_conf = 204-version-negotiation-ssl + +[204-version-negotiation-ssl] +server = 204-version-negotiation-server +client = 204-version-negotiation-client + +[204-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[204-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-204] +ExpectedResult = ServerFail + + +# =========================================================== + +[205-version-negotiation] +ssl_conf = 205-version-negotiation-ssl + +[205-version-negotiation-ssl] +server = 205-version-negotiation-server +client = 205-version-negotiation-client + +[205-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[205-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-205] +ExpectedResult = ServerFail + + +# =========================================================== + +[206-version-negotiation] +ssl_conf = 206-version-negotiation-ssl + +[206-version-negotiation-ssl] +server = 206-version-negotiation-server +client = 206-version-negotiation-client + +[206-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[206-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-206] +ExpectedResult = ServerFail + + +# =========================================================== + +[207-version-negotiation] +ssl_conf = 207-version-negotiation-ssl + +[207-version-negotiation-ssl] +server = 207-version-negotiation-server +client = 207-version-negotiation-client + +[207-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[207-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-207] +ExpectedResult = ServerFail + + +# =========================================================== + +[208-version-negotiation] +ssl_conf = 208-version-negotiation-ssl + +[208-version-negotiation-ssl] +server = 208-version-negotiation-server +client = 208-version-negotiation-client + +[208-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[208-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-208] +ExpectedResult = ServerFail + + +# =========================================================== + +[209-version-negotiation] +ssl_conf = 209-version-negotiation-ssl + +[209-version-negotiation-ssl] +server = 209-version-negotiation-server +client = 209-version-negotiation-client + +[209-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[209-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-209] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[210-version-negotiation] +ssl_conf = 210-version-negotiation-ssl + +[210-version-negotiation-ssl] +server = 210-version-negotiation-server +client = 210-version-negotiation-client + +[210-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[210-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-210] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[211-version-negotiation] +ssl_conf = 211-version-negotiation-ssl + +[211-version-negotiation-ssl] +server = 211-version-negotiation-server +client = 211-version-negotiation-client + +[211-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[211-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-211] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[212-version-negotiation] +ssl_conf = 212-version-negotiation-ssl + +[212-version-negotiation-ssl] +server = 212-version-negotiation-server +client = 212-version-negotiation-client + +[212-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[212-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-212] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[213-version-negotiation] +ssl_conf = 213-version-negotiation-ssl + +[213-version-negotiation-ssl] +server = 213-version-negotiation-server +client = 213-version-negotiation-client + +[213-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[213-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-213] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[214-version-negotiation] +ssl_conf = 214-version-negotiation-ssl + +[214-version-negotiation-ssl] +server = 214-version-negotiation-server +client = 214-version-negotiation-client + +[214-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[214-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-214] +ExpectedResult = ServerFail + + +# =========================================================== + +[215-version-negotiation] +ssl_conf = 215-version-negotiation-ssl + +[215-version-negotiation-ssl] +server = 215-version-negotiation-server +client = 215-version-negotiation-client + +[215-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[215-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-215] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[216-version-negotiation] +ssl_conf = 216-version-negotiation-ssl + +[216-version-negotiation-ssl] +server = 216-version-negotiation-server +client = 216-version-negotiation-client + +[216-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[216-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-216] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[217-version-negotiation] +ssl_conf = 217-version-negotiation-ssl + +[217-version-negotiation-ssl] +server = 217-version-negotiation-server +client = 217-version-negotiation-client + +[217-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[217-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-217] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[218-version-negotiation] +ssl_conf = 218-version-negotiation-ssl + +[218-version-negotiation-ssl] +server = 218-version-negotiation-server +client = 218-version-negotiation-client + +[218-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[218-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-218] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[219-version-negotiation] +ssl_conf = 219-version-negotiation-ssl + +[219-version-negotiation-ssl] +server = 219-version-negotiation-server +client = 219-version-negotiation-client + +[219-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[219-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-219] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[220-version-negotiation] +ssl_conf = 220-version-negotiation-ssl + +[220-version-negotiation-ssl] +server = 220-version-negotiation-server +client = 220-version-negotiation-client + +[220-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[220-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-220] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[221-version-negotiation] +ssl_conf = 221-version-negotiation-ssl + +[221-version-negotiation-ssl] +server = 221-version-negotiation-server +client = 221-version-negotiation-client + +[221-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[221-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-221] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[222-version-negotiation] +ssl_conf = 222-version-negotiation-ssl + +[222-version-negotiation-ssl] +server = 222-version-negotiation-server +client = 222-version-negotiation-client + +[222-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[222-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-222] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[223-version-negotiation] +ssl_conf = 223-version-negotiation-ssl + +[223-version-negotiation-ssl] +server = 223-version-negotiation-server +client = 223-version-negotiation-client + +[223-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[223-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-223] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[224-version-negotiation] +ssl_conf = 224-version-negotiation-ssl + +[224-version-negotiation-ssl] +server = 224-version-negotiation-server +client = 224-version-negotiation-client + +[224-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[224-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-224] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[225-version-negotiation] +ssl_conf = 225-version-negotiation-ssl + +[225-version-negotiation-ssl] +server = 225-version-negotiation-server +client = 225-version-negotiation-client + +[225-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[225-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-225] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[226-version-negotiation] +ssl_conf = 226-version-negotiation-ssl + +[226-version-negotiation-ssl] +server = 226-version-negotiation-server +client = 226-version-negotiation-client + +[226-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[226-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-226] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[227-version-negotiation] +ssl_conf = 227-version-negotiation-ssl + +[227-version-negotiation-ssl] +server = 227-version-negotiation-server +client = 227-version-negotiation-client + +[227-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[227-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-227] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[228-version-negotiation] +ssl_conf = 228-version-negotiation-ssl + +[228-version-negotiation-ssl] +server = 228-version-negotiation-server +client = 228-version-negotiation-client + +[228-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[228-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-228] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[229-version-negotiation] +ssl_conf = 229-version-negotiation-ssl + +[229-version-negotiation-ssl] +server = 229-version-negotiation-server +client = 229-version-negotiation-client + +[229-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[229-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-229] +ExpectedResult = ServerFail + + +# =========================================================== + +[230-version-negotiation] +ssl_conf = 230-version-negotiation-ssl + +[230-version-negotiation-ssl] +server = 230-version-negotiation-server +client = 230-version-negotiation-client + +[230-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[230-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-230] +ExpectedResult = ServerFail + + +# =========================================================== + +[231-version-negotiation] +ssl_conf = 231-version-negotiation-ssl + +[231-version-negotiation-ssl] +server = 231-version-negotiation-server +client = 231-version-negotiation-client + +[231-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[231-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-231] +ExpectedResult = ServerFail + + +# =========================================================== + +[232-version-negotiation] +ssl_conf = 232-version-negotiation-ssl + +[232-version-negotiation-ssl] +server = 232-version-negotiation-server +client = 232-version-negotiation-client + +[232-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[232-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-232] +ExpectedResult = ServerFail + + +# =========================================================== + +[233-version-negotiation] +ssl_conf = 233-version-negotiation-ssl + +[233-version-negotiation-ssl] +server = 233-version-negotiation-server +client = 233-version-negotiation-client + +[233-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[233-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-233] +ExpectedResult = ServerFail + + +# =========================================================== + +[234-version-negotiation] +ssl_conf = 234-version-negotiation-ssl + +[234-version-negotiation-ssl] +server = 234-version-negotiation-server +client = 234-version-negotiation-client + +[234-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[234-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-234] +ExpectedResult = ServerFail + + +# =========================================================== + +[235-version-negotiation] +ssl_conf = 235-version-negotiation-ssl + +[235-version-negotiation-ssl] +server = 235-version-negotiation-server +client = 235-version-negotiation-client + +[235-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[235-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-235] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[236-version-negotiation] +ssl_conf = 236-version-negotiation-ssl + +[236-version-negotiation-ssl] +server = 236-version-negotiation-server +client = 236-version-negotiation-client + +[236-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[236-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-236] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[237-version-negotiation] +ssl_conf = 237-version-negotiation-ssl + +[237-version-negotiation-ssl] +server = 237-version-negotiation-server +client = 237-version-negotiation-client + +[237-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[237-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-237] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[238-version-negotiation] +ssl_conf = 238-version-negotiation-ssl + +[238-version-negotiation-ssl] +server = 238-version-negotiation-server +client = 238-version-negotiation-client + +[238-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[238-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-238] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[239-version-negotiation] +ssl_conf = 239-version-negotiation-ssl + +[239-version-negotiation-ssl] +server = 239-version-negotiation-server +client = 239-version-negotiation-client + +[239-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[239-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-239] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[240-version-negotiation] +ssl_conf = 240-version-negotiation-ssl + +[240-version-negotiation-ssl] +server = 240-version-negotiation-server +client = 240-version-negotiation-client + +[240-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[240-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-240] +ExpectedResult = ServerFail + + +# =========================================================== + +[241-version-negotiation] +ssl_conf = 241-version-negotiation-ssl + +[241-version-negotiation-ssl] +server = 241-version-negotiation-server +client = 241-version-negotiation-client + +[241-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[241-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-241] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[242-version-negotiation] +ssl_conf = 242-version-negotiation-ssl + +[242-version-negotiation-ssl] +server = 242-version-negotiation-server +client = 242-version-negotiation-client + +[242-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[242-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-242] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[243-version-negotiation] +ssl_conf = 243-version-negotiation-ssl + +[243-version-negotiation-ssl] +server = 243-version-negotiation-server +client = 243-version-negotiation-client + +[243-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[243-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-243] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[244-version-negotiation] +ssl_conf = 244-version-negotiation-ssl + +[244-version-negotiation-ssl] +server = 244-version-negotiation-server +client = 244-version-negotiation-client + +[244-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[244-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-244] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[245-version-negotiation] +ssl_conf = 245-version-negotiation-ssl + +[245-version-negotiation-ssl] +server = 245-version-negotiation-server +client = 245-version-negotiation-client + +[245-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[245-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-245] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[246-version-negotiation] +ssl_conf = 246-version-negotiation-ssl + +[246-version-negotiation-ssl] +server = 246-version-negotiation-server +client = 246-version-negotiation-client + +[246-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[246-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-246] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[247-version-negotiation] +ssl_conf = 247-version-negotiation-ssl + +[247-version-negotiation-ssl] +server = 247-version-negotiation-server +client = 247-version-negotiation-client + +[247-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[247-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-247] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[248-version-negotiation] +ssl_conf = 248-version-negotiation-ssl + +[248-version-negotiation-ssl] +server = 248-version-negotiation-server +client = 248-version-negotiation-client + +[248-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[248-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-248] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[249-version-negotiation] +ssl_conf = 249-version-negotiation-ssl + +[249-version-negotiation-ssl] +server = 249-version-negotiation-server +client = 249-version-negotiation-client + +[249-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[249-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-249] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[250-version-negotiation] +ssl_conf = 250-version-negotiation-ssl + +[250-version-negotiation-ssl] +server = 250-version-negotiation-server +client = 250-version-negotiation-client + +[250-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[250-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-250] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[251-version-negotiation] +ssl_conf = 251-version-negotiation-ssl + +[251-version-negotiation-ssl] +server = 251-version-negotiation-server +client = 251-version-negotiation-client + +[251-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[251-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-251] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[252-version-negotiation] +ssl_conf = 252-version-negotiation-ssl + +[252-version-negotiation-ssl] +server = 252-version-negotiation-server +client = 252-version-negotiation-client + +[252-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[252-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-252] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[253-version-negotiation] +ssl_conf = 253-version-negotiation-ssl + +[253-version-negotiation-ssl] +server = 253-version-negotiation-server +client = 253-version-negotiation-client + +[253-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[253-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-253] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[254-version-negotiation] +ssl_conf = 254-version-negotiation-ssl + +[254-version-negotiation-ssl] +server = 254-version-negotiation-server +client = 254-version-negotiation-client + +[254-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[254-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-254] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[255-version-negotiation] +ssl_conf = 255-version-negotiation-ssl + +[255-version-negotiation-ssl] +server = 255-version-negotiation-server +client = 255-version-negotiation-client + +[255-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[255-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-255] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[256-version-negotiation] +ssl_conf = 256-version-negotiation-ssl + +[256-version-negotiation-ssl] +server = 256-version-negotiation-server +client = 256-version-negotiation-client + +[256-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[256-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-256] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[257-version-negotiation] +ssl_conf = 257-version-negotiation-ssl + +[257-version-negotiation-ssl] +server = 257-version-negotiation-server +client = 257-version-negotiation-client + +[257-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[257-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-257] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[258-version-negotiation] +ssl_conf = 258-version-negotiation-ssl + +[258-version-negotiation-ssl] +server = 258-version-negotiation-server +client = 258-version-negotiation-client + +[258-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[258-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-258] +ExpectedResult = ServerFail + + +# =========================================================== + +[259-version-negotiation] +ssl_conf = 259-version-negotiation-ssl + +[259-version-negotiation-ssl] +server = 259-version-negotiation-server +client = 259-version-negotiation-client + +[259-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[259-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-259] +ExpectedResult = ServerFail + + +# =========================================================== + +[260-version-negotiation] +ssl_conf = 260-version-negotiation-ssl + +[260-version-negotiation-ssl] +server = 260-version-negotiation-server +client = 260-version-negotiation-client + +[260-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[260-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-260] +ExpectedResult = ServerFail + + +# =========================================================== + +[261-version-negotiation] +ssl_conf = 261-version-negotiation-ssl + +[261-version-negotiation-ssl] +server = 261-version-negotiation-server +client = 261-version-negotiation-client + +[261-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[261-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-261] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[262-version-negotiation] +ssl_conf = 262-version-negotiation-ssl + +[262-version-negotiation-ssl] +server = 262-version-negotiation-server +client = 262-version-negotiation-client + +[262-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[262-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-262] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[263-version-negotiation] +ssl_conf = 263-version-negotiation-ssl + +[263-version-negotiation-ssl] +server = 263-version-negotiation-server +client = 263-version-negotiation-client + +[263-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[263-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-263] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[264-version-negotiation] +ssl_conf = 264-version-negotiation-ssl + +[264-version-negotiation-ssl] +server = 264-version-negotiation-server +client = 264-version-negotiation-client + +[264-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[264-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-264] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[265-version-negotiation] +ssl_conf = 265-version-negotiation-ssl + +[265-version-negotiation-ssl] +server = 265-version-negotiation-server +client = 265-version-negotiation-client + +[265-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[265-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-265] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[266-version-negotiation] +ssl_conf = 266-version-negotiation-ssl + +[266-version-negotiation-ssl] +server = 266-version-negotiation-server +client = 266-version-negotiation-client + +[266-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[266-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-266] +ExpectedResult = ServerFail + + +# =========================================================== + +[267-version-negotiation] +ssl_conf = 267-version-negotiation-ssl + +[267-version-negotiation-ssl] +server = 267-version-negotiation-server +client = 267-version-negotiation-client + +[267-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[267-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-267] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[268-version-negotiation] +ssl_conf = 268-version-negotiation-ssl + +[268-version-negotiation-ssl] +server = 268-version-negotiation-server +client = 268-version-negotiation-client + +[268-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[268-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-268] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[269-version-negotiation] +ssl_conf = 269-version-negotiation-ssl + +[269-version-negotiation-ssl] +server = 269-version-negotiation-server +client = 269-version-negotiation-client + +[269-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[269-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-269] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[270-version-negotiation] +ssl_conf = 270-version-negotiation-ssl + +[270-version-negotiation-ssl] +server = 270-version-negotiation-server +client = 270-version-negotiation-client + +[270-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[270-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-270] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[271-version-negotiation] +ssl_conf = 271-version-negotiation-ssl + +[271-version-negotiation-ssl] +server = 271-version-negotiation-server +client = 271-version-negotiation-client + +[271-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[271-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-271] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[272-version-negotiation] +ssl_conf = 272-version-negotiation-ssl + +[272-version-negotiation-ssl] +server = 272-version-negotiation-server +client = 272-version-negotiation-client + +[272-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[272-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-272] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[273-version-negotiation] +ssl_conf = 273-version-negotiation-ssl + +[273-version-negotiation-ssl] +server = 273-version-negotiation-server +client = 273-version-negotiation-client + +[273-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[273-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-273] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[274-version-negotiation] +ssl_conf = 274-version-negotiation-ssl + +[274-version-negotiation-ssl] +server = 274-version-negotiation-server +client = 274-version-negotiation-client + +[274-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[274-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-274] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[275-version-negotiation] +ssl_conf = 275-version-negotiation-ssl + +[275-version-negotiation-ssl] +server = 275-version-negotiation-server +client = 275-version-negotiation-client + +[275-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[275-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-275] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[276-version-negotiation] +ssl_conf = 276-version-negotiation-ssl + +[276-version-negotiation-ssl] +server = 276-version-negotiation-server +client = 276-version-negotiation-client + +[276-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[276-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-276] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[277-version-negotiation] +ssl_conf = 277-version-negotiation-ssl + +[277-version-negotiation-ssl] +server = 277-version-negotiation-server +client = 277-version-negotiation-client + +[277-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[277-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-277] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[278-version-negotiation] +ssl_conf = 278-version-negotiation-ssl + +[278-version-negotiation-ssl] +server = 278-version-negotiation-server +client = 278-version-negotiation-client + +[278-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[278-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-278] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[279-version-negotiation] +ssl_conf = 279-version-negotiation-ssl + +[279-version-negotiation-ssl] +server = 279-version-negotiation-server +client = 279-version-negotiation-client + +[279-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[279-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-279] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[280-version-negotiation] +ssl_conf = 280-version-negotiation-ssl + +[280-version-negotiation-ssl] +server = 280-version-negotiation-server +client = 280-version-negotiation-client + +[280-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[280-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-280] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[281-version-negotiation] +ssl_conf = 281-version-negotiation-ssl + +[281-version-negotiation-ssl] +server = 281-version-negotiation-server +client = 281-version-negotiation-client + +[281-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[281-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-281] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[282-version-negotiation] +ssl_conf = 282-version-negotiation-ssl + +[282-version-negotiation-ssl] +server = 282-version-negotiation-server +client = 282-version-negotiation-client + +[282-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[282-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-282] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[283-version-negotiation] +ssl_conf = 283-version-negotiation-ssl + +[283-version-negotiation-ssl] +server = 283-version-negotiation-server +client = 283-version-negotiation-client + +[283-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[283-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-283] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[284-version-negotiation] +ssl_conf = 284-version-negotiation-ssl + +[284-version-negotiation-ssl] +server = 284-version-negotiation-server +client = 284-version-negotiation-client + +[284-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[284-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-284] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[285-version-negotiation] +ssl_conf = 285-version-negotiation-ssl + +[285-version-negotiation-ssl] +server = 285-version-negotiation-server +client = 285-version-negotiation-client + +[285-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[285-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-285] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[286-version-negotiation] +ssl_conf = 286-version-negotiation-ssl + +[286-version-negotiation-ssl] +server = 286-version-negotiation-server +client = 286-version-negotiation-client + +[286-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[286-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-286] +ExpectedResult = ServerFail + + +# =========================================================== + +[287-version-negotiation] +ssl_conf = 287-version-negotiation-ssl + +[287-version-negotiation-ssl] +server = 287-version-negotiation-server +client = 287-version-negotiation-client + +[287-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[287-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-287] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[288-version-negotiation] +ssl_conf = 288-version-negotiation-ssl + +[288-version-negotiation-ssl] +server = 288-version-negotiation-server +client = 288-version-negotiation-client + +[288-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[288-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-288] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[289-version-negotiation] +ssl_conf = 289-version-negotiation-ssl + +[289-version-negotiation-ssl] +server = 289-version-negotiation-server +client = 289-version-negotiation-client + +[289-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[289-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-289] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[290-version-negotiation] +ssl_conf = 290-version-negotiation-ssl + +[290-version-negotiation-ssl] +server = 290-version-negotiation-server +client = 290-version-negotiation-client + +[290-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[290-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-290] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[291-version-negotiation] +ssl_conf = 291-version-negotiation-ssl + +[291-version-negotiation-ssl] +server = 291-version-negotiation-server +client = 291-version-negotiation-client + +[291-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[291-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-291] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[292-version-negotiation] +ssl_conf = 292-version-negotiation-ssl + +[292-version-negotiation-ssl] +server = 292-version-negotiation-server +client = 292-version-negotiation-client + +[292-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[292-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-292] +ExpectedResult = ServerFail + + +# =========================================================== + +[293-version-negotiation] +ssl_conf = 293-version-negotiation-ssl + +[293-version-negotiation-ssl] +server = 293-version-negotiation-server +client = 293-version-negotiation-client + +[293-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[293-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-293] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[294-version-negotiation] +ssl_conf = 294-version-negotiation-ssl + +[294-version-negotiation-ssl] +server = 294-version-negotiation-server +client = 294-version-negotiation-client + +[294-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[294-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-294] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[295-version-negotiation] +ssl_conf = 295-version-negotiation-ssl + +[295-version-negotiation-ssl] +server = 295-version-negotiation-server +client = 295-version-negotiation-client + +[295-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[295-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-295] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[296-version-negotiation] +ssl_conf = 296-version-negotiation-ssl + +[296-version-negotiation-ssl] +server = 296-version-negotiation-server +client = 296-version-negotiation-client + +[296-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[296-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-296] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[297-version-negotiation] +ssl_conf = 297-version-negotiation-ssl + +[297-version-negotiation-ssl] +server = 297-version-negotiation-server +client = 297-version-negotiation-client + +[297-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[297-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-297] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[298-version-negotiation] +ssl_conf = 298-version-negotiation-ssl + +[298-version-negotiation-ssl] +server = 298-version-negotiation-server +client = 298-version-negotiation-client + +[298-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[298-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-298] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[299-version-negotiation] +ssl_conf = 299-version-negotiation-ssl + +[299-version-negotiation-ssl] +server = 299-version-negotiation-server +client = 299-version-negotiation-client + +[299-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[299-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-299] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[300-version-negotiation] +ssl_conf = 300-version-negotiation-ssl + +[300-version-negotiation-ssl] +server = 300-version-negotiation-server +client = 300-version-negotiation-client + +[300-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[300-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-300] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[301-version-negotiation] +ssl_conf = 301-version-negotiation-ssl + +[301-version-negotiation-ssl] +server = 301-version-negotiation-server +client = 301-version-negotiation-client + +[301-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[301-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-301] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[302-version-negotiation] +ssl_conf = 302-version-negotiation-ssl + +[302-version-negotiation-ssl] +server = 302-version-negotiation-server +client = 302-version-negotiation-client + +[302-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[302-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-302] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[303-version-negotiation] +ssl_conf = 303-version-negotiation-ssl + +[303-version-negotiation-ssl] +server = 303-version-negotiation-server +client = 303-version-negotiation-client + +[303-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[303-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-303] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[304-version-negotiation] +ssl_conf = 304-version-negotiation-ssl + +[304-version-negotiation-ssl] +server = 304-version-negotiation-server +client = 304-version-negotiation-client + +[304-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[304-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-304] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[305-version-negotiation] +ssl_conf = 305-version-negotiation-ssl + +[305-version-negotiation-ssl] +server = 305-version-negotiation-server +client = 305-version-negotiation-client + +[305-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[305-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-305] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[306-version-negotiation] +ssl_conf = 306-version-negotiation-ssl + +[306-version-negotiation-ssl] +server = 306-version-negotiation-server +client = 306-version-negotiation-client + +[306-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[306-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-306] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[307-version-negotiation] +ssl_conf = 307-version-negotiation-ssl + +[307-version-negotiation-ssl] +server = 307-version-negotiation-server +client = 307-version-negotiation-client + +[307-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[307-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-307] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[308-version-negotiation] +ssl_conf = 308-version-negotiation-ssl + +[308-version-negotiation-ssl] +server = 308-version-negotiation-server +client = 308-version-negotiation-client + +[308-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[308-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-308] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[309-version-negotiation] +ssl_conf = 309-version-negotiation-ssl + +[309-version-negotiation-ssl] +server = 309-version-negotiation-server +client = 309-version-negotiation-client + +[309-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[309-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-309] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[310-version-negotiation] +ssl_conf = 310-version-negotiation-ssl + +[310-version-negotiation-ssl] +server = 310-version-negotiation-server +client = 310-version-negotiation-client + +[310-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[310-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-310] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[311-version-negotiation] +ssl_conf = 311-version-negotiation-ssl + +[311-version-negotiation-ssl] +server = 311-version-negotiation-server +client = 311-version-negotiation-client + +[311-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[311-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-311] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[312-version-negotiation] +ssl_conf = 312-version-negotiation-ssl + +[312-version-negotiation-ssl] +server = 312-version-negotiation-server +client = 312-version-negotiation-client + +[312-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[312-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-312] +ExpectedResult = ServerFail + + +# =========================================================== + +[313-version-negotiation] +ssl_conf = 313-version-negotiation-ssl + +[313-version-negotiation-ssl] +server = 313-version-negotiation-server +client = 313-version-negotiation-client + +[313-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[313-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-313] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[314-version-negotiation] +ssl_conf = 314-version-negotiation-ssl + +[314-version-negotiation-ssl] +server = 314-version-negotiation-server +client = 314-version-negotiation-client + +[314-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[314-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-314] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[315-version-negotiation] +ssl_conf = 315-version-negotiation-ssl + +[315-version-negotiation-ssl] +server = 315-version-negotiation-server +client = 315-version-negotiation-client + +[315-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[315-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-315] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[316-version-negotiation] +ssl_conf = 316-version-negotiation-ssl + +[316-version-negotiation-ssl] +server = 316-version-negotiation-server +client = 316-version-negotiation-client + +[316-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[316-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-316] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[317-version-negotiation] +ssl_conf = 317-version-negotiation-ssl + +[317-version-negotiation-ssl] +server = 317-version-negotiation-server +client = 317-version-negotiation-client + +[317-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[317-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-317] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[318-version-negotiation] +ssl_conf = 318-version-negotiation-ssl + +[318-version-negotiation-ssl] +server = 318-version-negotiation-server +client = 318-version-negotiation-client + +[318-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[318-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-318] +ExpectedResult = ServerFail + + +# =========================================================== + +[319-version-negotiation] +ssl_conf = 319-version-negotiation-ssl + +[319-version-negotiation-ssl] +server = 319-version-negotiation-server +client = 319-version-negotiation-client + +[319-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[319-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-319] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[320-version-negotiation] +ssl_conf = 320-version-negotiation-ssl + +[320-version-negotiation-ssl] +server = 320-version-negotiation-server +client = 320-version-negotiation-client + +[320-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[320-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-320] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[321-version-negotiation] +ssl_conf = 321-version-negotiation-ssl + +[321-version-negotiation-ssl] +server = 321-version-negotiation-server +client = 321-version-negotiation-client + +[321-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[321-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-321] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[322-version-negotiation] +ssl_conf = 322-version-negotiation-ssl + +[322-version-negotiation-ssl] +server = 322-version-negotiation-server +client = 322-version-negotiation-client + +[322-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[322-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-322] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[323-version-negotiation] +ssl_conf = 323-version-negotiation-ssl + +[323-version-negotiation-ssl] +server = 323-version-negotiation-server +client = 323-version-negotiation-client + +[323-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[323-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-323] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[324-version-negotiation] +ssl_conf = 324-version-negotiation-ssl + +[324-version-negotiation-ssl] +server = 324-version-negotiation-server +client = 324-version-negotiation-client + +[324-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[324-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-324] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[325-version-negotiation] +ssl_conf = 325-version-negotiation-ssl + +[325-version-negotiation-ssl] +server = 325-version-negotiation-server +client = 325-version-negotiation-client + +[325-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[325-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-325] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[326-version-negotiation] +ssl_conf = 326-version-negotiation-ssl + +[326-version-negotiation-ssl] +server = 326-version-negotiation-server +client = 326-version-negotiation-client + +[326-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[326-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-326] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[327-version-negotiation] +ssl_conf = 327-version-negotiation-ssl + +[327-version-negotiation-ssl] +server = 327-version-negotiation-server +client = 327-version-negotiation-client + +[327-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[327-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-327] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[328-version-negotiation] +ssl_conf = 328-version-negotiation-ssl + +[328-version-negotiation-ssl] +server = 328-version-negotiation-server +client = 328-version-negotiation-client + +[328-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[328-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-328] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[329-version-negotiation] +ssl_conf = 329-version-negotiation-ssl + +[329-version-negotiation-ssl] +server = 329-version-negotiation-server +client = 329-version-negotiation-client + +[329-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[329-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-329] +ExpectedResult = ServerFail + + +# =========================================================== + +[330-version-negotiation] +ssl_conf = 330-version-negotiation-ssl + +[330-version-negotiation-ssl] +server = 330-version-negotiation-server +client = 330-version-negotiation-client + +[330-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[330-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-330] +ExpectedResult = ServerFail + + +# =========================================================== + +[331-version-negotiation] +ssl_conf = 331-version-negotiation-ssl + +[331-version-negotiation-ssl] +server = 331-version-negotiation-server +client = 331-version-negotiation-client + +[331-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[331-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-331] +ExpectedResult = ServerFail + + +# =========================================================== + +[332-version-negotiation] +ssl_conf = 332-version-negotiation-ssl + +[332-version-negotiation-ssl] +server = 332-version-negotiation-server +client = 332-version-negotiation-client + +[332-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[332-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-332] +ExpectedResult = ServerFail + + +# =========================================================== + +[333-version-negotiation] +ssl_conf = 333-version-negotiation-ssl + +[333-version-negotiation-ssl] +server = 333-version-negotiation-server +client = 333-version-negotiation-client + +[333-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[333-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-333] +ExpectedResult = ServerFail + + +# =========================================================== + +[334-version-negotiation] +ssl_conf = 334-version-negotiation-ssl + +[334-version-negotiation-ssl] +server = 334-version-negotiation-server +client = 334-version-negotiation-client + +[334-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[334-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-334] +ExpectedResult = ServerFail + + +# =========================================================== + +[335-version-negotiation] +ssl_conf = 335-version-negotiation-ssl + +[335-version-negotiation-ssl] +server = 335-version-negotiation-server +client = 335-version-negotiation-client + +[335-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[335-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-335] +ExpectedResult = ServerFail + + +# =========================================================== + +[336-version-negotiation] +ssl_conf = 336-version-negotiation-ssl + +[336-version-negotiation-ssl] +server = 336-version-negotiation-server +client = 336-version-negotiation-client + +[336-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[336-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-336] +ExpectedResult = ServerFail + + +# =========================================================== + +[337-version-negotiation] +ssl_conf = 337-version-negotiation-ssl + +[337-version-negotiation-ssl] +server = 337-version-negotiation-server +client = 337-version-negotiation-client + +[337-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[337-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-337] +ExpectedResult = ServerFail + + +# =========================================================== + +[338-version-negotiation] +ssl_conf = 338-version-negotiation-ssl + +[338-version-negotiation-ssl] +server = 338-version-negotiation-server +client = 338-version-negotiation-client + +[338-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[338-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-338] +ExpectedResult = ServerFail + + +# =========================================================== + +[339-version-negotiation] +ssl_conf = 339-version-negotiation-ssl + +[339-version-negotiation-ssl] +server = 339-version-negotiation-server +client = 339-version-negotiation-client + +[339-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[339-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-339] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[340-version-negotiation] +ssl_conf = 340-version-negotiation-ssl + +[340-version-negotiation-ssl] +server = 340-version-negotiation-server +client = 340-version-negotiation-client + +[340-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[340-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-340] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[341-version-negotiation] +ssl_conf = 341-version-negotiation-ssl + +[341-version-negotiation-ssl] +server = 341-version-negotiation-server +client = 341-version-negotiation-client + +[341-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[341-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-341] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[342-version-negotiation] +ssl_conf = 342-version-negotiation-ssl + +[342-version-negotiation-ssl] +server = 342-version-negotiation-server +client = 342-version-negotiation-client + +[342-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[342-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-342] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[343-version-negotiation] +ssl_conf = 343-version-negotiation-ssl + +[343-version-negotiation-ssl] +server = 343-version-negotiation-server +client = 343-version-negotiation-client + +[343-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[343-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-343] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[344-version-negotiation] +ssl_conf = 344-version-negotiation-ssl + +[344-version-negotiation-ssl] +server = 344-version-negotiation-server +client = 344-version-negotiation-client + +[344-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[344-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-344] +ExpectedResult = ServerFail + + +# =========================================================== + +[345-version-negotiation] +ssl_conf = 345-version-negotiation-ssl + +[345-version-negotiation-ssl] +server = 345-version-negotiation-server +client = 345-version-negotiation-client + +[345-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[345-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-345] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[346-version-negotiation] +ssl_conf = 346-version-negotiation-ssl + +[346-version-negotiation-ssl] +server = 346-version-negotiation-server +client = 346-version-negotiation-client + +[346-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[346-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-346] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[347-version-negotiation] +ssl_conf = 347-version-negotiation-ssl + +[347-version-negotiation-ssl] +server = 347-version-negotiation-server +client = 347-version-negotiation-client + +[347-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[347-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-347] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[348-version-negotiation] +ssl_conf = 348-version-negotiation-ssl + +[348-version-negotiation-ssl] +server = 348-version-negotiation-server +client = 348-version-negotiation-client + +[348-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[348-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-348] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[349-version-negotiation] +ssl_conf = 349-version-negotiation-ssl + +[349-version-negotiation-ssl] +server = 349-version-negotiation-server +client = 349-version-negotiation-client + +[349-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[349-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-349] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[350-version-negotiation] +ssl_conf = 350-version-negotiation-ssl + +[350-version-negotiation-ssl] +server = 350-version-negotiation-server +client = 350-version-negotiation-client + +[350-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[350-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-350] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[351-version-negotiation] +ssl_conf = 351-version-negotiation-ssl + +[351-version-negotiation-ssl] +server = 351-version-negotiation-server +client = 351-version-negotiation-client + +[351-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[351-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-351] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[352-version-negotiation] +ssl_conf = 352-version-negotiation-ssl + +[352-version-negotiation-ssl] +server = 352-version-negotiation-server +client = 352-version-negotiation-client + +[352-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[352-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-352] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[353-version-negotiation] +ssl_conf = 353-version-negotiation-ssl + +[353-version-negotiation-ssl] +server = 353-version-negotiation-server +client = 353-version-negotiation-client + +[353-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[353-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-353] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[354-version-negotiation] +ssl_conf = 354-version-negotiation-ssl + +[354-version-negotiation-ssl] +server = 354-version-negotiation-server +client = 354-version-negotiation-client + +[354-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[354-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-354] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[355-version-negotiation] +ssl_conf = 355-version-negotiation-ssl + +[355-version-negotiation-ssl] +server = 355-version-negotiation-server +client = 355-version-negotiation-client + +[355-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[355-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-355] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[356-version-negotiation] +ssl_conf = 356-version-negotiation-ssl + +[356-version-negotiation-ssl] +server = 356-version-negotiation-server +client = 356-version-negotiation-client + +[356-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[356-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-356] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[357-version-negotiation] +ssl_conf = 357-version-negotiation-ssl + +[357-version-negotiation-ssl] +server = 357-version-negotiation-server +client = 357-version-negotiation-client + +[357-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[357-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-357] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[358-version-negotiation] +ssl_conf = 358-version-negotiation-ssl + +[358-version-negotiation-ssl] +server = 358-version-negotiation-server +client = 358-version-negotiation-client + +[358-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[358-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-358] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[359-version-negotiation] +ssl_conf = 359-version-negotiation-ssl + +[359-version-negotiation-ssl] +server = 359-version-negotiation-server +client = 359-version-negotiation-client + +[359-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[359-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-359] +ExpectedResult = ServerFail + + +# =========================================================== + +[360-version-negotiation] +ssl_conf = 360-version-negotiation-ssl + +[360-version-negotiation-ssl] +server = 360-version-negotiation-server +client = 360-version-negotiation-client + +[360-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[360-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-360] +ExpectedResult = ServerFail + + +# =========================================================== + +[361-version-negotiation] +ssl_conf = 361-version-negotiation-ssl + +[361-version-negotiation-ssl] +server = 361-version-negotiation-server +client = 361-version-negotiation-client + +[361-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[361-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-361] +ExpectedResult = ServerFail + + +# =========================================================== + +[362-version-negotiation] +ssl_conf = 362-version-negotiation-ssl + +[362-version-negotiation-ssl] +server = 362-version-negotiation-server +client = 362-version-negotiation-client + +[362-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[362-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-362] +ExpectedResult = ServerFail + + +# =========================================================== + +[363-version-negotiation] +ssl_conf = 363-version-negotiation-ssl + +[363-version-negotiation-ssl] +server = 363-version-negotiation-server +client = 363-version-negotiation-client + +[363-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[363-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-363] +ExpectedResult = ServerFail + + +# =========================================================== + +[364-version-negotiation] +ssl_conf = 364-version-negotiation-ssl + +[364-version-negotiation-ssl] +server = 364-version-negotiation-server +client = 364-version-negotiation-client + +[364-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[364-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-364] +ExpectedResult = ServerFail + + +# =========================================================== + +[365-version-negotiation] +ssl_conf = 365-version-negotiation-ssl + +[365-version-negotiation-ssl] +server = 365-version-negotiation-server +client = 365-version-negotiation-client + +[365-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[365-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-365] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[366-version-negotiation] +ssl_conf = 366-version-negotiation-ssl + +[366-version-negotiation-ssl] +server = 366-version-negotiation-server +client = 366-version-negotiation-client + +[366-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[366-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-366] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[367-version-negotiation] +ssl_conf = 367-version-negotiation-ssl + +[367-version-negotiation-ssl] +server = 367-version-negotiation-server +client = 367-version-negotiation-client + +[367-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[367-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-367] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[368-version-negotiation] +ssl_conf = 368-version-negotiation-ssl + +[368-version-negotiation-ssl] +server = 368-version-negotiation-server +client = 368-version-negotiation-client + +[368-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[368-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-368] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[369-version-negotiation] +ssl_conf = 369-version-negotiation-ssl + +[369-version-negotiation-ssl] +server = 369-version-negotiation-server +client = 369-version-negotiation-client + +[369-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[369-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-369] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[370-version-negotiation] +ssl_conf = 370-version-negotiation-ssl + +[370-version-negotiation-ssl] +server = 370-version-negotiation-server +client = 370-version-negotiation-client + +[370-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[370-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-370] +ExpectedResult = ServerFail + + +# =========================================================== + +[371-version-negotiation] +ssl_conf = 371-version-negotiation-ssl + +[371-version-negotiation-ssl] +server = 371-version-negotiation-server +client = 371-version-negotiation-client + +[371-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[371-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-371] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[372-version-negotiation] +ssl_conf = 372-version-negotiation-ssl + +[372-version-negotiation-ssl] +server = 372-version-negotiation-server +client = 372-version-negotiation-client + +[372-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[372-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-372] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[373-version-negotiation] +ssl_conf = 373-version-negotiation-ssl + +[373-version-negotiation-ssl] +server = 373-version-negotiation-server +client = 373-version-negotiation-client + +[373-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[373-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-373] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[374-version-negotiation] +ssl_conf = 374-version-negotiation-ssl + +[374-version-negotiation-ssl] +server = 374-version-negotiation-server +client = 374-version-negotiation-client + +[374-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[374-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-374] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[375-version-negotiation] +ssl_conf = 375-version-negotiation-ssl + +[375-version-negotiation-ssl] +server = 375-version-negotiation-server +client = 375-version-negotiation-client + +[375-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[375-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-375] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[376-version-negotiation] +ssl_conf = 376-version-negotiation-ssl + +[376-version-negotiation-ssl] +server = 376-version-negotiation-server +client = 376-version-negotiation-client + +[376-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[376-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-376] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[377-version-negotiation] +ssl_conf = 377-version-negotiation-ssl + +[377-version-negotiation-ssl] +server = 377-version-negotiation-server +client = 377-version-negotiation-client + +[377-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[377-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-377] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[378-version-negotiation] +ssl_conf = 378-version-negotiation-ssl + +[378-version-negotiation-ssl] +server = 378-version-negotiation-server +client = 378-version-negotiation-client + +[378-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[378-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-378] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[379-version-negotiation] +ssl_conf = 379-version-negotiation-ssl + +[379-version-negotiation-ssl] +server = 379-version-negotiation-server +client = 379-version-negotiation-client + +[379-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[379-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-379] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[380-version-negotiation] +ssl_conf = 380-version-negotiation-ssl + +[380-version-negotiation-ssl] +server = 380-version-negotiation-server +client = 380-version-negotiation-client + +[380-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[380-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-380] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[381-version-negotiation] +ssl_conf = 381-version-negotiation-ssl + +[381-version-negotiation-ssl] +server = 381-version-negotiation-server +client = 381-version-negotiation-client + +[381-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[381-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-381] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[382-version-negotiation] +ssl_conf = 382-version-negotiation-ssl + +[382-version-negotiation-ssl] +server = 382-version-negotiation-server +client = 382-version-negotiation-client + +[382-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[382-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-382] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[383-version-negotiation] +ssl_conf = 383-version-negotiation-ssl + +[383-version-negotiation-ssl] +server = 383-version-negotiation-server +client = 383-version-negotiation-client + +[383-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[383-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-383] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[384-version-negotiation] +ssl_conf = 384-version-negotiation-ssl + +[384-version-negotiation-ssl] +server = 384-version-negotiation-server +client = 384-version-negotiation-client + +[384-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[384-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-384] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[385-version-negotiation] +ssl_conf = 385-version-negotiation-ssl + +[385-version-negotiation-ssl] +server = 385-version-negotiation-server +client = 385-version-negotiation-client + +[385-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[385-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-385] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[386-version-negotiation] +ssl_conf = 386-version-negotiation-ssl + +[386-version-negotiation-ssl] +server = 386-version-negotiation-server +client = 386-version-negotiation-client + +[386-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[386-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-386] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[387-version-negotiation] +ssl_conf = 387-version-negotiation-ssl + +[387-version-negotiation-ssl] +server = 387-version-negotiation-server +client = 387-version-negotiation-client + +[387-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[387-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-387] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[388-version-negotiation] +ssl_conf = 388-version-negotiation-ssl + +[388-version-negotiation-ssl] +server = 388-version-negotiation-server +client = 388-version-negotiation-client + +[388-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[388-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-388] +ExpectedResult = ServerFail + + +# =========================================================== + +[389-version-negotiation] +ssl_conf = 389-version-negotiation-ssl + +[389-version-negotiation-ssl] +server = 389-version-negotiation-server +client = 389-version-negotiation-client + +[389-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[389-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-389] +ExpectedResult = ServerFail + + +# =========================================================== + +[390-version-negotiation] +ssl_conf = 390-version-negotiation-ssl + +[390-version-negotiation-ssl] +server = 390-version-negotiation-server +client = 390-version-negotiation-client + +[390-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[390-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-390] +ExpectedResult = ServerFail + + +# =========================================================== + +[391-version-negotiation] +ssl_conf = 391-version-negotiation-ssl + +[391-version-negotiation-ssl] +server = 391-version-negotiation-server +client = 391-version-negotiation-client + +[391-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[391-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-391] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[392-version-negotiation] +ssl_conf = 392-version-negotiation-ssl + +[392-version-negotiation-ssl] +server = 392-version-negotiation-server +client = 392-version-negotiation-client + +[392-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[392-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-392] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[393-version-negotiation] +ssl_conf = 393-version-negotiation-ssl + +[393-version-negotiation-ssl] +server = 393-version-negotiation-server +client = 393-version-negotiation-client + +[393-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[393-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-393] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[394-version-negotiation] +ssl_conf = 394-version-negotiation-ssl + +[394-version-negotiation-ssl] +server = 394-version-negotiation-server +client = 394-version-negotiation-client + +[394-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[394-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-394] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[395-version-negotiation] +ssl_conf = 395-version-negotiation-ssl + +[395-version-negotiation-ssl] +server = 395-version-negotiation-server +client = 395-version-negotiation-client + +[395-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[395-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-395] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[396-version-negotiation] +ssl_conf = 396-version-negotiation-ssl + +[396-version-negotiation-ssl] +server = 396-version-negotiation-server +client = 396-version-negotiation-client + +[396-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[396-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-396] +ExpectedResult = ServerFail + + +# =========================================================== + +[397-version-negotiation] +ssl_conf = 397-version-negotiation-ssl + +[397-version-negotiation-ssl] +server = 397-version-negotiation-server +client = 397-version-negotiation-client + +[397-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[397-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-397] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[398-version-negotiation] +ssl_conf = 398-version-negotiation-ssl + +[398-version-negotiation-ssl] +server = 398-version-negotiation-server +client = 398-version-negotiation-client + +[398-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[398-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-398] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[399-version-negotiation] +ssl_conf = 399-version-negotiation-ssl + +[399-version-negotiation-ssl] +server = 399-version-negotiation-server +client = 399-version-negotiation-client + +[399-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[399-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-399] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[400-version-negotiation] +ssl_conf = 400-version-negotiation-ssl + +[400-version-negotiation-ssl] +server = 400-version-negotiation-server +client = 400-version-negotiation-client + +[400-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[400-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-400] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[401-version-negotiation] +ssl_conf = 401-version-negotiation-ssl + +[401-version-negotiation-ssl] +server = 401-version-negotiation-server +client = 401-version-negotiation-client + +[401-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[401-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-401] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[402-version-negotiation] +ssl_conf = 402-version-negotiation-ssl + +[402-version-negotiation-ssl] +server = 402-version-negotiation-server +client = 402-version-negotiation-client + +[402-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[402-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-402] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[403-version-negotiation] +ssl_conf = 403-version-negotiation-ssl + +[403-version-negotiation-ssl] +server = 403-version-negotiation-server +client = 403-version-negotiation-client + +[403-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[403-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-403] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[404-version-negotiation] +ssl_conf = 404-version-negotiation-ssl + +[404-version-negotiation-ssl] +server = 404-version-negotiation-server +client = 404-version-negotiation-client + +[404-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[404-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-404] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[405-version-negotiation] +ssl_conf = 405-version-negotiation-ssl + +[405-version-negotiation-ssl] +server = 405-version-negotiation-server +client = 405-version-negotiation-client + +[405-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[405-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-405] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[406-version-negotiation] +ssl_conf = 406-version-negotiation-ssl + +[406-version-negotiation-ssl] +server = 406-version-negotiation-server +client = 406-version-negotiation-client + +[406-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[406-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-406] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[407-version-negotiation] +ssl_conf = 407-version-negotiation-ssl + +[407-version-negotiation-ssl] +server = 407-version-negotiation-server +client = 407-version-negotiation-client + +[407-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[407-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-407] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[408-version-negotiation] +ssl_conf = 408-version-negotiation-ssl + +[408-version-negotiation-ssl] +server = 408-version-negotiation-server +client = 408-version-negotiation-client + +[408-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[408-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-408] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[409-version-negotiation] +ssl_conf = 409-version-negotiation-ssl + +[409-version-negotiation-ssl] +server = 409-version-negotiation-server +client = 409-version-negotiation-client + +[409-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[409-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-409] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[410-version-negotiation] +ssl_conf = 410-version-negotiation-ssl + +[410-version-negotiation-ssl] +server = 410-version-negotiation-server +client = 410-version-negotiation-client + +[410-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[410-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-410] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[411-version-negotiation] +ssl_conf = 411-version-negotiation-ssl + +[411-version-negotiation-ssl] +server = 411-version-negotiation-server +client = 411-version-negotiation-client + +[411-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[411-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-411] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[412-version-negotiation] +ssl_conf = 412-version-negotiation-ssl + +[412-version-negotiation-ssl] +server = 412-version-negotiation-server +client = 412-version-negotiation-client + +[412-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[412-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-412] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[413-version-negotiation] +ssl_conf = 413-version-negotiation-ssl + +[413-version-negotiation-ssl] +server = 413-version-negotiation-server +client = 413-version-negotiation-client + +[413-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[413-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-413] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[414-version-negotiation] +ssl_conf = 414-version-negotiation-ssl + +[414-version-negotiation-ssl] +server = 414-version-negotiation-server +client = 414-version-negotiation-client + +[414-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[414-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-414] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[415-version-negotiation] +ssl_conf = 415-version-negotiation-ssl + +[415-version-negotiation-ssl] +server = 415-version-negotiation-server +client = 415-version-negotiation-client + +[415-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[415-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-415] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[416-version-negotiation] +ssl_conf = 416-version-negotiation-ssl + +[416-version-negotiation-ssl] +server = 416-version-negotiation-server +client = 416-version-negotiation-client + +[416-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[416-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-416] +ExpectedResult = ServerFail + + +# =========================================================== + +[417-version-negotiation] +ssl_conf = 417-version-negotiation-ssl + +[417-version-negotiation-ssl] +server = 417-version-negotiation-server +client = 417-version-negotiation-client + +[417-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[417-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-417] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[418-version-negotiation] +ssl_conf = 418-version-negotiation-ssl + +[418-version-negotiation-ssl] +server = 418-version-negotiation-server +client = 418-version-negotiation-client + +[418-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[418-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-418] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[419-version-negotiation] +ssl_conf = 419-version-negotiation-ssl + +[419-version-negotiation-ssl] +server = 419-version-negotiation-server +client = 419-version-negotiation-client + +[419-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[419-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-419] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[420-version-negotiation] +ssl_conf = 420-version-negotiation-ssl + +[420-version-negotiation-ssl] +server = 420-version-negotiation-server +client = 420-version-negotiation-client + +[420-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[420-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-420] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[421-version-negotiation] +ssl_conf = 421-version-negotiation-ssl + +[421-version-negotiation-ssl] +server = 421-version-negotiation-server +client = 421-version-negotiation-client + +[421-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[421-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-421] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[422-version-negotiation] +ssl_conf = 422-version-negotiation-ssl + +[422-version-negotiation-ssl] +server = 422-version-negotiation-server +client = 422-version-negotiation-client + +[422-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[422-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-422] +ExpectedResult = ServerFail + + +# =========================================================== + +[423-version-negotiation] +ssl_conf = 423-version-negotiation-ssl + +[423-version-negotiation-ssl] +server = 423-version-negotiation-server +client = 423-version-negotiation-client + +[423-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[423-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-423] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[424-version-negotiation] +ssl_conf = 424-version-negotiation-ssl + +[424-version-negotiation-ssl] +server = 424-version-negotiation-server +client = 424-version-negotiation-client + +[424-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[424-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-424] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[425-version-negotiation] +ssl_conf = 425-version-negotiation-ssl + +[425-version-negotiation-ssl] +server = 425-version-negotiation-server +client = 425-version-negotiation-client + +[425-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[425-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-425] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[426-version-negotiation] +ssl_conf = 426-version-negotiation-ssl + +[426-version-negotiation-ssl] +server = 426-version-negotiation-server +client = 426-version-negotiation-client + +[426-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[426-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-426] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[427-version-negotiation] +ssl_conf = 427-version-negotiation-ssl + +[427-version-negotiation-ssl] +server = 427-version-negotiation-server +client = 427-version-negotiation-client + +[427-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[427-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-427] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[428-version-negotiation] +ssl_conf = 428-version-negotiation-ssl + +[428-version-negotiation-ssl] +server = 428-version-negotiation-server +client = 428-version-negotiation-client + +[428-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[428-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-428] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[429-version-negotiation] +ssl_conf = 429-version-negotiation-ssl + +[429-version-negotiation-ssl] +server = 429-version-negotiation-server +client = 429-version-negotiation-client + +[429-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[429-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-429] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[430-version-negotiation] +ssl_conf = 430-version-negotiation-ssl + +[430-version-negotiation-ssl] +server = 430-version-negotiation-server +client = 430-version-negotiation-client + +[430-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[430-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-430] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[431-version-negotiation] +ssl_conf = 431-version-negotiation-ssl + +[431-version-negotiation-ssl] +server = 431-version-negotiation-server +client = 431-version-negotiation-client + +[431-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[431-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-431] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[432-version-negotiation] +ssl_conf = 432-version-negotiation-ssl + +[432-version-negotiation-ssl] +server = 432-version-negotiation-server +client = 432-version-negotiation-client + +[432-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[432-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-432] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[433-version-negotiation] +ssl_conf = 433-version-negotiation-ssl + +[433-version-negotiation-ssl] +server = 433-version-negotiation-server +client = 433-version-negotiation-client + +[433-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[433-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-433] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[434-version-negotiation] +ssl_conf = 434-version-negotiation-ssl + +[434-version-negotiation-ssl] +server = 434-version-negotiation-server +client = 434-version-negotiation-client + +[434-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[434-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-434] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[435-version-negotiation] +ssl_conf = 435-version-negotiation-ssl + +[435-version-negotiation-ssl] +server = 435-version-negotiation-server +client = 435-version-negotiation-client + +[435-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[435-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-435] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[436-version-negotiation] +ssl_conf = 436-version-negotiation-ssl + +[436-version-negotiation-ssl] +server = 436-version-negotiation-server +client = 436-version-negotiation-client + +[436-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[436-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-436] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[437-version-negotiation] +ssl_conf = 437-version-negotiation-ssl + +[437-version-negotiation-ssl] +server = 437-version-negotiation-server +client = 437-version-negotiation-client + +[437-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[437-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-437] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[438-version-negotiation] +ssl_conf = 438-version-negotiation-ssl + +[438-version-negotiation-ssl] +server = 438-version-negotiation-server +client = 438-version-negotiation-client + +[438-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[438-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-438] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[439-version-negotiation] +ssl_conf = 439-version-negotiation-ssl + +[439-version-negotiation-ssl] +server = 439-version-negotiation-server +client = 439-version-negotiation-client + +[439-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[439-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-439] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[440-version-negotiation] +ssl_conf = 440-version-negotiation-ssl + +[440-version-negotiation-ssl] +server = 440-version-negotiation-server +client = 440-version-negotiation-client + +[440-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[440-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-440] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[441-version-negotiation] +ssl_conf = 441-version-negotiation-ssl + +[441-version-negotiation-ssl] +server = 441-version-negotiation-server +client = 441-version-negotiation-client + +[441-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[441-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-441] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[442-version-negotiation] +ssl_conf = 442-version-negotiation-ssl + +[442-version-negotiation-ssl] +server = 442-version-negotiation-server +client = 442-version-negotiation-client + +[442-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[442-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-442] +ExpectedResult = ServerFail + + +# =========================================================== + +[443-version-negotiation] +ssl_conf = 443-version-negotiation-ssl + +[443-version-negotiation-ssl] +server = 443-version-negotiation-server +client = 443-version-negotiation-client + +[443-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[443-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-443] +ExpectedResult = ClientFail + + +# =========================================================== + +[444-version-negotiation] +ssl_conf = 444-version-negotiation-ssl + +[444-version-negotiation-ssl] +server = 444-version-negotiation-server +client = 444-version-negotiation-client + +[444-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[444-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-444] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[445-version-negotiation] +ssl_conf = 445-version-negotiation-ssl + +[445-version-negotiation-ssl] +server = 445-version-negotiation-server +client = 445-version-negotiation-client + +[445-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[445-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-445] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[446-version-negotiation] +ssl_conf = 446-version-negotiation-ssl + +[446-version-negotiation-ssl] +server = 446-version-negotiation-server +client = 446-version-negotiation-client + +[446-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[446-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-446] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[447-version-negotiation] +ssl_conf = 447-version-negotiation-ssl + +[447-version-negotiation-ssl] +server = 447-version-negotiation-server +client = 447-version-negotiation-client + +[447-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[447-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-447] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[448-version-negotiation] +ssl_conf = 448-version-negotiation-ssl + +[448-version-negotiation-ssl] +server = 448-version-negotiation-server +client = 448-version-negotiation-client + +[448-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[448-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-448] +ExpectedResult = ServerFail + + +# =========================================================== + +[449-version-negotiation] +ssl_conf = 449-version-negotiation-ssl + +[449-version-negotiation-ssl] +server = 449-version-negotiation-server +client = 449-version-negotiation-client + +[449-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[449-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-449] +ExpectedResult = ClientFail + + +# =========================================================== + +[450-version-negotiation] +ssl_conf = 450-version-negotiation-ssl + +[450-version-negotiation-ssl] +server = 450-version-negotiation-server +client = 450-version-negotiation-client + +[450-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[450-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-450] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[451-version-negotiation] +ssl_conf = 451-version-negotiation-ssl + +[451-version-negotiation-ssl] +server = 451-version-negotiation-server +client = 451-version-negotiation-client + +[451-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[451-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-451] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[452-version-negotiation] +ssl_conf = 452-version-negotiation-ssl + +[452-version-negotiation-ssl] +server = 452-version-negotiation-server +client = 452-version-negotiation-client + +[452-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[452-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-452] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[453-version-negotiation] +ssl_conf = 453-version-negotiation-ssl + +[453-version-negotiation-ssl] +server = 453-version-negotiation-server +client = 453-version-negotiation-client + +[453-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[453-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-453] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[454-version-negotiation] +ssl_conf = 454-version-negotiation-ssl + +[454-version-negotiation-ssl] +server = 454-version-negotiation-server +client = 454-version-negotiation-client + +[454-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[454-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-454] +ExpectedResult = ClientFail + + +# =========================================================== + +[455-version-negotiation] +ssl_conf = 455-version-negotiation-ssl + +[455-version-negotiation-ssl] +server = 455-version-negotiation-server +client = 455-version-negotiation-client + +[455-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[455-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-455] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[456-version-negotiation] +ssl_conf = 456-version-negotiation-ssl + +[456-version-negotiation-ssl] +server = 456-version-negotiation-server +client = 456-version-negotiation-client + +[456-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[456-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-456] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[457-version-negotiation] +ssl_conf = 457-version-negotiation-ssl + +[457-version-negotiation-ssl] +server = 457-version-negotiation-server +client = 457-version-negotiation-client + +[457-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[457-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-457] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[458-version-negotiation] +ssl_conf = 458-version-negotiation-ssl + +[458-version-negotiation-ssl] +server = 458-version-negotiation-server +client = 458-version-negotiation-client + +[458-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[458-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-458] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[459-version-negotiation] +ssl_conf = 459-version-negotiation-ssl + +[459-version-negotiation-ssl] +server = 459-version-negotiation-server +client = 459-version-negotiation-client + +[459-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[459-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-459] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[460-version-negotiation] +ssl_conf = 460-version-negotiation-ssl + +[460-version-negotiation-ssl] +server = 460-version-negotiation-server +client = 460-version-negotiation-client + +[460-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[460-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-460] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[461-version-negotiation] +ssl_conf = 461-version-negotiation-ssl + +[461-version-negotiation-ssl] +server = 461-version-negotiation-server +client = 461-version-negotiation-client + +[461-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[461-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-461] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[462-version-negotiation] +ssl_conf = 462-version-negotiation-ssl + +[462-version-negotiation-ssl] +server = 462-version-negotiation-server +client = 462-version-negotiation-client + +[462-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[462-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-462] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[463-version-negotiation] +ssl_conf = 463-version-negotiation-ssl + +[463-version-negotiation-ssl] +server = 463-version-negotiation-server +client = 463-version-negotiation-client + +[463-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[463-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-463] +ExpectedResult = ServerFail + + +# =========================================================== + +[464-version-negotiation] +ssl_conf = 464-version-negotiation-ssl + +[464-version-negotiation-ssl] +server = 464-version-negotiation-server +client = 464-version-negotiation-client + +[464-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[464-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-464] +ExpectedResult = ServerFail + + +# =========================================================== + +[465-version-negotiation] +ssl_conf = 465-version-negotiation-ssl + +[465-version-negotiation-ssl] +server = 465-version-negotiation-server +client = 465-version-negotiation-client + +[465-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[465-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-465] +ExpectedResult = ServerFail + + +# =========================================================== + +[466-version-negotiation] +ssl_conf = 466-version-negotiation-ssl + +[466-version-negotiation-ssl] +server = 466-version-negotiation-server +client = 466-version-negotiation-client + +[466-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[466-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-466] +ExpectedResult = ServerFail + + +# =========================================================== + +[467-version-negotiation] +ssl_conf = 467-version-negotiation-ssl + +[467-version-negotiation-ssl] +server = 467-version-negotiation-server +client = 467-version-negotiation-client + +[467-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[467-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-467] +ExpectedResult = ServerFail + + +# =========================================================== + +[468-version-negotiation] +ssl_conf = 468-version-negotiation-ssl + +[468-version-negotiation-ssl] +server = 468-version-negotiation-server +client = 468-version-negotiation-client + +[468-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[468-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-468] +ExpectedResult = ServerFail + + +# =========================================================== + +[469-version-negotiation] +ssl_conf = 469-version-negotiation-ssl + +[469-version-negotiation-ssl] +server = 469-version-negotiation-server +client = 469-version-negotiation-client + +[469-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[469-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-469] +ExpectedResult = ClientFail + + +# =========================================================== + +[470-version-negotiation] +ssl_conf = 470-version-negotiation-ssl + +[470-version-negotiation-ssl] +server = 470-version-negotiation-server +client = 470-version-negotiation-client + +[470-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[470-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-470] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[471-version-negotiation] +ssl_conf = 471-version-negotiation-ssl + +[471-version-negotiation-ssl] +server = 471-version-negotiation-server +client = 471-version-negotiation-client + +[471-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[471-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-471] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[472-version-negotiation] +ssl_conf = 472-version-negotiation-ssl + +[472-version-negotiation-ssl] +server = 472-version-negotiation-server +client = 472-version-negotiation-client + +[472-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[472-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-472] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[473-version-negotiation] +ssl_conf = 473-version-negotiation-ssl + +[473-version-negotiation-ssl] +server = 473-version-negotiation-server +client = 473-version-negotiation-client + +[473-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[473-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-473] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[474-version-negotiation] +ssl_conf = 474-version-negotiation-ssl + +[474-version-negotiation-ssl] +server = 474-version-negotiation-server +client = 474-version-negotiation-client + +[474-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[474-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-474] +ExpectedResult = ServerFail + + +# =========================================================== + +[475-version-negotiation] +ssl_conf = 475-version-negotiation-ssl + +[475-version-negotiation-ssl] +server = 475-version-negotiation-server +client = 475-version-negotiation-client + +[475-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[475-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-475] +ExpectedResult = ClientFail + + +# =========================================================== + +[476-version-negotiation] +ssl_conf = 476-version-negotiation-ssl + +[476-version-negotiation-ssl] +server = 476-version-negotiation-server +client = 476-version-negotiation-client + +[476-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[476-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-476] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[477-version-negotiation] +ssl_conf = 477-version-negotiation-ssl + +[477-version-negotiation-ssl] +server = 477-version-negotiation-server +client = 477-version-negotiation-client + +[477-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[477-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-477] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[478-version-negotiation] +ssl_conf = 478-version-negotiation-ssl + +[478-version-negotiation-ssl] +server = 478-version-negotiation-server +client = 478-version-negotiation-client + +[478-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[478-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-478] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[479-version-negotiation] +ssl_conf = 479-version-negotiation-ssl + +[479-version-negotiation-ssl] +server = 479-version-negotiation-server +client = 479-version-negotiation-client + +[479-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[479-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-479] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[480-version-negotiation] +ssl_conf = 480-version-negotiation-ssl + +[480-version-negotiation-ssl] +server = 480-version-negotiation-server +client = 480-version-negotiation-client + +[480-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[480-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-480] +ExpectedResult = ClientFail + + +# =========================================================== + +[481-version-negotiation] +ssl_conf = 481-version-negotiation-ssl + +[481-version-negotiation-ssl] +server = 481-version-negotiation-server +client = 481-version-negotiation-client + +[481-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[481-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-481] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[482-version-negotiation] +ssl_conf = 482-version-negotiation-ssl + +[482-version-negotiation-ssl] +server = 482-version-negotiation-server +client = 482-version-negotiation-client + +[482-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[482-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-482] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[483-version-negotiation] +ssl_conf = 483-version-negotiation-ssl + +[483-version-negotiation-ssl] +server = 483-version-negotiation-server +client = 483-version-negotiation-client + +[483-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[483-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-483] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[484-version-negotiation] +ssl_conf = 484-version-negotiation-ssl + +[484-version-negotiation-ssl] +server = 484-version-negotiation-server +client = 484-version-negotiation-client + +[484-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[484-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-484] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[485-version-negotiation] +ssl_conf = 485-version-negotiation-ssl + +[485-version-negotiation-ssl] +server = 485-version-negotiation-server +client = 485-version-negotiation-client + +[485-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[485-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-485] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[486-version-negotiation] +ssl_conf = 486-version-negotiation-ssl + +[486-version-negotiation-ssl] +server = 486-version-negotiation-server +client = 486-version-negotiation-client + +[486-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[486-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-486] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[487-version-negotiation] +ssl_conf = 487-version-negotiation-ssl + +[487-version-negotiation-ssl] +server = 487-version-negotiation-server +client = 487-version-negotiation-client + +[487-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[487-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-487] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[488-version-negotiation] +ssl_conf = 488-version-negotiation-ssl + +[488-version-negotiation-ssl] +server = 488-version-negotiation-server +client = 488-version-negotiation-client + +[488-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[488-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-488] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[489-version-negotiation] +ssl_conf = 489-version-negotiation-ssl + +[489-version-negotiation-ssl] +server = 489-version-negotiation-server +client = 489-version-negotiation-client + +[489-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[489-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-489] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[490-version-negotiation] +ssl_conf = 490-version-negotiation-ssl + +[490-version-negotiation-ssl] +server = 490-version-negotiation-server +client = 490-version-negotiation-client + +[490-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[490-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-490] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[491-version-negotiation] +ssl_conf = 491-version-negotiation-ssl + +[491-version-negotiation-ssl] +server = 491-version-negotiation-server +client = 491-version-negotiation-client + +[491-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[491-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-491] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[492-version-negotiation] +ssl_conf = 492-version-negotiation-ssl + +[492-version-negotiation-ssl] +server = 492-version-negotiation-server +client = 492-version-negotiation-client + +[492-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[492-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-492] +ExpectedResult = ServerFail + + +# =========================================================== + +[493-version-negotiation] +ssl_conf = 493-version-negotiation-ssl + +[493-version-negotiation-ssl] +server = 493-version-negotiation-server +client = 493-version-negotiation-client + +[493-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[493-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-493] +ExpectedResult = ServerFail + + +# =========================================================== + +[494-version-negotiation] +ssl_conf = 494-version-negotiation-ssl + +[494-version-negotiation-ssl] +server = 494-version-negotiation-server +client = 494-version-negotiation-client + +[494-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[494-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-494] +ExpectedResult = ServerFail + + +# =========================================================== + +[495-version-negotiation] +ssl_conf = 495-version-negotiation-ssl + +[495-version-negotiation-ssl] +server = 495-version-negotiation-server +client = 495-version-negotiation-client + +[495-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[495-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-495] +ExpectedResult = ServerFail + + +# =========================================================== + +[496-version-negotiation] +ssl_conf = 496-version-negotiation-ssl + +[496-version-negotiation-ssl] +server = 496-version-negotiation-server +client = 496-version-negotiation-client + +[496-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[496-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-496] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[497-version-negotiation] +ssl_conf = 497-version-negotiation-ssl + +[497-version-negotiation-ssl] +server = 497-version-negotiation-server +client = 497-version-negotiation-client + +[497-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[497-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-497] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[498-version-negotiation] +ssl_conf = 498-version-negotiation-ssl + +[498-version-negotiation-ssl] +server = 498-version-negotiation-server +client = 498-version-negotiation-client + +[498-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[498-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-498] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[499-version-negotiation] +ssl_conf = 499-version-negotiation-ssl + +[499-version-negotiation-ssl] +server = 499-version-negotiation-server +client = 499-version-negotiation-client + +[499-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[499-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-499] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[500-version-negotiation] +ssl_conf = 500-version-negotiation-ssl + +[500-version-negotiation-ssl] +server = 500-version-negotiation-server +client = 500-version-negotiation-client + +[500-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[500-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-500] +ExpectedResult = ServerFail + + +# =========================================================== + +[501-version-negotiation] +ssl_conf = 501-version-negotiation-ssl + +[501-version-negotiation-ssl] +server = 501-version-negotiation-server +client = 501-version-negotiation-client + +[501-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[501-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-501] +ExpectedResult = ServerFail + + +# =========================================================== + +[502-version-negotiation] +ssl_conf = 502-version-negotiation-ssl + +[502-version-negotiation-ssl] +server = 502-version-negotiation-server +client = 502-version-negotiation-client + +[502-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[502-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-502] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[503-version-negotiation] +ssl_conf = 503-version-negotiation-ssl + +[503-version-negotiation-ssl] +server = 503-version-negotiation-server +client = 503-version-negotiation-client + +[503-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[503-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-503] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[504-version-negotiation] +ssl_conf = 504-version-negotiation-ssl + +[504-version-negotiation-ssl] +server = 504-version-negotiation-server +client = 504-version-negotiation-client + +[504-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[504-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-504] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[505-version-negotiation] +ssl_conf = 505-version-negotiation-ssl + +[505-version-negotiation-ssl] +server = 505-version-negotiation-server +client = 505-version-negotiation-client + +[505-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[505-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-505] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[506-version-negotiation] +ssl_conf = 506-version-negotiation-ssl + +[506-version-negotiation-ssl] +server = 506-version-negotiation-server +client = 506-version-negotiation-client + +[506-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[506-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-506] +ExpectedResult = ServerFail + + +# =========================================================== + +[507-version-negotiation] +ssl_conf = 507-version-negotiation-ssl + +[507-version-negotiation-ssl] +server = 507-version-negotiation-server +client = 507-version-negotiation-client + +[507-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[507-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-507] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[508-version-negotiation] +ssl_conf = 508-version-negotiation-ssl + +[508-version-negotiation-ssl] +server = 508-version-negotiation-server +client = 508-version-negotiation-client + +[508-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[508-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-508] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[509-version-negotiation] +ssl_conf = 509-version-negotiation-ssl + +[509-version-negotiation-ssl] +server = 509-version-negotiation-server +client = 509-version-negotiation-client + +[509-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[509-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-509] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[510-version-negotiation] +ssl_conf = 510-version-negotiation-ssl + +[510-version-negotiation-ssl] +server = 510-version-negotiation-server +client = 510-version-negotiation-client + +[510-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[510-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-510] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[511-version-negotiation] +ssl_conf = 511-version-negotiation-ssl + +[511-version-negotiation-ssl] +server = 511-version-negotiation-server +client = 511-version-negotiation-client + +[511-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[511-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-511] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[512-version-negotiation] +ssl_conf = 512-version-negotiation-ssl + +[512-version-negotiation-ssl] +server = 512-version-negotiation-server +client = 512-version-negotiation-client + +[512-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[512-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-512] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[513-version-negotiation] +ssl_conf = 513-version-negotiation-ssl + +[513-version-negotiation-ssl] +server = 513-version-negotiation-server +client = 513-version-negotiation-client + +[513-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[513-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-513] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[514-version-negotiation] +ssl_conf = 514-version-negotiation-ssl + +[514-version-negotiation-ssl] +server = 514-version-negotiation-server +client = 514-version-negotiation-client + +[514-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[514-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-514] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[515-version-negotiation] +ssl_conf = 515-version-negotiation-ssl + +[515-version-negotiation-ssl] +server = 515-version-negotiation-server +client = 515-version-negotiation-client + +[515-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[515-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-515] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[516-version-negotiation] +ssl_conf = 516-version-negotiation-ssl + +[516-version-negotiation-ssl] +server = 516-version-negotiation-server +client = 516-version-negotiation-client + +[516-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[516-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-516] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[517-version-negotiation] +ssl_conf = 517-version-negotiation-ssl + +[517-version-negotiation-ssl] +server = 517-version-negotiation-server +client = 517-version-negotiation-client + +[517-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[517-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-517] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[518-version-negotiation] +ssl_conf = 518-version-negotiation-ssl + +[518-version-negotiation-ssl] +server = 518-version-negotiation-server +client = 518-version-negotiation-client + +[518-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[518-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-518] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[519-version-negotiation] +ssl_conf = 519-version-negotiation-ssl + +[519-version-negotiation-ssl] +server = 519-version-negotiation-server +client = 519-version-negotiation-client + +[519-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[519-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-519] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[520-version-negotiation] +ssl_conf = 520-version-negotiation-ssl + +[520-version-negotiation-ssl] +server = 520-version-negotiation-server +client = 520-version-negotiation-client + +[520-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[520-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-520] +ExpectedResult = ServerFail + + +# =========================================================== + +[521-version-negotiation] +ssl_conf = 521-version-negotiation-ssl + +[521-version-negotiation-ssl] +server = 521-version-negotiation-server +client = 521-version-negotiation-client + +[521-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[521-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-521] +ExpectedResult = ServerFail + + +# =========================================================== + +[522-version-negotiation] +ssl_conf = 522-version-negotiation-ssl + +[522-version-negotiation-ssl] +server = 522-version-negotiation-server +client = 522-version-negotiation-client + +[522-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[522-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-522] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[523-version-negotiation] +ssl_conf = 523-version-negotiation-ssl + +[523-version-negotiation-ssl] +server = 523-version-negotiation-server +client = 523-version-negotiation-client + +[523-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[523-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-523] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[524-version-negotiation] +ssl_conf = 524-version-negotiation-ssl + +[524-version-negotiation-ssl] +server = 524-version-negotiation-server +client = 524-version-negotiation-client + +[524-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[524-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-524] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[525-version-negotiation] +ssl_conf = 525-version-negotiation-ssl + +[525-version-negotiation-ssl] +server = 525-version-negotiation-server +client = 525-version-negotiation-client + +[525-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[525-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-525] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[526-version-negotiation] +ssl_conf = 526-version-negotiation-ssl + +[526-version-negotiation-ssl] +server = 526-version-negotiation-server +client = 526-version-negotiation-client + +[526-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[526-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-526] +ExpectedResult = ServerFail + + +# =========================================================== + +[527-version-negotiation] +ssl_conf = 527-version-negotiation-ssl + +[527-version-negotiation-ssl] +server = 527-version-negotiation-server +client = 527-version-negotiation-client + +[527-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[527-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-527] +ExpectedResult = ServerFail + + +# =========================================================== + +[528-version-negotiation] +ssl_conf = 528-version-negotiation-ssl + +[528-version-negotiation-ssl] +server = 528-version-negotiation-server +client = 528-version-negotiation-client + +[528-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[528-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-528] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[529-version-negotiation] +ssl_conf = 529-version-negotiation-ssl + +[529-version-negotiation-ssl] +server = 529-version-negotiation-server +client = 529-version-negotiation-client + +[529-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[529-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-529] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[530-version-negotiation] +ssl_conf = 530-version-negotiation-ssl + +[530-version-negotiation-ssl] +server = 530-version-negotiation-server +client = 530-version-negotiation-client + +[530-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[530-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-530] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[531-version-negotiation] +ssl_conf = 531-version-negotiation-ssl + +[531-version-negotiation-ssl] +server = 531-version-negotiation-server +client = 531-version-negotiation-client + +[531-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[531-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-531] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[532-version-negotiation] +ssl_conf = 532-version-negotiation-ssl + +[532-version-negotiation-ssl] +server = 532-version-negotiation-server +client = 532-version-negotiation-client + +[532-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[532-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-532] +ExpectedResult = ServerFail + + +# =========================================================== + +[533-version-negotiation] +ssl_conf = 533-version-negotiation-ssl + +[533-version-negotiation-ssl] +server = 533-version-negotiation-server +client = 533-version-negotiation-client + +[533-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[533-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-533] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[534-version-negotiation] +ssl_conf = 534-version-negotiation-ssl + +[534-version-negotiation-ssl] +server = 534-version-negotiation-server +client = 534-version-negotiation-client + +[534-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[534-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-534] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[535-version-negotiation] +ssl_conf = 535-version-negotiation-ssl + +[535-version-negotiation-ssl] +server = 535-version-negotiation-server +client = 535-version-negotiation-client + +[535-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[535-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-535] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[536-version-negotiation] +ssl_conf = 536-version-negotiation-ssl + +[536-version-negotiation-ssl] +server = 536-version-negotiation-server +client = 536-version-negotiation-client + +[536-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[536-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-536] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[537-version-negotiation] +ssl_conf = 537-version-negotiation-ssl + +[537-version-negotiation-ssl] +server = 537-version-negotiation-server +client = 537-version-negotiation-client + +[537-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[537-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-537] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[538-version-negotiation] +ssl_conf = 538-version-negotiation-ssl + +[538-version-negotiation-ssl] +server = 538-version-negotiation-server +client = 538-version-negotiation-client + +[538-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[538-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-538] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[539-version-negotiation] +ssl_conf = 539-version-negotiation-ssl + +[539-version-negotiation-ssl] +server = 539-version-negotiation-server +client = 539-version-negotiation-client + +[539-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[539-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-539] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[540-version-negotiation] +ssl_conf = 540-version-negotiation-ssl + +[540-version-negotiation-ssl] +server = 540-version-negotiation-server +client = 540-version-negotiation-client + +[540-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[540-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-540] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[541-version-negotiation] +ssl_conf = 541-version-negotiation-ssl + +[541-version-negotiation-ssl] +server = 541-version-negotiation-server +client = 541-version-negotiation-client + +[541-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[541-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-541] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[542-version-negotiation] +ssl_conf = 542-version-negotiation-ssl + +[542-version-negotiation-ssl] +server = 542-version-negotiation-server +client = 542-version-negotiation-client + +[542-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[542-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-542] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[543-version-negotiation] +ssl_conf = 543-version-negotiation-ssl + +[543-version-negotiation-ssl] +server = 543-version-negotiation-server +client = 543-version-negotiation-client + +[543-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[543-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-543] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[544-version-negotiation] +ssl_conf = 544-version-negotiation-ssl + +[544-version-negotiation-ssl] +server = 544-version-negotiation-server +client = 544-version-negotiation-client + +[544-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[544-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-544] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[545-version-negotiation] +ssl_conf = 545-version-negotiation-ssl + +[545-version-negotiation-ssl] +server = 545-version-negotiation-server +client = 545-version-negotiation-client + +[545-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[545-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-545] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[546-version-negotiation] +ssl_conf = 546-version-negotiation-ssl + +[546-version-negotiation-ssl] +server = 546-version-negotiation-server +client = 546-version-negotiation-client + +[546-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[546-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-546] +ExpectedResult = ServerFail + + +# =========================================================== + +[547-version-negotiation] +ssl_conf = 547-version-negotiation-ssl + +[547-version-negotiation-ssl] +server = 547-version-negotiation-server +client = 547-version-negotiation-client + +[547-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[547-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-547] +ExpectedResult = ClientFail + + +# =========================================================== + +[548-version-negotiation] +ssl_conf = 548-version-negotiation-ssl + +[548-version-negotiation-ssl] +server = 548-version-negotiation-server +client = 548-version-negotiation-client + +[548-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[548-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-548] +ExpectedResult = ClientFail + + +# =========================================================== + +[549-version-negotiation] +ssl_conf = 549-version-negotiation-ssl + +[549-version-negotiation-ssl] +server = 549-version-negotiation-server +client = 549-version-negotiation-client + +[549-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[549-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-549] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[550-version-negotiation] +ssl_conf = 550-version-negotiation-ssl + +[550-version-negotiation-ssl] +server = 550-version-negotiation-server +client = 550-version-negotiation-client + +[550-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[550-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-550] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[551-version-negotiation] +ssl_conf = 551-version-negotiation-ssl + +[551-version-negotiation-ssl] +server = 551-version-negotiation-server +client = 551-version-negotiation-client + +[551-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[551-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-551] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[552-version-negotiation] +ssl_conf = 552-version-negotiation-ssl + +[552-version-negotiation-ssl] +server = 552-version-negotiation-server +client = 552-version-negotiation-client + +[552-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[552-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-552] +ExpectedResult = ServerFail + + +# =========================================================== + +[553-version-negotiation] +ssl_conf = 553-version-negotiation-ssl + +[553-version-negotiation-ssl] +server = 553-version-negotiation-server +client = 553-version-negotiation-client + +[553-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[553-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-553] +ExpectedResult = ClientFail + + +# =========================================================== + +[554-version-negotiation] +ssl_conf = 554-version-negotiation-ssl + +[554-version-negotiation-ssl] +server = 554-version-negotiation-server +client = 554-version-negotiation-client + +[554-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[554-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-554] +ExpectedResult = ClientFail + + +# =========================================================== + +[555-version-negotiation] +ssl_conf = 555-version-negotiation-ssl + +[555-version-negotiation-ssl] +server = 555-version-negotiation-server +client = 555-version-negotiation-client + +[555-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[555-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-555] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[556-version-negotiation] +ssl_conf = 556-version-negotiation-ssl + +[556-version-negotiation-ssl] +server = 556-version-negotiation-server +client = 556-version-negotiation-client + +[556-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[556-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-556] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[557-version-negotiation] +ssl_conf = 557-version-negotiation-ssl + +[557-version-negotiation-ssl] +server = 557-version-negotiation-server +client = 557-version-negotiation-client + +[557-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[557-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-557] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[558-version-negotiation] +ssl_conf = 558-version-negotiation-ssl + +[558-version-negotiation-ssl] +server = 558-version-negotiation-server +client = 558-version-negotiation-client + +[558-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[558-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-558] +ExpectedResult = ClientFail + + +# =========================================================== + +[559-version-negotiation] +ssl_conf = 559-version-negotiation-ssl + +[559-version-negotiation-ssl] +server = 559-version-negotiation-server +client = 559-version-negotiation-client + +[559-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[559-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-559] +ExpectedResult = ClientFail + + +# =========================================================== + +[560-version-negotiation] +ssl_conf = 560-version-negotiation-ssl + +[560-version-negotiation-ssl] +server = 560-version-negotiation-server +client = 560-version-negotiation-client + +[560-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[560-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-560] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[561-version-negotiation] +ssl_conf = 561-version-negotiation-ssl + +[561-version-negotiation-ssl] +server = 561-version-negotiation-server +client = 561-version-negotiation-client + +[561-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[561-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-561] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[562-version-negotiation] +ssl_conf = 562-version-negotiation-ssl + +[562-version-negotiation-ssl] +server = 562-version-negotiation-server +client = 562-version-negotiation-client + +[562-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[562-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-562] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[563-version-negotiation] +ssl_conf = 563-version-negotiation-ssl + +[563-version-negotiation-ssl] +server = 563-version-negotiation-server +client = 563-version-negotiation-client + +[563-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[563-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-563] +ExpectedResult = ClientFail + + +# =========================================================== + +[564-version-negotiation] +ssl_conf = 564-version-negotiation-ssl + +[564-version-negotiation-ssl] +server = 564-version-negotiation-server +client = 564-version-negotiation-client + +[564-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[564-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-564] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[565-version-negotiation] +ssl_conf = 565-version-negotiation-ssl + +[565-version-negotiation-ssl] +server = 565-version-negotiation-server +client = 565-version-negotiation-client + +[565-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[565-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-565] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[566-version-negotiation] +ssl_conf = 566-version-negotiation-ssl + +[566-version-negotiation-ssl] +server = 566-version-negotiation-server +client = 566-version-negotiation-client + +[566-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[566-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-566] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[567-version-negotiation] +ssl_conf = 567-version-negotiation-ssl + +[567-version-negotiation-ssl] +server = 567-version-negotiation-server +client = 567-version-negotiation-client + +[567-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[567-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-567] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[568-version-negotiation] +ssl_conf = 568-version-negotiation-ssl + +[568-version-negotiation-ssl] +server = 568-version-negotiation-server +client = 568-version-negotiation-client + +[568-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[568-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-568] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[569-version-negotiation] +ssl_conf = 569-version-negotiation-ssl + +[569-version-negotiation-ssl] +server = 569-version-negotiation-server +client = 569-version-negotiation-client + +[569-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[569-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-569] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[570-version-negotiation] +ssl_conf = 570-version-negotiation-ssl + +[570-version-negotiation-ssl] +server = 570-version-negotiation-server +client = 570-version-negotiation-client + +[570-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[570-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-570] +ExpectedResult = ServerFail + + +# =========================================================== + +[571-version-negotiation] +ssl_conf = 571-version-negotiation-ssl + +[571-version-negotiation-ssl] +server = 571-version-negotiation-server +client = 571-version-negotiation-client + +[571-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[571-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-571] +ExpectedResult = ServerFail + + +# =========================================================== + +[572-version-negotiation] +ssl_conf = 572-version-negotiation-ssl + +[572-version-negotiation-ssl] +server = 572-version-negotiation-server +client = 572-version-negotiation-client + +[572-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[572-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-572] +ExpectedResult = ServerFail + + +# =========================================================== + +[573-version-negotiation] +ssl_conf = 573-version-negotiation-ssl + +[573-version-negotiation-ssl] +server = 573-version-negotiation-server +client = 573-version-negotiation-client + +[573-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[573-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-573] +ExpectedResult = ServerFail + + +# =========================================================== + +[574-version-negotiation] +ssl_conf = 574-version-negotiation-ssl + +[574-version-negotiation-ssl] +server = 574-version-negotiation-server +client = 574-version-negotiation-client + +[574-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[574-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-574] +ExpectedResult = ServerFail + + +# =========================================================== + +[575-version-negotiation] +ssl_conf = 575-version-negotiation-ssl + +[575-version-negotiation-ssl] +server = 575-version-negotiation-server +client = 575-version-negotiation-client + +[575-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[575-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-575] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[576-version-negotiation] +ssl_conf = 576-version-negotiation-ssl + +[576-version-negotiation-ssl] +server = 576-version-negotiation-server +client = 576-version-negotiation-client + +[576-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[576-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-576] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[577-version-negotiation] +ssl_conf = 577-version-negotiation-ssl + +[577-version-negotiation-ssl] +server = 577-version-negotiation-server +client = 577-version-negotiation-client + +[577-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[577-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-577] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[578-version-negotiation] +ssl_conf = 578-version-negotiation-ssl + +[578-version-negotiation-ssl] +server = 578-version-negotiation-server +client = 578-version-negotiation-client + +[578-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[578-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-578] +ExpectedResult = ServerFail + + +# =========================================================== + +[579-version-negotiation] +ssl_conf = 579-version-negotiation-ssl + +[579-version-negotiation-ssl] +server = 579-version-negotiation-server +client = 579-version-negotiation-client + +[579-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[579-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-579] +ExpectedResult = ServerFail + + +# =========================================================== + +[580-version-negotiation] +ssl_conf = 580-version-negotiation-ssl + +[580-version-negotiation-ssl] +server = 580-version-negotiation-server +client = 580-version-negotiation-client + +[580-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[580-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-580] +ExpectedResult = ServerFail + + +# =========================================================== + +[581-version-negotiation] +ssl_conf = 581-version-negotiation-ssl + +[581-version-negotiation-ssl] +server = 581-version-negotiation-server +client = 581-version-negotiation-client + +[581-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[581-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-581] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[582-version-negotiation] +ssl_conf = 582-version-negotiation-ssl + +[582-version-negotiation-ssl] +server = 582-version-negotiation-server +client = 582-version-negotiation-client + +[582-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[582-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-582] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[583-version-negotiation] +ssl_conf = 583-version-negotiation-ssl + +[583-version-negotiation-ssl] +server = 583-version-negotiation-server +client = 583-version-negotiation-client + +[583-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[583-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-583] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[584-version-negotiation] +ssl_conf = 584-version-negotiation-ssl + +[584-version-negotiation-ssl] +server = 584-version-negotiation-server +client = 584-version-negotiation-client + +[584-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[584-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-584] +ExpectedResult = ServerFail + + +# =========================================================== + +[585-version-negotiation] +ssl_conf = 585-version-negotiation-ssl + +[585-version-negotiation-ssl] +server = 585-version-negotiation-server +client = 585-version-negotiation-client + +[585-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[585-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-585] +ExpectedResult = ServerFail + + +# =========================================================== + +[586-version-negotiation] +ssl_conf = 586-version-negotiation-ssl + +[586-version-negotiation-ssl] +server = 586-version-negotiation-server +client = 586-version-negotiation-client + +[586-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[586-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-586] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[587-version-negotiation] +ssl_conf = 587-version-negotiation-ssl + +[587-version-negotiation-ssl] +server = 587-version-negotiation-server +client = 587-version-negotiation-client + +[587-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[587-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-587] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[588-version-negotiation] +ssl_conf = 588-version-negotiation-ssl + +[588-version-negotiation-ssl] +server = 588-version-negotiation-server +client = 588-version-negotiation-client + +[588-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[588-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-588] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[589-version-negotiation] +ssl_conf = 589-version-negotiation-ssl + +[589-version-negotiation-ssl] +server = 589-version-negotiation-server +client = 589-version-negotiation-client + +[589-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[589-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-589] +ExpectedResult = ServerFail + + +# =========================================================== + +[590-version-negotiation] +ssl_conf = 590-version-negotiation-ssl + +[590-version-negotiation-ssl] +server = 590-version-negotiation-server +client = 590-version-negotiation-client + +[590-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[590-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-590] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[591-version-negotiation] +ssl_conf = 591-version-negotiation-ssl + +[591-version-negotiation-ssl] +server = 591-version-negotiation-server +client = 591-version-negotiation-client + +[591-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[591-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-591] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[592-version-negotiation] +ssl_conf = 592-version-negotiation-ssl + +[592-version-negotiation-ssl] +server = 592-version-negotiation-server +client = 592-version-negotiation-client + +[592-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[592-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-592] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[593-version-negotiation] +ssl_conf = 593-version-negotiation-ssl + +[593-version-negotiation-ssl] +server = 593-version-negotiation-server +client = 593-version-negotiation-client + +[593-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[593-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-593] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[594-version-negotiation] +ssl_conf = 594-version-negotiation-ssl + +[594-version-negotiation-ssl] +server = 594-version-negotiation-server +client = 594-version-negotiation-client + +[594-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[594-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-594] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[595-version-negotiation] +ssl_conf = 595-version-negotiation-ssl + +[595-version-negotiation-ssl] +server = 595-version-negotiation-server +client = 595-version-negotiation-client + +[595-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[595-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-595] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[596-version-negotiation] +ssl_conf = 596-version-negotiation-ssl + +[596-version-negotiation-ssl] +server = 596-version-negotiation-server +client = 596-version-negotiation-client + +[596-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[596-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-596] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[597-version-negotiation] +ssl_conf = 597-version-negotiation-ssl + +[597-version-negotiation-ssl] +server = 597-version-negotiation-server +client = 597-version-negotiation-client + +[597-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[597-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-597] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[598-version-negotiation] +ssl_conf = 598-version-negotiation-ssl + +[598-version-negotiation-ssl] +server = 598-version-negotiation-server +client = 598-version-negotiation-client + +[598-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[598-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-598] +ExpectedResult = ServerFail + + +# =========================================================== + +[599-version-negotiation] +ssl_conf = 599-version-negotiation-ssl + +[599-version-negotiation-ssl] +server = 599-version-negotiation-server +client = 599-version-negotiation-client + +[599-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[599-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-599] +ExpectedResult = ServerFail + + +# =========================================================== + +[600-version-negotiation] +ssl_conf = 600-version-negotiation-ssl + +[600-version-negotiation-ssl] +server = 600-version-negotiation-server +client = 600-version-negotiation-client + +[600-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[600-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-600] +ExpectedResult = ServerFail + + +# =========================================================== + +[601-version-negotiation] +ssl_conf = 601-version-negotiation-ssl + +[601-version-negotiation-ssl] +server = 601-version-negotiation-server +client = 601-version-negotiation-client + +[601-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[601-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-601] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[602-version-negotiation] +ssl_conf = 602-version-negotiation-ssl + +[602-version-negotiation-ssl] +server = 602-version-negotiation-server +client = 602-version-negotiation-client + +[602-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[602-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-602] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[603-version-negotiation] +ssl_conf = 603-version-negotiation-ssl + +[603-version-negotiation-ssl] +server = 603-version-negotiation-server +client = 603-version-negotiation-client + +[603-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[603-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-603] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[604-version-negotiation] +ssl_conf = 604-version-negotiation-ssl + +[604-version-negotiation-ssl] +server = 604-version-negotiation-server +client = 604-version-negotiation-client + +[604-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[604-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-604] +ExpectedResult = ServerFail + + +# =========================================================== + +[605-version-negotiation] +ssl_conf = 605-version-negotiation-ssl + +[605-version-negotiation-ssl] +server = 605-version-negotiation-server +client = 605-version-negotiation-client + +[605-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[605-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-605] +ExpectedResult = ServerFail + + +# =========================================================== + +[606-version-negotiation] +ssl_conf = 606-version-negotiation-ssl + +[606-version-negotiation-ssl] +server = 606-version-negotiation-server +client = 606-version-negotiation-client + +[606-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[606-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-606] +ExpectedResult = ServerFail + + +# =========================================================== + +[607-version-negotiation] +ssl_conf = 607-version-negotiation-ssl + +[607-version-negotiation-ssl] +server = 607-version-negotiation-server +client = 607-version-negotiation-client + +[607-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[607-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-607] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[608-version-negotiation] +ssl_conf = 608-version-negotiation-ssl + +[608-version-negotiation-ssl] +server = 608-version-negotiation-server +client = 608-version-negotiation-client + +[608-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[608-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-608] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[609-version-negotiation] +ssl_conf = 609-version-negotiation-ssl + +[609-version-negotiation-ssl] +server = 609-version-negotiation-server +client = 609-version-negotiation-client + +[609-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[609-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-609] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[610-version-negotiation] +ssl_conf = 610-version-negotiation-ssl + +[610-version-negotiation-ssl] +server = 610-version-negotiation-server +client = 610-version-negotiation-client + +[610-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[610-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-610] +ExpectedResult = ServerFail + + +# =========================================================== + +[611-version-negotiation] +ssl_conf = 611-version-negotiation-ssl + +[611-version-negotiation-ssl] +server = 611-version-negotiation-server +client = 611-version-negotiation-client + +[611-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[611-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-611] +ExpectedResult = ServerFail + + +# =========================================================== + +[612-version-negotiation] +ssl_conf = 612-version-negotiation-ssl + +[612-version-negotiation-ssl] +server = 612-version-negotiation-server +client = 612-version-negotiation-client + +[612-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[612-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-612] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[613-version-negotiation] +ssl_conf = 613-version-negotiation-ssl + +[613-version-negotiation-ssl] +server = 613-version-negotiation-server +client = 613-version-negotiation-client + +[613-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[613-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-613] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[614-version-negotiation] +ssl_conf = 614-version-negotiation-ssl + +[614-version-negotiation-ssl] +server = 614-version-negotiation-server +client = 614-version-negotiation-client + +[614-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[614-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-614] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[615-version-negotiation] +ssl_conf = 615-version-negotiation-ssl + +[615-version-negotiation-ssl] +server = 615-version-negotiation-server +client = 615-version-negotiation-client + +[615-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[615-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-615] +ExpectedResult = ServerFail + + +# =========================================================== + +[616-version-negotiation] +ssl_conf = 616-version-negotiation-ssl + +[616-version-negotiation-ssl] +server = 616-version-negotiation-server +client = 616-version-negotiation-client + +[616-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[616-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-616] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[617-version-negotiation] +ssl_conf = 617-version-negotiation-ssl + +[617-version-negotiation-ssl] +server = 617-version-negotiation-server +client = 617-version-negotiation-client + +[617-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[617-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-617] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[618-version-negotiation] +ssl_conf = 618-version-negotiation-ssl + +[618-version-negotiation-ssl] +server = 618-version-negotiation-server +client = 618-version-negotiation-client + +[618-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[618-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-618] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[619-version-negotiation] +ssl_conf = 619-version-negotiation-ssl + +[619-version-negotiation-ssl] +server = 619-version-negotiation-server +client = 619-version-negotiation-client + +[619-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[619-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-619] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[620-version-negotiation] +ssl_conf = 620-version-negotiation-ssl + +[620-version-negotiation-ssl] +server = 620-version-negotiation-server +client = 620-version-negotiation-client + +[620-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[620-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-620] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[621-version-negotiation] +ssl_conf = 621-version-negotiation-ssl + +[621-version-negotiation-ssl] +server = 621-version-negotiation-server +client = 621-version-negotiation-client + +[621-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[621-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-621] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[622-version-negotiation] +ssl_conf = 622-version-negotiation-ssl + +[622-version-negotiation-ssl] +server = 622-version-negotiation-server +client = 622-version-negotiation-client + +[622-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[622-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-622] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[623-version-negotiation] +ssl_conf = 623-version-negotiation-ssl + +[623-version-negotiation-ssl] +server = 623-version-negotiation-server +client = 623-version-negotiation-client + +[623-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[623-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-623] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[624-version-negotiation] +ssl_conf = 624-version-negotiation-ssl + +[624-version-negotiation-ssl] +server = 624-version-negotiation-server +client = 624-version-negotiation-client + +[624-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[624-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-624] +ExpectedResult = ServerFail + + +# =========================================================== + +[625-version-negotiation] +ssl_conf = 625-version-negotiation-ssl + +[625-version-negotiation-ssl] +server = 625-version-negotiation-server +client = 625-version-negotiation-client + +[625-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[625-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-625] +ExpectedResult = ServerFail + + +# =========================================================== + +[626-version-negotiation] +ssl_conf = 626-version-negotiation-ssl + +[626-version-negotiation-ssl] +server = 626-version-negotiation-server +client = 626-version-negotiation-client + +[626-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[626-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-626] +ExpectedResult = ServerFail + + +# =========================================================== + +[627-version-negotiation] +ssl_conf = 627-version-negotiation-ssl + +[627-version-negotiation-ssl] +server = 627-version-negotiation-server +client = 627-version-negotiation-client + +[627-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[627-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-627] +ExpectedResult = ServerFail + + +# =========================================================== + +[628-version-negotiation] +ssl_conf = 628-version-negotiation-ssl + +[628-version-negotiation-ssl] +server = 628-version-negotiation-server +client = 628-version-negotiation-client + +[628-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[628-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-628] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[629-version-negotiation] +ssl_conf = 629-version-negotiation-ssl + +[629-version-negotiation-ssl] +server = 629-version-negotiation-server +client = 629-version-negotiation-client + +[629-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[629-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-629] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[630-version-negotiation] +ssl_conf = 630-version-negotiation-ssl + +[630-version-negotiation-ssl] +server = 630-version-negotiation-server +client = 630-version-negotiation-client + +[630-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[630-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-630] +ExpectedResult = ServerFail + + +# =========================================================== + +[631-version-negotiation] +ssl_conf = 631-version-negotiation-ssl + +[631-version-negotiation-ssl] +server = 631-version-negotiation-server +client = 631-version-negotiation-client + +[631-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[631-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-631] +ExpectedResult = ServerFail + + +# =========================================================== + +[632-version-negotiation] +ssl_conf = 632-version-negotiation-ssl + +[632-version-negotiation-ssl] +server = 632-version-negotiation-server +client = 632-version-negotiation-client + +[632-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[632-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-632] +ExpectedResult = ServerFail + + +# =========================================================== + +[633-version-negotiation] +ssl_conf = 633-version-negotiation-ssl + +[633-version-negotiation-ssl] +server = 633-version-negotiation-server +client = 633-version-negotiation-client + +[633-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[633-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-633] +ExpectedResult = ServerFail + + +# =========================================================== + +[634-version-negotiation] +ssl_conf = 634-version-negotiation-ssl + +[634-version-negotiation-ssl] +server = 634-version-negotiation-server +client = 634-version-negotiation-client + +[634-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[634-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-634] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[635-version-negotiation] +ssl_conf = 635-version-negotiation-ssl + +[635-version-negotiation-ssl] +server = 635-version-negotiation-server +client = 635-version-negotiation-client + +[635-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[635-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-635] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[636-version-negotiation] +ssl_conf = 636-version-negotiation-ssl + +[636-version-negotiation-ssl] +server = 636-version-negotiation-server +client = 636-version-negotiation-client + +[636-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[636-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-636] +ExpectedResult = ServerFail + + +# =========================================================== + +[637-version-negotiation] +ssl_conf = 637-version-negotiation-ssl + +[637-version-negotiation-ssl] +server = 637-version-negotiation-server +client = 637-version-negotiation-client + +[637-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[637-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-637] +ExpectedResult = ServerFail + + +# =========================================================== + +[638-version-negotiation] +ssl_conf = 638-version-negotiation-ssl + +[638-version-negotiation-ssl] +server = 638-version-negotiation-server +client = 638-version-negotiation-client + +[638-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[638-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-638] +ExpectedResult = ServerFail + + +# =========================================================== + +[639-version-negotiation] +ssl_conf = 639-version-negotiation-ssl + +[639-version-negotiation-ssl] +server = 639-version-negotiation-server +client = 639-version-negotiation-client + +[639-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[639-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-639] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[640-version-negotiation] +ssl_conf = 640-version-negotiation-ssl + +[640-version-negotiation-ssl] +server = 640-version-negotiation-server +client = 640-version-negotiation-client + +[640-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[640-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-640] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[641-version-negotiation] +ssl_conf = 641-version-negotiation-ssl + +[641-version-negotiation-ssl] +server = 641-version-negotiation-server +client = 641-version-negotiation-client + +[641-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[641-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-641] +ExpectedResult = ServerFail + + +# =========================================================== + +[642-version-negotiation] +ssl_conf = 642-version-negotiation-ssl + +[642-version-negotiation-ssl] +server = 642-version-negotiation-server +client = 642-version-negotiation-client + +[642-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[642-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-642] +ExpectedResult = ServerFail + + +# =========================================================== + +[643-version-negotiation] +ssl_conf = 643-version-negotiation-ssl + +[643-version-negotiation-ssl] +server = 643-version-negotiation-server +client = 643-version-negotiation-client + +[643-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[643-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-643] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[644-version-negotiation] +ssl_conf = 644-version-negotiation-ssl + +[644-version-negotiation-ssl] +server = 644-version-negotiation-server +client = 644-version-negotiation-client + +[644-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[644-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-644] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[645-version-negotiation] +ssl_conf = 645-version-negotiation-ssl + +[645-version-negotiation-ssl] +server = 645-version-negotiation-server +client = 645-version-negotiation-client + +[645-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[645-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-645] +ExpectedResult = ServerFail + + +# =========================================================== + +[646-version-negotiation] +ssl_conf = 646-version-negotiation-ssl + +[646-version-negotiation-ssl] +server = 646-version-negotiation-server +client = 646-version-negotiation-client + +[646-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[646-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-646] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[647-version-negotiation] +ssl_conf = 647-version-negotiation-ssl + +[647-version-negotiation-ssl] +server = 647-version-negotiation-server +client = 647-version-negotiation-client + +[647-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[647-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-647] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[648-version-negotiation] +ssl_conf = 648-version-negotiation-ssl + +[648-version-negotiation-ssl] +server = 648-version-negotiation-server +client = 648-version-negotiation-client + +[648-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[648-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-648] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[649-version-negotiation] +ssl_conf = 649-version-negotiation-ssl + +[649-version-negotiation-ssl] +server = 649-version-negotiation-server +client = 649-version-negotiation-client + +[649-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[649-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-649] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[650-version-negotiation] +ssl_conf = 650-version-negotiation-ssl + +[650-version-negotiation-ssl] +server = 650-version-negotiation-server +client = 650-version-negotiation-client + +[650-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[650-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-650] +ExpectedResult = ServerFail + + +# =========================================================== + +[651-version-negotiation] +ssl_conf = 651-version-negotiation-ssl + +[651-version-negotiation-ssl] +server = 651-version-negotiation-server +client = 651-version-negotiation-client + +[651-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[651-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-651] +ExpectedResult = ServerFail + + +# =========================================================== + +[652-version-negotiation] +ssl_conf = 652-version-negotiation-ssl + +[652-version-negotiation-ssl] +server = 652-version-negotiation-server +client = 652-version-negotiation-client + +[652-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[652-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-652] +ExpectedResult = ServerFail + + +# =========================================================== + +[653-version-negotiation] +ssl_conf = 653-version-negotiation-ssl + +[653-version-negotiation-ssl] +server = 653-version-negotiation-server +client = 653-version-negotiation-client + +[653-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[653-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-653] +ExpectedResult = ServerFail + + +# =========================================================== + +[654-version-negotiation] +ssl_conf = 654-version-negotiation-ssl + +[654-version-negotiation-ssl] +server = 654-version-negotiation-server +client = 654-version-negotiation-client + +[654-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[654-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-654] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[655-version-negotiation] +ssl_conf = 655-version-negotiation-ssl + +[655-version-negotiation-ssl] +server = 655-version-negotiation-server +client = 655-version-negotiation-client + +[655-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[655-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-655] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[656-version-negotiation] +ssl_conf = 656-version-negotiation-ssl + +[656-version-negotiation-ssl] +server = 656-version-negotiation-server +client = 656-version-negotiation-client + +[656-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[656-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-656] +ExpectedResult = ServerFail + + +# =========================================================== + +[657-version-negotiation] +ssl_conf = 657-version-negotiation-ssl + +[657-version-negotiation-ssl] +server = 657-version-negotiation-server +client = 657-version-negotiation-client + +[657-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[657-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-657] +ExpectedResult = ServerFail + + +# =========================================================== + +[658-version-negotiation] +ssl_conf = 658-version-negotiation-ssl + +[658-version-negotiation-ssl] +server = 658-version-negotiation-server +client = 658-version-negotiation-client + +[658-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[658-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-658] +ExpectedResult = ServerFail + + +# =========================================================== + +[659-version-negotiation] +ssl_conf = 659-version-negotiation-ssl + +[659-version-negotiation-ssl] +server = 659-version-negotiation-server +client = 659-version-negotiation-client + +[659-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[659-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-659] +ExpectedResult = ServerFail + + +# =========================================================== + +[660-version-negotiation] +ssl_conf = 660-version-negotiation-ssl + +[660-version-negotiation-ssl] +server = 660-version-negotiation-server +client = 660-version-negotiation-client + +[660-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[660-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-660] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[661-version-negotiation] +ssl_conf = 661-version-negotiation-ssl + +[661-version-negotiation-ssl] +server = 661-version-negotiation-server +client = 661-version-negotiation-client + +[661-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[661-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-661] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[662-version-negotiation] +ssl_conf = 662-version-negotiation-ssl + +[662-version-negotiation-ssl] +server = 662-version-negotiation-server +client = 662-version-negotiation-client + +[662-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[662-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-662] +ExpectedResult = ServerFail + + +# =========================================================== + +[663-version-negotiation] +ssl_conf = 663-version-negotiation-ssl + +[663-version-negotiation-ssl] +server = 663-version-negotiation-server +client = 663-version-negotiation-client + +[663-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[663-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-663] +ExpectedResult = ServerFail + + +# =========================================================== + +[664-version-negotiation] +ssl_conf = 664-version-negotiation-ssl + +[664-version-negotiation-ssl] +server = 664-version-negotiation-server +client = 664-version-negotiation-client + +[664-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[664-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-664] +ExpectedResult = ServerFail + + +# =========================================================== + +[665-version-negotiation] +ssl_conf = 665-version-negotiation-ssl + +[665-version-negotiation-ssl] +server = 665-version-negotiation-server +client = 665-version-negotiation-client + +[665-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[665-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-665] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[666-version-negotiation] +ssl_conf = 666-version-negotiation-ssl + +[666-version-negotiation-ssl] +server = 666-version-negotiation-server +client = 666-version-negotiation-client + +[666-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[666-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-666] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[667-version-negotiation] +ssl_conf = 667-version-negotiation-ssl + +[667-version-negotiation-ssl] +server = 667-version-negotiation-server +client = 667-version-negotiation-client + +[667-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[667-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-667] +ExpectedResult = ServerFail + + +# =========================================================== + +[668-version-negotiation] +ssl_conf = 668-version-negotiation-ssl + +[668-version-negotiation-ssl] +server = 668-version-negotiation-server +client = 668-version-negotiation-client + +[668-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[668-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-668] +ExpectedResult = ServerFail + + +# =========================================================== + +[669-version-negotiation] +ssl_conf = 669-version-negotiation-ssl + +[669-version-negotiation-ssl] +server = 669-version-negotiation-server +client = 669-version-negotiation-client + +[669-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[669-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-669] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[670-version-negotiation] +ssl_conf = 670-version-negotiation-ssl + +[670-version-negotiation-ssl] +server = 670-version-negotiation-server +client = 670-version-negotiation-client + +[670-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[670-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-670] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[671-version-negotiation] +ssl_conf = 671-version-negotiation-ssl + +[671-version-negotiation-ssl] +server = 671-version-negotiation-server +client = 671-version-negotiation-client + +[671-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[671-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-671] +ExpectedResult = ServerFail + + +# =========================================================== + +[672-version-negotiation] +ssl_conf = 672-version-negotiation-ssl + +[672-version-negotiation-ssl] +server = 672-version-negotiation-server +client = 672-version-negotiation-client + +[672-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[672-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-672] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[673-version-negotiation] +ssl_conf = 673-version-negotiation-ssl + +[673-version-negotiation-ssl] +server = 673-version-negotiation-server +client = 673-version-negotiation-client + +[673-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[673-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-673] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[674-version-negotiation] +ssl_conf = 674-version-negotiation-ssl + +[674-version-negotiation-ssl] +server = 674-version-negotiation-server +client = 674-version-negotiation-client + +[674-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[674-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-674] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[675-version-negotiation] +ssl_conf = 675-version-negotiation-ssl + +[675-version-negotiation-ssl] +server = 675-version-negotiation-server +client = 675-version-negotiation-client + +[675-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[675-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-675] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[676-ciphersuite-sanity-check-client] +ssl_conf = 676-ciphersuite-sanity-check-client-ssl + +[676-ciphersuite-sanity-check-client-ssl] +server = 676-ciphersuite-sanity-check-client-server +client = 676-ciphersuite-sanity-check-client-client + +[676-ciphersuite-sanity-check-client-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[676-ciphersuite-sanity-check-client-client] +CipherString = AES128-SHA +Ciphersuites = +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-676] +ExpectedResult = ClientFail + + +# =========================================================== + +[677-ciphersuite-sanity-check-server] +ssl_conf = 677-ciphersuite-sanity-check-server-ssl + +[677-ciphersuite-sanity-check-server-ssl] +server = 677-ciphersuite-sanity-check-server-server +client = 677-ciphersuite-sanity-check-server-client + +[677-ciphersuite-sanity-check-server-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = AES128-SHA +Ciphersuites = +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[677-ciphersuite-sanity-check-server-client] +CipherString = AES128-SHA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-677] +ExpectedResult = ServerFail + + diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/02-protocol-version.conf.in b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/02-protocol-version.conf.in new file mode 100644 index 000000000..26d64b5f8 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/02-protocol-version.conf.in @@ -0,0 +1,19 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test TLS version negotiation + +package ssltests; + +use strict; +use warnings; + +use protocol_version; + +our @tests = generate_version_tests("TLS"); diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/03-custom_verify.conf b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/03-custom_verify.conf new file mode 100644 index 000000000..8dca715e7 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/03-custom_verify.conf @@ -0,0 +1,238 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 9 + +test-0 = 0-verify-success +test-1 = 1-verify-custom-reject +test-2 = 2-verify-custom-allow +test-3 = 3-noverify-success +test-4 = 4-noverify-ignore-custom-reject +test-5 = 5-noverify-accept-custom-allow +test-6 = 6-verify-fail-no-root +test-7 = 7-verify-custom-success-no-root +test-8 = 8-verify-custom-fail-no-root +# =========================================================== + +[0-verify-success] +ssl_conf = 0-verify-success-ssl + +[0-verify-success-ssl] +server = 0-verify-success-server +client = 0-verify-success-client + +[0-verify-success-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-verify-success-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success + + +# =========================================================== + +[1-verify-custom-reject] +ssl_conf = 1-verify-custom-reject-ssl + +[1-verify-custom-reject-ssl] +server = 1-verify-custom-reject-server +client = 1-verify-custom-reject-client + +[1-verify-custom-reject-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-verify-custom-reject-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedClientAlert = HandshakeFailure +ExpectedResult = ClientFail +client = 1-verify-custom-reject-client-extra + +[1-verify-custom-reject-client-extra] +VerifyCallback = RejectAll + + +# =========================================================== + +[2-verify-custom-allow] +ssl_conf = 2-verify-custom-allow-ssl + +[2-verify-custom-allow-ssl] +server = 2-verify-custom-allow-server +client = 2-verify-custom-allow-client + +[2-verify-custom-allow-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-verify-custom-allow-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success +client = 2-verify-custom-allow-client-extra + +[2-verify-custom-allow-client-extra] +VerifyCallback = AcceptAll + + +# =========================================================== + +[3-noverify-success] +ssl_conf = 3-noverify-success-ssl + +[3-noverify-success-ssl] +server = 3-noverify-success-server +client = 3-noverify-success-client + +[3-noverify-success-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-noverify-success-client] +CipherString = DEFAULT + +[test-3] +ExpectedResult = Success + + +# =========================================================== + +[4-noverify-ignore-custom-reject] +ssl_conf = 4-noverify-ignore-custom-reject-ssl + +[4-noverify-ignore-custom-reject-ssl] +server = 4-noverify-ignore-custom-reject-server +client = 4-noverify-ignore-custom-reject-client + +[4-noverify-ignore-custom-reject-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-noverify-ignore-custom-reject-client] +CipherString = DEFAULT + +[test-4] +ExpectedResult = Success +client = 4-noverify-ignore-custom-reject-client-extra + +[4-noverify-ignore-custom-reject-client-extra] +VerifyCallback = RejectAll + + +# =========================================================== + +[5-noverify-accept-custom-allow] +ssl_conf = 5-noverify-accept-custom-allow-ssl + +[5-noverify-accept-custom-allow-ssl] +server = 5-noverify-accept-custom-allow-server +client = 5-noverify-accept-custom-allow-client + +[5-noverify-accept-custom-allow-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-noverify-accept-custom-allow-client] +CipherString = DEFAULT + +[test-5] +ExpectedResult = Success +client = 5-noverify-accept-custom-allow-client-extra + +[5-noverify-accept-custom-allow-client-extra] +VerifyCallback = AcceptAll + + +# =========================================================== + +[6-verify-fail-no-root] +ssl_conf = 6-verify-fail-no-root-ssl + +[6-verify-fail-no-root-ssl] +server = 6-verify-fail-no-root-server +client = 6-verify-fail-no-root-client + +[6-verify-fail-no-root-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-verify-fail-no-root-client] +CipherString = DEFAULT +VerifyMode = Peer + +[test-6] +ExpectedClientAlert = UnknownCA +ExpectedResult = ClientFail + + +# =========================================================== + +[7-verify-custom-success-no-root] +ssl_conf = 7-verify-custom-success-no-root-ssl + +[7-verify-custom-success-no-root-ssl] +server = 7-verify-custom-success-no-root-server +client = 7-verify-custom-success-no-root-client + +[7-verify-custom-success-no-root-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-verify-custom-success-no-root-client] +CipherString = DEFAULT +VerifyMode = Peer + +[test-7] +ExpectedResult = Success +client = 7-verify-custom-success-no-root-client-extra + +[7-verify-custom-success-no-root-client-extra] +VerifyCallback = AcceptAll + + +# =========================================================== + +[8-verify-custom-fail-no-root] +ssl_conf = 8-verify-custom-fail-no-root-ssl + +[8-verify-custom-fail-no-root-ssl] +server = 8-verify-custom-fail-no-root-server +client = 8-verify-custom-fail-no-root-client + +[8-verify-custom-fail-no-root-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-verify-custom-fail-no-root-client] +CipherString = DEFAULT +VerifyMode = Peer + +[test-8] +ExpectedClientAlert = HandshakeFailure +ExpectedResult = ClientFail +client = 8-verify-custom-fail-no-root-client-extra + +[8-verify-custom-fail-no-root-client-extra] +VerifyCallback = RejectAll + + diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/03-custom_verify.conf.in b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/03-custom_verify.conf.in new file mode 100644 index 000000000..287ca9bc8 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/03-custom_verify.conf.in @@ -0,0 +1,145 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## SSL test configurations + +package ssltests; + +our @tests = ( + + # Sanity-check that verification indeed succeeds without the + # restrictive callback. + { + name => "verify-success", + server => { }, + client => { }, + test => { "ExpectedResult" => "Success" }, + }, + + # Same test as above but with a custom callback that always fails. + { + name => "verify-custom-reject", + server => { }, + client => { + extra => { + "VerifyCallback" => "RejectAll", + }, + }, + test => { + "ExpectedResult" => "ClientFail", + "ExpectedClientAlert" => "HandshakeFailure", + }, + }, + + # Same test as above but with a custom callback that always succeeds. + { + name => "verify-custom-allow", + server => { }, + client => { + extra => { + "VerifyCallback" => "AcceptAll", + }, + }, + test => { + "ExpectedResult" => "Success", + }, + }, + + # Sanity-check that verification indeed succeeds if peer verification + # is not requested. + { + name => "noverify-success", + server => { }, + client => { + "VerifyMode" => undef, + "VerifyCAFile" => undef, + }, + test => { "ExpectedResult" => "Success" }, + }, + + # Same test as above but with a custom callback that always fails. + # The callback return has no impact on handshake success in this mode. + { + name => "noverify-ignore-custom-reject", + server => { }, + client => { + "VerifyMode" => undef, + "VerifyCAFile" => undef, + extra => { + "VerifyCallback" => "RejectAll", + }, + }, + test => { + "ExpectedResult" => "Success", + }, + }, + + # Same test as above but with a custom callback that always succeeds. + # The callback return has no impact on handshake success in this mode. + { + name => "noverify-accept-custom-allow", + server => { }, + client => { + "VerifyMode" => undef, + "VerifyCAFile" => undef, + extra => { + "VerifyCallback" => "AcceptAll", + }, + }, + test => { + "ExpectedResult" => "Success", + }, + }, + + # Sanity-check that verification indeed fails without the + # permissive callback. + { + name => "verify-fail-no-root", + server => { }, + client => { + # Don't set up the client root file. + "VerifyCAFile" => undef, + }, + test => { + "ExpectedResult" => "ClientFail", + "ExpectedClientAlert" => "UnknownCA", + }, + }, + + # Same test as above but with a custom callback that always succeeds. + { + name => "verify-custom-success-no-root", + server => { }, + client => { + "VerifyCAFile" => undef, + extra => { + "VerifyCallback" => "AcceptAll", + }, + }, + test => { + "ExpectedResult" => "Success" + }, + }, + + # Same test as above but with a custom callback that always fails. + { + name => "verify-custom-fail-no-root", + server => { }, + client => { + "VerifyCAFile" => undef, + extra => { + "VerifyCallback" => "RejectAll", + }, + }, + test => { + "ExpectedResult" => "ClientFail", + "ExpectedClientAlert" => "HandshakeFailure", + }, + }, +); diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/04-client_auth.conf b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/04-client_auth.conf new file mode 100644 index 000000000..8debb66fd --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/04-client_auth.conf @@ -0,0 +1,1132 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 36 + +test-0 = 0-server-auth-flex +test-1 = 1-client-auth-flex-request +test-2 = 2-client-auth-flex-require-fail +test-3 = 3-client-auth-flex-require +test-4 = 4-client-auth-flex-require-non-empty-names +test-5 = 5-client-auth-flex-noroot +test-6 = 6-server-auth-TLSv1 +test-7 = 7-client-auth-TLSv1-request +test-8 = 8-client-auth-TLSv1-require-fail +test-9 = 9-client-auth-TLSv1-require +test-10 = 10-client-auth-TLSv1-require-non-empty-names +test-11 = 11-client-auth-TLSv1-noroot +test-12 = 12-server-auth-TLSv1.1 +test-13 = 13-client-auth-TLSv1.1-request +test-14 = 14-client-auth-TLSv1.1-require-fail +test-15 = 15-client-auth-TLSv1.1-require +test-16 = 16-client-auth-TLSv1.1-require-non-empty-names +test-17 = 17-client-auth-TLSv1.1-noroot +test-18 = 18-server-auth-TLSv1.2 +test-19 = 19-client-auth-TLSv1.2-request +test-20 = 20-client-auth-TLSv1.2-require-fail +test-21 = 21-client-auth-TLSv1.2-require +test-22 = 22-client-auth-TLSv1.2-require-non-empty-names +test-23 = 23-client-auth-TLSv1.2-noroot +test-24 = 24-server-auth-DTLSv1 +test-25 = 25-client-auth-DTLSv1-request +test-26 = 26-client-auth-DTLSv1-require-fail +test-27 = 27-client-auth-DTLSv1-require +test-28 = 28-client-auth-DTLSv1-require-non-empty-names +test-29 = 29-client-auth-DTLSv1-noroot +test-30 = 30-server-auth-DTLSv1.2 +test-31 = 31-client-auth-DTLSv1.2-request +test-32 = 32-client-auth-DTLSv1.2-require-fail +test-33 = 33-client-auth-DTLSv1.2-require +test-34 = 34-client-auth-DTLSv1.2-require-non-empty-names +test-35 = 35-client-auth-DTLSv1.2-noroot +# =========================================================== + +[0-server-auth-flex] +ssl_conf = 0-server-auth-flex-ssl + +[0-server-auth-flex-ssl] +server = 0-server-auth-flex-server +client = 0-server-auth-flex-client + +[0-server-auth-flex-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-server-auth-flex-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success + + +# =========================================================== + +[1-client-auth-flex-request] +ssl_conf = 1-client-auth-flex-request-ssl + +[1-client-auth-flex-request-ssl] +server = 1-client-auth-flex-request-server +client = 1-client-auth-flex-request-client + +[1-client-auth-flex-request-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Request + +[1-client-auth-flex-request-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success + + +# =========================================================== + +[2-client-auth-flex-require-fail] +ssl_conf = 2-client-auth-flex-require-fail-ssl + +[2-client-auth-flex-require-fail-ssl] +server = 2-client-auth-flex-require-fail-server +client = 2-client-auth-flex-require-fail-client + +[2-client-auth-flex-require-fail-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[2-client-auth-flex-require-fail-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = ServerFail +ExpectedServerAlert = CertificateRequired + + +# =========================================================== + +[3-client-auth-flex-require] +ssl_conf = 3-client-auth-flex-require-ssl + +[3-client-auth-flex-require-ssl] +server = 3-client-auth-flex-require-server +client = 3-client-auth-flex-require-client + +[3-client-auth-flex-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[3-client-auth-flex-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedClientCANames = empty +ExpectedClientCertType = RSA +ExpectedResult = Success + + +# =========================================================== + +[4-client-auth-flex-require-non-empty-names] +ssl_conf = 4-client-auth-flex-require-non-empty-names-ssl + +[4-client-auth-flex-require-non-empty-names-ssl] +server = 4-client-auth-flex-require-non-empty-names-server +client = 4-client-auth-flex-require-non-empty-names-client + +[4-client-auth-flex-require-non-empty-names-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[4-client-auth-flex-require-non-empty-names-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedClientCertType = RSA +ExpectedResult = Success + + +# =========================================================== + +[5-client-auth-flex-noroot] +ssl_conf = 5-client-auth-flex-noroot-ssl + +[5-client-auth-flex-noroot-ssl] +server = 5-client-auth-flex-noroot-server +client = 5-client-auth-flex-noroot-client + +[5-client-auth-flex-noroot-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Require + +[5-client-auth-flex-noroot-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA + + +# =========================================================== + +[6-server-auth-TLSv1] +ssl_conf = 6-server-auth-TLSv1-ssl + +[6-server-auth-TLSv1-ssl] +server = 6-server-auth-TLSv1-server +client = 6-server-auth-TLSv1-client + +[6-server-auth-TLSv1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-server-auth-TLSv1-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = Success + + +# =========================================================== + +[7-client-auth-TLSv1-request] +ssl_conf = 7-client-auth-TLSv1-request-ssl + +[7-client-auth-TLSv1-request-ssl] +server = 7-client-auth-TLSv1-request-server +client = 7-client-auth-TLSv1-request-client + +[7-client-auth-TLSv1-request-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Request + +[7-client-auth-TLSv1-request-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = Success + + +# =========================================================== + +[8-client-auth-TLSv1-require-fail] +ssl_conf = 8-client-auth-TLSv1-require-fail-ssl + +[8-client-auth-TLSv1-require-fail-ssl] +server = 8-client-auth-TLSv1-require-fail-server +client = 8-client-auth-TLSv1-require-fail-client + +[8-client-auth-TLSv1-require-fail-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[8-client-auth-TLSv1-require-fail-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedResult = ServerFail +ExpectedServerAlert = HandshakeFailure + + +# =========================================================== + +[9-client-auth-TLSv1-require] +ssl_conf = 9-client-auth-TLSv1-require-ssl + +[9-client-auth-TLSv1-require-ssl] +server = 9-client-auth-TLSv1-require-server +client = 9-client-auth-TLSv1-require-client + +[9-client-auth-TLSv1-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[9-client-auth-TLSv1-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedClientCANames = empty +ExpectedClientCertType = RSA +ExpectedResult = Success + + +# =========================================================== + +[10-client-auth-TLSv1-require-non-empty-names] +ssl_conf = 10-client-auth-TLSv1-require-non-empty-names-ssl + +[10-client-auth-TLSv1-require-non-empty-names-ssl] +server = 10-client-auth-TLSv1-require-non-empty-names-server +client = 10-client-auth-TLSv1-require-non-empty-names-client + +[10-client-auth-TLSv1-require-non-empty-names-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[10-client-auth-TLSv1-require-non-empty-names-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedClientCertType = RSA +ExpectedResult = Success + + +# =========================================================== + +[11-client-auth-TLSv1-noroot] +ssl_conf = 11-client-auth-TLSv1-noroot-ssl + +[11-client-auth-TLSv1-noroot-ssl] +server = 11-client-auth-TLSv1-noroot-server +client = 11-client-auth-TLSv1-noroot-client + +[11-client-auth-TLSv1-noroot-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Require + +[11-client-auth-TLSv1-noroot-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA + + +# =========================================================== + +[12-server-auth-TLSv1.1] +ssl_conf = 12-server-auth-TLSv1.1-ssl + +[12-server-auth-TLSv1.1-ssl] +server = 12-server-auth-TLSv1.1-server +client = 12-server-auth-TLSv1.1-client + +[12-server-auth-TLSv1.1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-server-auth-TLSv1.1-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedResult = Success + + +# =========================================================== + +[13-client-auth-TLSv1.1-request] +ssl_conf = 13-client-auth-TLSv1.1-request-ssl + +[13-client-auth-TLSv1.1-request-ssl] +server = 13-client-auth-TLSv1.1-request-server +client = 13-client-auth-TLSv1.1-request-client + +[13-client-auth-TLSv1.1-request-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Request + +[13-client-auth-TLSv1.1-request-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedResult = Success + + +# =========================================================== + +[14-client-auth-TLSv1.1-require-fail] +ssl_conf = 14-client-auth-TLSv1.1-require-fail-ssl + +[14-client-auth-TLSv1.1-require-fail-ssl] +server = 14-client-auth-TLSv1.1-require-fail-server +client = 14-client-auth-TLSv1.1-require-fail-client + +[14-client-auth-TLSv1.1-require-fail-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[14-client-auth-TLSv1.1-require-fail-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedResult = ServerFail +ExpectedServerAlert = HandshakeFailure + + +# =========================================================== + +[15-client-auth-TLSv1.1-require] +ssl_conf = 15-client-auth-TLSv1.1-require-ssl + +[15-client-auth-TLSv1.1-require-ssl] +server = 15-client-auth-TLSv1.1-require-server +client = 15-client-auth-TLSv1.1-require-client + +[15-client-auth-TLSv1.1-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[15-client-auth-TLSv1.1-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedClientCANames = empty +ExpectedClientCertType = RSA +ExpectedResult = Success + + +# =========================================================== + +[16-client-auth-TLSv1.1-require-non-empty-names] +ssl_conf = 16-client-auth-TLSv1.1-require-non-empty-names-ssl + +[16-client-auth-TLSv1.1-require-non-empty-names-ssl] +server = 16-client-auth-TLSv1.1-require-non-empty-names-server +client = 16-client-auth-TLSv1.1-require-non-empty-names-client + +[16-client-auth-TLSv1.1-require-non-empty-names-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[16-client-auth-TLSv1.1-require-non-empty-names-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedClientCertType = RSA +ExpectedResult = Success + + +# =========================================================== + +[17-client-auth-TLSv1.1-noroot] +ssl_conf = 17-client-auth-TLSv1.1-noroot-ssl + +[17-client-auth-TLSv1.1-noroot-ssl] +server = 17-client-auth-TLSv1.1-noroot-server +client = 17-client-auth-TLSv1.1-noroot-client + +[17-client-auth-TLSv1.1-noroot-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Require + +[17-client-auth-TLSv1.1-noroot-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-17] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA + + +# =========================================================== + +[18-server-auth-TLSv1.2] +ssl_conf = 18-server-auth-TLSv1.2-ssl + +[18-server-auth-TLSv1.2-ssl] +server = 18-server-auth-TLSv1.2-server +client = 18-server-auth-TLSv1.2-client + +[18-server-auth-TLSv1.2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-server-auth-TLSv1.2-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-18] +ExpectedResult = Success + + +# =========================================================== + +[19-client-auth-TLSv1.2-request] +ssl_conf = 19-client-auth-TLSv1.2-request-ssl + +[19-client-auth-TLSv1.2-request-ssl] +server = 19-client-auth-TLSv1.2-request-server +client = 19-client-auth-TLSv1.2-request-client + +[19-client-auth-TLSv1.2-request-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Request + +[19-client-auth-TLSv1.2-request-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-19] +ExpectedResult = Success + + +# =========================================================== + +[20-client-auth-TLSv1.2-require-fail] +ssl_conf = 20-client-auth-TLSv1.2-require-fail-ssl + +[20-client-auth-TLSv1.2-require-fail-ssl] +server = 20-client-auth-TLSv1.2-require-fail-server +client = 20-client-auth-TLSv1.2-require-fail-client + +[20-client-auth-TLSv1.2-require-fail-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[20-client-auth-TLSv1.2-require-fail-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-20] +ExpectedResult = ServerFail +ExpectedServerAlert = HandshakeFailure + + +# =========================================================== + +[21-client-auth-TLSv1.2-require] +ssl_conf = 21-client-auth-TLSv1.2-require-ssl + +[21-client-auth-TLSv1.2-require-ssl] +server = 21-client-auth-TLSv1.2-require-server +client = 21-client-auth-TLSv1.2-require-client + +[21-client-auth-TLSv1.2-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientSignatureAlgorithms = SHA256+RSA +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[21-client-auth-TLSv1.2-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-21] +ExpectedClientCANames = empty +ExpectedClientCertType = RSA +ExpectedClientSignHash = SHA256 +ExpectedClientSignType = RSA +ExpectedResult = Success + + +# =========================================================== + +[22-client-auth-TLSv1.2-require-non-empty-names] +ssl_conf = 22-client-auth-TLSv1.2-require-non-empty-names-ssl + +[22-client-auth-TLSv1.2-require-non-empty-names-ssl] +server = 22-client-auth-TLSv1.2-require-non-empty-names-server +client = 22-client-auth-TLSv1.2-require-non-empty-names-client + +[22-client-auth-TLSv1.2-require-non-empty-names-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ClientSignatureAlgorithms = SHA256+RSA +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[22-client-auth-TLSv1.2-require-non-empty-names-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-22] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedClientCertType = RSA +ExpectedClientSignHash = SHA256 +ExpectedClientSignType = RSA +ExpectedResult = Success + + +# =========================================================== + +[23-client-auth-TLSv1.2-noroot] +ssl_conf = 23-client-auth-TLSv1.2-noroot-ssl + +[23-client-auth-TLSv1.2-noroot-ssl] +server = 23-client-auth-TLSv1.2-noroot-server +client = 23-client-auth-TLSv1.2-noroot-client + +[23-client-auth-TLSv1.2-noroot-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Require + +[23-client-auth-TLSv1.2-noroot-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-23] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA + + +# =========================================================== + +[24-server-auth-DTLSv1] +ssl_conf = 24-server-auth-DTLSv1-ssl + +[24-server-auth-DTLSv1-ssl] +server = 24-server-auth-DTLSv1-server +client = 24-server-auth-DTLSv1-client + +[24-server-auth-DTLSv1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[24-server-auth-DTLSv1-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-24] +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[25-client-auth-DTLSv1-request] +ssl_conf = 25-client-auth-DTLSv1-request-ssl + +[25-client-auth-DTLSv1-request-ssl] +server = 25-client-auth-DTLSv1-request-server +client = 25-client-auth-DTLSv1-request-client + +[25-client-auth-DTLSv1-request-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Request + +[25-client-auth-DTLSv1-request-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-25] +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[26-client-auth-DTLSv1-require-fail] +ssl_conf = 26-client-auth-DTLSv1-require-fail-ssl + +[26-client-auth-DTLSv1-require-fail-ssl] +server = 26-client-auth-DTLSv1-require-fail-server +client = 26-client-auth-DTLSv1-require-fail-client + +[26-client-auth-DTLSv1-require-fail-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[26-client-auth-DTLSv1-require-fail-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-26] +ExpectedResult = ServerFail +ExpectedServerAlert = HandshakeFailure +Method = DTLS + + +# =========================================================== + +[27-client-auth-DTLSv1-require] +ssl_conf = 27-client-auth-DTLSv1-require-ssl + +[27-client-auth-DTLSv1-require-ssl] +server = 27-client-auth-DTLSv1-require-server +client = 27-client-auth-DTLSv1-require-client + +[27-client-auth-DTLSv1-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[27-client-auth-DTLSv1-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-27] +ExpectedClientCANames = empty +ExpectedClientCertType = RSA +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[28-client-auth-DTLSv1-require-non-empty-names] +ssl_conf = 28-client-auth-DTLSv1-require-non-empty-names-ssl + +[28-client-auth-DTLSv1-require-non-empty-names-ssl] +server = 28-client-auth-DTLSv1-require-non-empty-names-server +client = 28-client-auth-DTLSv1-require-non-empty-names-client + +[28-client-auth-DTLSv1-require-non-empty-names-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[28-client-auth-DTLSv1-require-non-empty-names-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-28] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedClientCertType = RSA +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[29-client-auth-DTLSv1-noroot] +ssl_conf = 29-client-auth-DTLSv1-noroot-ssl + +[29-client-auth-DTLSv1-noroot-ssl] +server = 29-client-auth-DTLSv1-noroot-server +client = 29-client-auth-DTLSv1-noroot-client + +[29-client-auth-DTLSv1-noroot-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Require + +[29-client-auth-DTLSv1-noroot-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-29] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA +Method = DTLS + + +# =========================================================== + +[30-server-auth-DTLSv1.2] +ssl_conf = 30-server-auth-DTLSv1.2-ssl + +[30-server-auth-DTLSv1.2-ssl] +server = 30-server-auth-DTLSv1.2-server +client = 30-server-auth-DTLSv1.2-client + +[30-server-auth-DTLSv1.2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[30-server-auth-DTLSv1.2-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-30] +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[31-client-auth-DTLSv1.2-request] +ssl_conf = 31-client-auth-DTLSv1.2-request-ssl + +[31-client-auth-DTLSv1.2-request-ssl] +server = 31-client-auth-DTLSv1.2-request-server +client = 31-client-auth-DTLSv1.2-request-client + +[31-client-auth-DTLSv1.2-request-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Request + +[31-client-auth-DTLSv1.2-request-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-31] +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[32-client-auth-DTLSv1.2-require-fail] +ssl_conf = 32-client-auth-DTLSv1.2-require-fail-ssl + +[32-client-auth-DTLSv1.2-require-fail-ssl] +server = 32-client-auth-DTLSv1.2-require-fail-server +client = 32-client-auth-DTLSv1.2-require-fail-client + +[32-client-auth-DTLSv1.2-require-fail-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[32-client-auth-DTLSv1.2-require-fail-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-32] +ExpectedResult = ServerFail +ExpectedServerAlert = HandshakeFailure +Method = DTLS + + +# =========================================================== + +[33-client-auth-DTLSv1.2-require] +ssl_conf = 33-client-auth-DTLSv1.2-require-ssl + +[33-client-auth-DTLSv1.2-require-ssl] +server = 33-client-auth-DTLSv1.2-require-server +client = 33-client-auth-DTLSv1.2-require-client + +[33-client-auth-DTLSv1.2-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[33-client-auth-DTLSv1.2-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-33] +ExpectedClientCANames = empty +ExpectedClientCertType = RSA +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[34-client-auth-DTLSv1.2-require-non-empty-names] +ssl_conf = 34-client-auth-DTLSv1.2-require-non-empty-names-ssl + +[34-client-auth-DTLSv1.2-require-non-empty-names-ssl] +server = 34-client-auth-DTLSv1.2-require-non-empty-names-server +client = 34-client-auth-DTLSv1.2-require-non-empty-names-client + +[34-client-auth-DTLSv1.2-require-non-empty-names-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[34-client-auth-DTLSv1.2-require-non-empty-names-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-34] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedClientCertType = RSA +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[35-client-auth-DTLSv1.2-noroot] +ssl_conf = 35-client-auth-DTLSv1.2-noroot-ssl + +[35-client-auth-DTLSv1.2-noroot-ssl] +server = 35-client-auth-DTLSv1.2-noroot-server +client = 35-client-auth-DTLSv1.2-noroot-client + +[35-client-auth-DTLSv1.2-noroot-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Require + +[35-client-auth-DTLSv1.2-noroot-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-35] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA +Method = DTLS + + diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/04-client_auth.conf.in b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/04-client_auth.conf.in new file mode 100644 index 000000000..b9c014d2c --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/04-client_auth.conf.in @@ -0,0 +1,196 @@ +# -*- mode: perl; -*- + +## SSL test configurations + +package ssltests; + +use strict; +use warnings; + +use OpenSSL::Test; +use OpenSSL::Test::Utils qw(anydisabled disabled); +setup("no_test_here"); + +# We test version-flexible negotiation (undef) and each protocol version. +my @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "DTLSv1", "DTLSv1.2"); + +my @is_disabled = (0); +push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2", "dtls1", "dtls1_2"); + +our @tests = (); + +sub generate_tests() { + foreach (0..$#protocols) { + my $protocol = $protocols[$_]; + my $protocol_name = $protocol || "flex"; + my $caalert; + my $method; + my $sctpenabled = 0; + if (!$is_disabled[$_]) { + if ($protocol_name eq "SSLv3") { + $caalert = "BadCertificate"; + } else { + $caalert = "UnknownCA"; + } + if ($protocol_name =~ m/^DTLS/) { + $method = "DTLS"; + $sctpenabled = 1 if !disabled("sctp"); + } + my $clihash; + my $clisigtype; + my $clisigalgs; + # TODO(TLS1.3) add TLSv1.3 versions + if ($protocol_name eq "TLSv1.2") { + $clihash = "SHA256"; + $clisigtype = "RSA"; + $clisigalgs = "SHA256+RSA"; + } + for (my $sctp = 0; $sctp <= $sctpenabled; $sctp++) { + # Sanity-check simple handshake. + push @tests, { + name => "server-auth-${protocol_name}" + .($sctp ? "-sctp" : ""), + server => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol + }, + client => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol + }, + test => { + "ExpectedResult" => "Success", + "Method" => $method, + }, + }; + $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; + + # Handshake with client cert requested but not required or received. + push @tests, { + name => "client-auth-${protocol_name}-request" + .($sctp ? "-sctp" : ""), + server => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "VerifyMode" => "Request" + }, + client => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol + }, + test => { + "ExpectedResult" => "Success", + "Method" => $method, + }, + }; + $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; + + # Handshake with client cert required but not present. + push @tests, { + name => "client-auth-${protocol_name}-require-fail" + .($sctp ? "-sctp" : ""), + server => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require", + }, + client => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol + }, + test => { + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => + ($protocol_name eq "flex" && !disabled("tls1_3")) + ? "CertificateRequired" : "HandshakeFailure", + "Method" => $method, + }, + }; + $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; + + # Successful handshake with client authentication. + push @tests, { + name => "client-auth-${protocol_name}-require" + .($sctp ? "-sctp" : ""), + server => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "ClientSignatureAlgorithms" => $clisigalgs, + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Request", + }, + client => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "ExpectedResult" => "Success", + "ExpectedClientCertType" => "RSA", + "ExpectedClientSignType" => $clisigtype, + "ExpectedClientSignHash" => $clihash, + "ExpectedClientCANames" => "empty", + "Method" => $method, + }, + }; + $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; + + # Successful handshake with client authentication non-empty names + push @tests, { + name => "client-auth-${protocol_name}-require-non-empty-names" + .($sctp ? "-sctp" : ""), + server => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "ClientSignatureAlgorithms" => $clisigalgs, + "ClientCAFile" => test_pem("root-cert.pem"), + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Request", + }, + client => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "ExpectedResult" => "Success", + "ExpectedClientCertType" => "RSA", + "ExpectedClientSignType" => $clisigtype, + "ExpectedClientSignHash" => $clihash, + "ExpectedClientCANames" => test_pem("root-cert.pem"), + "Method" => $method, + }, + }; + $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; + + # Handshake with client authentication but without the root certificate. + push @tests, { + name => "client-auth-${protocol_name}-noroot" + .($sctp ? "-sctp" : ""), + server => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "VerifyMode" => "Require", + }, + client => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => $caalert, + "Method" => $method, + }, + }; + $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; + } + } + } +} + +generate_tests(); diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/05-sni.conf b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/05-sni.conf new file mode 100644 index 000000000..a6c7f4391 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/05-sni.conf @@ -0,0 +1,308 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 9 + +test-0 = 0-SNI-switch-context +test-1 = 1-SNI-keep-context +test-2 = 2-SNI-no-server-support +test-3 = 3-SNI-no-client-support +test-4 = 4-SNI-bad-sni-ignore-mismatch +test-5 = 5-SNI-bad-sni-reject-mismatch +test-6 = 6-SNI-bad-clienthello-sni-ignore-mismatch +test-7 = 7-SNI-bad-clienthello-sni-reject-mismatch +test-8 = 8-SNI-clienthello-disable-v12 +# =========================================================== + +[0-SNI-switch-context] +ssl_conf = 0-SNI-switch-context-ssl + +[0-SNI-switch-context-ssl] +server = 0-SNI-switch-context-server +client = 0-SNI-switch-context-client +server2 = 0-SNI-switch-context-server + +[0-SNI-switch-context-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-SNI-switch-context-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +ExpectedServerName = server2 +server = 0-SNI-switch-context-server-extra +server2 = 0-SNI-switch-context-server-extra +client = 0-SNI-switch-context-client-extra + +[0-SNI-switch-context-server-extra] +ServerNameCallback = IgnoreMismatch + +[0-SNI-switch-context-client-extra] +ServerName = server2 + + +# =========================================================== + +[1-SNI-keep-context] +ssl_conf = 1-SNI-keep-context-ssl + +[1-SNI-keep-context-ssl] +server = 1-SNI-keep-context-server +client = 1-SNI-keep-context-client +server2 = 1-SNI-keep-context-server + +[1-SNI-keep-context-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-SNI-keep-context-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success +ExpectedServerName = server1 +server = 1-SNI-keep-context-server-extra +server2 = 1-SNI-keep-context-server-extra +client = 1-SNI-keep-context-client-extra + +[1-SNI-keep-context-server-extra] +ServerNameCallback = IgnoreMismatch + +[1-SNI-keep-context-client-extra] +ServerName = server1 + + +# =========================================================== + +[2-SNI-no-server-support] +ssl_conf = 2-SNI-no-server-support-ssl + +[2-SNI-no-server-support-ssl] +server = 2-SNI-no-server-support-server +client = 2-SNI-no-server-support-client + +[2-SNI-no-server-support-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-SNI-no-server-support-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success +client = 2-SNI-no-server-support-client-extra + +[2-SNI-no-server-support-client-extra] +ServerName = server1 + + +# =========================================================== + +[3-SNI-no-client-support] +ssl_conf = 3-SNI-no-client-support-ssl + +[3-SNI-no-client-support-ssl] +server = 3-SNI-no-client-support-server +client = 3-SNI-no-client-support-client +server2 = 3-SNI-no-client-support-server + +[3-SNI-no-client-support-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-SNI-no-client-support-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +ExpectedServerName = server1 +server = 3-SNI-no-client-support-server-extra +server2 = 3-SNI-no-client-support-server-extra + +[3-SNI-no-client-support-server-extra] +ServerNameCallback = IgnoreMismatch + + +# =========================================================== + +[4-SNI-bad-sni-ignore-mismatch] +ssl_conf = 4-SNI-bad-sni-ignore-mismatch-ssl + +[4-SNI-bad-sni-ignore-mismatch-ssl] +server = 4-SNI-bad-sni-ignore-mismatch-server +client = 4-SNI-bad-sni-ignore-mismatch-client +server2 = 4-SNI-bad-sni-ignore-mismatch-server + +[4-SNI-bad-sni-ignore-mismatch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-SNI-bad-sni-ignore-mismatch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success +ExpectedServerName = server1 +server = 4-SNI-bad-sni-ignore-mismatch-server-extra +server2 = 4-SNI-bad-sni-ignore-mismatch-server-extra +client = 4-SNI-bad-sni-ignore-mismatch-client-extra + +[4-SNI-bad-sni-ignore-mismatch-server-extra] +ServerNameCallback = IgnoreMismatch + +[4-SNI-bad-sni-ignore-mismatch-client-extra] +ServerName = invalid + + +# =========================================================== + +[5-SNI-bad-sni-reject-mismatch] +ssl_conf = 5-SNI-bad-sni-reject-mismatch-ssl + +[5-SNI-bad-sni-reject-mismatch-ssl] +server = 5-SNI-bad-sni-reject-mismatch-server +client = 5-SNI-bad-sni-reject-mismatch-client +server2 = 5-SNI-bad-sni-reject-mismatch-server + +[5-SNI-bad-sni-reject-mismatch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-SNI-bad-sni-reject-mismatch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = ServerFail +ExpectedServerAlert = UnrecognizedName +server = 5-SNI-bad-sni-reject-mismatch-server-extra +server2 = 5-SNI-bad-sni-reject-mismatch-server-extra +client = 5-SNI-bad-sni-reject-mismatch-client-extra + +[5-SNI-bad-sni-reject-mismatch-server-extra] +ServerNameCallback = RejectMismatch + +[5-SNI-bad-sni-reject-mismatch-client-extra] +ServerName = invalid + + +# =========================================================== + +[6-SNI-bad-clienthello-sni-ignore-mismatch] +ssl_conf = 6-SNI-bad-clienthello-sni-ignore-mismatch-ssl + +[6-SNI-bad-clienthello-sni-ignore-mismatch-ssl] +server = 6-SNI-bad-clienthello-sni-ignore-mismatch-server +client = 6-SNI-bad-clienthello-sni-ignore-mismatch-client +server2 = 6-SNI-bad-clienthello-sni-ignore-mismatch-server + +[6-SNI-bad-clienthello-sni-ignore-mismatch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-SNI-bad-clienthello-sni-ignore-mismatch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = Success +ExpectedServerName = server1 +server = 6-SNI-bad-clienthello-sni-ignore-mismatch-server-extra +server2 = 6-SNI-bad-clienthello-sni-ignore-mismatch-server-extra +client = 6-SNI-bad-clienthello-sni-ignore-mismatch-client-extra + +[6-SNI-bad-clienthello-sni-ignore-mismatch-server-extra] +ServerNameCallback = ClientHelloIgnoreMismatch + +[6-SNI-bad-clienthello-sni-ignore-mismatch-client-extra] +ServerName = invalid + + +# =========================================================== + +[7-SNI-bad-clienthello-sni-reject-mismatch] +ssl_conf = 7-SNI-bad-clienthello-sni-reject-mismatch-ssl + +[7-SNI-bad-clienthello-sni-reject-mismatch-ssl] +server = 7-SNI-bad-clienthello-sni-reject-mismatch-server +client = 7-SNI-bad-clienthello-sni-reject-mismatch-client +server2 = 7-SNI-bad-clienthello-sni-reject-mismatch-server + +[7-SNI-bad-clienthello-sni-reject-mismatch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-SNI-bad-clienthello-sni-reject-mismatch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = ServerFail +ExpectedServerAlert = UnrecognizedName +server = 7-SNI-bad-clienthello-sni-reject-mismatch-server-extra +server2 = 7-SNI-bad-clienthello-sni-reject-mismatch-server-extra +client = 7-SNI-bad-clienthello-sni-reject-mismatch-client-extra + +[7-SNI-bad-clienthello-sni-reject-mismatch-server-extra] +ServerNameCallback = ClientHelloRejectMismatch + +[7-SNI-bad-clienthello-sni-reject-mismatch-client-extra] +ServerName = invalid + + +# =========================================================== + +[8-SNI-clienthello-disable-v12] +ssl_conf = 8-SNI-clienthello-disable-v12-ssl + +[8-SNI-clienthello-disable-v12-ssl] +server = 8-SNI-clienthello-disable-v12-server +client = 8-SNI-clienthello-disable-v12-client +server2 = 8-SNI-clienthello-disable-v12-server + +[8-SNI-clienthello-disable-v12-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-SNI-clienthello-disable-v12-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedProtocol = TLSv1.1 +ExpectedServerName = server2 +server = 8-SNI-clienthello-disable-v12-server-extra +server2 = 8-SNI-clienthello-disable-v12-server-extra +client = 8-SNI-clienthello-disable-v12-client-extra + +[8-SNI-clienthello-disable-v12-server-extra] +ServerNameCallback = ClientHelloNoV12 + +[8-SNI-clienthello-disable-v12-client-extra] +ServerName = server2 + + diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/05-sni.conf.in b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/05-sni.conf.in new file mode 100644 index 000000000..a993a3421 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/05-sni.conf.in @@ -0,0 +1,169 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## SSL test configurations + +use strict; +use warnings; + +package ssltests; +use OpenSSL::Test::Utils; + +our @tests = ( + { + name => "SNI-switch-context", + server => { + extra => { + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + client => { + extra => { + "ServerName" => "server2", + }, + }, + test => { + "ExpectedServerName" => "server2", + "ExpectedResult" => "Success" + }, + }, + { + name => "SNI-keep-context", + server => { + extra => { + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + client => { + extra => { + "ServerName" => "server1", + }, + }, + test => { + "ExpectedServerName" => "server1", + "ExpectedResult" => "Success" + }, + }, + { + name => "SNI-no-server-support", + server => { }, + client => { + extra => { + "ServerName" => "server1", + }, + }, + test => { "ExpectedResult" => "Success" }, + }, + { + name => "SNI-no-client-support", + server => { + extra => { + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + client => { }, + test => { + # We expect that the callback is still called + # to let the application decide whether they tolerate + # missing SNI (as our test callback does). + "ExpectedServerName" => "server1", + "ExpectedResult" => "Success" + }, + }, + { + name => "SNI-bad-sni-ignore-mismatch", + server => { + extra => { + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + client => { + extra => { + "ServerName" => "invalid", + }, + }, + test => { + "ExpectedServerName" => "server1", + "ExpectedResult" => "Success" + }, + }, + { + name => "SNI-bad-sni-reject-mismatch", + server => { + extra => { + "ServerNameCallback" => "RejectMismatch", + }, + }, + client => { + extra => { + "ServerName" => "invalid", + }, + }, + test => { + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => "UnrecognizedName" + }, + }, + { + name => "SNI-bad-clienthello-sni-ignore-mismatch", + server => { + extra => { + "ServerNameCallback" => "ClientHelloIgnoreMismatch", + }, + }, + client => { + extra => { + "ServerName" => "invalid", + }, + }, + test => { + "ExpectedServerName" => "server1", + "ExpectedResult" => "Success" + }, + }, + { + name => "SNI-bad-clienthello-sni-reject-mismatch", + server => { + extra => { + "ServerNameCallback" => "ClientHelloRejectMismatch", + }, + }, + client => { + extra => { + "ServerName" => "invalid", + }, + }, + test => { + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => "UnrecognizedName" + }, + }, +); + +our @tests_tls_1_1 = ( + { + name => "SNI-clienthello-disable-v12", + server => { + extra => { + "ServerNameCallback" => "ClientHelloNoV12", + }, + }, + client => { + extra => { + "ServerName" => "server2", + }, + }, + test => { + "ExpectedProtocol" => "TLSv1.1", + "ExpectedServerName" => "server2", + }, + }, +); + +push @tests, @tests_tls_1_1 unless disabled("tls1_1"); diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/06-sni-ticket.conf b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/06-sni-ticket.conf new file mode 100644 index 000000000..a3a9c78f0 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/06-sni-ticket.conf @@ -0,0 +1,767 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 17 + +test-0 = 0-sni-session-ticket +test-1 = 1-sni-session-ticket +test-2 = 2-sni-session-ticket +test-3 = 3-sni-session-ticket +test-4 = 4-sni-session-ticket +test-5 = 5-sni-session-ticket +test-6 = 6-sni-session-ticket +test-7 = 7-sni-session-ticket +test-8 = 8-sni-session-ticket +test-9 = 9-sni-session-ticket +test-10 = 10-sni-session-ticket +test-11 = 11-sni-session-ticket +test-12 = 12-sni-session-ticket +test-13 = 13-sni-session-ticket +test-14 = 14-sni-session-ticket +test-15 = 15-sni-session-ticket +test-16 = 16-sni-session-ticket +# =========================================================== + +[0-sni-session-ticket] +ssl_conf = 0-sni-session-ticket-ssl + +[0-sni-session-ticket-ssl] +server = 0-sni-session-ticket-server +client = 0-sni-session-ticket-client +server2 = 0-sni-session-ticket-server2 + +[0-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-sni-session-ticket-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +SessionTicketExpected = No +server = 0-sni-session-ticket-server-extra +client = 0-sni-session-ticket-client-extra + +[0-sni-session-ticket-server-extra] +BrokenSessionTicket = Yes + +[0-sni-session-ticket-client-extra] +ServerName = server1 + + +# =========================================================== + +[1-sni-session-ticket] +ssl_conf = 1-sni-session-ticket-ssl + +[1-sni-session-ticket-ssl] +server = 1-sni-session-ticket-server +client = 1-sni-session-ticket-client +server2 = 1-sni-session-ticket-server2 + +[1-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-sni-session-ticket-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success +ExpectedServerName = server1 +SessionIdExpected = Yes +SessionTicketExpected = Yes +server = 1-sni-session-ticket-server-extra +client = 1-sni-session-ticket-client-extra + +[1-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[1-sni-session-ticket-client-extra] +ServerName = server1 + + +# =========================================================== + +[2-sni-session-ticket] +ssl_conf = 2-sni-session-ticket-ssl + +[2-sni-session-ticket-ssl] +server = 2-sni-session-ticket-server +client = 2-sni-session-ticket-client +server2 = 2-sni-session-ticket-server2 + +[2-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-sni-session-ticket-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success +ExpectedServerName = server2 +SessionIdExpected = Yes +SessionTicketExpected = Yes +server = 2-sni-session-ticket-server-extra +client = 2-sni-session-ticket-client-extra + +[2-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[2-sni-session-ticket-client-extra] +ServerName = server2 + + +# =========================================================== + +[3-sni-session-ticket] +ssl_conf = 3-sni-session-ticket-ssl + +[3-sni-session-ticket-ssl] +server = 3-sni-session-ticket-server +client = 3-sni-session-ticket-client +server2 = 3-sni-session-ticket-server2 + +[3-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-sni-session-ticket-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +ExpectedServerName = server1 +SessionIdExpected = Yes +SessionTicketExpected = Yes +server = 3-sni-session-ticket-server-extra +client = 3-sni-session-ticket-client-extra + +[3-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[3-sni-session-ticket-client-extra] +ServerName = server1 + + +# =========================================================== + +[4-sni-session-ticket] +ssl_conf = 4-sni-session-ticket-ssl + +[4-sni-session-ticket-ssl] +server = 4-sni-session-ticket-server +client = 4-sni-session-ticket-client +server2 = 4-sni-session-ticket-server2 + +[4-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-sni-session-ticket-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success +ExpectedServerName = server2 +SessionIdExpected = Yes +SessionTicketExpected = No +server = 4-sni-session-ticket-server-extra +client = 4-sni-session-ticket-client-extra + +[4-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[4-sni-session-ticket-client-extra] +ServerName = server2 + + +# =========================================================== + +[5-sni-session-ticket] +ssl_conf = 5-sni-session-ticket-ssl + +[5-sni-session-ticket-ssl] +server = 5-sni-session-ticket-server +client = 5-sni-session-ticket-client +server2 = 5-sni-session-ticket-server2 + +[5-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-sni-session-ticket-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = Success +ExpectedServerName = server1 +SessionIdExpected = Yes +SessionTicketExpected = No +server = 5-sni-session-ticket-server-extra +client = 5-sni-session-ticket-client-extra + +[5-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[5-sni-session-ticket-client-extra] +ServerName = server1 + + +# =========================================================== + +[6-sni-session-ticket] +ssl_conf = 6-sni-session-ticket-ssl + +[6-sni-session-ticket-ssl] +server = 6-sni-session-ticket-server +client = 6-sni-session-ticket-client +server2 = 6-sni-session-ticket-server2 + +[6-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-sni-session-ticket-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = Success +ExpectedServerName = server2 +SessionIdExpected = Yes +SessionTicketExpected = No +server = 6-sni-session-ticket-server-extra +client = 6-sni-session-ticket-client-extra + +[6-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[6-sni-session-ticket-client-extra] +ServerName = server2 + + +# =========================================================== + +[7-sni-session-ticket] +ssl_conf = 7-sni-session-ticket-ssl + +[7-sni-session-ticket-ssl] +server = 7-sni-session-ticket-server +client = 7-sni-session-ticket-client +server2 = 7-sni-session-ticket-server2 + +[7-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-sni-session-ticket-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = Success +ExpectedServerName = server1 +SessionIdExpected = Yes +SessionTicketExpected = No +server = 7-sni-session-ticket-server-extra +client = 7-sni-session-ticket-client-extra + +[7-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[7-sni-session-ticket-client-extra] +ServerName = server1 + + +# =========================================================== + +[8-sni-session-ticket] +ssl_conf = 8-sni-session-ticket-ssl + +[8-sni-session-ticket-ssl] +server = 8-sni-session-ticket-server +client = 8-sni-session-ticket-client +server2 = 8-sni-session-ticket-server2 + +[8-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-sni-session-ticket-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedResult = Success +ExpectedServerName = server2 +SessionIdExpected = Yes +SessionTicketExpected = No +server = 8-sni-session-ticket-server-extra +client = 8-sni-session-ticket-client-extra + +[8-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[8-sni-session-ticket-client-extra] +ServerName = server2 + + +# =========================================================== + +[9-sni-session-ticket] +ssl_conf = 9-sni-session-ticket-ssl + +[9-sni-session-ticket-ssl] +server = 9-sni-session-ticket-server +client = 9-sni-session-ticket-client +server2 = 9-sni-session-ticket-server2 + +[9-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-sni-session-ticket-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = -SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedResult = Success +ExpectedServerName = server1 +SessionIdExpected = Yes +SessionTicketExpected = No +server = 9-sni-session-ticket-server-extra +client = 9-sni-session-ticket-client-extra + +[9-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[9-sni-session-ticket-client-extra] +ServerName = server1 + + +# =========================================================== + +[10-sni-session-ticket] +ssl_conf = 10-sni-session-ticket-ssl + +[10-sni-session-ticket-ssl] +server = 10-sni-session-ticket-server +client = 10-sni-session-ticket-client +server2 = 10-sni-session-ticket-server2 + +[10-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-sni-session-ticket-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = -SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedResult = Success +ExpectedServerName = server2 +SessionIdExpected = Yes +SessionTicketExpected = No +server = 10-sni-session-ticket-server-extra +client = 10-sni-session-ticket-client-extra + +[10-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[10-sni-session-ticket-client-extra] +ServerName = server2 + + +# =========================================================== + +[11-sni-session-ticket] +ssl_conf = 11-sni-session-ticket-ssl + +[11-sni-session-ticket-ssl] +server = 11-sni-session-ticket-server +client = 11-sni-session-ticket-client +server2 = 11-sni-session-ticket-server2 + +[11-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-sni-session-ticket-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = -SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedResult = Success +ExpectedServerName = server1 +SessionIdExpected = Yes +SessionTicketExpected = No +server = 11-sni-session-ticket-server-extra +client = 11-sni-session-ticket-client-extra + +[11-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[11-sni-session-ticket-client-extra] +ServerName = server1 + + +# =========================================================== + +[12-sni-session-ticket] +ssl_conf = 12-sni-session-ticket-ssl + +[12-sni-session-ticket-ssl] +server = 12-sni-session-ticket-server +client = 12-sni-session-ticket-client +server2 = 12-sni-session-ticket-server2 + +[12-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-sni-session-ticket-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = -SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedResult = Success +ExpectedServerName = server2 +SessionIdExpected = Yes +SessionTicketExpected = No +server = 12-sni-session-ticket-server-extra +client = 12-sni-session-ticket-client-extra + +[12-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[12-sni-session-ticket-client-extra] +ServerName = server2 + + +# =========================================================== + +[13-sni-session-ticket] +ssl_conf = 13-sni-session-ticket-ssl + +[13-sni-session-ticket-ssl] +server = 13-sni-session-ticket-server +client = 13-sni-session-ticket-client +server2 = 13-sni-session-ticket-server2 + +[13-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-sni-session-ticket-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = -SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedResult = Success +ExpectedServerName = server1 +SessionIdExpected = Yes +SessionTicketExpected = No +server = 13-sni-session-ticket-server-extra +client = 13-sni-session-ticket-client-extra + +[13-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[13-sni-session-ticket-client-extra] +ServerName = server1 + + +# =========================================================== + +[14-sni-session-ticket] +ssl_conf = 14-sni-session-ticket-ssl + +[14-sni-session-ticket-ssl] +server = 14-sni-session-ticket-server +client = 14-sni-session-ticket-client +server2 = 14-sni-session-ticket-server2 + +[14-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-sni-session-ticket-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = -SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedResult = Success +ExpectedServerName = server2 +SessionIdExpected = Yes +SessionTicketExpected = No +server = 14-sni-session-ticket-server-extra +client = 14-sni-session-ticket-client-extra + +[14-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[14-sni-session-ticket-client-extra] +ServerName = server2 + + +# =========================================================== + +[15-sni-session-ticket] +ssl_conf = 15-sni-session-ticket-ssl + +[15-sni-session-ticket-ssl] +server = 15-sni-session-ticket-server +client = 15-sni-session-ticket-client +server2 = 15-sni-session-ticket-server2 + +[15-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-sni-session-ticket-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = -SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedResult = Success +ExpectedServerName = server1 +SessionIdExpected = Yes +SessionTicketExpected = No +server = 15-sni-session-ticket-server-extra +client = 15-sni-session-ticket-client-extra + +[15-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[15-sni-session-ticket-client-extra] +ServerName = server1 + + +# =========================================================== + +[16-sni-session-ticket] +ssl_conf = 16-sni-session-ticket-ssl + +[16-sni-session-ticket-ssl] +server = 16-sni-session-ticket-server +client = 16-sni-session-ticket-client +server2 = 16-sni-session-ticket-server2 + +[16-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-sni-session-ticket-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = -SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +ExpectedResult = Success +ExpectedServerName = server2 +SessionIdExpected = Yes +SessionTicketExpected = No +server = 16-sni-session-ticket-server-extra +client = 16-sni-session-ticket-client-extra + +[16-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[16-sni-session-ticket-client-extra] +ServerName = server2 + + diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/06-sni-ticket.conf.in b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/06-sni-ticket.conf.in new file mode 100644 index 000000000..b4f4ffc29 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/06-sni-ticket.conf.in @@ -0,0 +1,101 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test SNI/Session tickets + +use strict; +use warnings; + +package ssltests; + + +our @tests = (); + +#Note: MaxProtocol is set to TLSv1.2 as session tickets work differently in +#TLSv1.3. +sub generate_tests() { + foreach my $c ("SessionTicket", "-SessionTicket") { + foreach my $s1 ("SessionTicket", "-SessionTicket") { + foreach my $s2 ("SessionTicket", "-SessionTicket") { + foreach my $n ("server1", "server2") { + my $ticket_result = expected_result($c, $s1, $s2, $n); + my $session_id_result = "Yes"; # always, even with a ticket + push @tests, { + "name" => "sni-session-ticket", + "client" => { + "Options" => $c, + "extra" => { + "ServerName" => $n, + }, + "MaxProtocol" => "TLSv1.2" + }, + "server" => { + "Options" => $s1, + "extra" => { + # We don't test mismatch here. + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + "server2" => { + "Options" => $s2, + }, + "test" => { + "ExpectedServerName" => $n, + "ExpectedResult" => "Success", + "SessionIdExpected" => $session_id_result, + "SessionTicketExpected" => $ticket_result, + } + }; + } + } + } + } +} + +# If the client has session tickets disabled, then No support +# If the server initial_ctx has session tickets disabled, then No support +# If SNI is in use, then if the "switched-to" context has session tickets disabled, +# then No support +sub expected_result { + my ($c, $s1, $s2, $n) = @_; + + return "No" if $c eq "-SessionTicket"; + return "No" if $s1 eq "-SessionTicket"; + return "No" if ($s2 eq "-SessionTicket" && $n eq "server2"); + + return "Yes"; + +} + +# Add a "Broken" case. +push @tests, { + "name" => "sni-session-ticket", + "client" => { + "MaxProtocol" => "TLSv1.2", + "Options" => "SessionTicket", + "extra" => { + "ServerName" => "server1", + } + }, + "server" => { + "Options" => "SessionTicket", + "extra" => { + "BrokenSessionTicket" => "Yes", + }, + }, + "server2" => { + "Options" => "SessionTicket", + }, + "test" => { + "ExpectedResult" => "Success", + "SessionTicketExpected" => "No", + } +}; + +generate_tests(); diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/07-dtls-protocol-version.conf b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/07-dtls-protocol-version.conf new file mode 100644 index 000000000..3304a3bba --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/07-dtls-protocol-version.conf @@ -0,0 +1,1820 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 64 + +test-0 = 0-version-negotiation +test-1 = 1-version-negotiation +test-2 = 2-version-negotiation +test-3 = 3-version-negotiation +test-4 = 4-version-negotiation +test-5 = 5-version-negotiation +test-6 = 6-version-negotiation +test-7 = 7-version-negotiation +test-8 = 8-version-negotiation +test-9 = 9-version-negotiation +test-10 = 10-version-negotiation +test-11 = 11-version-negotiation +test-12 = 12-version-negotiation +test-13 = 13-version-negotiation +test-14 = 14-version-negotiation +test-15 = 15-version-negotiation +test-16 = 16-version-negotiation +test-17 = 17-version-negotiation +test-18 = 18-version-negotiation +test-19 = 19-version-negotiation +test-20 = 20-version-negotiation +test-21 = 21-version-negotiation +test-22 = 22-version-negotiation +test-23 = 23-version-negotiation +test-24 = 24-version-negotiation +test-25 = 25-version-negotiation +test-26 = 26-version-negotiation +test-27 = 27-version-negotiation +test-28 = 28-version-negotiation +test-29 = 29-version-negotiation +test-30 = 30-version-negotiation +test-31 = 31-version-negotiation +test-32 = 32-version-negotiation +test-33 = 33-version-negotiation +test-34 = 34-version-negotiation +test-35 = 35-version-negotiation +test-36 = 36-version-negotiation +test-37 = 37-version-negotiation +test-38 = 38-version-negotiation +test-39 = 39-version-negotiation +test-40 = 40-version-negotiation +test-41 = 41-version-negotiation +test-42 = 42-version-negotiation +test-43 = 43-version-negotiation +test-44 = 44-version-negotiation +test-45 = 45-version-negotiation +test-46 = 46-version-negotiation +test-47 = 47-version-negotiation +test-48 = 48-version-negotiation +test-49 = 49-version-negotiation +test-50 = 50-version-negotiation +test-51 = 51-version-negotiation +test-52 = 52-version-negotiation +test-53 = 53-version-negotiation +test-54 = 54-version-negotiation +test-55 = 55-version-negotiation +test-56 = 56-version-negotiation +test-57 = 57-version-negotiation +test-58 = 58-version-negotiation +test-59 = 59-version-negotiation +test-60 = 60-version-negotiation +test-61 = 61-version-negotiation +test-62 = 62-version-negotiation +test-63 = 63-version-negotiation +# =========================================================== + +[0-version-negotiation] +ssl_conf = 0-version-negotiation-ssl + +[0-version-negotiation-ssl] +server = 0-version-negotiation-server +client = 0-version-negotiation-client + +[0-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[1-version-negotiation] +ssl_conf = 1-version-negotiation-ssl + +[1-version-negotiation-ssl] +server = 1-version-negotiation-server +client = 1-version-negotiation-client + +[1-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[2-version-negotiation] +ssl_conf = 2-version-negotiation-ssl + +[2-version-negotiation-ssl] +server = 2-version-negotiation-server +client = 2-version-negotiation-client + +[2-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[3-version-negotiation] +ssl_conf = 3-version-negotiation-ssl + +[3-version-negotiation-ssl] +server = 3-version-negotiation-server +client = 3-version-negotiation-client + +[3-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[4-version-negotiation] +ssl_conf = 4-version-negotiation-ssl + +[4-version-negotiation-ssl] +server = 4-version-negotiation-server +client = 4-version-negotiation-client + +[4-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[5-version-negotiation] +ssl_conf = 5-version-negotiation-ssl + +[5-version-negotiation-ssl] +server = 5-version-negotiation-server +client = 5-version-negotiation-client + +[5-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[6-version-negotiation] +ssl_conf = 6-version-negotiation-ssl + +[6-version-negotiation-ssl] +server = 6-version-negotiation-server +client = 6-version-negotiation-client + +[6-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = ServerFail +Method = DTLS + + +# =========================================================== + +[7-version-negotiation] +ssl_conf = 7-version-negotiation-ssl + +[7-version-negotiation-ssl] +server = 7-version-negotiation-server +client = 7-version-negotiation-client + +[7-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = ServerFail +Method = DTLS + + +# =========================================================== + +[8-version-negotiation] +ssl_conf = 8-version-negotiation-ssl + +[8-version-negotiation-ssl] +server = 8-version-negotiation-server +client = 8-version-negotiation-client + +[8-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[9-version-negotiation] +ssl_conf = 9-version-negotiation-ssl + +[9-version-negotiation-ssl] +server = 9-version-negotiation-server +client = 9-version-negotiation-client + +[9-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[10-version-negotiation] +ssl_conf = 10-version-negotiation-ssl + +[10-version-negotiation-ssl] +server = 10-version-negotiation-server +client = 10-version-negotiation-client + +[10-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[11-version-negotiation] +ssl_conf = 11-version-negotiation-ssl + +[11-version-negotiation-ssl] +server = 11-version-negotiation-server +client = 11-version-negotiation-client + +[11-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[12-version-negotiation] +ssl_conf = 12-version-negotiation-ssl + +[12-version-negotiation-ssl] +server = 12-version-negotiation-server +client = 12-version-negotiation-client + +[12-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[13-version-negotiation] +ssl_conf = 13-version-negotiation-ssl + +[13-version-negotiation-ssl] +server = 13-version-negotiation-server +client = 13-version-negotiation-client + +[13-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[14-version-negotiation] +ssl_conf = 14-version-negotiation-ssl + +[14-version-negotiation-ssl] +server = 14-version-negotiation-server +client = 14-version-negotiation-client + +[14-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[15-version-negotiation] +ssl_conf = 15-version-negotiation-ssl + +[15-version-negotiation-ssl] +server = 15-version-negotiation-server +client = 15-version-negotiation-client + +[15-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[16-version-negotiation] +ssl_conf = 16-version-negotiation-ssl + +[16-version-negotiation-ssl] +server = 16-version-negotiation-server +client = 16-version-negotiation-client + +[16-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[17-version-negotiation] +ssl_conf = 17-version-negotiation-ssl + +[17-version-negotiation-ssl] +server = 17-version-negotiation-server +client = 17-version-negotiation-client + +[17-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[17-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-17] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[18-version-negotiation] +ssl_conf = 18-version-negotiation-ssl + +[18-version-negotiation-ssl] +server = 18-version-negotiation-server +client = 18-version-negotiation-client + +[18-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-18] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[19-version-negotiation] +ssl_conf = 19-version-negotiation-ssl + +[19-version-negotiation-ssl] +server = 19-version-negotiation-server +client = 19-version-negotiation-client + +[19-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-19] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[20-version-negotiation] +ssl_conf = 20-version-negotiation-ssl + +[20-version-negotiation-ssl] +server = 20-version-negotiation-server +client = 20-version-negotiation-client + +[20-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[20-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-20] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[21-version-negotiation] +ssl_conf = 21-version-negotiation-ssl + +[21-version-negotiation-ssl] +server = 21-version-negotiation-server +client = 21-version-negotiation-client + +[21-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[21-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-21] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[22-version-negotiation] +ssl_conf = 22-version-negotiation-ssl + +[22-version-negotiation-ssl] +server = 22-version-negotiation-server +client = 22-version-negotiation-client + +[22-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[22-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-22] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[23-version-negotiation] +ssl_conf = 23-version-negotiation-ssl + +[23-version-negotiation-ssl] +server = 23-version-negotiation-server +client = 23-version-negotiation-client + +[23-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[23-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-23] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[24-version-negotiation] +ssl_conf = 24-version-negotiation-ssl + +[24-version-negotiation-ssl] +server = 24-version-negotiation-server +client = 24-version-negotiation-client + +[24-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[24-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-24] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[25-version-negotiation] +ssl_conf = 25-version-negotiation-ssl + +[25-version-negotiation-ssl] +server = 25-version-negotiation-server +client = 25-version-negotiation-client + +[25-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[25-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-25] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[26-version-negotiation] +ssl_conf = 26-version-negotiation-ssl + +[26-version-negotiation-ssl] +server = 26-version-negotiation-server +client = 26-version-negotiation-client + +[26-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[26-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-26] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[27-version-negotiation] +ssl_conf = 27-version-negotiation-ssl + +[27-version-negotiation-ssl] +server = 27-version-negotiation-server +client = 27-version-negotiation-client + +[27-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[27-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-27] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[28-version-negotiation] +ssl_conf = 28-version-negotiation-ssl + +[28-version-negotiation-ssl] +server = 28-version-negotiation-server +client = 28-version-negotiation-client + +[28-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[28-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-28] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[29-version-negotiation] +ssl_conf = 29-version-negotiation-ssl + +[29-version-negotiation-ssl] +server = 29-version-negotiation-server +client = 29-version-negotiation-client + +[29-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[29-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-29] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[30-version-negotiation] +ssl_conf = 30-version-negotiation-ssl + +[30-version-negotiation-ssl] +server = 30-version-negotiation-server +client = 30-version-negotiation-client + +[30-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[30-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-30] +ExpectedResult = ServerFail +Method = DTLS + + +# =========================================================== + +[31-version-negotiation] +ssl_conf = 31-version-negotiation-ssl + +[31-version-negotiation-ssl] +server = 31-version-negotiation-server +client = 31-version-negotiation-client + +[31-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[31-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-31] +ExpectedResult = ServerFail +Method = DTLS + + +# =========================================================== + +[32-version-negotiation] +ssl_conf = 32-version-negotiation-ssl + +[32-version-negotiation-ssl] +server = 32-version-negotiation-server +client = 32-version-negotiation-client + +[32-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[32-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-32] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[33-version-negotiation] +ssl_conf = 33-version-negotiation-ssl + +[33-version-negotiation-ssl] +server = 33-version-negotiation-server +client = 33-version-negotiation-client + +[33-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[33-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-33] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[34-version-negotiation] +ssl_conf = 34-version-negotiation-ssl + +[34-version-negotiation-ssl] +server = 34-version-negotiation-server +client = 34-version-negotiation-client + +[34-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[34-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-34] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[35-version-negotiation] +ssl_conf = 35-version-negotiation-ssl + +[35-version-negotiation-ssl] +server = 35-version-negotiation-server +client = 35-version-negotiation-client + +[35-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[35-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-35] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[36-version-negotiation] +ssl_conf = 36-version-negotiation-ssl + +[36-version-negotiation-ssl] +server = 36-version-negotiation-server +client = 36-version-negotiation-client + +[36-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[36-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-36] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[37-version-negotiation] +ssl_conf = 37-version-negotiation-ssl + +[37-version-negotiation-ssl] +server = 37-version-negotiation-server +client = 37-version-negotiation-client + +[37-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[37-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-37] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[38-version-negotiation] +ssl_conf = 38-version-negotiation-ssl + +[38-version-negotiation-ssl] +server = 38-version-negotiation-server +client = 38-version-negotiation-client + +[38-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[38-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-38] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[39-version-negotiation] +ssl_conf = 39-version-negotiation-ssl + +[39-version-negotiation-ssl] +server = 39-version-negotiation-server +client = 39-version-negotiation-client + +[39-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[39-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-39] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[40-version-negotiation] +ssl_conf = 40-version-negotiation-ssl + +[40-version-negotiation-ssl] +server = 40-version-negotiation-server +client = 40-version-negotiation-client + +[40-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[40-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-40] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[41-version-negotiation] +ssl_conf = 41-version-negotiation-ssl + +[41-version-negotiation-ssl] +server = 41-version-negotiation-server +client = 41-version-negotiation-client + +[41-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[41-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-41] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[42-version-negotiation] +ssl_conf = 42-version-negotiation-ssl + +[42-version-negotiation-ssl] +server = 42-version-negotiation-server +client = 42-version-negotiation-client + +[42-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[42-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-42] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[43-version-negotiation] +ssl_conf = 43-version-negotiation-ssl + +[43-version-negotiation-ssl] +server = 43-version-negotiation-server +client = 43-version-negotiation-client + +[43-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[43-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-43] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[44-version-negotiation] +ssl_conf = 44-version-negotiation-ssl + +[44-version-negotiation-ssl] +server = 44-version-negotiation-server +client = 44-version-negotiation-client + +[44-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[44-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-44] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[45-version-negotiation] +ssl_conf = 45-version-negotiation-ssl + +[45-version-negotiation-ssl] +server = 45-version-negotiation-server +client = 45-version-negotiation-client + +[45-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[45-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-45] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[46-version-negotiation] +ssl_conf = 46-version-negotiation-ssl + +[46-version-negotiation-ssl] +server = 46-version-negotiation-server +client = 46-version-negotiation-client + +[46-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[46-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-46] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[47-version-negotiation] +ssl_conf = 47-version-negotiation-ssl + +[47-version-negotiation-ssl] +server = 47-version-negotiation-server +client = 47-version-negotiation-client + +[47-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[47-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-47] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[48-version-negotiation] +ssl_conf = 48-version-negotiation-ssl + +[48-version-negotiation-ssl] +server = 48-version-negotiation-server +client = 48-version-negotiation-client + +[48-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[48-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-48] +ExpectedResult = ClientFail +Method = DTLS + + +# =========================================================== + +[49-version-negotiation] +ssl_conf = 49-version-negotiation-ssl + +[49-version-negotiation-ssl] +server = 49-version-negotiation-server +client = 49-version-negotiation-client + +[49-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[49-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-49] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[50-version-negotiation] +ssl_conf = 50-version-negotiation-ssl + +[50-version-negotiation-ssl] +server = 50-version-negotiation-server +client = 50-version-negotiation-client + +[50-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[50-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-50] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[51-version-negotiation] +ssl_conf = 51-version-negotiation-ssl + +[51-version-negotiation-ssl] +server = 51-version-negotiation-server +client = 51-version-negotiation-client + +[51-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[51-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-51] +ExpectedResult = ClientFail +Method = DTLS + + +# =========================================================== + +[52-version-negotiation] +ssl_conf = 52-version-negotiation-ssl + +[52-version-negotiation-ssl] +server = 52-version-negotiation-server +client = 52-version-negotiation-client + +[52-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[52-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-52] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[53-version-negotiation] +ssl_conf = 53-version-negotiation-ssl + +[53-version-negotiation-ssl] +server = 53-version-negotiation-server +client = 53-version-negotiation-client + +[53-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[53-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-53] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[54-version-negotiation] +ssl_conf = 54-version-negotiation-ssl + +[54-version-negotiation-ssl] +server = 54-version-negotiation-server +client = 54-version-negotiation-client + +[54-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[54-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-54] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[55-version-negotiation] +ssl_conf = 55-version-negotiation-ssl + +[55-version-negotiation-ssl] +server = 55-version-negotiation-server +client = 55-version-negotiation-client + +[55-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[55-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-55] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[56-version-negotiation] +ssl_conf = 56-version-negotiation-ssl + +[56-version-negotiation-ssl] +server = 56-version-negotiation-server +client = 56-version-negotiation-client + +[56-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[56-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-56] +ExpectedResult = ClientFail +Method = DTLS + + +# =========================================================== + +[57-version-negotiation] +ssl_conf = 57-version-negotiation-ssl + +[57-version-negotiation-ssl] +server = 57-version-negotiation-server +client = 57-version-negotiation-client + +[57-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[57-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-57] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[58-version-negotiation] +ssl_conf = 58-version-negotiation-ssl + +[58-version-negotiation-ssl] +server = 58-version-negotiation-server +client = 58-version-negotiation-client + +[58-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[58-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-58] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[59-version-negotiation] +ssl_conf = 59-version-negotiation-ssl + +[59-version-negotiation-ssl] +server = 59-version-negotiation-server +client = 59-version-negotiation-client + +[59-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[59-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-59] +ExpectedResult = ClientFail +Method = DTLS + + +# =========================================================== + +[60-version-negotiation] +ssl_conf = 60-version-negotiation-ssl + +[60-version-negotiation-ssl] +server = 60-version-negotiation-server +client = 60-version-negotiation-client + +[60-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[60-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-60] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[61-version-negotiation] +ssl_conf = 61-version-negotiation-ssl + +[61-version-negotiation-ssl] +server = 61-version-negotiation-server +client = 61-version-negotiation-client + +[61-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[61-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-61] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[62-version-negotiation] +ssl_conf = 62-version-negotiation-ssl + +[62-version-negotiation-ssl] +server = 62-version-negotiation-server +client = 62-version-negotiation-client + +[62-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[62-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-62] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[63-version-negotiation] +ssl_conf = 63-version-negotiation-ssl + +[63-version-negotiation-ssl] +server = 63-version-negotiation-server +client = 63-version-negotiation-client + +[63-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[63-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-63] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/07-dtls-protocol-version.conf.in b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/07-dtls-protocol-version.conf.in new file mode 100644 index 000000000..fb3c44a53 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/07-dtls-protocol-version.conf.in @@ -0,0 +1,19 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test DTLS version negotiation + +package ssltests; + +use strict; +use warnings; + +use protocol_version; + +our @tests = generate_version_tests("DTLS"); diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/08-npn.conf b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/08-npn.conf new file mode 100644 index 000000000..f38b3f697 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/08-npn.conf @@ -0,0 +1,816 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 20 + +test-0 = 0-npn-simple +test-1 = 1-npn-client-finds-match +test-2 = 2-npn-client-honours-server-pref +test-3 = 3-npn-client-first-pref-on-mismatch +test-4 = 4-npn-no-server-support +test-5 = 5-npn-no-client-support +test-6 = 6-npn-with-sni-no-context-switch +test-7 = 7-npn-with-sni-context-switch +test-8 = 8-npn-selected-sni-server-supports-npn +test-9 = 9-npn-selected-sni-server-does-not-support-npn +test-10 = 10-alpn-preferred-over-npn +test-11 = 11-sni-npn-preferred-over-alpn +test-12 = 12-npn-simple-resumption +test-13 = 13-npn-server-switch-resumption +test-14 = 14-npn-client-switch-resumption +test-15 = 15-npn-client-first-pref-on-mismatch-resumption +test-16 = 16-npn-no-server-support-resumption +test-17 = 17-npn-no-client-support-resumption +test-18 = 18-alpn-preferred-over-npn-resumption +test-19 = 19-npn-used-if-alpn-not-supported-resumption +# =========================================================== + +[0-npn-simple] +ssl_conf = 0-npn-simple-ssl + +[0-npn-simple-ssl] +server = 0-npn-simple-server +client = 0-npn-simple-client + +[0-npn-simple-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-npn-simple-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedNPNProtocol = foo +server = 0-npn-simple-server-extra +client = 0-npn-simple-client-extra + +[0-npn-simple-server-extra] +NPNProtocols = foo + +[0-npn-simple-client-extra] +NPNProtocols = foo + + +# =========================================================== + +[1-npn-client-finds-match] +ssl_conf = 1-npn-client-finds-match-ssl + +[1-npn-client-finds-match-ssl] +server = 1-npn-client-finds-match-server +client = 1-npn-client-finds-match-client + +[1-npn-client-finds-match-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-npn-client-finds-match-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedNPNProtocol = bar +server = 1-npn-client-finds-match-server-extra +client = 1-npn-client-finds-match-client-extra + +[1-npn-client-finds-match-server-extra] +NPNProtocols = baz,bar + +[1-npn-client-finds-match-client-extra] +NPNProtocols = foo,bar + + +# =========================================================== + +[2-npn-client-honours-server-pref] +ssl_conf = 2-npn-client-honours-server-pref-ssl + +[2-npn-client-honours-server-pref-ssl] +server = 2-npn-client-honours-server-pref-server +client = 2-npn-client-honours-server-pref-client + +[2-npn-client-honours-server-pref-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-npn-client-honours-server-pref-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedNPNProtocol = bar +server = 2-npn-client-honours-server-pref-server-extra +client = 2-npn-client-honours-server-pref-client-extra + +[2-npn-client-honours-server-pref-server-extra] +NPNProtocols = bar,foo + +[2-npn-client-honours-server-pref-client-extra] +NPNProtocols = foo,bar + + +# =========================================================== + +[3-npn-client-first-pref-on-mismatch] +ssl_conf = 3-npn-client-first-pref-on-mismatch-ssl + +[3-npn-client-first-pref-on-mismatch-ssl] +server = 3-npn-client-first-pref-on-mismatch-server +client = 3-npn-client-first-pref-on-mismatch-client + +[3-npn-client-first-pref-on-mismatch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-npn-client-first-pref-on-mismatch-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedNPNProtocol = foo +server = 3-npn-client-first-pref-on-mismatch-server-extra +client = 3-npn-client-first-pref-on-mismatch-client-extra + +[3-npn-client-first-pref-on-mismatch-server-extra] +NPNProtocols = baz + +[3-npn-client-first-pref-on-mismatch-client-extra] +NPNProtocols = foo,bar + + +# =========================================================== + +[4-npn-no-server-support] +ssl_conf = 4-npn-no-server-support-ssl + +[4-npn-no-server-support-ssl] +server = 4-npn-no-server-support-server +client = 4-npn-no-server-support-client + +[4-npn-no-server-support-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-npn-no-server-support-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +client = 4-npn-no-server-support-client-extra + +[4-npn-no-server-support-client-extra] +NPNProtocols = foo + + +# =========================================================== + +[5-npn-no-client-support] +ssl_conf = 5-npn-no-client-support-ssl + +[5-npn-no-client-support-ssl] +server = 5-npn-no-client-support-server +client = 5-npn-no-client-support-client + +[5-npn-no-client-support-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-npn-no-client-support-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +server = 5-npn-no-client-support-server-extra + +[5-npn-no-client-support-server-extra] +NPNProtocols = foo + + +# =========================================================== + +[6-npn-with-sni-no-context-switch] +ssl_conf = 6-npn-with-sni-no-context-switch-ssl + +[6-npn-with-sni-no-context-switch-ssl] +server = 6-npn-with-sni-no-context-switch-server +client = 6-npn-with-sni-no-context-switch-client +server2 = 6-npn-with-sni-no-context-switch-server2 + +[6-npn-with-sni-no-context-switch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-npn-with-sni-no-context-switch-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-npn-with-sni-no-context-switch-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedNPNProtocol = foo +ExpectedServerName = server1 +server = 6-npn-with-sni-no-context-switch-server-extra +server2 = 6-npn-with-sni-no-context-switch-server2-extra +client = 6-npn-with-sni-no-context-switch-client-extra + +[6-npn-with-sni-no-context-switch-server-extra] +NPNProtocols = foo +ServerNameCallback = IgnoreMismatch + +[6-npn-with-sni-no-context-switch-server2-extra] +NPNProtocols = bar + +[6-npn-with-sni-no-context-switch-client-extra] +NPNProtocols = foo,bar +ServerName = server1 + + +# =========================================================== + +[7-npn-with-sni-context-switch] +ssl_conf = 7-npn-with-sni-context-switch-ssl + +[7-npn-with-sni-context-switch-ssl] +server = 7-npn-with-sni-context-switch-server +client = 7-npn-with-sni-context-switch-client +server2 = 7-npn-with-sni-context-switch-server2 + +[7-npn-with-sni-context-switch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-npn-with-sni-context-switch-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-npn-with-sni-context-switch-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedNPNProtocol = bar +ExpectedServerName = server2 +server = 7-npn-with-sni-context-switch-server-extra +server2 = 7-npn-with-sni-context-switch-server2-extra +client = 7-npn-with-sni-context-switch-client-extra + +[7-npn-with-sni-context-switch-server-extra] +NPNProtocols = foo +ServerNameCallback = IgnoreMismatch + +[7-npn-with-sni-context-switch-server2-extra] +NPNProtocols = bar + +[7-npn-with-sni-context-switch-client-extra] +NPNProtocols = foo,bar +ServerName = server2 + + +# =========================================================== + +[8-npn-selected-sni-server-supports-npn] +ssl_conf = 8-npn-selected-sni-server-supports-npn-ssl + +[8-npn-selected-sni-server-supports-npn-ssl] +server = 8-npn-selected-sni-server-supports-npn-server +client = 8-npn-selected-sni-server-supports-npn-client +server2 = 8-npn-selected-sni-server-supports-npn-server2 + +[8-npn-selected-sni-server-supports-npn-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-npn-selected-sni-server-supports-npn-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-npn-selected-sni-server-supports-npn-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedNPNProtocol = bar +ExpectedServerName = server2 +server = 8-npn-selected-sni-server-supports-npn-server-extra +server2 = 8-npn-selected-sni-server-supports-npn-server2-extra +client = 8-npn-selected-sni-server-supports-npn-client-extra + +[8-npn-selected-sni-server-supports-npn-server-extra] +ServerNameCallback = IgnoreMismatch + +[8-npn-selected-sni-server-supports-npn-server2-extra] +NPNProtocols = bar + +[8-npn-selected-sni-server-supports-npn-client-extra] +NPNProtocols = foo,bar +ServerName = server2 + + +# =========================================================== + +[9-npn-selected-sni-server-does-not-support-npn] +ssl_conf = 9-npn-selected-sni-server-does-not-support-npn-ssl + +[9-npn-selected-sni-server-does-not-support-npn-ssl] +server = 9-npn-selected-sni-server-does-not-support-npn-server +client = 9-npn-selected-sni-server-does-not-support-npn-client +server2 = 9-npn-selected-sni-server-does-not-support-npn-server2 + +[9-npn-selected-sni-server-does-not-support-npn-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-npn-selected-sni-server-does-not-support-npn-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-npn-selected-sni-server-does-not-support-npn-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedServerName = server2 +server = 9-npn-selected-sni-server-does-not-support-npn-server-extra +client = 9-npn-selected-sni-server-does-not-support-npn-client-extra + +[9-npn-selected-sni-server-does-not-support-npn-server-extra] +NPNProtocols = bar +ServerNameCallback = IgnoreMismatch + +[9-npn-selected-sni-server-does-not-support-npn-client-extra] +NPNProtocols = foo,bar +ServerName = server2 + + +# =========================================================== + +[10-alpn-preferred-over-npn] +ssl_conf = 10-alpn-preferred-over-npn-ssl + +[10-alpn-preferred-over-npn-ssl] +server = 10-alpn-preferred-over-npn-server +client = 10-alpn-preferred-over-npn-client + +[10-alpn-preferred-over-npn-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-alpn-preferred-over-npn-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedALPNProtocol = foo +server = 10-alpn-preferred-over-npn-server-extra +client = 10-alpn-preferred-over-npn-client-extra + +[10-alpn-preferred-over-npn-server-extra] +ALPNProtocols = foo +NPNProtocols = bar + +[10-alpn-preferred-over-npn-client-extra] +ALPNProtocols = foo +NPNProtocols = bar + + +# =========================================================== + +[11-sni-npn-preferred-over-alpn] +ssl_conf = 11-sni-npn-preferred-over-alpn-ssl + +[11-sni-npn-preferred-over-alpn-ssl] +server = 11-sni-npn-preferred-over-alpn-server +client = 11-sni-npn-preferred-over-alpn-client +server2 = 11-sni-npn-preferred-over-alpn-server2 + +[11-sni-npn-preferred-over-alpn-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-sni-npn-preferred-over-alpn-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-sni-npn-preferred-over-alpn-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedNPNProtocol = bar +ExpectedServerName = server2 +server = 11-sni-npn-preferred-over-alpn-server-extra +server2 = 11-sni-npn-preferred-over-alpn-server2-extra +client = 11-sni-npn-preferred-over-alpn-client-extra + +[11-sni-npn-preferred-over-alpn-server-extra] +ALPNProtocols = foo +ServerNameCallback = IgnoreMismatch + +[11-sni-npn-preferred-over-alpn-server2-extra] +NPNProtocols = bar + +[11-sni-npn-preferred-over-alpn-client-extra] +ALPNProtocols = foo +NPNProtocols = bar +ServerName = server2 + + +# =========================================================== + +[12-npn-simple-resumption] +ssl_conf = 12-npn-simple-resumption-ssl + +[12-npn-simple-resumption-ssl] +server = 12-npn-simple-resumption-server +client = 12-npn-simple-resumption-client +resume-server = 12-npn-simple-resumption-server +resume-client = 12-npn-simple-resumption-client + +[12-npn-simple-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-npn-simple-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedNPNProtocol = foo +HandshakeMode = Resume +ResumptionExpected = Yes +server = 12-npn-simple-resumption-server-extra +resume-server = 12-npn-simple-resumption-server-extra +client = 12-npn-simple-resumption-client-extra +resume-client = 12-npn-simple-resumption-client-extra + +[12-npn-simple-resumption-server-extra] +NPNProtocols = foo + +[12-npn-simple-resumption-client-extra] +NPNProtocols = foo + + +# =========================================================== + +[13-npn-server-switch-resumption] +ssl_conf = 13-npn-server-switch-resumption-ssl + +[13-npn-server-switch-resumption-ssl] +server = 13-npn-server-switch-resumption-server +client = 13-npn-server-switch-resumption-client +resume-server = 13-npn-server-switch-resumption-resume-server +resume-client = 13-npn-server-switch-resumption-client + +[13-npn-server-switch-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-npn-server-switch-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-npn-server-switch-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedNPNProtocol = baz +HandshakeMode = Resume +ResumptionExpected = Yes +server = 13-npn-server-switch-resumption-server-extra +resume-server = 13-npn-server-switch-resumption-resume-server-extra +client = 13-npn-server-switch-resumption-client-extra +resume-client = 13-npn-server-switch-resumption-client-extra + +[13-npn-server-switch-resumption-server-extra] +NPNProtocols = bar,foo + +[13-npn-server-switch-resumption-resume-server-extra] +NPNProtocols = baz,foo + +[13-npn-server-switch-resumption-client-extra] +NPNProtocols = foo,bar,baz + + +# =========================================================== + +[14-npn-client-switch-resumption] +ssl_conf = 14-npn-client-switch-resumption-ssl + +[14-npn-client-switch-resumption-ssl] +server = 14-npn-client-switch-resumption-server +client = 14-npn-client-switch-resumption-client +resume-server = 14-npn-client-switch-resumption-server +resume-client = 14-npn-client-switch-resumption-resume-client + +[14-npn-client-switch-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-npn-client-switch-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[14-npn-client-switch-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedNPNProtocol = bar +HandshakeMode = Resume +ResumptionExpected = Yes +server = 14-npn-client-switch-resumption-server-extra +resume-server = 14-npn-client-switch-resumption-server-extra +client = 14-npn-client-switch-resumption-client-extra +resume-client = 14-npn-client-switch-resumption-resume-client-extra + +[14-npn-client-switch-resumption-server-extra] +NPNProtocols = foo,bar,baz + +[14-npn-client-switch-resumption-client-extra] +NPNProtocols = foo,baz + +[14-npn-client-switch-resumption-resume-client-extra] +NPNProtocols = bar,baz + + +# =========================================================== + +[15-npn-client-first-pref-on-mismatch-resumption] +ssl_conf = 15-npn-client-first-pref-on-mismatch-resumption-ssl + +[15-npn-client-first-pref-on-mismatch-resumption-ssl] +server = 15-npn-client-first-pref-on-mismatch-resumption-server +client = 15-npn-client-first-pref-on-mismatch-resumption-client +resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server +resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client + +[15-npn-client-first-pref-on-mismatch-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-npn-client-first-pref-on-mismatch-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-npn-client-first-pref-on-mismatch-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedNPNProtocol = foo +HandshakeMode = Resume +ResumptionExpected = Yes +server = 15-npn-client-first-pref-on-mismatch-resumption-server-extra +resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra +client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra +resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra + +[15-npn-client-first-pref-on-mismatch-resumption-server-extra] +NPNProtocols = bar + +[15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra] +NPNProtocols = baz + +[15-npn-client-first-pref-on-mismatch-resumption-client-extra] +NPNProtocols = foo,bar + + +# =========================================================== + +[16-npn-no-server-support-resumption] +ssl_conf = 16-npn-no-server-support-resumption-ssl + +[16-npn-no-server-support-resumption-ssl] +server = 16-npn-no-server-support-resumption-server +client = 16-npn-no-server-support-resumption-client +resume-server = 16-npn-no-server-support-resumption-resume-server +resume-client = 16-npn-no-server-support-resumption-client + +[16-npn-no-server-support-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-npn-no-server-support-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-npn-no-server-support-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +HandshakeMode = Resume +ResumptionExpected = Yes +server = 16-npn-no-server-support-resumption-server-extra +client = 16-npn-no-server-support-resumption-client-extra +resume-client = 16-npn-no-server-support-resumption-client-extra + +[16-npn-no-server-support-resumption-server-extra] +NPNProtocols = foo + +[16-npn-no-server-support-resumption-client-extra] +NPNProtocols = foo + + +# =========================================================== + +[17-npn-no-client-support-resumption] +ssl_conf = 17-npn-no-client-support-resumption-ssl + +[17-npn-no-client-support-resumption-ssl] +server = 17-npn-no-client-support-resumption-server +client = 17-npn-no-client-support-resumption-client +resume-server = 17-npn-no-client-support-resumption-server +resume-client = 17-npn-no-client-support-resumption-resume-client + +[17-npn-no-client-support-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[17-npn-no-client-support-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[17-npn-no-client-support-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-17] +HandshakeMode = Resume +ResumptionExpected = Yes +server = 17-npn-no-client-support-resumption-server-extra +resume-server = 17-npn-no-client-support-resumption-server-extra +client = 17-npn-no-client-support-resumption-client-extra + +[17-npn-no-client-support-resumption-server-extra] +NPNProtocols = foo + +[17-npn-no-client-support-resumption-client-extra] +NPNProtocols = foo + + +# =========================================================== + +[18-alpn-preferred-over-npn-resumption] +ssl_conf = 18-alpn-preferred-over-npn-resumption-ssl + +[18-alpn-preferred-over-npn-resumption-ssl] +server = 18-alpn-preferred-over-npn-resumption-server +client = 18-alpn-preferred-over-npn-resumption-client +resume-server = 18-alpn-preferred-over-npn-resumption-resume-server +resume-client = 18-alpn-preferred-over-npn-resumption-client + +[18-alpn-preferred-over-npn-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-alpn-preferred-over-npn-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-alpn-preferred-over-npn-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-18] +ExpectedALPNProtocol = foo +HandshakeMode = Resume +ResumptionExpected = Yes +server = 18-alpn-preferred-over-npn-resumption-server-extra +resume-server = 18-alpn-preferred-over-npn-resumption-resume-server-extra +client = 18-alpn-preferred-over-npn-resumption-client-extra +resume-client = 18-alpn-preferred-over-npn-resumption-client-extra + +[18-alpn-preferred-over-npn-resumption-server-extra] +NPNProtocols = bar + +[18-alpn-preferred-over-npn-resumption-resume-server-extra] +ALPNProtocols = foo +NPNProtocols = baz + +[18-alpn-preferred-over-npn-resumption-client-extra] +ALPNProtocols = foo +NPNProtocols = bar,baz + + +# =========================================================== + +[19-npn-used-if-alpn-not-supported-resumption] +ssl_conf = 19-npn-used-if-alpn-not-supported-resumption-ssl + +[19-npn-used-if-alpn-not-supported-resumption-ssl] +server = 19-npn-used-if-alpn-not-supported-resumption-server +client = 19-npn-used-if-alpn-not-supported-resumption-client +resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server +resume-client = 19-npn-used-if-alpn-not-supported-resumption-client + +[19-npn-used-if-alpn-not-supported-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-npn-used-if-alpn-not-supported-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-npn-used-if-alpn-not-supported-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-19] +ExpectedNPNProtocol = baz +HandshakeMode = Resume +ResumptionExpected = Yes +server = 19-npn-used-if-alpn-not-supported-resumption-server-extra +resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server-extra +client = 19-npn-used-if-alpn-not-supported-resumption-client-extra +resume-client = 19-npn-used-if-alpn-not-supported-resumption-client-extra + +[19-npn-used-if-alpn-not-supported-resumption-server-extra] +ALPNProtocols = foo +NPNProtocols = bar + +[19-npn-used-if-alpn-not-supported-resumption-resume-server-extra] +NPNProtocols = baz + +[19-npn-used-if-alpn-not-supported-resumption-client-extra] +ALPNProtocols = foo +NPNProtocols = bar,baz + + diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/08-npn.conf.in b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/08-npn.conf.in new file mode 100644 index 000000000..b5df13d5a --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/08-npn.conf.in @@ -0,0 +1,443 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test NPN. Note that NPN is only supported up to TLSv1.2 + +use strict; +use warnings; + +package ssltests; + +our @tests = ( + { + name => "npn-simple", + server => { + extra => { + "NPNProtocols" => "foo", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedNPNProtocol" => "foo", + }, + }, + { + name => "npn-client-finds-match", + server => { + extra => { + "NPNProtocols" => "baz,bar", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedNPNProtocol" => "bar", + }, + }, + { + name => "npn-client-honours-server-pref", + server => { + extra => { + "NPNProtocols" => "bar,foo", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedNPNProtocol" => "bar", + }, + }, + { + name => "npn-client-first-pref-on-mismatch", + server => { + extra => { + "NPNProtocols" => "baz", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedNPNProtocol" => "foo", + }, + }, + { + name => "npn-no-server-support", + server => {}, + client => { + extra => { + "NPNProtocols" => "foo", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedNPNProtocol" => undef, + }, + }, + { + name => "npn-no-client-support", + server => { + extra => { + "NPNProtocols" => "foo", + }, + }, + client => { + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedNPNProtocol" => undef, + }, + }, + { + name => "npn-with-sni-no-context-switch", + server => { + extra => { + "NPNProtocols" => "foo", + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { + extra => { + "NPNProtocols" => "bar", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + "ServerName" => "server1", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedServerName" => "server1", + "ExpectedNPNProtocol" => "foo", + }, + }, + { + name => "npn-with-sni-context-switch", + server => { + extra => { + "NPNProtocols" => "foo", + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { + extra => { + "NPNProtocols" => "bar", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + "ServerName" => "server2", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedServerName" => "server2", + "ExpectedNPNProtocol" => "bar", + }, + }, + { + name => "npn-selected-sni-server-supports-npn", + server => { + extra => { + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { + extra => { + "NPNProtocols" => "bar", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + "ServerName" => "server2", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedServerName" => "server2", + "ExpectedNPNProtocol" => "bar", + }, + }, + { + name => "npn-selected-sni-server-does-not-support-npn", + server => { + extra => { + "NPNProtocols" => "bar", + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + "ServerName" => "server2", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedServerName" => "server2", + "ExpectedNPNProtocol" => undef, + }, + }, + { + name => "alpn-preferred-over-npn", + server => { + extra => { + "ALPNProtocols" => "foo", + "NPNProtocols" => "bar", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo", + "NPNProtocols" => "bar", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedALPNProtocol" => "foo", + "ExpectedNPNProtocol" => undef, + }, + }, + { + name => "sni-npn-preferred-over-alpn", + server => { + extra => { + "ServerNameCallback" => "IgnoreMismatch", + "ALPNProtocols" => "foo", + }, + }, + server2 => { + extra => { + "NPNProtocols" => "bar", + }, + }, + client => { + extra => { + "ServerName" => "server2", + "ALPNProtocols" => "foo", + "NPNProtocols" => "bar", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedALPNProtocol" => undef, + "ExpectedNPNProtocol" => "bar", + "ExpectedServerName" => "server2", + }, + }, + { + name => "npn-simple-resumption", + server => { + extra => { + "NPNProtocols" => "foo", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedNPNProtocol" => "foo", + }, + }, + { + name => "npn-server-switch-resumption", + server => { + extra => { + "NPNProtocols" => "bar,foo", + }, + }, + resume_server => { + extra => { + "NPNProtocols" => "baz,foo", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar,baz", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedNPNProtocol" => "baz", + }, + }, + { + name => "npn-client-switch-resumption", + server => { + extra => { + "NPNProtocols" => "foo,bar,baz", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,baz", + }, + "MaxProtocol" => "TLSv1.2" + }, + resume_client => { + extra => { + "NPNProtocols" => "bar,baz", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedNPNProtocol" => "bar", + }, + }, + { + name => "npn-client-first-pref-on-mismatch-resumption", + server => { + extra => { + "NPNProtocols" => "bar", + }, + }, + resume_server => { + extra => { + "NPNProtocols" => "baz", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedNPNProtocol" => "foo", + }, + }, + { + name => "npn-no-server-support-resumption", + server => { + extra => { + "NPNProtocols" => "foo", + }, + }, + resume_server => { }, + client => { + extra => { + "NPNProtocols" => "foo", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedNPNProtocol" => undef, + }, + }, + { + name => "npn-no-client-support-resumption", + server => { + extra => { + "NPNProtocols" => "foo", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo", + }, + "MaxProtocol" => "TLSv1.2" + }, + resume_client => { + "MaxProtocol" => "TLSv1.2" + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedNPNProtocol" => undef, + }, + }, + { + name => "alpn-preferred-over-npn-resumption", + server => { + extra => { + "NPNProtocols" => "bar", + }, + }, + resume_server => { + extra => { + "ALPNProtocols" => "foo", + "NPNProtocols" => "baz", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo", + "NPNProtocols" => "bar,baz", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedALPNProtocol" => "foo", + "ExpectedNPNProtocol" => undef, + }, + }, + { + name => "npn-used-if-alpn-not-supported-resumption", + server => { + extra => { + "ALPNProtocols" => "foo", + "NPNProtocols" => "bar", + }, + }, + resume_server => { + extra => { + "NPNProtocols" => "baz", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo", + "NPNProtocols" => "bar,baz", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedALPNProtocol" => undef, + "ExpectedNPNProtocol" => "baz", + }, + }, +); diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/09-alpn.conf b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/09-alpn.conf new file mode 100644 index 000000000..e7e6cb953 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/09-alpn.conf @@ -0,0 +1,619 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 16 + +test-0 = 0-alpn-simple +test-1 = 1-alpn-server-finds-match +test-2 = 2-alpn-server-honours-server-pref +test-3 = 3-alpn-alert-on-mismatch +test-4 = 4-alpn-no-server-support +test-5 = 5-alpn-no-client-support +test-6 = 6-alpn-with-sni-no-context-switch +test-7 = 7-alpn-with-sni-context-switch +test-8 = 8-alpn-selected-sni-server-supports-alpn +test-9 = 9-alpn-selected-sni-server-does-not-support-alpn +test-10 = 10-alpn-simple-resumption +test-11 = 11-alpn-server-switch-resumption +test-12 = 12-alpn-client-switch-resumption +test-13 = 13-alpn-alert-on-mismatch-resumption +test-14 = 14-alpn-no-server-support-resumption +test-15 = 15-alpn-no-client-support-resumption +# =========================================================== + +[0-alpn-simple] +ssl_conf = 0-alpn-simple-ssl + +[0-alpn-simple-ssl] +server = 0-alpn-simple-server +client = 0-alpn-simple-client + +[0-alpn-simple-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-alpn-simple-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedALPNProtocol = foo +server = 0-alpn-simple-server-extra +client = 0-alpn-simple-client-extra + +[0-alpn-simple-server-extra] +ALPNProtocols = foo + +[0-alpn-simple-client-extra] +ALPNProtocols = foo + + +# =========================================================== + +[1-alpn-server-finds-match] +ssl_conf = 1-alpn-server-finds-match-ssl + +[1-alpn-server-finds-match-ssl] +server = 1-alpn-server-finds-match-server +client = 1-alpn-server-finds-match-client + +[1-alpn-server-finds-match-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-alpn-server-finds-match-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedALPNProtocol = bar +server = 1-alpn-server-finds-match-server-extra +client = 1-alpn-server-finds-match-client-extra + +[1-alpn-server-finds-match-server-extra] +ALPNProtocols = baz,bar + +[1-alpn-server-finds-match-client-extra] +ALPNProtocols = foo,bar + + +# =========================================================== + +[2-alpn-server-honours-server-pref] +ssl_conf = 2-alpn-server-honours-server-pref-ssl + +[2-alpn-server-honours-server-pref-ssl] +server = 2-alpn-server-honours-server-pref-server +client = 2-alpn-server-honours-server-pref-client + +[2-alpn-server-honours-server-pref-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-alpn-server-honours-server-pref-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedALPNProtocol = bar +server = 2-alpn-server-honours-server-pref-server-extra +client = 2-alpn-server-honours-server-pref-client-extra + +[2-alpn-server-honours-server-pref-server-extra] +ALPNProtocols = bar,foo + +[2-alpn-server-honours-server-pref-client-extra] +ALPNProtocols = foo,bar + + +# =========================================================== + +[3-alpn-alert-on-mismatch] +ssl_conf = 3-alpn-alert-on-mismatch-ssl + +[3-alpn-alert-on-mismatch-ssl] +server = 3-alpn-alert-on-mismatch-server +client = 3-alpn-alert-on-mismatch-client + +[3-alpn-alert-on-mismatch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-alpn-alert-on-mismatch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = ServerFail +ExpectedServerAlert = NoApplicationProtocol +server = 3-alpn-alert-on-mismatch-server-extra +client = 3-alpn-alert-on-mismatch-client-extra + +[3-alpn-alert-on-mismatch-server-extra] +ALPNProtocols = baz + +[3-alpn-alert-on-mismatch-client-extra] +ALPNProtocols = foo,bar + + +# =========================================================== + +[4-alpn-no-server-support] +ssl_conf = 4-alpn-no-server-support-ssl + +[4-alpn-no-server-support-ssl] +server = 4-alpn-no-server-support-server +client = 4-alpn-no-server-support-client + +[4-alpn-no-server-support-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-alpn-no-server-support-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +client = 4-alpn-no-server-support-client-extra + +[4-alpn-no-server-support-client-extra] +ALPNProtocols = foo + + +# =========================================================== + +[5-alpn-no-client-support] +ssl_conf = 5-alpn-no-client-support-ssl + +[5-alpn-no-client-support-ssl] +server = 5-alpn-no-client-support-server +client = 5-alpn-no-client-support-client + +[5-alpn-no-client-support-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-alpn-no-client-support-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +server = 5-alpn-no-client-support-server-extra + +[5-alpn-no-client-support-server-extra] +ALPNProtocols = foo + + +# =========================================================== + +[6-alpn-with-sni-no-context-switch] +ssl_conf = 6-alpn-with-sni-no-context-switch-ssl + +[6-alpn-with-sni-no-context-switch-ssl] +server = 6-alpn-with-sni-no-context-switch-server +client = 6-alpn-with-sni-no-context-switch-client +server2 = 6-alpn-with-sni-no-context-switch-server2 + +[6-alpn-with-sni-no-context-switch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-alpn-with-sni-no-context-switch-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-alpn-with-sni-no-context-switch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedALPNProtocol = foo +ExpectedServerName = server1 +server = 6-alpn-with-sni-no-context-switch-server-extra +server2 = 6-alpn-with-sni-no-context-switch-server2-extra +client = 6-alpn-with-sni-no-context-switch-client-extra + +[6-alpn-with-sni-no-context-switch-server-extra] +ALPNProtocols = foo +ServerNameCallback = IgnoreMismatch + +[6-alpn-with-sni-no-context-switch-server2-extra] +ALPNProtocols = bar + +[6-alpn-with-sni-no-context-switch-client-extra] +ALPNProtocols = foo,bar +ServerName = server1 + + +# =========================================================== + +[7-alpn-with-sni-context-switch] +ssl_conf = 7-alpn-with-sni-context-switch-ssl + +[7-alpn-with-sni-context-switch-ssl] +server = 7-alpn-with-sni-context-switch-server +client = 7-alpn-with-sni-context-switch-client +server2 = 7-alpn-with-sni-context-switch-server2 + +[7-alpn-with-sni-context-switch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-alpn-with-sni-context-switch-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-alpn-with-sni-context-switch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedALPNProtocol = bar +ExpectedServerName = server2 +server = 7-alpn-with-sni-context-switch-server-extra +server2 = 7-alpn-with-sni-context-switch-server2-extra +client = 7-alpn-with-sni-context-switch-client-extra + +[7-alpn-with-sni-context-switch-server-extra] +ALPNProtocols = foo +ServerNameCallback = IgnoreMismatch + +[7-alpn-with-sni-context-switch-server2-extra] +ALPNProtocols = bar + +[7-alpn-with-sni-context-switch-client-extra] +ALPNProtocols = foo,bar +ServerName = server2 + + +# =========================================================== + +[8-alpn-selected-sni-server-supports-alpn] +ssl_conf = 8-alpn-selected-sni-server-supports-alpn-ssl + +[8-alpn-selected-sni-server-supports-alpn-ssl] +server = 8-alpn-selected-sni-server-supports-alpn-server +client = 8-alpn-selected-sni-server-supports-alpn-client +server2 = 8-alpn-selected-sni-server-supports-alpn-server2 + +[8-alpn-selected-sni-server-supports-alpn-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-alpn-selected-sni-server-supports-alpn-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-alpn-selected-sni-server-supports-alpn-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedALPNProtocol = bar +ExpectedServerName = server2 +server = 8-alpn-selected-sni-server-supports-alpn-server-extra +server2 = 8-alpn-selected-sni-server-supports-alpn-server2-extra +client = 8-alpn-selected-sni-server-supports-alpn-client-extra + +[8-alpn-selected-sni-server-supports-alpn-server-extra] +ServerNameCallback = IgnoreMismatch + +[8-alpn-selected-sni-server-supports-alpn-server2-extra] +ALPNProtocols = bar + +[8-alpn-selected-sni-server-supports-alpn-client-extra] +ALPNProtocols = foo,bar +ServerName = server2 + + +# =========================================================== + +[9-alpn-selected-sni-server-does-not-support-alpn] +ssl_conf = 9-alpn-selected-sni-server-does-not-support-alpn-ssl + +[9-alpn-selected-sni-server-does-not-support-alpn-ssl] +server = 9-alpn-selected-sni-server-does-not-support-alpn-server +client = 9-alpn-selected-sni-server-does-not-support-alpn-client +server2 = 9-alpn-selected-sni-server-does-not-support-alpn-server2 + +[9-alpn-selected-sni-server-does-not-support-alpn-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-alpn-selected-sni-server-does-not-support-alpn-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-alpn-selected-sni-server-does-not-support-alpn-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedServerName = server2 +server = 9-alpn-selected-sni-server-does-not-support-alpn-server-extra +client = 9-alpn-selected-sni-server-does-not-support-alpn-client-extra + +[9-alpn-selected-sni-server-does-not-support-alpn-server-extra] +ALPNProtocols = bar +ServerNameCallback = IgnoreMismatch + +[9-alpn-selected-sni-server-does-not-support-alpn-client-extra] +ALPNProtocols = foo,bar +ServerName = server2 + + +# =========================================================== + +[10-alpn-simple-resumption] +ssl_conf = 10-alpn-simple-resumption-ssl + +[10-alpn-simple-resumption-ssl] +server = 10-alpn-simple-resumption-server +client = 10-alpn-simple-resumption-client +resume-server = 10-alpn-simple-resumption-server +resume-client = 10-alpn-simple-resumption-client + +[10-alpn-simple-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-alpn-simple-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedALPNProtocol = foo +HandshakeMode = Resume +ResumptionExpected = Yes +server = 10-alpn-simple-resumption-server-extra +resume-server = 10-alpn-simple-resumption-server-extra +client = 10-alpn-simple-resumption-client-extra +resume-client = 10-alpn-simple-resumption-client-extra + +[10-alpn-simple-resumption-server-extra] +ALPNProtocols = foo + +[10-alpn-simple-resumption-client-extra] +ALPNProtocols = foo + + +# =========================================================== + +[11-alpn-server-switch-resumption] +ssl_conf = 11-alpn-server-switch-resumption-ssl + +[11-alpn-server-switch-resumption-ssl] +server = 11-alpn-server-switch-resumption-server +client = 11-alpn-server-switch-resumption-client +resume-server = 11-alpn-server-switch-resumption-resume-server +resume-client = 11-alpn-server-switch-resumption-client + +[11-alpn-server-switch-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-alpn-server-switch-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-alpn-server-switch-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedALPNProtocol = baz +HandshakeMode = Resume +ResumptionExpected = Yes +server = 11-alpn-server-switch-resumption-server-extra +resume-server = 11-alpn-server-switch-resumption-resume-server-extra +client = 11-alpn-server-switch-resumption-client-extra +resume-client = 11-alpn-server-switch-resumption-client-extra + +[11-alpn-server-switch-resumption-server-extra] +ALPNProtocols = bar,foo + +[11-alpn-server-switch-resumption-resume-server-extra] +ALPNProtocols = baz,foo + +[11-alpn-server-switch-resumption-client-extra] +ALPNProtocols = foo,bar,baz + + +# =========================================================== + +[12-alpn-client-switch-resumption] +ssl_conf = 12-alpn-client-switch-resumption-ssl + +[12-alpn-client-switch-resumption-ssl] +server = 12-alpn-client-switch-resumption-server +client = 12-alpn-client-switch-resumption-client +resume-server = 12-alpn-client-switch-resumption-server +resume-client = 12-alpn-client-switch-resumption-resume-client + +[12-alpn-client-switch-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-alpn-client-switch-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[12-alpn-client-switch-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedALPNProtocol = bar +HandshakeMode = Resume +ResumptionExpected = Yes +server = 12-alpn-client-switch-resumption-server-extra +resume-server = 12-alpn-client-switch-resumption-server-extra +client = 12-alpn-client-switch-resumption-client-extra +resume-client = 12-alpn-client-switch-resumption-resume-client-extra + +[12-alpn-client-switch-resumption-server-extra] +ALPNProtocols = foo,bar,baz + +[12-alpn-client-switch-resumption-client-extra] +ALPNProtocols = foo,baz + +[12-alpn-client-switch-resumption-resume-client-extra] +ALPNProtocols = bar,baz + + +# =========================================================== + +[13-alpn-alert-on-mismatch-resumption] +ssl_conf = 13-alpn-alert-on-mismatch-resumption-ssl + +[13-alpn-alert-on-mismatch-resumption-ssl] +server = 13-alpn-alert-on-mismatch-resumption-server +client = 13-alpn-alert-on-mismatch-resumption-client +resume-server = 13-alpn-alert-on-mismatch-resumption-resume-server +resume-client = 13-alpn-alert-on-mismatch-resumption-client + +[13-alpn-alert-on-mismatch-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-alpn-alert-on-mismatch-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-alpn-alert-on-mismatch-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedResult = ServerFail +ExpectedServerAlert = NoApplicationProtocol +HandshakeMode = Resume +server = 13-alpn-alert-on-mismatch-resumption-server-extra +resume-server = 13-alpn-alert-on-mismatch-resumption-resume-server-extra +client = 13-alpn-alert-on-mismatch-resumption-client-extra +resume-client = 13-alpn-alert-on-mismatch-resumption-client-extra + +[13-alpn-alert-on-mismatch-resumption-server-extra] +ALPNProtocols = bar + +[13-alpn-alert-on-mismatch-resumption-resume-server-extra] +ALPNProtocols = baz + +[13-alpn-alert-on-mismatch-resumption-client-extra] +ALPNProtocols = foo,bar + + +# =========================================================== + +[14-alpn-no-server-support-resumption] +ssl_conf = 14-alpn-no-server-support-resumption-ssl + +[14-alpn-no-server-support-resumption-ssl] +server = 14-alpn-no-server-support-resumption-server +client = 14-alpn-no-server-support-resumption-client +resume-server = 14-alpn-no-server-support-resumption-resume-server +resume-client = 14-alpn-no-server-support-resumption-client + +[14-alpn-no-server-support-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-alpn-no-server-support-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-alpn-no-server-support-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +HandshakeMode = Resume +ResumptionExpected = Yes +server = 14-alpn-no-server-support-resumption-server-extra +client = 14-alpn-no-server-support-resumption-client-extra +resume-client = 14-alpn-no-server-support-resumption-client-extra + +[14-alpn-no-server-support-resumption-server-extra] +ALPNProtocols = foo + +[14-alpn-no-server-support-resumption-client-extra] +ALPNProtocols = foo + + +# =========================================================== + +[15-alpn-no-client-support-resumption] +ssl_conf = 15-alpn-no-client-support-resumption-ssl + +[15-alpn-no-client-support-resumption-ssl] +server = 15-alpn-no-client-support-resumption-server +client = 15-alpn-no-client-support-resumption-client +resume-server = 15-alpn-no-client-support-resumption-server +resume-client = 15-alpn-no-client-support-resumption-resume-client + +[15-alpn-no-client-support-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-alpn-no-client-support-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[15-alpn-no-client-support-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +HandshakeMode = Resume +ResumptionExpected = Yes +server = 15-alpn-no-client-support-resumption-server-extra +resume-server = 15-alpn-no-client-support-resumption-server-extra +client = 15-alpn-no-client-support-resumption-client-extra + +[15-alpn-no-client-support-resumption-server-extra] +ALPNProtocols = foo + +[15-alpn-no-client-support-resumption-client-extra] +ALPNProtocols = foo + + diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/09-alpn.conf.in b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/09-alpn.conf.in new file mode 100644 index 000000000..6e86375af --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/09-alpn.conf.in @@ -0,0 +1,325 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test version negotiation + +use strict; +use warnings; + +package ssltests; + + +our @tests = ( + { + name => "alpn-simple", + server => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + test => { + "ExpectedALPNProtocol" => "foo", + }, + }, + { + name => "alpn-server-finds-match", + server => { + extra => { + "ALPNProtocols" => "baz,bar", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + }, + }, + test => { + "ExpectedALPNProtocol" => "bar", + }, + }, + { + name => "alpn-server-honours-server-pref", + server => { + extra => { + "ALPNProtocols" => "bar,foo", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + }, + }, + test => { + "ExpectedALPNProtocol" => "bar", + }, + }, + { + name => "alpn-alert-on-mismatch", + server => { + extra => { + "ALPNProtocols" => "baz", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + }, + }, + test => { + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => "NoApplicationProtocol", + }, + }, + { + name => "alpn-no-server-support", + server => { }, + client => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + test => { + "ExpectedALPNProtocol" => undef, + }, + }, + { + name => "alpn-no-client-support", + server => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + client => { }, + test => { + "ExpectedALPNProtocol" => undef, + }, + }, + { + name => "alpn-with-sni-no-context-switch", + server => { + extra => { + "ALPNProtocols" => "foo", + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { + extra => { + "ALPNProtocols" => "bar", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + "ServerName" => "server1", + }, + }, + test => { + "ExpectedServerName" => "server1", + "ExpectedALPNProtocol" => "foo", + }, + }, + { + name => "alpn-with-sni-context-switch", + server => { + extra => { + "ALPNProtocols" => "foo", + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { + extra => { + "ALPNProtocols" => "bar", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + "ServerName" => "server2", + }, + }, + test => { + "ExpectedServerName" => "server2", + "ExpectedALPNProtocol" => "bar", + }, + }, + { + name => "alpn-selected-sni-server-supports-alpn", + server => { + extra => { + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { + extra => { + "ALPNProtocols" => "bar", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + "ServerName" => "server2", + }, + }, + test => { + "ExpectedServerName" => "server2", + "ExpectedALPNProtocol" => "bar", + }, + }, + { + name => "alpn-selected-sni-server-does-not-support-alpn", + server => { + extra => { + "ALPNProtocols" => "bar", + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + "ServerName" => "server2", + }, + }, + test => { + "ExpectedServerName" => "server2", + "ExpectedALPNProtocol" => undef, + }, + }, + { + name => "alpn-simple-resumption", + server => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedALPNProtocol" => "foo", + }, + }, + { + name => "alpn-server-switch-resumption", + server => { + extra => { + "ALPNProtocols" => "bar,foo", + }, + }, + resume_server => { + extra => { + "ALPNProtocols" => "baz,foo", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar,baz", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedALPNProtocol" => "baz", + }, + }, + { + name => "alpn-client-switch-resumption", + server => { + extra => { + "ALPNProtocols" => "foo,bar,baz", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,baz", + }, + }, + resume_client => { + extra => { + "ALPNProtocols" => "bar,baz", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedALPNProtocol" => "bar", + }, + }, + { + name => "alpn-alert-on-mismatch-resumption", + server => { + extra => { + "ALPNProtocols" => "bar", + }, + }, + resume_server => { + extra => { + "ALPNProtocols" => "baz", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => "NoApplicationProtocol", + }, + }, + { + name => "alpn-no-server-support-resumption", + server => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + resume_server => { }, + client => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedALPNProtocol" => undef, + }, + }, + { + name => "alpn-no-client-support-resumption", + server => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + resume_client => { + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedALPNProtocol" => undef, + }, + }, +); diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/10-resumption.conf b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/10-resumption.conf new file mode 100644 index 000000000..73de974ab --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/10-resumption.conf @@ -0,0 +1,2439 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 65 + +test-0 = 0-resumption +test-1 = 1-resumption +test-2 = 2-resumption +test-3 = 3-resumption +test-4 = 4-resumption +test-5 = 5-resumption +test-6 = 6-resumption +test-7 = 7-resumption +test-8 = 8-resumption +test-9 = 9-resumption +test-10 = 10-resumption +test-11 = 11-resumption +test-12 = 12-resumption +test-13 = 13-resumption +test-14 = 14-resumption +test-15 = 15-resumption +test-16 = 16-resumption +test-17 = 17-resumption +test-18 = 18-resumption +test-19 = 19-resumption +test-20 = 20-resumption +test-21 = 21-resumption +test-22 = 22-resumption +test-23 = 23-resumption +test-24 = 24-resumption +test-25 = 25-resumption +test-26 = 26-resumption +test-27 = 27-resumption +test-28 = 28-resumption +test-29 = 29-resumption +test-30 = 30-resumption +test-31 = 31-resumption +test-32 = 32-resumption +test-33 = 33-resumption +test-34 = 34-resumption +test-35 = 35-resumption +test-36 = 36-resumption +test-37 = 37-resumption +test-38 = 38-resumption +test-39 = 39-resumption +test-40 = 40-resumption +test-41 = 41-resumption +test-42 = 42-resumption +test-43 = 43-resumption +test-44 = 44-resumption +test-45 = 45-resumption +test-46 = 46-resumption +test-47 = 47-resumption +test-48 = 48-resumption +test-49 = 49-resumption +test-50 = 50-resumption +test-51 = 51-resumption +test-52 = 52-resumption +test-53 = 53-resumption +test-54 = 54-resumption +test-55 = 55-resumption +test-56 = 56-resumption +test-57 = 57-resumption +test-58 = 58-resumption +test-59 = 59-resumption +test-60 = 60-resumption +test-61 = 61-resumption +test-62 = 62-resumption +test-63 = 63-resumption +test-64 = 64-resumption-with-hrr +# =========================================================== + +[0-resumption] +ssl_conf = 0-resumption-ssl + +[0-resumption-ssl] +server = 0-resumption-server +client = 0-resumption-client +resume-server = 0-resumption-resume-server +resume-client = 0-resumption-client + +[0-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[1-resumption] +ssl_conf = 1-resumption-ssl + +[1-resumption-ssl] +server = 1-resumption-server +client = 1-resumption-client +resume-server = 1-resumption-resume-server +resume-client = 1-resumption-client + +[1-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[2-resumption] +ssl_conf = 2-resumption-ssl + +[2-resumption-ssl] +server = 2-resumption-server +client = 2-resumption-client +resume-server = 2-resumption-resume-server +resume-client = 2-resumption-client + +[2-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[3-resumption] +ssl_conf = 3-resumption-ssl + +[3-resumption-ssl] +server = 3-resumption-server +client = 3-resumption-client +resume-server = 3-resumption-resume-server +resume-client = 3-resumption-client + +[3-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[4-resumption] +ssl_conf = 4-resumption-ssl + +[4-resumption-ssl] +server = 4-resumption-server +client = 4-resumption-client +resume-server = 4-resumption-resume-server +resume-client = 4-resumption-client + +[4-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[5-resumption] +ssl_conf = 5-resumption-ssl + +[5-resumption-ssl] +server = 5-resumption-server +client = 5-resumption-client +resume-server = 5-resumption-resume-server +resume-client = 5-resumption-client + +[5-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[6-resumption] +ssl_conf = 6-resumption-ssl + +[6-resumption-ssl] +server = 6-resumption-server +client = 6-resumption-client +resume-server = 6-resumption-resume-server +resume-client = 6-resumption-client + +[6-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[7-resumption] +ssl_conf = 7-resumption-ssl + +[7-resumption-ssl] +server = 7-resumption-server +client = 7-resumption-client +resume-server = 7-resumption-resume-server +resume-client = 7-resumption-client + +[7-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[8-resumption] +ssl_conf = 8-resumption-ssl + +[8-resumption-ssl] +server = 8-resumption-server +client = 8-resumption-client +resume-server = 8-resumption-resume-server +resume-client = 8-resumption-client + +[8-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[9-resumption] +ssl_conf = 9-resumption-ssl + +[9-resumption-ssl] +server = 9-resumption-server +client = 9-resumption-client +resume-server = 9-resumption-resume-server +resume-client = 9-resumption-client + +[9-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[10-resumption] +ssl_conf = 10-resumption-ssl + +[10-resumption-ssl] +server = 10-resumption-server +client = 10-resumption-client +resume-server = 10-resumption-resume-server +resume-client = 10-resumption-client + +[10-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[11-resumption] +ssl_conf = 11-resumption-ssl + +[11-resumption-ssl] +server = 11-resumption-server +client = 11-resumption-client +resume-server = 11-resumption-resume-server +resume-client = 11-resumption-client + +[11-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[12-resumption] +ssl_conf = 12-resumption-ssl + +[12-resumption-ssl] +server = 12-resumption-server +client = 12-resumption-client +resume-server = 12-resumption-resume-server +resume-client = 12-resumption-client + +[12-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[13-resumption] +ssl_conf = 13-resumption-ssl + +[13-resumption-ssl] +server = 13-resumption-server +client = 13-resumption-client +resume-server = 13-resumption-resume-server +resume-client = 13-resumption-client + +[13-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[14-resumption] +ssl_conf = 14-resumption-ssl + +[14-resumption-ssl] +server = 14-resumption-server +client = 14-resumption-client +resume-server = 14-resumption-resume-server +resume-client = 14-resumption-client + +[14-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[15-resumption] +ssl_conf = 15-resumption-ssl + +[15-resumption-ssl] +server = 15-resumption-server +client = 15-resumption-client +resume-server = 15-resumption-resume-server +resume-client = 15-resumption-client + +[15-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[16-resumption] +ssl_conf = 16-resumption-ssl + +[16-resumption-ssl] +server = 16-resumption-server +client = 16-resumption-client +resume-server = 16-resumption-resume-server +resume-client = 16-resumption-client + +[16-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[17-resumption] +ssl_conf = 17-resumption-ssl + +[17-resumption-ssl] +server = 17-resumption-server +client = 17-resumption-client +resume-server = 17-resumption-resume-server +resume-client = 17-resumption-client + +[17-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[17-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[17-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-17] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[18-resumption] +ssl_conf = 18-resumption-ssl + +[18-resumption-ssl] +server = 18-resumption-server +client = 18-resumption-client +resume-server = 18-resumption-resume-server +resume-client = 18-resumption-client + +[18-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-18] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[19-resumption] +ssl_conf = 19-resumption-ssl + +[19-resumption-ssl] +server = 19-resumption-server +client = 19-resumption-client +resume-server = 19-resumption-resume-server +resume-client = 19-resumption-client + +[19-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-19] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[20-resumption] +ssl_conf = 20-resumption-ssl + +[20-resumption-ssl] +server = 20-resumption-server +client = 20-resumption-client +resume-server = 20-resumption-resume-server +resume-client = 20-resumption-client + +[20-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[20-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[20-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-20] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[21-resumption] +ssl_conf = 21-resumption-ssl + +[21-resumption-ssl] +server = 21-resumption-server +client = 21-resumption-client +resume-server = 21-resumption-resume-server +resume-client = 21-resumption-client + +[21-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[21-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[21-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-21] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[22-resumption] +ssl_conf = 22-resumption-ssl + +[22-resumption-ssl] +server = 22-resumption-server +client = 22-resumption-client +resume-server = 22-resumption-resume-server +resume-client = 22-resumption-client + +[22-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[22-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[22-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-22] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[23-resumption] +ssl_conf = 23-resumption-ssl + +[23-resumption-ssl] +server = 23-resumption-server +client = 23-resumption-client +resume-server = 23-resumption-resume-server +resume-client = 23-resumption-client + +[23-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[23-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[23-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-23] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[24-resumption] +ssl_conf = 24-resumption-ssl + +[24-resumption-ssl] +server = 24-resumption-server +client = 24-resumption-client +resume-server = 24-resumption-resume-server +resume-client = 24-resumption-client + +[24-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[24-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[24-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-24] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[25-resumption] +ssl_conf = 25-resumption-ssl + +[25-resumption-ssl] +server = 25-resumption-server +client = 25-resumption-client +resume-server = 25-resumption-resume-server +resume-client = 25-resumption-client + +[25-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[25-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[25-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-25] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[26-resumption] +ssl_conf = 26-resumption-ssl + +[26-resumption-ssl] +server = 26-resumption-server +client = 26-resumption-client +resume-server = 26-resumption-resume-server +resume-client = 26-resumption-client + +[26-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[26-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[26-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-26] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[27-resumption] +ssl_conf = 27-resumption-ssl + +[27-resumption-ssl] +server = 27-resumption-server +client = 27-resumption-client +resume-server = 27-resumption-resume-server +resume-client = 27-resumption-client + +[27-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[27-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[27-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-27] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[28-resumption] +ssl_conf = 28-resumption-ssl + +[28-resumption-ssl] +server = 28-resumption-server +client = 28-resumption-client +resume-server = 28-resumption-resume-server +resume-client = 28-resumption-client + +[28-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[28-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[28-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-28] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[29-resumption] +ssl_conf = 29-resumption-ssl + +[29-resumption-ssl] +server = 29-resumption-server +client = 29-resumption-client +resume-server = 29-resumption-resume-server +resume-client = 29-resumption-client + +[29-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[29-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[29-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-29] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[30-resumption] +ssl_conf = 30-resumption-ssl + +[30-resumption-ssl] +server = 30-resumption-server +client = 30-resumption-client +resume-server = 30-resumption-resume-server +resume-client = 30-resumption-client + +[30-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[30-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[30-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-30] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[31-resumption] +ssl_conf = 31-resumption-ssl + +[31-resumption-ssl] +server = 31-resumption-server +client = 31-resumption-client +resume-server = 31-resumption-resume-server +resume-client = 31-resumption-client + +[31-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[31-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[31-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-31] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[32-resumption] +ssl_conf = 32-resumption-ssl + +[32-resumption-ssl] +server = 32-resumption-server +client = 32-resumption-client +resume-server = 32-resumption-server +resume-client = 32-resumption-resume-client + +[32-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[32-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[32-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-32] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[33-resumption] +ssl_conf = 33-resumption-ssl + +[33-resumption-ssl] +server = 33-resumption-server +client = 33-resumption-client +resume-server = 33-resumption-server +resume-client = 33-resumption-resume-client + +[33-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[33-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[33-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-33] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[34-resumption] +ssl_conf = 34-resumption-ssl + +[34-resumption-ssl] +server = 34-resumption-server +client = 34-resumption-client +resume-server = 34-resumption-server +resume-client = 34-resumption-resume-client + +[34-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[34-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[34-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-34] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[35-resumption] +ssl_conf = 35-resumption-ssl + +[35-resumption-ssl] +server = 35-resumption-server +client = 35-resumption-client +resume-server = 35-resumption-server +resume-client = 35-resumption-resume-client + +[35-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[35-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[35-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-35] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[36-resumption] +ssl_conf = 36-resumption-ssl + +[36-resumption-ssl] +server = 36-resumption-server +client = 36-resumption-client +resume-server = 36-resumption-server +resume-client = 36-resumption-resume-client + +[36-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[36-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[36-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-36] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[37-resumption] +ssl_conf = 37-resumption-ssl + +[37-resumption-ssl] +server = 37-resumption-server +client = 37-resumption-client +resume-server = 37-resumption-server +resume-client = 37-resumption-resume-client + +[37-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[37-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[37-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-37] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[38-resumption] +ssl_conf = 38-resumption-ssl + +[38-resumption-ssl] +server = 38-resumption-server +client = 38-resumption-client +resume-server = 38-resumption-server +resume-client = 38-resumption-resume-client + +[38-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[38-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[38-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-38] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[39-resumption] +ssl_conf = 39-resumption-ssl + +[39-resumption-ssl] +server = 39-resumption-server +client = 39-resumption-client +resume-server = 39-resumption-server +resume-client = 39-resumption-resume-client + +[39-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[39-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[39-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-39] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[40-resumption] +ssl_conf = 40-resumption-ssl + +[40-resumption-ssl] +server = 40-resumption-server +client = 40-resumption-client +resume-server = 40-resumption-server +resume-client = 40-resumption-resume-client + +[40-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[40-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[40-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-40] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[41-resumption] +ssl_conf = 41-resumption-ssl + +[41-resumption-ssl] +server = 41-resumption-server +client = 41-resumption-client +resume-server = 41-resumption-server +resume-client = 41-resumption-resume-client + +[41-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[41-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[41-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-41] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[42-resumption] +ssl_conf = 42-resumption-ssl + +[42-resumption-ssl] +server = 42-resumption-server +client = 42-resumption-client +resume-server = 42-resumption-server +resume-client = 42-resumption-resume-client + +[42-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[42-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[42-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-42] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[43-resumption] +ssl_conf = 43-resumption-ssl + +[43-resumption-ssl] +server = 43-resumption-server +client = 43-resumption-client +resume-server = 43-resumption-server +resume-client = 43-resumption-resume-client + +[43-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[43-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[43-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-43] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[44-resumption] +ssl_conf = 44-resumption-ssl + +[44-resumption-ssl] +server = 44-resumption-server +client = 44-resumption-client +resume-server = 44-resumption-server +resume-client = 44-resumption-resume-client + +[44-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[44-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[44-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-44] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[45-resumption] +ssl_conf = 45-resumption-ssl + +[45-resumption-ssl] +server = 45-resumption-server +client = 45-resumption-client +resume-server = 45-resumption-server +resume-client = 45-resumption-resume-client + +[45-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[45-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[45-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-45] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[46-resumption] +ssl_conf = 46-resumption-ssl + +[46-resumption-ssl] +server = 46-resumption-server +client = 46-resumption-client +resume-server = 46-resumption-server +resume-client = 46-resumption-resume-client + +[46-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[46-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[46-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-46] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[47-resumption] +ssl_conf = 47-resumption-ssl + +[47-resumption-ssl] +server = 47-resumption-server +client = 47-resumption-client +resume-server = 47-resumption-server +resume-client = 47-resumption-resume-client + +[47-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[47-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[47-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-47] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[48-resumption] +ssl_conf = 48-resumption-ssl + +[48-resumption-ssl] +server = 48-resumption-server +client = 48-resumption-client +resume-server = 48-resumption-server +resume-client = 48-resumption-resume-client + +[48-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[48-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[48-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-48] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[49-resumption] +ssl_conf = 49-resumption-ssl + +[49-resumption-ssl] +server = 49-resumption-server +client = 49-resumption-client +resume-server = 49-resumption-server +resume-client = 49-resumption-resume-client + +[49-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[49-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[49-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-49] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[50-resumption] +ssl_conf = 50-resumption-ssl + +[50-resumption-ssl] +server = 50-resumption-server +client = 50-resumption-client +resume-server = 50-resumption-server +resume-client = 50-resumption-resume-client + +[50-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[50-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[50-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-50] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[51-resumption] +ssl_conf = 51-resumption-ssl + +[51-resumption-ssl] +server = 51-resumption-server +client = 51-resumption-client +resume-server = 51-resumption-server +resume-client = 51-resumption-resume-client + +[51-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[51-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[51-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-51] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[52-resumption] +ssl_conf = 52-resumption-ssl + +[52-resumption-ssl] +server = 52-resumption-server +client = 52-resumption-client +resume-server = 52-resumption-server +resume-client = 52-resumption-resume-client + +[52-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[52-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[52-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-52] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[53-resumption] +ssl_conf = 53-resumption-ssl + +[53-resumption-ssl] +server = 53-resumption-server +client = 53-resumption-client +resume-server = 53-resumption-server +resume-client = 53-resumption-resume-client + +[53-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[53-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[53-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-53] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[54-resumption] +ssl_conf = 54-resumption-ssl + +[54-resumption-ssl] +server = 54-resumption-server +client = 54-resumption-client +resume-server = 54-resumption-server +resume-client = 54-resumption-resume-client + +[54-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[54-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[54-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-54] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[55-resumption] +ssl_conf = 55-resumption-ssl + +[55-resumption-ssl] +server = 55-resumption-server +client = 55-resumption-client +resume-server = 55-resumption-server +resume-client = 55-resumption-resume-client + +[55-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[55-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[55-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-55] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[56-resumption] +ssl_conf = 56-resumption-ssl + +[56-resumption-ssl] +server = 56-resumption-server +client = 56-resumption-client +resume-server = 56-resumption-server +resume-client = 56-resumption-resume-client + +[56-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[56-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[56-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-56] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[57-resumption] +ssl_conf = 57-resumption-ssl + +[57-resumption-ssl] +server = 57-resumption-server +client = 57-resumption-client +resume-server = 57-resumption-server +resume-client = 57-resumption-resume-client + +[57-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[57-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[57-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-57] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[58-resumption] +ssl_conf = 58-resumption-ssl + +[58-resumption-ssl] +server = 58-resumption-server +client = 58-resumption-client +resume-server = 58-resumption-server +resume-client = 58-resumption-resume-client + +[58-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[58-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[58-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-58] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[59-resumption] +ssl_conf = 59-resumption-ssl + +[59-resumption-ssl] +server = 59-resumption-server +client = 59-resumption-client +resume-server = 59-resumption-server +resume-client = 59-resumption-resume-client + +[59-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[59-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[59-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-59] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[60-resumption] +ssl_conf = 60-resumption-ssl + +[60-resumption-ssl] +server = 60-resumption-server +client = 60-resumption-client +resume-server = 60-resumption-server +resume-client = 60-resumption-resume-client + +[60-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[60-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[60-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-60] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[61-resumption] +ssl_conf = 61-resumption-ssl + +[61-resumption-ssl] +server = 61-resumption-server +client = 61-resumption-client +resume-server = 61-resumption-server +resume-client = 61-resumption-resume-client + +[61-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[61-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[61-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-61] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[62-resumption] +ssl_conf = 62-resumption-ssl + +[62-resumption-ssl] +server = 62-resumption-server +client = 62-resumption-client +resume-server = 62-resumption-server +resume-client = 62-resumption-resume-client + +[62-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[62-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[62-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-62] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[63-resumption] +ssl_conf = 63-resumption-ssl + +[63-resumption-ssl] +server = 63-resumption-server +client = 63-resumption-client +resume-server = 63-resumption-server +resume-client = 63-resumption-resume-client + +[63-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[63-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[63-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-63] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[64-resumption-with-hrr] +ssl_conf = 64-resumption-with-hrr-ssl + +[64-resumption-with-hrr-ssl] +server = 64-resumption-with-hrr-server +client = 64-resumption-with-hrr-client +resume-server = 64-resumption-with-hrr-server +resume-client = 64-resumption-with-hrr-resume-client + +[64-resumption-with-hrr-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = P-256 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[64-resumption-with-hrr-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[64-resumption-with-hrr-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-64] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +Method = TLS +ResumptionExpected = Yes + + diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/10-resumption.conf.in b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/10-resumption.conf.in new file mode 100644 index 000000000..989135f2f --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/10-resumption.conf.in @@ -0,0 +1,19 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test version negotiation upon resumption. + +use strict; +use warnings; + +package ssltests; + +use protocol_version; + +our @tests = generate_resumption_tests("TLS"); diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/11-dtls_resumption.conf b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/11-dtls_resumption.conf new file mode 100644 index 000000000..a981fa51d --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/11-dtls_resumption.conf @@ -0,0 +1,620 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 16 + +test-0 = 0-resumption +test-1 = 1-resumption +test-2 = 2-resumption +test-3 = 3-resumption +test-4 = 4-resumption +test-5 = 5-resumption +test-6 = 6-resumption +test-7 = 7-resumption +test-8 = 8-resumption +test-9 = 9-resumption +test-10 = 10-resumption +test-11 = 11-resumption +test-12 = 12-resumption +test-13 = 13-resumption +test-14 = 14-resumption +test-15 = 15-resumption +# =========================================================== + +[0-resumption] +ssl_conf = 0-resumption-ssl + +[0-resumption-ssl] +server = 0-resumption-server +client = 0-resumption-client +resume-server = 0-resumption-resume-server +resume-client = 0-resumption-client + +[0-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedProtocol = DTLSv1 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = Yes + + +# =========================================================== + +[1-resumption] +ssl_conf = 1-resumption-ssl + +[1-resumption-ssl] +server = 1-resumption-server +client = 1-resumption-client +resume-server = 1-resumption-resume-server +resume-client = 1-resumption-client + +[1-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedProtocol = DTLSv1 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = Yes + + +# =========================================================== + +[2-resumption] +ssl_conf = 2-resumption-ssl + +[2-resumption-ssl] +server = 2-resumption-server +client = 2-resumption-client +resume-server = 2-resumption-resume-server +resume-client = 2-resumption-client + +[2-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedProtocol = DTLSv1.2 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[3-resumption] +ssl_conf = 3-resumption-ssl + +[3-resumption-ssl] +server = 3-resumption-server +client = 3-resumption-client +resume-server = 3-resumption-resume-server +resume-client = 3-resumption-client + +[3-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedProtocol = DTLSv1.2 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[4-resumption] +ssl_conf = 4-resumption-ssl + +[4-resumption-ssl] +server = 4-resumption-server +client = 4-resumption-client +resume-server = 4-resumption-resume-server +resume-client = 4-resumption-client + +[4-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedProtocol = DTLSv1 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[5-resumption] +ssl_conf = 5-resumption-ssl + +[5-resumption-ssl] +server = 5-resumption-server +client = 5-resumption-client +resume-server = 5-resumption-resume-server +resume-client = 5-resumption-client + +[5-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedProtocol = DTLSv1 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[6-resumption] +ssl_conf = 6-resumption-ssl + +[6-resumption-ssl] +server = 6-resumption-server +client = 6-resumption-client +resume-server = 6-resumption-resume-server +resume-client = 6-resumption-client + +[6-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedProtocol = DTLSv1.2 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = Yes + + +# =========================================================== + +[7-resumption] +ssl_conf = 7-resumption-ssl + +[7-resumption-ssl] +server = 7-resumption-server +client = 7-resumption-client +resume-server = 7-resumption-resume-server +resume-client = 7-resumption-client + +[7-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedProtocol = DTLSv1.2 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = Yes + + +# =========================================================== + +[8-resumption] +ssl_conf = 8-resumption-ssl + +[8-resumption-ssl] +server = 8-resumption-server +client = 8-resumption-client +resume-server = 8-resumption-server +resume-client = 8-resumption-resume-client + +[8-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-resumption-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[8-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedProtocol = DTLSv1 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = Yes + + +# =========================================================== + +[9-resumption] +ssl_conf = 9-resumption-ssl + +[9-resumption-ssl] +server = 9-resumption-server +client = 9-resumption-client +resume-server = 9-resumption-server +resume-client = 9-resumption-resume-client + +[9-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-resumption-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[9-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedProtocol = DTLSv1 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = Yes + + +# =========================================================== + +[10-resumption] +ssl_conf = 10-resumption-ssl + +[10-resumption-ssl] +server = 10-resumption-server +client = 10-resumption-client +resume-server = 10-resumption-server +resume-client = 10-resumption-resume-client + +[10-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-resumption-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[10-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedProtocol = DTLSv1.2 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[11-resumption] +ssl_conf = 11-resumption-ssl + +[11-resumption-ssl] +server = 11-resumption-server +client = 11-resumption-client +resume-server = 11-resumption-server +resume-client = 11-resumption-resume-client + +[11-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-resumption-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[11-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedProtocol = DTLSv1.2 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[12-resumption] +ssl_conf = 12-resumption-ssl + +[12-resumption-ssl] +server = 12-resumption-server +client = 12-resumption-client +resume-server = 12-resumption-server +resume-client = 12-resumption-resume-client + +[12-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-resumption-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[12-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedProtocol = DTLSv1 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[13-resumption] +ssl_conf = 13-resumption-ssl + +[13-resumption-ssl] +server = 13-resumption-server +client = 13-resumption-client +resume-server = 13-resumption-server +resume-client = 13-resumption-resume-client + +[13-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-resumption-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[13-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedProtocol = DTLSv1 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[14-resumption] +ssl_conf = 14-resumption-ssl + +[14-resumption-ssl] +server = 14-resumption-server +client = 14-resumption-client +resume-server = 14-resumption-server +resume-client = 14-resumption-resume-client + +[14-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-resumption-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[14-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedProtocol = DTLSv1.2 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = Yes + + +# =========================================================== + +[15-resumption] +ssl_conf = 15-resumption-ssl + +[15-resumption-ssl] +server = 15-resumption-server +client = 15-resumption-client +resume-server = 15-resumption-server +resume-client = 15-resumption-resume-client + +[15-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-resumption-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[15-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedProtocol = DTLSv1.2 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = Yes + + diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/11-dtls_resumption.conf.in b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/11-dtls_resumption.conf.in new file mode 100644 index 000000000..16dec1d56 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/11-dtls_resumption.conf.in @@ -0,0 +1,19 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test version negotiation upon resumption. + +use strict; +use warnings; + +package ssltests; + +use protocol_version; + +our @tests = generate_resumption_tests("DTLS"); diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/12-ct.conf b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/12-ct.conf new file mode 100644 index 000000000..2e6e9dea6 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/12-ct.conf @@ -0,0 +1,191 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 6 + +test-0 = 0-ct-permissive-without-scts +test-1 = 1-ct-permissive-with-scts +test-2 = 2-ct-strict-without-scts +test-3 = 3-ct-strict-with-scts +test-4 = 4-ct-permissive-resumption +test-5 = 5-ct-strict-resumption +# =========================================================== + +[0-ct-permissive-without-scts] +ssl_conf = 0-ct-permissive-without-scts-ssl + +[0-ct-permissive-without-scts-ssl] +server = 0-ct-permissive-without-scts-server +client = 0-ct-permissive-without-scts-client + +[0-ct-permissive-without-scts-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-ct-permissive-without-scts-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +client = 0-ct-permissive-without-scts-client-extra + +[0-ct-permissive-without-scts-client-extra] +CTValidation = Permissive + + +# =========================================================== + +[1-ct-permissive-with-scts] +ssl_conf = 1-ct-permissive-with-scts-ssl + +[1-ct-permissive-with-scts-ssl] +server = 1-ct-permissive-with-scts-server +client = 1-ct-permissive-with-scts-client + +[1-ct-permissive-with-scts-server] +Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem + +[1-ct-permissive-with-scts-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success +client = 1-ct-permissive-with-scts-client-extra + +[1-ct-permissive-with-scts-client-extra] +CTValidation = Permissive + + +# =========================================================== + +[2-ct-strict-without-scts] +ssl_conf = 2-ct-strict-without-scts-ssl + +[2-ct-strict-without-scts-ssl] +server = 2-ct-strict-without-scts-server +client = 2-ct-strict-without-scts-client + +[2-ct-strict-without-scts-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-ct-strict-without-scts-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedClientAlert = HandshakeFailure +ExpectedResult = ClientFail +client = 2-ct-strict-without-scts-client-extra + +[2-ct-strict-without-scts-client-extra] +CTValidation = Strict + + +# =========================================================== + +[3-ct-strict-with-scts] +ssl_conf = 3-ct-strict-with-scts-ssl + +[3-ct-strict-with-scts-ssl] +server = 3-ct-strict-with-scts-server +client = 3-ct-strict-with-scts-client + +[3-ct-strict-with-scts-server] +Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem + +[3-ct-strict-with-scts-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +client = 3-ct-strict-with-scts-client-extra + +[3-ct-strict-with-scts-client-extra] +CTValidation = Strict + + +# =========================================================== + +[4-ct-permissive-resumption] +ssl_conf = 4-ct-permissive-resumption-ssl + +[4-ct-permissive-resumption-ssl] +server = 4-ct-permissive-resumption-server +client = 4-ct-permissive-resumption-client +resume-server = 4-ct-permissive-resumption-server +resume-client = 4-ct-permissive-resumption-client + +[4-ct-permissive-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem + +[4-ct-permissive-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success +HandshakeMode = Resume +ResumptionExpected = Yes +client = 4-ct-permissive-resumption-client-extra +resume-client = 4-ct-permissive-resumption-client-extra + +[4-ct-permissive-resumption-client-extra] +CTValidation = Permissive + + +# =========================================================== + +[5-ct-strict-resumption] +ssl_conf = 5-ct-strict-resumption-ssl + +[5-ct-strict-resumption-ssl] +server = 5-ct-strict-resumption-server +client = 5-ct-strict-resumption-client +resume-server = 5-ct-strict-resumption-server +resume-client = 5-ct-strict-resumption-resume-client + +[5-ct-strict-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem + +[5-ct-strict-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem +VerifyMode = Peer + +[5-ct-strict-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = Success +HandshakeMode = Resume +ResumptionExpected = Yes +client = 5-ct-strict-resumption-client-extra +resume-client = 5-ct-strict-resumption-resume-client-extra + +[5-ct-strict-resumption-client-extra] +CTValidation = Strict + +[5-ct-strict-resumption-resume-client-extra] +CTValidation = Strict + + diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/12-ct.conf.in b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/12-ct.conf.in new file mode 100644 index 000000000..7c0304995 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/12-ct.conf.in @@ -0,0 +1,119 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test version negotiation + +use strict; +use warnings; + +package ssltests; + + +our @tests = ( + { + name => "ct-permissive-without-scts", + server => { }, + client => { + extra => { + "CTValidation" => "Permissive", + }, + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "ct-permissive-with-scts", + server => { + "Certificate" => test_pem("embeddedSCTs1.pem"), + "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), + }, + client => { + "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), + extra => { + "CTValidation" => "Permissive", + }, + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "ct-strict-without-scts", + server => { }, + client => { + extra => { + "CTValidation" => "Strict", + }, + }, + test => { + "ExpectedResult" => "ClientFail", + "ExpectedClientAlert" => "HandshakeFailure", + }, + }, + { + name => "ct-strict-with-scts", + server => { + "Certificate" => test_pem("embeddedSCTs1.pem"), + "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), + }, + client => { + "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), + extra => { + "CTValidation" => "Strict", + }, + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "ct-permissive-resumption", + server => { + "Certificate" => test_pem("embeddedSCTs1.pem"), + "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), + }, + client => { + "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), + extra => { + "CTValidation" => "Permissive", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedResult" => "Success", + }, + }, + { + name => "ct-strict-resumption", + server => { + "Certificate" => test_pem("embeddedSCTs1.pem"), + "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), + }, + client => { + "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), + extra => { + "CTValidation" => "Strict", + }, + }, + # SCTs are not present during resumption, so the resumption + # should succeed. + resume_client => { + extra => { + "CTValidation" => "Strict", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedResult" => "Success", + }, + }, +); diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/13-fragmentation.conf b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/13-fragmentation.conf new file mode 100644 index 000000000..649387c7b --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/13-fragmentation.conf @@ -0,0 +1,577 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 22 + +test-0 = 0-one-fragment-minus-app-data +test-1 = 1-one-fragment-app-data +test-2 = 2-one-fragment-plus-app-data +test-3 = 3-small-app-data +test-4 = 4-small-app-data-large-fragment-size +test-5 = 5-medium-app-data +test-6 = 6-medium-plus-app-data +test-7 = 7-large-app-data +test-8 = 8-large-app-data-large-fragment-size +test-9 = 9-large-app-data-odd-fragment-size +test-10 = 10-large-app-data-aes-sha1-multibuffer +test-11 = 11-large-app-data-aes-sha2-multibuffer +test-12 = 12-large-app-data-aes-sha1-multibuffer-odd-fragment +test-13 = 13-large-app-data-aes-sha2-multibuffer-odd-fragment +test-14 = 14-small-app-data-aes-sha1-multibuffer +test-15 = 15-small-app-data-aes-sha2-multibuffer +test-16 = 16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled +test-17 = 17-Maximum Fragment Len extension equal FragmentSize to 2048 +test-18 = 18-Maximum Fragment Len extension 512 lower than FragmentSize 1024 +test-19 = 19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024 +test-20 = 20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048 +test-21 = 21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024 +# =========================================================== + +[0-one-fragment-minus-app-data] +ssl_conf = 0-one-fragment-minus-app-data-ssl + +[0-one-fragment-minus-app-data-ssl] +server = 0-one-fragment-minus-app-data-server +client = 0-one-fragment-minus-app-data-client + +[0-one-fragment-minus-app-data-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-one-fragment-minus-app-data-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ApplicationData = 511 + + +# =========================================================== + +[1-one-fragment-app-data] +ssl_conf = 1-one-fragment-app-data-ssl + +[1-one-fragment-app-data-ssl] +server = 1-one-fragment-app-data-server +client = 1-one-fragment-app-data-client + +[1-one-fragment-app-data-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-one-fragment-app-data-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ApplicationData = 512 + + +# =========================================================== + +[2-one-fragment-plus-app-data] +ssl_conf = 2-one-fragment-plus-app-data-ssl + +[2-one-fragment-plus-app-data-ssl] +server = 2-one-fragment-plus-app-data-server +client = 2-one-fragment-plus-app-data-client + +[2-one-fragment-plus-app-data-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-one-fragment-plus-app-data-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ApplicationData = 513 + + +# =========================================================== + +[3-small-app-data] +ssl_conf = 3-small-app-data-ssl + +[3-small-app-data-ssl] +server = 3-small-app-data-server +client = 3-small-app-data-client + +[3-small-app-data-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-small-app-data-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ApplicationData = 4097 + + +# =========================================================== + +[4-small-app-data-large-fragment-size] +ssl_conf = 4-small-app-data-large-fragment-size-ssl + +[4-small-app-data-large-fragment-size-ssl] +server = 4-small-app-data-large-fragment-size-server +client = 4-small-app-data-large-fragment-size-client + +[4-small-app-data-large-fragment-size-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-small-app-data-large-fragment-size-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ApplicationData = 4097 +MaxFragmentSize = 16384 + + +# =========================================================== + +[5-medium-app-data] +ssl_conf = 5-medium-app-data-ssl + +[5-medium-app-data-ssl] +server = 5-medium-app-data-server +client = 5-medium-app-data-client + +[5-medium-app-data-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-medium-app-data-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ApplicationData = 32775 + + +# =========================================================== + +[6-medium-plus-app-data] +ssl_conf = 6-medium-plus-app-data-ssl + +[6-medium-plus-app-data-ssl] +server = 6-medium-plus-app-data-server +client = 6-medium-plus-app-data-client + +[6-medium-plus-app-data-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-medium-plus-app-data-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ApplicationData = 131069 + + +# =========================================================== + +[7-large-app-data] +ssl_conf = 7-large-app-data-ssl + +[7-large-app-data-ssl] +server = 7-large-app-data-server +client = 7-large-app-data-client + +[7-large-app-data-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-large-app-data-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ApplicationData = 1048576 + + +# =========================================================== + +[8-large-app-data-large-fragment-size] +ssl_conf = 8-large-app-data-large-fragment-size-ssl + +[8-large-app-data-large-fragment-size-ssl] +server = 8-large-app-data-large-fragment-size-server +client = 8-large-app-data-large-fragment-size-client + +[8-large-app-data-large-fragment-size-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-large-app-data-large-fragment-size-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ApplicationData = 1048576 +MaxFragmentSize = 16384 + + +# =========================================================== + +[9-large-app-data-odd-fragment-size] +ssl_conf = 9-large-app-data-odd-fragment-size-ssl + +[9-large-app-data-odd-fragment-size-ssl] +server = 9-large-app-data-odd-fragment-size-server +client = 9-large-app-data-odd-fragment-size-client + +[9-large-app-data-odd-fragment-size-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-large-app-data-odd-fragment-size-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ApplicationData = 1048576 +MaxFragmentSize = 5115 + + +# =========================================================== + +[10-large-app-data-aes-sha1-multibuffer] +ssl_conf = 10-large-app-data-aes-sha1-multibuffer-ssl + +[10-large-app-data-aes-sha1-multibuffer-ssl] +server = 10-large-app-data-aes-sha1-multibuffer-server +client = 10-large-app-data-aes-sha1-multibuffer-client + +[10-large-app-data-aes-sha1-multibuffer-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-large-app-data-aes-sha1-multibuffer-client] +CipherString = AES128-SHA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ApplicationData = 1048576 +MaxFragmentSize = 4096 + + +# =========================================================== + +[11-large-app-data-aes-sha2-multibuffer] +ssl_conf = 11-large-app-data-aes-sha2-multibuffer-ssl + +[11-large-app-data-aes-sha2-multibuffer-ssl] +server = 11-large-app-data-aes-sha2-multibuffer-server +client = 11-large-app-data-aes-sha2-multibuffer-client + +[11-large-app-data-aes-sha2-multibuffer-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-large-app-data-aes-sha2-multibuffer-client] +CipherString = AES128-SHA256 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ApplicationData = 1048576 +MaxFragmentSize = 4096 + + +# =========================================================== + +[12-large-app-data-aes-sha1-multibuffer-odd-fragment] +ssl_conf = 12-large-app-data-aes-sha1-multibuffer-odd-fragment-ssl + +[12-large-app-data-aes-sha1-multibuffer-odd-fragment-ssl] +server = 12-large-app-data-aes-sha1-multibuffer-odd-fragment-server +client = 12-large-app-data-aes-sha1-multibuffer-odd-fragment-client + +[12-large-app-data-aes-sha1-multibuffer-odd-fragment-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-large-app-data-aes-sha1-multibuffer-odd-fragment-client] +CipherString = AES128-SHA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ApplicationData = 1048579 +MaxFragmentSize = 5115 + + +# =========================================================== + +[13-large-app-data-aes-sha2-multibuffer-odd-fragment] +ssl_conf = 13-large-app-data-aes-sha2-multibuffer-odd-fragment-ssl + +[13-large-app-data-aes-sha2-multibuffer-odd-fragment-ssl] +server = 13-large-app-data-aes-sha2-multibuffer-odd-fragment-server +client = 13-large-app-data-aes-sha2-multibuffer-odd-fragment-client + +[13-large-app-data-aes-sha2-multibuffer-odd-fragment-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-large-app-data-aes-sha2-multibuffer-odd-fragment-client] +CipherString = AES128-SHA256 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ApplicationData = 1048573 +MaxFragmentSize = 5125 + + +# =========================================================== + +[14-small-app-data-aes-sha1-multibuffer] +ssl_conf = 14-small-app-data-aes-sha1-multibuffer-ssl + +[14-small-app-data-aes-sha1-multibuffer-ssl] +server = 14-small-app-data-aes-sha1-multibuffer-server +client = 14-small-app-data-aes-sha1-multibuffer-client + +[14-small-app-data-aes-sha1-multibuffer-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-small-app-data-aes-sha1-multibuffer-client] +CipherString = AES128-SHA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ApplicationData = 4096 +MaxFragmentSize = 4096 + + +# =========================================================== + +[15-small-app-data-aes-sha2-multibuffer] +ssl_conf = 15-small-app-data-aes-sha2-multibuffer-ssl + +[15-small-app-data-aes-sha2-multibuffer-ssl] +server = 15-small-app-data-aes-sha2-multibuffer-server +client = 15-small-app-data-aes-sha2-multibuffer-client + +[15-small-app-data-aes-sha2-multibuffer-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-small-app-data-aes-sha2-multibuffer-client] +CipherString = AES128-SHA256 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ApplicationData = 4096 +MaxFragmentSize = 4096 + + +# =========================================================== + +[16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled] +ssl_conf = 16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-ssl + +[16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-ssl] +server = 16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-server +client = 16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-client + +[16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +ApplicationData = 3072 +MaxFragmentSize = 16384 +client = 16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-client-extra + +[16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-client-extra] +MaxFragmentLenExt = 1024 + + +# =========================================================== + +[17-Maximum Fragment Len extension equal FragmentSize to 2048] +ssl_conf = 17-Maximum Fragment Len extension equal FragmentSize to 2048-ssl + +[17-Maximum Fragment Len extension equal FragmentSize to 2048-ssl] +server = 17-Maximum Fragment Len extension equal FragmentSize to 2048-server +client = 17-Maximum Fragment Len extension equal FragmentSize to 2048-client + +[17-Maximum Fragment Len extension equal FragmentSize to 2048-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[17-Maximum Fragment Len extension equal FragmentSize to 2048-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-17] +ApplicationData = 3072 +MaxFragmentSize = 2048 +client = 17-Maximum Fragment Len extension equal FragmentSize to 2048-client-extra + +[17-Maximum Fragment Len extension equal FragmentSize to 2048-client-extra] +MaxFragmentLenExt = 2048 + + +# =========================================================== + +[18-Maximum Fragment Len extension 512 lower than FragmentSize 1024] +ssl_conf = 18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-ssl + +[18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-ssl] +server = 18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-server +client = 18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-client + +[18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-18] +ApplicationData = 3072 +MaxFragmentSize = 1024 +client = 18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-client-extra + +[18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-client-extra] +MaxFragmentLenExt = 512 + + +# =========================================================== + +[19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024] +ssl_conf = 19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-ssl + +[19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-ssl] +server = 19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-server +client = 19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-client + +[19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-19] +ApplicationData = 3072 +MaxFragmentSize = 1024 +client = 19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-client-extra + +[19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-client-extra] +MaxFragmentLenExt = 2048 + + +# =========================================================== + +[20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048] +ssl_conf = 20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-ssl + +[20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-ssl] +server = 20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-server +client = 20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-client + +[20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-20] +ApplicationData = 8196 +MaxFragmentSize = 2048 +client = 20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-client-extra + +[20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-client-extra] +MaxFragmentLenExt = 4096 + + +# =========================================================== + +[21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024] +ssl_conf = 21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-ssl + +[21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-ssl] +server = 21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-server +client = 21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-client + +[21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-21] +ApplicationData = 3072 +MaxFragmentSize = 1024 +client = 21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-client-extra + +[21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-client-extra] +MaxFragmentLenExt = 2048 + + diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/13-fragmentation.conf.in b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/13-fragmentation.conf.in new file mode 100644 index 000000000..7c80c431c --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/13-fragmentation.conf.in @@ -0,0 +1,268 @@ +# -*- mode: perl; -*- +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test packet fragmentation + +use strict; +use warnings; + +package ssltests; + + +our @tests = ( + # Default fragment size is 512. + { + name => "one-fragment-minus-app-data", + server => { }, + client => { }, + test => { + ApplicationData => 511, + } + }, + { + name => "one-fragment-app-data", + server => { }, + client => { }, + test => { + ApplicationData => 512, + } + }, + { + name => "one-fragment-plus-app-data", + server => { }, + client => { }, + test => { + ApplicationData => 513, + } + }, + { + name => "small-app-data", + server => { }, + client => { }, + test => { + ApplicationData => 4 * 1024 + 1, + } + }, + { + name => "small-app-data-large-fragment-size", + server => { }, + client => { }, + test => { + ApplicationData => 4 * 1024 + 1, + MaxFragmentSize => 16384, + } + }, + { + name => "medium-app-data", + server => { }, + client => { }, + test => { + ApplicationData => 32 * 1024 + 7, + } + }, + # Exceeds the 64kB write buffer size. + { + name => "medium-plus-app-data", + server => { }, + client => { }, + test => { + ApplicationData => 128 * 1024 - 3, + } + }, + { + name => "large-app-data", + server => { }, + client => { }, + test => { + ApplicationData => 1024 * 1024, + } + }, + { + name => "large-app-data-large-fragment-size", + server => { }, + client => { }, + test => { + ApplicationData => 1024 * 1024, + MaxFragmentSize => 16384, + } + }, + { + name => "large-app-data-odd-fragment-size", + server => { }, + client => { }, + test => { + ApplicationData => 1024 * 1024, + MaxFragmentSize => 5 * 1024 - 5, + } + }, + # When the buffer / fragment size ratio is sufficiently large, + # multi-buffer code kicks in on some platforms for AES-SHA. The + # exact minimum ratio depends on the platform, and is usually + # around 4. Since the test buffer is 64kB, a 4kB fragment is + # easily sufficient. + # + # (We run this test on all platforms though it's only true multibuffer + # on some of them.) + { + name => "large-app-data-aes-sha1-multibuffer", + server => { }, + client => { + CipherString => "AES128-SHA", + MaxProtocol => "TLSv1.2" + }, + test => { + ApplicationData => 1024 * 1024, + MaxFragmentSize => 4 * 1024, + } + }, + { + name => "large-app-data-aes-sha2-multibuffer", + server => { }, + client => { + CipherString => "AES128-SHA256", + MaxProtocol => "TLSv1.2" + }, + test => { + ApplicationData => 1024 * 1024, + MaxFragmentSize => 4 * 1024, + } + }, + { + name => "large-app-data-aes-sha1-multibuffer-odd-fragment", + server => { }, + client => { + CipherString => "AES128-SHA", + MaxProtocol => "TLSv1.2" + }, + test => { + ApplicationData => 1024 * 1024 + 3, + MaxFragmentSize => 5 * 1024 - 5, + } + }, + { + name => "large-app-data-aes-sha2-multibuffer-odd-fragment", + server => { }, + client => { + CipherString => "AES128-SHA256", + MaxProtocol => "TLSv1.2" + }, + test => { + ApplicationData => 1024 * 1024 - 3, + MaxFragmentSize => 5 * 1024 + 5, + } + }, + # Test that multibuffer-capable code also handles small data correctly. + # Here fragment size == app data size < buffer size, + # so no multibuffering should happen. + { + name => "small-app-data-aes-sha1-multibuffer", + server => { }, + client => { + CipherString => "AES128-SHA", + MaxProtocol => "TLSv1.2" + }, + test => { + ApplicationData => 4 * 1024, + MaxFragmentSize => 4 * 1024, + } + }, + { + name => "small-app-data-aes-sha2-multibuffer", + server => { }, + client => { + CipherString => "AES128-SHA256", + MaxProtocol => "TLSv1.2" + }, + test => { + ApplicationData => 4 * 1024, + MaxFragmentSize => 4 * 1024, + } + }, + ############################################ + # Default (Max) Fragment Size is 512. + # Default Application data size is 256. + { + name => "Maximum Fragment Len extension set to 1024 w. FragmentSize disabled", + server => { }, + client => { + extra => { + MaxFragmentLenExt => 1024, + }, + }, + test => { + ApplicationData => 3072, + MaxFragmentSize => 16384, + } + }, + { + name => "Maximum Fragment Len extension equal FragmentSize to 2048", + server => { }, + client => { + extra => { + MaxFragmentLenExt => 2048, + }, + }, + test => { + ApplicationData => 3072, + MaxFragmentSize => 2048, + } + }, + { + name => "Maximum Fragment Len extension 512 lower than FragmentSize 1024", + server => { }, + client => { + extra => { + MaxFragmentLenExt => 512, + }, + }, + test => { + ApplicationData => 3072, + MaxFragmentSize => 1024, + } + }, + { + name => "Maximum Fragment Len extension 1024 lower than FragmentSize 1024", + server => { }, + client => { + extra => { + MaxFragmentLenExt => 2048, + }, + }, + test => { + ApplicationData => 3072, + MaxFragmentSize => 1024, + } + }, + { + name => "Maximum Fragment Len extension 4096 greater than FragmentSize 2048", + server => { }, + client => { + extra => { + MaxFragmentLenExt => 4096, + }, + }, + test => { + ApplicationData => 8196, + MaxFragmentSize => 2048, + } + }, + { + name => "Maximum Fragment Len extension 2048 greater than FragmentSize 1024", + server => { }, + client => { + extra => { + MaxFragmentLenExt => 2048, + }, + }, + test => { + ApplicationData => 3072, + MaxFragmentSize => 1024, + } + }, +); diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/14-curves.conf b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/14-curves.conf new file mode 100644 index 000000000..f76f08fd7 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/14-curves.conf @@ -0,0 +1,874 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 30 + +test-0 = 0-curve-sect163k1 +test-1 = 1-curve-sect163r1 +test-2 = 2-curve-sect163r2 +test-3 = 3-curve-sect193r1 +test-4 = 4-curve-sect193r2 +test-5 = 5-curve-sect233k1 +test-6 = 6-curve-sect233r1 +test-7 = 7-curve-sect239k1 +test-8 = 8-curve-sect283k1 +test-9 = 9-curve-sect283r1 +test-10 = 10-curve-sect409k1 +test-11 = 11-curve-sect409r1 +test-12 = 12-curve-sect571k1 +test-13 = 13-curve-sect571r1 +test-14 = 14-curve-secp160k1 +test-15 = 15-curve-secp160r1 +test-16 = 16-curve-secp160r2 +test-17 = 17-curve-secp192k1 +test-18 = 18-curve-prime192v1 +test-19 = 19-curve-secp224k1 +test-20 = 20-curve-secp224r1 +test-21 = 21-curve-secp256k1 +test-22 = 22-curve-prime256v1 +test-23 = 23-curve-secp384r1 +test-24 = 24-curve-secp521r1 +test-25 = 25-curve-brainpoolP256r1 +test-26 = 26-curve-brainpoolP384r1 +test-27 = 27-curve-brainpoolP512r1 +test-28 = 28-curve-X25519 +test-29 = 29-curve-X448 +# =========================================================== + +[0-curve-sect163k1] +ssl_conf = 0-curve-sect163k1-ssl + +[0-curve-sect163k1-ssl] +server = 0-curve-sect163k1-server +client = 0-curve-sect163k1-client + +[0-curve-sect163k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect163k1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-curve-sect163k1-client] +CipherString = ECDHE +Curves = sect163k1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +ExpectedTmpKeyType = sect163k1 + + +# =========================================================== + +[1-curve-sect163r1] +ssl_conf = 1-curve-sect163r1-ssl + +[1-curve-sect163r1-ssl] +server = 1-curve-sect163r1-server +client = 1-curve-sect163r1-client + +[1-curve-sect163r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect163r1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-curve-sect163r1-client] +CipherString = ECDHE +Curves = sect163r1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success +ExpectedTmpKeyType = sect163r1 + + +# =========================================================== + +[2-curve-sect163r2] +ssl_conf = 2-curve-sect163r2-ssl + +[2-curve-sect163r2-ssl] +server = 2-curve-sect163r2-server +client = 2-curve-sect163r2-client + +[2-curve-sect163r2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect163r2 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-curve-sect163r2-client] +CipherString = ECDHE +Curves = sect163r2 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success +ExpectedTmpKeyType = sect163r2 + + +# =========================================================== + +[3-curve-sect193r1] +ssl_conf = 3-curve-sect193r1-ssl + +[3-curve-sect193r1-ssl] +server = 3-curve-sect193r1-server +client = 3-curve-sect193r1-client + +[3-curve-sect193r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect193r1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-curve-sect193r1-client] +CipherString = ECDHE +Curves = sect193r1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +ExpectedTmpKeyType = sect193r1 + + +# =========================================================== + +[4-curve-sect193r2] +ssl_conf = 4-curve-sect193r2-ssl + +[4-curve-sect193r2-ssl] +server = 4-curve-sect193r2-server +client = 4-curve-sect193r2-client + +[4-curve-sect193r2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect193r2 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-curve-sect193r2-client] +CipherString = ECDHE +Curves = sect193r2 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success +ExpectedTmpKeyType = sect193r2 + + +# =========================================================== + +[5-curve-sect233k1] +ssl_conf = 5-curve-sect233k1-ssl + +[5-curve-sect233k1-ssl] +server = 5-curve-sect233k1-server +client = 5-curve-sect233k1-client + +[5-curve-sect233k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect233k1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-curve-sect233k1-client] +CipherString = ECDHE +Curves = sect233k1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = Success +ExpectedTmpKeyType = sect233k1 + + +# =========================================================== + +[6-curve-sect233r1] +ssl_conf = 6-curve-sect233r1-ssl + +[6-curve-sect233r1-ssl] +server = 6-curve-sect233r1-server +client = 6-curve-sect233r1-client + +[6-curve-sect233r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect233r1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-curve-sect233r1-client] +CipherString = ECDHE +Curves = sect233r1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = Success +ExpectedTmpKeyType = sect233r1 + + +# =========================================================== + +[7-curve-sect239k1] +ssl_conf = 7-curve-sect239k1-ssl + +[7-curve-sect239k1-ssl] +server = 7-curve-sect239k1-server +client = 7-curve-sect239k1-client + +[7-curve-sect239k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect239k1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-curve-sect239k1-client] +CipherString = ECDHE +Curves = sect239k1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = Success +ExpectedTmpKeyType = sect239k1 + + +# =========================================================== + +[8-curve-sect283k1] +ssl_conf = 8-curve-sect283k1-ssl + +[8-curve-sect283k1-ssl] +server = 8-curve-sect283k1-server +client = 8-curve-sect283k1-client + +[8-curve-sect283k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect283k1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-curve-sect283k1-client] +CipherString = ECDHE +Curves = sect283k1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedResult = Success +ExpectedTmpKeyType = sect283k1 + + +# =========================================================== + +[9-curve-sect283r1] +ssl_conf = 9-curve-sect283r1-ssl + +[9-curve-sect283r1-ssl] +server = 9-curve-sect283r1-server +client = 9-curve-sect283r1-client + +[9-curve-sect283r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect283r1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-curve-sect283r1-client] +CipherString = ECDHE +Curves = sect283r1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedResult = Success +ExpectedTmpKeyType = sect283r1 + + +# =========================================================== + +[10-curve-sect409k1] +ssl_conf = 10-curve-sect409k1-ssl + +[10-curve-sect409k1-ssl] +server = 10-curve-sect409k1-server +client = 10-curve-sect409k1-client + +[10-curve-sect409k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect409k1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-curve-sect409k1-client] +CipherString = ECDHE +Curves = sect409k1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedResult = Success +ExpectedTmpKeyType = sect409k1 + + +# =========================================================== + +[11-curve-sect409r1] +ssl_conf = 11-curve-sect409r1-ssl + +[11-curve-sect409r1-ssl] +server = 11-curve-sect409r1-server +client = 11-curve-sect409r1-client + +[11-curve-sect409r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect409r1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-curve-sect409r1-client] +CipherString = ECDHE +Curves = sect409r1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedResult = Success +ExpectedTmpKeyType = sect409r1 + + +# =========================================================== + +[12-curve-sect571k1] +ssl_conf = 12-curve-sect571k1-ssl + +[12-curve-sect571k1-ssl] +server = 12-curve-sect571k1-server +client = 12-curve-sect571k1-client + +[12-curve-sect571k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect571k1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-curve-sect571k1-client] +CipherString = ECDHE +Curves = sect571k1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedResult = Success +ExpectedTmpKeyType = sect571k1 + + +# =========================================================== + +[13-curve-sect571r1] +ssl_conf = 13-curve-sect571r1-ssl + +[13-curve-sect571r1-ssl] +server = 13-curve-sect571r1-server +client = 13-curve-sect571r1-client + +[13-curve-sect571r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect571r1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-curve-sect571r1-client] +CipherString = ECDHE +Curves = sect571r1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedResult = Success +ExpectedTmpKeyType = sect571r1 + + +# =========================================================== + +[14-curve-secp160k1] +ssl_conf = 14-curve-secp160k1-ssl + +[14-curve-secp160k1-ssl] +server = 14-curve-secp160k1-server +client = 14-curve-secp160k1-client + +[14-curve-secp160k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp160k1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-curve-secp160k1-client] +CipherString = ECDHE +Curves = secp160k1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedResult = Success +ExpectedTmpKeyType = secp160k1 + + +# =========================================================== + +[15-curve-secp160r1] +ssl_conf = 15-curve-secp160r1-ssl + +[15-curve-secp160r1-ssl] +server = 15-curve-secp160r1-server +client = 15-curve-secp160r1-client + +[15-curve-secp160r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp160r1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-curve-secp160r1-client] +CipherString = ECDHE +Curves = secp160r1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedResult = Success +ExpectedTmpKeyType = secp160r1 + + +# =========================================================== + +[16-curve-secp160r2] +ssl_conf = 16-curve-secp160r2-ssl + +[16-curve-secp160r2-ssl] +server = 16-curve-secp160r2-server +client = 16-curve-secp160r2-client + +[16-curve-secp160r2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp160r2 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-curve-secp160r2-client] +CipherString = ECDHE +Curves = secp160r2 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +ExpectedResult = Success +ExpectedTmpKeyType = secp160r2 + + +# =========================================================== + +[17-curve-secp192k1] +ssl_conf = 17-curve-secp192k1-ssl + +[17-curve-secp192k1-ssl] +server = 17-curve-secp192k1-server +client = 17-curve-secp192k1-client + +[17-curve-secp192k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp192k1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[17-curve-secp192k1-client] +CipherString = ECDHE +Curves = secp192k1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-17] +ExpectedResult = Success +ExpectedTmpKeyType = secp192k1 + + +# =========================================================== + +[18-curve-prime192v1] +ssl_conf = 18-curve-prime192v1-ssl + +[18-curve-prime192v1-ssl] +server = 18-curve-prime192v1-server +client = 18-curve-prime192v1-client + +[18-curve-prime192v1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = prime192v1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-curve-prime192v1-client] +CipherString = ECDHE +Curves = prime192v1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-18] +ExpectedResult = Success +ExpectedTmpKeyType = prime192v1 + + +# =========================================================== + +[19-curve-secp224k1] +ssl_conf = 19-curve-secp224k1-ssl + +[19-curve-secp224k1-ssl] +server = 19-curve-secp224k1-server +client = 19-curve-secp224k1-client + +[19-curve-secp224k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp224k1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-curve-secp224k1-client] +CipherString = ECDHE +Curves = secp224k1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-19] +ExpectedResult = Success +ExpectedTmpKeyType = secp224k1 + + +# =========================================================== + +[20-curve-secp224r1] +ssl_conf = 20-curve-secp224r1-ssl + +[20-curve-secp224r1-ssl] +server = 20-curve-secp224r1-server +client = 20-curve-secp224r1-client + +[20-curve-secp224r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp224r1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[20-curve-secp224r1-client] +CipherString = ECDHE +Curves = secp224r1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-20] +ExpectedResult = Success +ExpectedTmpKeyType = secp224r1 + + +# =========================================================== + +[21-curve-secp256k1] +ssl_conf = 21-curve-secp256k1-ssl + +[21-curve-secp256k1-ssl] +server = 21-curve-secp256k1-server +client = 21-curve-secp256k1-client + +[21-curve-secp256k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp256k1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[21-curve-secp256k1-client] +CipherString = ECDHE +Curves = secp256k1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-21] +ExpectedResult = Success +ExpectedTmpKeyType = secp256k1 + + +# =========================================================== + +[22-curve-prime256v1] +ssl_conf = 22-curve-prime256v1-ssl + +[22-curve-prime256v1-ssl] +server = 22-curve-prime256v1-server +client = 22-curve-prime256v1-client + +[22-curve-prime256v1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = prime256v1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[22-curve-prime256v1-client] +CipherString = ECDHE +Curves = prime256v1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-22] +ExpectedResult = Success +ExpectedTmpKeyType = prime256v1 + + +# =========================================================== + +[23-curve-secp384r1] +ssl_conf = 23-curve-secp384r1-ssl + +[23-curve-secp384r1-ssl] +server = 23-curve-secp384r1-server +client = 23-curve-secp384r1-client + +[23-curve-secp384r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp384r1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[23-curve-secp384r1-client] +CipherString = ECDHE +Curves = secp384r1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-23] +ExpectedResult = Success +ExpectedTmpKeyType = secp384r1 + + +# =========================================================== + +[24-curve-secp521r1] +ssl_conf = 24-curve-secp521r1-ssl + +[24-curve-secp521r1-ssl] +server = 24-curve-secp521r1-server +client = 24-curve-secp521r1-client + +[24-curve-secp521r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp521r1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[24-curve-secp521r1-client] +CipherString = ECDHE +Curves = secp521r1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-24] +ExpectedResult = Success +ExpectedTmpKeyType = secp521r1 + + +# =========================================================== + +[25-curve-brainpoolP256r1] +ssl_conf = 25-curve-brainpoolP256r1-ssl + +[25-curve-brainpoolP256r1-ssl] +server = 25-curve-brainpoolP256r1-server +client = 25-curve-brainpoolP256r1-client + +[25-curve-brainpoolP256r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = brainpoolP256r1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[25-curve-brainpoolP256r1-client] +CipherString = ECDHE +Curves = brainpoolP256r1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-25] +ExpectedResult = Success +ExpectedTmpKeyType = brainpoolP256r1 + + +# =========================================================== + +[26-curve-brainpoolP384r1] +ssl_conf = 26-curve-brainpoolP384r1-ssl + +[26-curve-brainpoolP384r1-ssl] +server = 26-curve-brainpoolP384r1-server +client = 26-curve-brainpoolP384r1-client + +[26-curve-brainpoolP384r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = brainpoolP384r1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[26-curve-brainpoolP384r1-client] +CipherString = ECDHE +Curves = brainpoolP384r1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-26] +ExpectedResult = Success +ExpectedTmpKeyType = brainpoolP384r1 + + +# =========================================================== + +[27-curve-brainpoolP512r1] +ssl_conf = 27-curve-brainpoolP512r1-ssl + +[27-curve-brainpoolP512r1-ssl] +server = 27-curve-brainpoolP512r1-server +client = 27-curve-brainpoolP512r1-client + +[27-curve-brainpoolP512r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = brainpoolP512r1 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[27-curve-brainpoolP512r1-client] +CipherString = ECDHE +Curves = brainpoolP512r1 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-27] +ExpectedResult = Success +ExpectedTmpKeyType = brainpoolP512r1 + + +# =========================================================== + +[28-curve-X25519] +ssl_conf = 28-curve-X25519-ssl + +[28-curve-X25519-ssl] +server = 28-curve-X25519-server +client = 28-curve-X25519-client + +[28-curve-X25519-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = X25519 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[28-curve-X25519-client] +CipherString = ECDHE +Curves = X25519 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-28] +ExpectedResult = Success +ExpectedTmpKeyType = X25519 + + +# =========================================================== + +[29-curve-X448] +ssl_conf = 29-curve-X448-ssl + +[29-curve-X448-ssl] +server = 29-curve-X448-server +client = 29-curve-X448-client + +[29-curve-X448-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = X448 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[29-curve-X448-client] +CipherString = ECDHE +Curves = X448 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-29] +ExpectedResult = Success +ExpectedTmpKeyType = X448 + + diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/14-curves.conf.in b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/14-curves.conf.in new file mode 100644 index 000000000..2f8077c44 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/14-curves.conf.in @@ -0,0 +1,47 @@ +# -*- mode: perl; -*- + +## SSL test configurations + +package ssltests; + +use strict; +use warnings; + +use OpenSSL::Test; +use OpenSSL::Test::Utils qw(anydisabled); + +my @curves = ("sect163k1", "sect163r1", "sect163r2", "sect193r1", + "sect193r2", "sect233k1", "sect233r1", "sect239k1", + "sect283k1", "sect283r1", "sect409k1", "sect409r1", + "sect571k1", "sect571r1", "secp160k1", "secp160r1", + "secp160r2", "secp192k1", "prime192v1", "secp224k1", + "secp224r1", "secp256k1", "prime256v1", "secp384r1", + "secp521r1", "brainpoolP256r1", "brainpoolP384r1", + "brainpoolP512r1", "X25519", "X448"); + +our @tests = (); + +sub generate_tests() { + foreach (0..$#curves) { + my $curve = $curves[$_]; + push @tests, { + name => "curve-${curve}", + server => { + "Curves" => $curve, + # TODO(TLS1.3): Can we get this to work for TLSv1.3? + "MaxProtocol" => "TLSv1.2" + }, + client => { + "CipherString" => "ECDHE", + "MaxProtocol" => "TLSv1.2", + "Curves" => $curve + }, + test => { + "ExpectedTmpKeyType" => $curve, + "ExpectedResult" => "Success" + }, + }; + } +} + +generate_tests(); diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/15-certstatus.conf b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/15-certstatus.conf new file mode 100644 index 000000000..bf6c41cda --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/15-certstatus.conf @@ -0,0 +1,62 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 2 + +test-0 = 0-certstatus-good +test-1 = 1-certstatus-bad +# =========================================================== + +[0-certstatus-good] +ssl_conf = 0-certstatus-good-ssl + +[0-certstatus-good-ssl] +server = 0-certstatus-good-server +client = 0-certstatus-good-client + +[0-certstatus-good-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-certstatus-good-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +Method = TLS +server = 0-certstatus-good-server-extra + +[0-certstatus-good-server-extra] +CertStatus = GoodResponse + + +# =========================================================== + +[1-certstatus-bad] +ssl_conf = 1-certstatus-bad-ssl + +[1-certstatus-bad-ssl] +server = 1-certstatus-bad-server +client = 1-certstatus-bad-client + +[1-certstatus-bad-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-certstatus-bad-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = ClientFail +Method = TLS +server = 1-certstatus-bad-server-extra + +[1-certstatus-bad-server-extra] +CertStatus = BadResponse + + diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/15-certstatus.conf.in b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/15-certstatus.conf.in new file mode 100644 index 000000000..074602dc3 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/15-certstatus.conf.in @@ -0,0 +1,45 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test CertStatus messages + +use strict; +use warnings; + +package ssltests; + + +our @tests = ( + { + name => "certstatus-good", + server => { + extra => { + "CertStatus" => "GoodResponse", + }, + }, + client => {}, + test => { + "Method" => "TLS", + "ExpectedResult" => "Success" + } + }, + { + name => "certstatus-bad", + server => { + extra => { + "CertStatus" => "BadResponse", + }, + }, + client => {}, + test => { + "Method" => "TLS", + "ExpectedResult" => "ClientFail" + } + }, +); diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/16-certstatus.conf b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/16-certstatus.conf new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/16-certstatus.conf diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/16-dtls-certstatus.conf b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/16-dtls-certstatus.conf new file mode 100644 index 000000000..a561803a5 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/16-dtls-certstatus.conf @@ -0,0 +1,62 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 2 + +test-0 = 0-certstatus-good +test-1 = 1-certstatus-bad +# =========================================================== + +[0-certstatus-good] +ssl_conf = 0-certstatus-good-ssl + +[0-certstatus-good-ssl] +server = 0-certstatus-good-server +client = 0-certstatus-good-client + +[0-certstatus-good-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-certstatus-good-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +Method = DTLS +server = 0-certstatus-good-server-extra + +[0-certstatus-good-server-extra] +CertStatus = GoodResponse + + +# =========================================================== + +[1-certstatus-bad] +ssl_conf = 1-certstatus-bad-ssl + +[1-certstatus-bad-ssl] +server = 1-certstatus-bad-server +client = 1-certstatus-bad-client + +[1-certstatus-bad-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-certstatus-bad-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = ClientFail +Method = DTLS +server = 1-certstatus-bad-server-extra + +[1-certstatus-bad-server-extra] +CertStatus = BadResponse + + diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/16-dtls-certstatus.conf.in b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/16-dtls-certstatus.conf.in new file mode 100644 index 000000000..2d1766d5e --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/16-dtls-certstatus.conf.in @@ -0,0 +1,78 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test DTLS CertStatus messages + +use strict; +use warnings; + +package ssltests; +use OpenSSL::Test::Utils; + +our @tests = ( + { + name => "certstatus-good", + server => { + extra => { + "CertStatus" => "GoodResponse", + }, + }, + client => {}, + test => { + "Method" => "DTLS", + "ExpectedResult" => "Success" + } + }, + { + name => "certstatus-bad", + server => { + extra => { + "CertStatus" => "BadResponse", + }, + }, + client => {}, + test => { + "Method" => "DTLS", + "ExpectedResult" => "ClientFail" + } + } +); + +our @tests_sctp = ( + { + name => "certstatus-good", + server => { + extra => { + "CertStatus" => "GoodResponse", + }, + }, + client => {}, + test => { + "Method" => "DTLS", + "UseSCTP" => "Yes", + "ExpectedResult" => "Success" + } + }, + { + name => "certstatus-bad", + server => { + extra => { + "CertStatus" => "BadResponse", + }, + }, + client => {}, + test => { + "Method" => "DTLS", + "UseSCTP" => "Yes", + "ExpectedResult" => "ClientFail" + } + }, +); + +push @tests, @tests_sctp unless disabled("sctp") || disabled("sock"); diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/17-renegotiate.conf b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/17-renegotiate.conf new file mode 100644 index 000000000..12cf79131 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/17-renegotiate.conf @@ -0,0 +1,432 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 14 + +test-0 = 0-renegotiate-client-no-resume +test-1 = 1-renegotiate-client-resume +test-2 = 2-renegotiate-server-no-resume +test-3 = 3-renegotiate-server-resume +test-4 = 4-renegotiate-client-auth-require +test-5 = 5-renegotiate-client-auth-once +test-6 = 6-renegotiate-aead-to-non-aead +test-7 = 7-renegotiate-non-aead-to-aead +test-8 = 8-renegotiate-non-aead-to-non-aead +test-9 = 9-renegotiate-aead-to-aead +test-10 = 10-no-renegotiation-server-by-client +test-11 = 11-no-renegotiation-server-by-server +test-12 = 12-no-renegotiation-client-by-server +test-13 = 13-no-renegotiation-client-by-client +# =========================================================== + +[0-renegotiate-client-no-resume] +ssl_conf = 0-renegotiate-client-no-resume-ssl + +[0-renegotiate-client-no-resume-ssl] +server = 0-renegotiate-client-no-resume-server +client = 0-renegotiate-client-no-resume-client + +[0-renegotiate-client-no-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-renegotiate-client-no-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = TLS +ResumptionExpected = No + + +# =========================================================== + +[1-renegotiate-client-resume] +ssl_conf = 1-renegotiate-client-resume-ssl + +[1-renegotiate-client-resume-ssl] +server = 1-renegotiate-client-resume-server +client = 1-renegotiate-client-resume-client + +[1-renegotiate-client-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-renegotiate-client-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = TLS +ResumptionExpected = Yes + + +# =========================================================== + +[2-renegotiate-server-no-resume] +ssl_conf = 2-renegotiate-server-no-resume-ssl + +[2-renegotiate-server-no-resume-ssl] +server = 2-renegotiate-server-no-resume-server +client = 2-renegotiate-server-no-resume-client + +[2-renegotiate-server-no-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-renegotiate-server-no-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success +HandshakeMode = RenegotiateServer +Method = TLS +ResumptionExpected = No + + +# =========================================================== + +[3-renegotiate-server-resume] +ssl_conf = 3-renegotiate-server-resume-ssl + +[3-renegotiate-server-resume-ssl] +server = 3-renegotiate-server-resume-server +client = 3-renegotiate-server-resume-client + +[3-renegotiate-server-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-renegotiate-server-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +HandshakeMode = RenegotiateServer +Method = TLS +ResumptionExpected = Yes + + +# =========================================================== + +[4-renegotiate-client-auth-require] +ssl_conf = 4-renegotiate-client-auth-require-ssl + +[4-renegotiate-client-auth-require-ssl] +server = 4-renegotiate-client-auth-require-server +client = 4-renegotiate-client-auth-require-client + +[4-renegotiate-client-auth-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[4-renegotiate-client-auth-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success +HandshakeMode = RenegotiateServer +Method = TLS +ResumptionExpected = No + + +# =========================================================== + +[5-renegotiate-client-auth-once] +ssl_conf = 5-renegotiate-client-auth-once-ssl + +[5-renegotiate-client-auth-once-ssl] +server = 5-renegotiate-client-auth-once-server +client = 5-renegotiate-client-auth-once-client + +[5-renegotiate-client-auth-once-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Once + +[5-renegotiate-client-auth-once-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = Success +HandshakeMode = RenegotiateServer +Method = TLS +ResumptionExpected = No + + +# =========================================================== + +[6-renegotiate-aead-to-non-aead] +ssl_conf = 6-renegotiate-aead-to-non-aead-ssl + +[6-renegotiate-aead-to-non-aead-ssl] +server = 6-renegotiate-aead-to-non-aead-server +client = 6-renegotiate-aead-to-non-aead-client + +[6-renegotiate-aead-to-non-aead-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-renegotiate-aead-to-non-aead-client] +CipherString = AES128-GCM-SHA256 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = TLS +ResumptionExpected = No +client = 6-renegotiate-aead-to-non-aead-client-extra + +[6-renegotiate-aead-to-non-aead-client-extra] +RenegotiateCiphers = AES128-SHA + + +# =========================================================== + +[7-renegotiate-non-aead-to-aead] +ssl_conf = 7-renegotiate-non-aead-to-aead-ssl + +[7-renegotiate-non-aead-to-aead-ssl] +server = 7-renegotiate-non-aead-to-aead-server +client = 7-renegotiate-non-aead-to-aead-client + +[7-renegotiate-non-aead-to-aead-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-renegotiate-non-aead-to-aead-client] +CipherString = AES128-SHA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = TLS +ResumptionExpected = No +client = 7-renegotiate-non-aead-to-aead-client-extra + +[7-renegotiate-non-aead-to-aead-client-extra] +RenegotiateCiphers = AES128-GCM-SHA256 + + +# =========================================================== + +[8-renegotiate-non-aead-to-non-aead] +ssl_conf = 8-renegotiate-non-aead-to-non-aead-ssl + +[8-renegotiate-non-aead-to-non-aead-ssl] +server = 8-renegotiate-non-aead-to-non-aead-server +client = 8-renegotiate-non-aead-to-non-aead-client + +[8-renegotiate-non-aead-to-non-aead-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-renegotiate-non-aead-to-non-aead-client] +CipherString = AES128-SHA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = TLS +ResumptionExpected = No +client = 8-renegotiate-non-aead-to-non-aead-client-extra + +[8-renegotiate-non-aead-to-non-aead-client-extra] +RenegotiateCiphers = AES256-SHA + + +# =========================================================== + +[9-renegotiate-aead-to-aead] +ssl_conf = 9-renegotiate-aead-to-aead-ssl + +[9-renegotiate-aead-to-aead-ssl] +server = 9-renegotiate-aead-to-aead-server +client = 9-renegotiate-aead-to-aead-client + +[9-renegotiate-aead-to-aead-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-renegotiate-aead-to-aead-client] +CipherString = AES128-GCM-SHA256 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = TLS +ResumptionExpected = No +client = 9-renegotiate-aead-to-aead-client-extra + +[9-renegotiate-aead-to-aead-client-extra] +RenegotiateCiphers = AES256-GCM-SHA384 + + +# =========================================================== + +[10-no-renegotiation-server-by-client] +ssl_conf = 10-no-renegotiation-server-by-client-ssl + +[10-no-renegotiation-server-by-client-ssl] +server = 10-no-renegotiation-server-by-client-server +client = 10-no-renegotiation-server-by-client-client + +[10-no-renegotiation-server-by-client-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = NoRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-no-renegotiation-server-by-client-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedResult = ClientFail +HandshakeMode = RenegotiateClient +Method = TLS +ResumptionExpected = No + + +# =========================================================== + +[11-no-renegotiation-server-by-server] +ssl_conf = 11-no-renegotiation-server-by-server-ssl + +[11-no-renegotiation-server-by-server-ssl] +server = 11-no-renegotiation-server-by-server-server +client = 11-no-renegotiation-server-by-server-client + +[11-no-renegotiation-server-by-server-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = NoRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-no-renegotiation-server-by-server-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedResult = ServerFail +HandshakeMode = RenegotiateServer +Method = TLS +ResumptionExpected = No + + +# =========================================================== + +[12-no-renegotiation-client-by-server] +ssl_conf = 12-no-renegotiation-client-by-server-ssl + +[12-no-renegotiation-client-by-server-ssl] +server = 12-no-renegotiation-client-by-server-server +client = 12-no-renegotiation-client-by-server-client + +[12-no-renegotiation-client-by-server-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-no-renegotiation-client-by-server-client] +CipherString = DEFAULT +Options = NoRenegotiation +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedResult = ServerFail +HandshakeMode = RenegotiateServer +Method = TLS +ResumptionExpected = No + + +# =========================================================== + +[13-no-renegotiation-client-by-client] +ssl_conf = 13-no-renegotiation-client-by-client-ssl + +[13-no-renegotiation-client-by-client-ssl] +server = 13-no-renegotiation-client-by-client-server +client = 13-no-renegotiation-client-by-client-client + +[13-no-renegotiation-client-by-client-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-no-renegotiation-client-by-client-client] +CipherString = DEFAULT +Options = NoRenegotiation +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedResult = ClientFail +HandshakeMode = RenegotiateClient +Method = TLS +ResumptionExpected = No + + diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/17-renegotiate.conf.in b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/17-renegotiate.conf.in new file mode 100644 index 000000000..35175dce5 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/17-renegotiate.conf.in @@ -0,0 +1,249 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test Renegotiation + +use strict; +use warnings; + +package ssltests; +use OpenSSL::Test::Utils; + +our @tests = ( + { + name => "renegotiate-client-no-resume", + server => { + "Options" => "NoResumptionOnRenegotiation", + "MaxProtocol" => "TLSv1.2" + }, + client => {}, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-client-resume", + server => { + "MaxProtocol" => "TLSv1.2" + }, + client => {}, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "Yes", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-server-no-resume", + server => { + "Options" => "NoResumptionOnRenegotiation", + "MaxProtocol" => "TLSv1.2" + }, + client => {}, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-server-resume", + server => { + "MaxProtocol" => "TLSv1.2" + }, + client => {}, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "Yes", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-client-auth-require", + server => { + "Options" => "NoResumptionOnRenegotiation", + "MaxProtocol" => "TLSv1.2", + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require", + }, + client => { + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-client-auth-once", + server => { + "Options" => "NoResumptionOnRenegotiation", + "MaxProtocol" => "TLSv1.2", + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Once", + }, + client => { + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + } +); +our @tests_tls1_2 = ( + { + name => "renegotiate-aead-to-non-aead", + server => { + "Options" => "NoResumptionOnRenegotiation", + }, + client => { + "CipherString" => "AES128-GCM-SHA256", + "MaxProtocol" => "TLSv1.2", + extra => { + "RenegotiateCiphers" => "AES128-SHA" + } + }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-non-aead-to-aead", + server => { + "Options" => "NoResumptionOnRenegotiation", + }, + client => { + "CipherString" => "AES128-SHA", + "MaxProtocol" => "TLSv1.2", + extra => { + "RenegotiateCiphers" => "AES128-GCM-SHA256" + } + }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-non-aead-to-non-aead", + server => { + "Options" => "NoResumptionOnRenegotiation", + }, + client => { + "CipherString" => "AES128-SHA", + "MaxProtocol" => "TLSv1.2", + extra => { + "RenegotiateCiphers" => "AES256-SHA" + } + }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-aead-to-aead", + server => { + "Options" => "NoResumptionOnRenegotiation", + }, + client => { + "CipherString" => "AES128-GCM-SHA256", + "MaxProtocol" => "TLSv1.2", + extra => { + "RenegotiateCiphers" => "AES256-GCM-SHA384" + } + }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "no-renegotiation-server-by-client", + server => { + "Options" => "NoRenegotiation", + "MaxProtocol" => "TLSv1.2" + }, + client => { }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "ClientFail" + } + }, + { + name => "no-renegotiation-server-by-server", + server => { + "Options" => "NoRenegotiation", + "MaxProtocol" => "TLSv1.2" + }, + client => { }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "ServerFail" + } + }, + { + name => "no-renegotiation-client-by-server", + server => { + "MaxProtocol" => "TLSv1.2" + }, + client => { + "Options" => "NoRenegotiation", + }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "ServerFail" + } + }, + { + name => "no-renegotiation-client-by-client", + server => { + "MaxProtocol" => "TLSv1.2" + }, + client => { + "Options" => "NoRenegotiation", + }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "ClientFail" + } + } +); + +push @tests, @tests_tls1_2 unless disabled("tls1_2"); diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/18-dtls-renegotiate.conf b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/18-dtls-renegotiate.conf new file mode 100644 index 000000000..9204dd2c5 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/18-dtls-renegotiate.conf @@ -0,0 +1,285 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 9 + +test-0 = 0-renegotiate-client-no-resume +test-1 = 1-renegotiate-client-resume +test-2 = 2-renegotiate-server-resume +test-3 = 3-renegotiate-client-auth-require +test-4 = 4-renegotiate-client-auth-once +test-5 = 5-renegotiate-aead-to-non-aead +test-6 = 6-renegotiate-non-aead-to-aead +test-7 = 7-renegotiate-non-aead-to-non-aead +test-8 = 8-renegotiate-aead-to-aead +# =========================================================== + +[0-renegotiate-client-no-resume] +ssl_conf = 0-renegotiate-client-no-resume-ssl + +[0-renegotiate-client-no-resume-ssl] +server = 0-renegotiate-client-no-resume-server +client = 0-renegotiate-client-no-resume-client + +[0-renegotiate-client-no-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-renegotiate-client-no-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = DTLS +ResumptionExpected = No +UseSCTP = No + + +# =========================================================== + +[1-renegotiate-client-resume] +ssl_conf = 1-renegotiate-client-resume-ssl + +[1-renegotiate-client-resume-ssl] +server = 1-renegotiate-client-resume-server +client = 1-renegotiate-client-resume-client + +[1-renegotiate-client-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-renegotiate-client-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = DTLS +ResumptionExpected = Yes +UseSCTP = No + + +# =========================================================== + +[2-renegotiate-server-resume] +ssl_conf = 2-renegotiate-server-resume-ssl + +[2-renegotiate-server-resume-ssl] +server = 2-renegotiate-server-resume-server +client = 2-renegotiate-server-resume-client + +[2-renegotiate-server-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-renegotiate-server-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success +HandshakeMode = RenegotiateServer +Method = DTLS +ResumptionExpected = No +UseSCTP = No + + +# =========================================================== + +[3-renegotiate-client-auth-require] +ssl_conf = 3-renegotiate-client-auth-require-ssl + +[3-renegotiate-client-auth-require-ssl] +server = 3-renegotiate-client-auth-require-server +client = 3-renegotiate-client-auth-require-client + +[3-renegotiate-client-auth-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[3-renegotiate-client-auth-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +HandshakeMode = RenegotiateServer +Method = DTLS +ResumptionExpected = No +UseSCTP = No + + +# =========================================================== + +[4-renegotiate-client-auth-once] +ssl_conf = 4-renegotiate-client-auth-once-ssl + +[4-renegotiate-client-auth-once-ssl] +server = 4-renegotiate-client-auth-once-server +client = 4-renegotiate-client-auth-once-client + +[4-renegotiate-client-auth-once-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Once + +[4-renegotiate-client-auth-once-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success +HandshakeMode = RenegotiateServer +Method = DTLS +ResumptionExpected = No +UseSCTP = No + + +# =========================================================== + +[5-renegotiate-aead-to-non-aead] +ssl_conf = 5-renegotiate-aead-to-non-aead-ssl + +[5-renegotiate-aead-to-non-aead-ssl] +server = 5-renegotiate-aead-to-non-aead-server +client = 5-renegotiate-aead-to-non-aead-client + +[5-renegotiate-aead-to-non-aead-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-renegotiate-aead-to-non-aead-client] +CipherString = AES128-GCM-SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = DTLS +ResumptionExpected = No +UseSCTP = No +client = 5-renegotiate-aead-to-non-aead-client-extra + +[5-renegotiate-aead-to-non-aead-client-extra] +RenegotiateCiphers = AES128-SHA + + +# =========================================================== + +[6-renegotiate-non-aead-to-aead] +ssl_conf = 6-renegotiate-non-aead-to-aead-ssl + +[6-renegotiate-non-aead-to-aead-ssl] +server = 6-renegotiate-non-aead-to-aead-server +client = 6-renegotiate-non-aead-to-aead-client + +[6-renegotiate-non-aead-to-aead-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-renegotiate-non-aead-to-aead-client] +CipherString = AES128-SHA +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = DTLS +ResumptionExpected = No +UseSCTP = No +client = 6-renegotiate-non-aead-to-aead-client-extra + +[6-renegotiate-non-aead-to-aead-client-extra] +RenegotiateCiphers = AES128-GCM-SHA256 + + +# =========================================================== + +[7-renegotiate-non-aead-to-non-aead] +ssl_conf = 7-renegotiate-non-aead-to-non-aead-ssl + +[7-renegotiate-non-aead-to-non-aead-ssl] +server = 7-renegotiate-non-aead-to-non-aead-server +client = 7-renegotiate-non-aead-to-non-aead-client + +[7-renegotiate-non-aead-to-non-aead-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-renegotiate-non-aead-to-non-aead-client] +CipherString = AES128-SHA +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = DTLS +ResumptionExpected = No +UseSCTP = No +client = 7-renegotiate-non-aead-to-non-aead-client-extra + +[7-renegotiate-non-aead-to-non-aead-client-extra] +RenegotiateCiphers = AES256-SHA + + +# =========================================================== + +[8-renegotiate-aead-to-aead] +ssl_conf = 8-renegotiate-aead-to-aead-ssl + +[8-renegotiate-aead-to-aead-ssl] +server = 8-renegotiate-aead-to-aead-server +client = 8-renegotiate-aead-to-aead-client + +[8-renegotiate-aead-to-aead-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-renegotiate-aead-to-aead-client] +CipherString = AES128-GCM-SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = DTLS +ResumptionExpected = No +UseSCTP = No +client = 8-renegotiate-aead-to-aead-client-extra + +[8-renegotiate-aead-to-aead-client-extra] +RenegotiateCiphers = AES256-GCM-SHA384 + + diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/18-dtls-renegotiate.conf.in b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/18-dtls-renegotiate.conf.in new file mode 100644 index 000000000..467d6f26c --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/18-dtls-renegotiate.conf.in @@ -0,0 +1,192 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test Renegotiation + +use strict; +use warnings; + +package ssltests; +use OpenSSL::Test::Utils; + +our @tests = (); + +foreach my $sctp ("No", "Yes") +{ + next if disabled("sctp") && $sctp eq "Yes"; + + my $suffix = ($sctp eq "No") ? "" : "-sctp"; + our @tests_basic = ( + { + name => "renegotiate-client-no-resume".$suffix, + server => { + "Options" => "NoResumptionOnRenegotiation" + }, + client => {}, + test => { + "Method" => "DTLS", + "UseSCTP" => $sctp, + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-client-resume".$suffix, + server => {}, + client => {}, + test => { + "Method" => "DTLS", + "UseSCTP" => $sctp, + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "Yes", + "ExpectedResult" => "Success" + } + }, + # Note: Unlike the TLS tests, we will never do resumption with server + # initiated reneg. This is because an OpenSSL DTLS client will always do a full + # handshake (i.e. it doesn't supply a session id) when it receives a + # HelloRequest. This is different to the OpenSSL TLS implementation where an + # OpenSSL client will always try an abbreviated handshake (i.e. it will supply + # the session id). This goes all the way to commit 48ae85b6f when abbreviated + # handshake support was first added. Neither behaviour is wrong, but the + # discrepancy is strange. TODO: Should we harmonise the TLS and DTLS behaviour, + # and if so, what to? + { + name => "renegotiate-server-resume".$suffix, + server => {}, + client => {}, + test => { + "Method" => "DTLS", + "UseSCTP" => $sctp, + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-client-auth-require".$suffix, + server => { + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require", + }, + client => { + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "Method" => "DTLS", + "UseSCTP" => $sctp, + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-client-auth-once".$suffix, + server => { + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Once", + }, + client => { + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "Method" => "DTLS", + "UseSCTP" => $sctp, + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + } + ); + push @tests, @tests_basic; + + next if disabled("dtls1_2"); + our @tests_dtls1_2 = ( + { + name => "renegotiate-aead-to-non-aead".$suffix, + server => { + "Options" => "NoResumptionOnRenegotiation" + }, + client => { + "CipherString" => "AES128-GCM-SHA256", + extra => { + "RenegotiateCiphers" => "AES128-SHA" + } + }, + test => { + "Method" => "DTLS", + "UseSCTP" => $sctp, + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-non-aead-to-aead".$suffix, + server => { + "Options" => "NoResumptionOnRenegotiation" + }, + client => { + "CipherString" => "AES128-SHA", + extra => { + "RenegotiateCiphers" => "AES128-GCM-SHA256" + } + }, + test => { + "Method" => "DTLS", + "UseSCTP" => $sctp, + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-non-aead-to-non-aead".$suffix, + server => { + "Options" => "NoResumptionOnRenegotiation" + }, + client => { + "CipherString" => "AES128-SHA", + extra => { + "RenegotiateCiphers" => "AES256-SHA" + } + }, + test => { + "Method" => "DTLS", + "UseSCTP" => $sctp, + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-aead-to-aead".$suffix, + server => { + "Options" => "NoResumptionOnRenegotiation" + }, + client => { + "CipherString" => "AES128-GCM-SHA256", + extra => { + "RenegotiateCiphers" => "AES256-GCM-SHA384" + } + }, + test => { + "Method" => "DTLS", + "UseSCTP" => $sctp, + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + ); + push @tests, @tests_dtls1_2; +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/19-mac-then-encrypt.conf b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/19-mac-then-encrypt.conf new file mode 100644 index 000000000..0dd384ea6 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/19-mac-then-encrypt.conf @@ -0,0 +1,162 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 6 + +test-0 = 0-disable-encrypt-then-mac-server-sha +test-1 = 1-disable-encrypt-then-mac-client-sha +test-2 = 2-disable-encrypt-then-mac-both-sha +test-3 = 3-disable-encrypt-then-mac-server-sha2 +test-4 = 4-disable-encrypt-then-mac-client-sha2 +test-5 = 5-disable-encrypt-then-mac-both-sha2 +# =========================================================== + +[0-disable-encrypt-then-mac-server-sha] +ssl_conf = 0-disable-encrypt-then-mac-server-sha-ssl + +[0-disable-encrypt-then-mac-server-sha-ssl] +server = 0-disable-encrypt-then-mac-server-sha-server +client = 0-disable-encrypt-then-mac-server-sha-client + +[0-disable-encrypt-then-mac-server-sha-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -EncryptThenMac +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-disable-encrypt-then-mac-server-sha-client] +CipherString = AES128-SHA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success + + +# =========================================================== + +[1-disable-encrypt-then-mac-client-sha] +ssl_conf = 1-disable-encrypt-then-mac-client-sha-ssl + +[1-disable-encrypt-then-mac-client-sha-ssl] +server = 1-disable-encrypt-then-mac-client-sha-server +client = 1-disable-encrypt-then-mac-client-sha-client + +[1-disable-encrypt-then-mac-client-sha-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-disable-encrypt-then-mac-client-sha-client] +CipherString = AES128-SHA +MaxProtocol = TLSv1.2 +Options = -EncryptThenMac +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success + + +# =========================================================== + +[2-disable-encrypt-then-mac-both-sha] +ssl_conf = 2-disable-encrypt-then-mac-both-sha-ssl + +[2-disable-encrypt-then-mac-both-sha-ssl] +server = 2-disable-encrypt-then-mac-both-sha-server +client = 2-disable-encrypt-then-mac-both-sha-client + +[2-disable-encrypt-then-mac-both-sha-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -EncryptThenMac +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-disable-encrypt-then-mac-both-sha-client] +CipherString = AES128-SHA +MaxProtocol = TLSv1.2 +Options = -EncryptThenMac +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success + + +# =========================================================== + +[3-disable-encrypt-then-mac-server-sha2] +ssl_conf = 3-disable-encrypt-then-mac-server-sha2-ssl + +[3-disable-encrypt-then-mac-server-sha2-ssl] +server = 3-disable-encrypt-then-mac-server-sha2-server +client = 3-disable-encrypt-then-mac-server-sha2-client + +[3-disable-encrypt-then-mac-server-sha2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -EncryptThenMac +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-disable-encrypt-then-mac-server-sha2-client] +CipherString = AES128-SHA256 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success + + +# =========================================================== + +[4-disable-encrypt-then-mac-client-sha2] +ssl_conf = 4-disable-encrypt-then-mac-client-sha2-ssl + +[4-disable-encrypt-then-mac-client-sha2-ssl] +server = 4-disable-encrypt-then-mac-client-sha2-server +client = 4-disable-encrypt-then-mac-client-sha2-client + +[4-disable-encrypt-then-mac-client-sha2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-disable-encrypt-then-mac-client-sha2-client] +CipherString = AES128-SHA256 +MaxProtocol = TLSv1.2 +Options = -EncryptThenMac +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success + + +# =========================================================== + +[5-disable-encrypt-then-mac-both-sha2] +ssl_conf = 5-disable-encrypt-then-mac-both-sha2-ssl + +[5-disable-encrypt-then-mac-both-sha2-ssl] +server = 5-disable-encrypt-then-mac-both-sha2-server +client = 5-disable-encrypt-then-mac-both-sha2-client + +[5-disable-encrypt-then-mac-both-sha2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -EncryptThenMac +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-disable-encrypt-then-mac-both-sha2-client] +CipherString = AES128-SHA256 +MaxProtocol = TLSv1.2 +Options = -EncryptThenMac +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = Success + + diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/19-mac-then-encrypt.conf.in b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/19-mac-then-encrypt.conf.in new file mode 100644 index 000000000..dfe529c9c --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/19-mac-then-encrypt.conf.in @@ -0,0 +1,102 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## SSL test configurations + +package ssltests; + +use OpenSSL::Test::Utils; + +our @tests = ( + { + name => "disable-encrypt-then-mac-server-sha", + server => { + "Options" => "-EncryptThenMac", + }, + client => { + "CipherString" => "AES128-SHA", + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "disable-encrypt-then-mac-client-sha", + server => { + }, + client => { + "CipherString" => "AES128-SHA", + "Options" => "-EncryptThenMac", + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "disable-encrypt-then-mac-both-sha", + server => { + "Options" => "-EncryptThenMac", + }, + client => { + "CipherString" => "AES128-SHA", + "Options" => "-EncryptThenMac", + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedResult" => "Success", + }, + }, +); + +my @tests_tls1_2 = ( + { + name => "disable-encrypt-then-mac-server-sha2", + server => { + "Options" => "-EncryptThenMac", + }, + client => { + "CipherString" => "AES128-SHA256", + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "disable-encrypt-then-mac-client-sha2", + server => { + }, + client => { + "CipherString" => "AES128-SHA256", + "Options" => "-EncryptThenMac", + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "disable-encrypt-then-mac-both-sha2", + server => { + "Options" => "-EncryptThenMac", + }, + client => { + "CipherString" => "AES128-SHA256", + "Options" => "-EncryptThenMac", + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedResult" => "Success", + }, + }, +); + +push @tests, @tests_tls1_2 unless disabled("tls1_2"); diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/20-cert-select.conf b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/20-cert-select.conf new file mode 100644 index 000000000..757b973e5 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/20-cert-select.conf @@ -0,0 +1,1816 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 56 + +test-0 = 0-ECDSA CipherString Selection +test-1 = 1-ECDSA CipherString Selection +test-2 = 2-ECDSA CipherString Selection +test-3 = 3-Ed25519 CipherString and Signature Algorithm Selection +test-4 = 4-Ed448 CipherString and Signature Algorithm Selection +test-5 = 5-ECDSA with brainpool +test-6 = 6-RSA CipherString Selection +test-7 = 7-RSA-PSS Certificate CipherString Selection +test-8 = 8-P-256 CipherString and Signature Algorithm Selection +test-9 = 9-Ed25519 CipherString and Curves Selection +test-10 = 10-Ed448 CipherString and Curves Selection +test-11 = 11-ECDSA CipherString Selection, no ECDSA certificate +test-12 = 12-ECDSA Signature Algorithm Selection +test-13 = 13-ECDSA Signature Algorithm Selection SHA384 +test-14 = 14-ECDSA Signature Algorithm Selection SHA1 +test-15 = 15-ECDSA Signature Algorithm Selection compressed point +test-16 = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate +test-17 = 17-RSA Signature Algorithm Selection +test-18 = 18-RSA-PSS Signature Algorithm Selection +test-19 = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection +test-20 = 20-RSA-PSS Certificate Unified Signature Algorithm Selection +test-21 = 21-Only RSA-PSS Certificate +test-22 = 22-Only RSA-PSS Certificate Valid Signature Algorithms +test-23 = 23-RSA-PSS Certificate, no PSS signature algorithms +test-24 = 24-Only RSA-PSS Restricted Certificate +test-25 = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms +test-26 = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm +test-27 = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms +test-28 = 28-RSA key exchange with all RSA certificate types +test-29 = 29-RSA key exchange with only RSA-PSS certificate +test-30 = 30-Suite B P-256 Hash Algorithm Selection +test-31 = 31-Suite B P-384 Hash Algorithm Selection +test-32 = 32-TLS 1.2 Ed25519 Client Auth +test-33 = 33-TLS 1.2 Ed448 Client Auth +test-34 = 34-Only RSA-PSS Certificate, TLS v1.1 +test-35 = 35-TLS 1.3 ECDSA Signature Algorithm Selection +test-36 = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point +test-37 = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1 +test-38 = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS +test-39 = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS +test-40 = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate +test-41 = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS +test-42 = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection +test-43 = 43-TLS 1.3 Ed25519 Signature Algorithm Selection +test-44 = 44-TLS 1.3 Ed448 Signature Algorithm Selection +test-45 = 45-TLS 1.3 Ed25519 CipherString and Groups Selection +test-46 = 46-TLS 1.3 Ed448 CipherString and Groups Selection +test-47 = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection +test-48 = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names +test-49 = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection +test-50 = 50-TLS 1.3 Ed25519 Client Auth +test-51 = 51-TLS 1.3 Ed448 Client Auth +test-52 = 52-TLS 1.3 ECDSA with brainpool +test-53 = 53-TLS 1.2 DSA Certificate Test +test-54 = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms +test-55 = 55-TLS 1.3 DSA Certificate Test +# =========================================================== + +[0-ECDSA CipherString Selection] +ssl_conf = 0-ECDSA CipherString Selection-ssl + +[0-ECDSA CipherString Selection-ssl] +server = 0-ECDSA CipherString Selection-server +client = 0-ECDSA CipherString Selection-client + +[0-ECDSA CipherString Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-ECDSA CipherString Selection-client] +CipherString = aECDSA +MaxProtocol = TLSv1.2 +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +ExpectedServerCANames = empty +ExpectedServerCertType = P-256 +ExpectedServerSignType = EC + + +# =========================================================== + +[1-ECDSA CipherString Selection] +ssl_conf = 1-ECDSA CipherString Selection-ssl + +[1-ECDSA CipherString Selection-ssl] +server = 1-ECDSA CipherString Selection-server +client = 1-ECDSA CipherString Selection-client + +[1-ECDSA CipherString Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Groups = P-384 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-ECDSA CipherString Selection-client] +CipherString = aECDSA +Groups = P-256:P-384 +MaxProtocol = TLSv1.2 +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success +ExpectedServerCANames = empty +ExpectedServerCertType = P-256 +ExpectedServerSignType = EC + + +# =========================================================== + +[2-ECDSA CipherString Selection] +ssl_conf = 2-ECDSA CipherString Selection-ssl + +[2-ECDSA CipherString Selection-ssl] +server = 2-ECDSA CipherString Selection-server +client = 2-ECDSA CipherString Selection-client + +[2-ECDSA CipherString Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Groups = P-256:P-384 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-ECDSA CipherString Selection-client] +CipherString = aECDSA +Groups = P-384 +MaxProtocol = TLSv1.2 +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = ServerFail + + +# =========================================================== + +[3-Ed25519 CipherString and Signature Algorithm Selection] +ssl_conf = 3-Ed25519 CipherString and Signature Algorithm Selection-ssl + +[3-Ed25519 CipherString and Signature Algorithm Selection-ssl] +server = 3-Ed25519 CipherString and Signature Algorithm Selection-server +client = 3-Ed25519 CipherString and Signature Algorithm Selection-client + +[3-Ed25519 CipherString and Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-Ed25519 CipherString and Signature Algorithm Selection-client] +CipherString = aECDSA +MaxProtocol = TLSv1.2 +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +SignatureAlgorithms = ed25519:ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +ExpectedServerCANames = empty +ExpectedServerCertType = Ed25519 +ExpectedServerSignType = Ed25519 + + +# =========================================================== + +[4-Ed448 CipherString and Signature Algorithm Selection] +ssl_conf = 4-Ed448 CipherString and Signature Algorithm Selection-ssl + +[4-Ed448 CipherString and Signature Algorithm Selection-ssl] +server = 4-Ed448 CipherString and Signature Algorithm Selection-server +client = 4-Ed448 CipherString and Signature Algorithm Selection-client + +[4-Ed448 CipherString and Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-Ed448 CipherString and Signature Algorithm Selection-client] +CipherString = aECDSA +MaxProtocol = TLSv1.2 +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem +SignatureAlgorithms = ed448:ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success +ExpectedServerCANames = empty +ExpectedServerCertType = Ed448 +ExpectedServerSignType = Ed448 + + +# =========================================================== + +[5-ECDSA with brainpool] +ssl_conf = 5-ECDSA with brainpool-ssl + +[5-ECDSA with brainpool-ssl] +server = 5-ECDSA with brainpool-server +client = 5-ECDSA with brainpool-client + +[5-ECDSA with brainpool-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem +CipherString = DEFAULT +Groups = brainpoolP256r1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem + +[5-ECDSA with brainpool-client] +CipherString = aECDSA +Groups = brainpoolP256r1 +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = Success +ExpectedServerCANames = empty +ExpectedServerCertType = brainpoolP256r1 +ExpectedServerSignType = EC + + +# =========================================================== + +[6-RSA CipherString Selection] +ssl_conf = 6-RSA CipherString Selection-ssl + +[6-RSA CipherString Selection-ssl] +server = 6-RSA CipherString Selection-server +client = 6-RSA CipherString Selection-client + +[6-RSA CipherString Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-RSA CipherString Selection-client] +CipherString = aRSA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = Success +ExpectedServerCertType = RSA +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[7-RSA-PSS Certificate CipherString Selection] +ssl_conf = 7-RSA-PSS Certificate CipherString Selection-ssl + +[7-RSA-PSS Certificate CipherString Selection-ssl] +server = 7-RSA-PSS Certificate CipherString Selection-server +client = 7-RSA-PSS Certificate CipherString Selection-client + +[7-RSA-PSS Certificate CipherString Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem +PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-RSA-PSS Certificate CipherString Selection-client] +CipherString = aRSA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = Success +ExpectedServerCertType = RSA-PSS +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[8-P-256 CipherString and Signature Algorithm Selection] +ssl_conf = 8-P-256 CipherString and Signature Algorithm Selection-ssl + +[8-P-256 CipherString and Signature Algorithm Selection-ssl] +server = 8-P-256 CipherString and Signature Algorithm Selection-server +client = 8-P-256 CipherString and Signature Algorithm Selection-client + +[8-P-256 CipherString and Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-P-256 CipherString and Signature Algorithm Selection-client] +CipherString = aECDSA +MaxProtocol = TLSv1.2 +SignatureAlgorithms = ECDSA+SHA256:ed25519 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedResult = Success +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = EC + + +# =========================================================== + +[9-Ed25519 CipherString and Curves Selection] +ssl_conf = 9-Ed25519 CipherString and Curves Selection-ssl + +[9-Ed25519 CipherString and Curves Selection-ssl] +server = 9-Ed25519 CipherString and Curves Selection-server +client = 9-Ed25519 CipherString and Curves Selection-client + +[9-Ed25519 CipherString and Curves Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-Ed25519 CipherString and Curves Selection-client] +CipherString = aECDSA +Curves = X25519 +MaxProtocol = TLSv1.2 +SignatureAlgorithms = ECDSA+SHA256:ed25519 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedResult = Success +ExpectedServerCertType = Ed25519 +ExpectedServerSignType = Ed25519 + + +# =========================================================== + +[10-Ed448 CipherString and Curves Selection] +ssl_conf = 10-Ed448 CipherString and Curves Selection-ssl + +[10-Ed448 CipherString and Curves Selection-ssl] +server = 10-Ed448 CipherString and Curves Selection-server +client = 10-Ed448 CipherString and Curves Selection-client + +[10-Ed448 CipherString and Curves Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-Ed448 CipherString and Curves Selection-client] +CipherString = aECDSA +Curves = X448 +MaxProtocol = TLSv1.2 +SignatureAlgorithms = ECDSA+SHA256:ed448 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem +VerifyMode = Peer + +[test-10] +ExpectedResult = Success +ExpectedServerCertType = Ed448 +ExpectedServerSignType = Ed448 + + +# =========================================================== + +[11-ECDSA CipherString Selection, no ECDSA certificate] +ssl_conf = 11-ECDSA CipherString Selection, no ECDSA certificate-ssl + +[11-ECDSA CipherString Selection, no ECDSA certificate-ssl] +server = 11-ECDSA CipherString Selection, no ECDSA certificate-server +client = 11-ECDSA CipherString Selection, no ECDSA certificate-client + +[11-ECDSA CipherString Selection, no ECDSA certificate-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-ECDSA CipherString Selection, no ECDSA certificate-client] +CipherString = aECDSA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedResult = ServerFail + + +# =========================================================== + +[12-ECDSA Signature Algorithm Selection] +ssl_conf = 12-ECDSA Signature Algorithm Selection-ssl + +[12-ECDSA Signature Algorithm Selection-ssl] +server = 12-ECDSA Signature Algorithm Selection-server +client = 12-ECDSA Signature Algorithm Selection-client + +[12-ECDSA Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-ECDSA Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedResult = Success +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = EC + + +# =========================================================== + +[13-ECDSA Signature Algorithm Selection SHA384] +ssl_conf = 13-ECDSA Signature Algorithm Selection SHA384-ssl + +[13-ECDSA Signature Algorithm Selection SHA384-ssl] +server = 13-ECDSA Signature Algorithm Selection SHA384-server +client = 13-ECDSA Signature Algorithm Selection SHA384-client + +[13-ECDSA Signature Algorithm Selection SHA384-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-ECDSA Signature Algorithm Selection SHA384-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA384 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedResult = Success +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA384 +ExpectedServerSignType = EC + + +# =========================================================== + +[14-ECDSA Signature Algorithm Selection SHA1] +ssl_conf = 14-ECDSA Signature Algorithm Selection SHA1-ssl + +[14-ECDSA Signature Algorithm Selection SHA1-ssl] +server = 14-ECDSA Signature Algorithm Selection SHA1-server +client = 14-ECDSA Signature Algorithm Selection SHA1-client + +[14-ECDSA Signature Algorithm Selection SHA1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-ECDSA Signature Algorithm Selection SHA1-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedResult = Success +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA1 +ExpectedServerSignType = EC + + +# =========================================================== + +[15-ECDSA Signature Algorithm Selection compressed point] +ssl_conf = 15-ECDSA Signature Algorithm Selection compressed point-ssl + +[15-ECDSA Signature Algorithm Selection compressed point-ssl] +server = 15-ECDSA Signature Algorithm Selection compressed point-server +client = 15-ECDSA Signature Algorithm Selection compressed point-client + +[15-ECDSA Signature Algorithm Selection compressed point-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-ECDSA Signature Algorithm Selection compressed point-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedResult = Success +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = EC + + +# =========================================================== + +[16-ECDSA Signature Algorithm Selection, no ECDSA certificate] +ssl_conf = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl + +[16-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl] +server = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-server +client = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-client + +[16-ECDSA Signature Algorithm Selection, no ECDSA certificate-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-ECDSA Signature Algorithm Selection, no ECDSA certificate-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +ExpectedResult = ServerFail + + +# =========================================================== + +[17-RSA Signature Algorithm Selection] +ssl_conf = 17-RSA Signature Algorithm Selection-ssl + +[17-RSA Signature Algorithm Selection-ssl] +server = 17-RSA Signature Algorithm Selection-server +client = 17-RSA Signature Algorithm Selection-client + +[17-RSA Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[17-RSA Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = RSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-17] +ExpectedResult = Success +ExpectedServerCertType = RSA +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = RSA + + +# =========================================================== + +[18-RSA-PSS Signature Algorithm Selection] +ssl_conf = 18-RSA-PSS Signature Algorithm Selection-ssl + +[18-RSA-PSS Signature Algorithm Selection-ssl] +server = 18-RSA-PSS Signature Algorithm Selection-server +client = 18-RSA-PSS Signature Algorithm Selection-client + +[18-RSA-PSS Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-RSA-PSS Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = RSA-PSS+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-18] +ExpectedResult = Success +ExpectedServerCertType = RSA +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[19-RSA-PSS Certificate Legacy Signature Algorithm Selection] +ssl_conf = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl + +[19-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl] +server = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-server +client = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-client + +[19-RSA-PSS Certificate Legacy Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem +PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-RSA-PSS Certificate Legacy Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = RSA-PSS+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-19] +ExpectedResult = Success +ExpectedServerCertType = RSA +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[20-RSA-PSS Certificate Unified Signature Algorithm Selection] +ssl_conf = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl + +[20-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl] +server = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-server +client = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-client + +[20-RSA-PSS Certificate Unified Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem +PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[20-RSA-PSS Certificate Unified Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = rsa_pss_pss_sha256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-20] +ExpectedResult = Success +ExpectedServerCertType = RSA-PSS +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[21-Only RSA-PSS Certificate] +ssl_conf = 21-Only RSA-PSS Certificate-ssl + +[21-Only RSA-PSS Certificate-ssl] +server = 21-Only RSA-PSS Certificate-server +client = 21-Only RSA-PSS Certificate-client + +[21-Only RSA-PSS Certificate-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem + +[21-Only RSA-PSS Certificate-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-21] +ExpectedResult = Success +ExpectedServerCertType = RSA-PSS +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[22-Only RSA-PSS Certificate Valid Signature Algorithms] +ssl_conf = 22-Only RSA-PSS Certificate Valid Signature Algorithms-ssl + +[22-Only RSA-PSS Certificate Valid Signature Algorithms-ssl] +server = 22-Only RSA-PSS Certificate Valid Signature Algorithms-server +client = 22-Only RSA-PSS Certificate Valid Signature Algorithms-client + +[22-Only RSA-PSS Certificate Valid Signature Algorithms-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem + +[22-Only RSA-PSS Certificate Valid Signature Algorithms-client] +CipherString = DEFAULT +SignatureAlgorithms = rsa_pss_pss_sha512 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-22] +ExpectedResult = Success +ExpectedServerCertType = RSA-PSS +ExpectedServerSignHash = SHA512 +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[23-RSA-PSS Certificate, no PSS signature algorithms] +ssl_conf = 23-RSA-PSS Certificate, no PSS signature algorithms-ssl + +[23-RSA-PSS Certificate, no PSS signature algorithms-ssl] +server = 23-RSA-PSS Certificate, no PSS signature algorithms-server +client = 23-RSA-PSS Certificate, no PSS signature algorithms-client + +[23-RSA-PSS Certificate, no PSS signature algorithms-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem + +[23-RSA-PSS Certificate, no PSS signature algorithms-client] +CipherString = DEFAULT +SignatureAlgorithms = RSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-23] +ExpectedResult = ServerFail + + +# =========================================================== + +[24-Only RSA-PSS Restricted Certificate] +ssl_conf = 24-Only RSA-PSS Restricted Certificate-ssl + +[24-Only RSA-PSS Restricted Certificate-ssl] +server = 24-Only RSA-PSS Restricted Certificate-server +client = 24-Only RSA-PSS Restricted Certificate-client + +[24-Only RSA-PSS Restricted Certificate-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem + +[24-Only RSA-PSS Restricted Certificate-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-24] +ExpectedResult = Success +ExpectedServerCertType = RSA-PSS +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[25-RSA-PSS Restricted Certificate Valid Signature Algorithms] +ssl_conf = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms-ssl + +[25-RSA-PSS Restricted Certificate Valid Signature Algorithms-ssl] +server = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms-server +client = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms-client + +[25-RSA-PSS Restricted Certificate Valid Signature Algorithms-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem + +[25-RSA-PSS Restricted Certificate Valid Signature Algorithms-client] +CipherString = DEFAULT +SignatureAlgorithms = rsa_pss_pss_sha256:rsa_pss_pss_sha512 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-25] +ExpectedResult = Success +ExpectedServerCertType = RSA-PSS +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm] +ssl_conf = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-ssl + +[26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-ssl] +server = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-server +client = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-client + +[26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem + +[26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-client] +CipherString = DEFAULT +SignatureAlgorithms = rsa_pss_pss_sha512:rsa_pss_pss_sha256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-26] +ExpectedResult = Success +ExpectedServerCertType = RSA-PSS +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[27-RSA-PSS Restricted Certificate Invalid Signature Algorithms] +ssl_conf = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-ssl + +[27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-ssl] +server = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-server +client = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-client + +[27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem + +[27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-client] +CipherString = DEFAULT +SignatureAlgorithms = rsa_pss_pss_sha512 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-27] +ExpectedResult = ServerFail + + +# =========================================================== + +[28-RSA key exchange with all RSA certificate types] +ssl_conf = 28-RSA key exchange with all RSA certificate types-ssl + +[28-RSA key exchange with all RSA certificate types-ssl] +server = 28-RSA key exchange with all RSA certificate types-server +client = 28-RSA key exchange with all RSA certificate types-client + +[28-RSA key exchange with all RSA certificate types-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem +PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[28-RSA key exchange with all RSA certificate types-client] +CipherString = kRSA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-28] +ExpectedResult = Success +ExpectedServerCertType = RSA + + +# =========================================================== + +[29-RSA key exchange with only RSA-PSS certificate] +ssl_conf = 29-RSA key exchange with only RSA-PSS certificate-ssl + +[29-RSA key exchange with only RSA-PSS certificate-ssl] +server = 29-RSA key exchange with only RSA-PSS certificate-server +client = 29-RSA key exchange with only RSA-PSS certificate-client + +[29-RSA key exchange with only RSA-PSS certificate-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem + +[29-RSA key exchange with only RSA-PSS certificate-client] +CipherString = kRSA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-29] +ExpectedResult = ServerFail + + +# =========================================================== + +[30-Suite B P-256 Hash Algorithm Selection] +ssl_conf = 30-Suite B P-256 Hash Algorithm Selection-ssl + +[30-Suite B P-256 Hash Algorithm Selection-ssl] +server = 30-Suite B P-256 Hash Algorithm Selection-server +client = 30-Suite B P-256 Hash Algorithm Selection-client + +[30-Suite B P-256 Hash Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = SUITEB128 +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p256-server-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p256-server-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[30-Suite B P-256 Hash Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA384:ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem +VerifyMode = Peer + +[test-30] +ExpectedResult = Success +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = EC + + +# =========================================================== + +[31-Suite B P-384 Hash Algorithm Selection] +ssl_conf = 31-Suite B P-384 Hash Algorithm Selection-ssl + +[31-Suite B P-384 Hash Algorithm Selection-ssl] +server = 31-Suite B P-384 Hash Algorithm Selection-server +client = 31-Suite B P-384 Hash Algorithm Selection-client + +[31-Suite B P-384 Hash Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = SUITEB128 +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[31-Suite B P-384 Hash Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem +VerifyMode = Peer + +[test-31] +ExpectedResult = Success +ExpectedServerCertType = P-384 +ExpectedServerSignHash = SHA384 +ExpectedServerSignType = EC + + +# =========================================================== + +[32-TLS 1.2 Ed25519 Client Auth] +ssl_conf = 32-TLS 1.2 Ed25519 Client Auth-ssl + +[32-TLS 1.2 Ed25519 Client Auth-ssl] +server = 32-TLS 1.2 Ed25519 Client Auth-server +client = 32-TLS 1.2 Ed25519 Client Auth-client + +[32-TLS 1.2 Ed25519 Client Auth-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[32-TLS 1.2 Ed25519 Client Auth-client] +CipherString = DEFAULT +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-32] +ExpectedClientCertType = Ed25519 +ExpectedClientSignType = Ed25519 +ExpectedResult = Success + + +# =========================================================== + +[33-TLS 1.2 Ed448 Client Auth] +ssl_conf = 33-TLS 1.2 Ed448 Client Auth-ssl + +[33-TLS 1.2 Ed448 Client Auth-ssl] +server = 33-TLS 1.2 Ed448 Client Auth-server +client = 33-TLS 1.2 Ed448 Client Auth-client + +[33-TLS 1.2 Ed448 Client Auth-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[33-TLS 1.2 Ed448 Client Auth-client] +CipherString = DEFAULT +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-33] +ExpectedClientCertType = Ed448 +ExpectedClientSignType = Ed448 +ExpectedResult = Success + + +# =========================================================== + +[34-Only RSA-PSS Certificate, TLS v1.1] +ssl_conf = 34-Only RSA-PSS Certificate, TLS v1.1-ssl + +[34-Only RSA-PSS Certificate, TLS v1.1-ssl] +server = 34-Only RSA-PSS Certificate, TLS v1.1-server +client = 34-Only RSA-PSS Certificate, TLS v1.1-client + +[34-Only RSA-PSS Certificate, TLS v1.1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem + +[34-Only RSA-PSS Certificate, TLS v1.1-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-34] +ExpectedResult = ServerFail + + +# =========================================================== + +[35-TLS 1.3 ECDSA Signature Algorithm Selection] +ssl_conf = 35-TLS 1.3 ECDSA Signature Algorithm Selection-ssl + +[35-TLS 1.3 ECDSA Signature Algorithm Selection-ssl] +server = 35-TLS 1.3 ECDSA Signature Algorithm Selection-server +client = 35-TLS 1.3 ECDSA Signature Algorithm Selection-client + +[35-TLS 1.3 ECDSA Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[35-TLS 1.3 ECDSA Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-35] +ExpectedResult = Success +ExpectedServerCANames = empty +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = EC + + +# =========================================================== + +[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point] +ssl_conf = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl + +[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl] +server = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server +client = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client + +[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-36] +ExpectedResult = Success +ExpectedServerCANames = empty +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = EC + + +# =========================================================== + +[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1] +ssl_conf = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl + +[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl] +server = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server +client = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client + +[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-37] +ExpectedResult = ServerFail + + +# =========================================================== + +[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS] +ssl_conf = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl + +[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl] +server = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server +client = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client + +[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client] +CipherString = DEFAULT +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +SignatureAlgorithms = ECDSA+SHA256:RSA-PSS+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-38] +ExpectedResult = Success +ExpectedServerCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = EC + + +# =========================================================== + +[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS] +ssl_conf = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl + +[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl] +server = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server +client = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client + +[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA384:RSA-PSS+SHA384 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-39] +ExpectedResult = Success +ExpectedServerCertType = RSA +ExpectedServerSignHash = SHA384 +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate] +ssl_conf = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl + +[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl] +server = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server +client = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client + +[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-40] +ExpectedResult = ServerFail + + +# =========================================================== + +[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS] +ssl_conf = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl + +[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl] +server = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server +client = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client + +[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client] +CipherString = DEFAULT +SignatureAlgorithms = RSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-41] +ExpectedResult = ServerFail + + +# =========================================================== + +[42-TLS 1.3 RSA-PSS Signature Algorithm Selection] +ssl_conf = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl + +[42-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl] +server = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-server +client = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-client + +[42-TLS 1.3 RSA-PSS Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[42-TLS 1.3 RSA-PSS Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = RSA-PSS+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-42] +ExpectedResult = Success +ExpectedServerCertType = RSA +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[43-TLS 1.3 Ed25519 Signature Algorithm Selection] +ssl_conf = 43-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl + +[43-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl] +server = 43-TLS 1.3 Ed25519 Signature Algorithm Selection-server +client = 43-TLS 1.3 Ed25519 Signature Algorithm Selection-client + +[43-TLS 1.3 Ed25519 Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[43-TLS 1.3 Ed25519 Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = ed25519 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-43] +ExpectedResult = Success +ExpectedServerCertType = Ed25519 +ExpectedServerSignType = Ed25519 + + +# =========================================================== + +[44-TLS 1.3 Ed448 Signature Algorithm Selection] +ssl_conf = 44-TLS 1.3 Ed448 Signature Algorithm Selection-ssl + +[44-TLS 1.3 Ed448 Signature Algorithm Selection-ssl] +server = 44-TLS 1.3 Ed448 Signature Algorithm Selection-server +client = 44-TLS 1.3 Ed448 Signature Algorithm Selection-client + +[44-TLS 1.3 Ed448 Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[44-TLS 1.3 Ed448 Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = ed448 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem +VerifyMode = Peer + +[test-44] +ExpectedResult = Success +ExpectedServerCertType = Ed448 +ExpectedServerSignType = Ed448 + + +# =========================================================== + +[45-TLS 1.3 Ed25519 CipherString and Groups Selection] +ssl_conf = 45-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl + +[45-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl] +server = 45-TLS 1.3 Ed25519 CipherString and Groups Selection-server +client = 45-TLS 1.3 Ed25519 CipherString and Groups Selection-client + +[45-TLS 1.3 Ed25519 CipherString and Groups Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[45-TLS 1.3 Ed25519 CipherString and Groups Selection-client] +CipherString = DEFAULT +Groups = X25519 +SignatureAlgorithms = ECDSA+SHA256:ed25519 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-45] +ExpectedResult = Success +ExpectedServerCertType = P-256 +ExpectedServerSignType = EC + + +# =========================================================== + +[46-TLS 1.3 Ed448 CipherString and Groups Selection] +ssl_conf = 46-TLS 1.3 Ed448 CipherString and Groups Selection-ssl + +[46-TLS 1.3 Ed448 CipherString and Groups Selection-ssl] +server = 46-TLS 1.3 Ed448 CipherString and Groups Selection-server +client = 46-TLS 1.3 Ed448 CipherString and Groups Selection-client + +[46-TLS 1.3 Ed448 CipherString and Groups Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[46-TLS 1.3 Ed448 CipherString and Groups Selection-client] +CipherString = DEFAULT +Groups = X448 +SignatureAlgorithms = ECDSA+SHA256:ed448 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-46] +ExpectedResult = Success +ExpectedServerCertType = P-256 +ExpectedServerSignType = EC + + +# =========================================================== + +[47-TLS 1.3 RSA Client Auth Signature Algorithm Selection] +ssl_conf = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl + +[47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl] +server = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server +client = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client + +[47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientSignatureAlgorithms = PSS+SHA256 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client] +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-47] +ExpectedClientCANames = empty +ExpectedClientCertType = RSA +ExpectedClientSignHash = SHA256 +ExpectedClientSignType = RSA-PSS +ExpectedResult = Success + + +# =========================================================== + +[48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names] +ssl_conf = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl + +[48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl] +server = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server +client = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client + +[48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientSignatureAlgorithms = PSS+SHA256 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client] +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-48] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedClientCertType = RSA +ExpectedClientSignHash = SHA256 +ExpectedClientSignType = RSA-PSS +ExpectedResult = Success + + +# =========================================================== + +[49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection] +ssl_conf = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl + +[49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl] +server = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server +client = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client + +[49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientSignatureAlgorithms = ECDSA+SHA256 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client] +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-49] +ExpectedClientCertType = P-256 +ExpectedClientSignHash = SHA256 +ExpectedClientSignType = EC +ExpectedResult = Success + + +# =========================================================== + +[50-TLS 1.3 Ed25519 Client Auth] +ssl_conf = 50-TLS 1.3 Ed25519 Client Auth-ssl + +[50-TLS 1.3 Ed25519 Client Auth-ssl] +server = 50-TLS 1.3 Ed25519 Client Auth-server +client = 50-TLS 1.3 Ed25519 Client Auth-client + +[50-TLS 1.3 Ed25519 Client Auth-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[50-TLS 1.3 Ed25519 Client Auth-client] +CipherString = DEFAULT +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-50] +ExpectedClientCertType = Ed25519 +ExpectedClientSignType = Ed25519 +ExpectedResult = Success + + +# =========================================================== + +[51-TLS 1.3 Ed448 Client Auth] +ssl_conf = 51-TLS 1.3 Ed448 Client Auth-ssl + +[51-TLS 1.3 Ed448 Client Auth-ssl] +server = 51-TLS 1.3 Ed448 Client Auth-server +client = 51-TLS 1.3 Ed448 Client Auth-client + +[51-TLS 1.3 Ed448 Client Auth-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[51-TLS 1.3 Ed448 Client Auth-client] +CipherString = DEFAULT +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-51] +ExpectedClientCertType = Ed448 +ExpectedClientSignType = Ed448 +ExpectedResult = Success + + +# =========================================================== + +[52-TLS 1.3 ECDSA with brainpool] +ssl_conf = 52-TLS 1.3 ECDSA with brainpool-ssl + +[52-TLS 1.3 ECDSA with brainpool-ssl] +server = 52-TLS 1.3 ECDSA with brainpool-server +client = 52-TLS 1.3 ECDSA with brainpool-client + +[52-TLS 1.3 ECDSA with brainpool-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem +CipherString = DEFAULT +Groups = brainpoolP256r1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem + +[52-TLS 1.3 ECDSA with brainpool-client] +CipherString = DEFAULT +Groups = brainpoolP256r1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-52] +ExpectedResult = ServerFail + + +# =========================================================== + +[53-TLS 1.2 DSA Certificate Test] +ssl_conf = 53-TLS 1.2 DSA Certificate Test-ssl + +[53-TLS 1.2 DSA Certificate Test-ssl] +server = 53-TLS 1.2 DSA Certificate Test-server +client = 53-TLS 1.2 DSA Certificate Test-client + +[53-TLS 1.2 DSA Certificate Test-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ALL +DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem +DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem +DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[53-TLS 1.2 DSA Certificate Test-client] +CipherString = ALL +SignatureAlgorithms = DSA+SHA256:DSA+SHA1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-53] +ExpectedResult = Success + + +# =========================================================== + +[54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms] +ssl_conf = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl + +[54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl] +server = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server +client = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client + +[54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientSignatureAlgorithms = ECDSA+SHA1:DSA+SHA256:RSA+SHA256 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-54] +ExpectedResult = ServerFail + + +# =========================================================== + +[55-TLS 1.3 DSA Certificate Test] +ssl_conf = 55-TLS 1.3 DSA Certificate Test-ssl + +[55-TLS 1.3 DSA Certificate Test-ssl] +server = 55-TLS 1.3 DSA Certificate Test-server +client = 55-TLS 1.3 DSA Certificate Test-client + +[55-TLS 1.3 DSA Certificate Test-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ALL +DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem +DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[55-TLS 1.3 DSA Certificate Test-client] +CipherString = ALL +SignatureAlgorithms = DSA+SHA1:DSA+SHA256:ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-55] +ExpectedResult = ServerFail + + diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/20-cert-select.conf.in b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/20-cert-select.conf.in new file mode 100644 index 000000000..24093548c --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/20-cert-select.conf.in @@ -0,0 +1,933 @@ +# -*- mode: perl; -*- + +## SSL test configurations + + +use strict; +use warnings; + +package ssltests; +use OpenSSL::Test::Utils; + +my $server = { + "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), + "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), + "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"), + "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"), + "Ed448.Certificate" => test_pem("server-ed448-cert.pem"), + "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"), + "MaxProtocol" => "TLSv1.2" +}; + +my $server_pss = { + "PSS.Certificate" => test_pem("server-pss-cert.pem"), + "PSS.PrivateKey" => test_pem("server-pss-key.pem"), + "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), + "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), + "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"), + "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"), + "Ed448.Certificate" => test_pem("server-ed448-cert.pem"), + "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"), + "MaxProtocol" => "TLSv1.2" +}; + +my $server_pss_only = { + "Certificate" => test_pem("server-pss-cert.pem"), + "PrivateKey" => test_pem("server-pss-key.pem"), +}; + +my $server_pss_restrict_only = { + "Certificate" => test_pem("server-pss-restrict-cert.pem"), + "PrivateKey" => test_pem("server-pss-restrict-key.pem"), +}; + + +my $server_rsa_all = { + "PSS.Certificate" => test_pem("server-pss-cert.pem"), + "PSS.PrivateKey" => test_pem("server-pss-key.pem"), + "Certificate" => test_pem("servercert.pem"), + "PrivateKey" => test_pem("serverkey.pem"), +}; + +our @tests = ( + { + name => "ECDSA CipherString Selection", + server => $server, + client => { + "CipherString" => "aECDSA", + "MaxProtocol" => "TLSv1.2", + "RequestCAFile" => test_pem("root-cert.pem"), + }, + test => { + "ExpectedServerCertType" =>, "P-256", + "ExpectedServerSignType" =>, "EC", + # Note: certificate_authorities not sent for TLS < 1.3 + "ExpectedServerCANames" =>, "empty", + "ExpectedResult" => "Success" + }, + }, + { + name => "ECDSA CipherString Selection", + server => { + "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), + "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), + "MaxProtocol" => "TLSv1.2", + #Deliberately set supported_groups to one not in the cert. This + #should be tolerated + "Groups" => "P-384" + }, + client => { + "CipherString" => "aECDSA", + "MaxProtocol" => "TLSv1.2", + "Groups" => "P-256:P-384", + "RequestCAFile" => test_pem("root-cert.pem"), + }, + test => { + "ExpectedServerCertType" =>, "P-256", + "ExpectedServerSignType" =>, "EC", + # Note: certificate_authorities not sent for TLS < 1.3 + "ExpectedServerCANames" =>, "empty", + "ExpectedResult" => "Success" + }, + }, + { + name => "ECDSA CipherString Selection", + server => { + "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), + "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), + "MaxProtocol" => "TLSv1.2", + "Groups" => "P-256:P-384" + }, + client => { + "CipherString" => "aECDSA", + "MaxProtocol" => "TLSv1.2", + #Deliberately set groups to not include the certificate group. This + #should fail + "Groups" => "P-384", + "RequestCAFile" => test_pem("root-cert.pem"), + }, + test => { + "ExpectedResult" => "ServerFail" + }, + }, + { + name => "Ed25519 CipherString and Signature Algorithm Selection", + server => $server, + client => { + "CipherString" => "aECDSA", + "MaxProtocol" => "TLSv1.2", + "SignatureAlgorithms" => "ed25519:ECDSA+SHA256", + "RequestCAFile" => test_pem("root-cert.pem"), + }, + test => { + "ExpectedServerCertType" =>, "Ed25519", + "ExpectedServerSignType" =>, "Ed25519", + # Note: certificate_authorities not sent for TLS < 1.3 + "ExpectedServerCANames" =>, "empty", + "ExpectedResult" => "Success" + }, + }, + { + name => "Ed448 CipherString and Signature Algorithm Selection", + server => $server, + client => { + "CipherString" => "aECDSA", + "MaxProtocol" => "TLSv1.2", + "SignatureAlgorithms" => "ed448:ECDSA+SHA256", + "RequestCAFile" => test_pem("root-ed448-cert.pem"), + "VerifyCAFile" => test_pem("root-ed448-cert.pem"), + }, + test => { + "ExpectedServerCertType" =>, "Ed448", + "ExpectedServerSignType" =>, "Ed448", + # Note: certificate_authorities not sent for TLS < 1.3 + "ExpectedServerCANames" =>, "empty", + "ExpectedResult" => "Success" + }, + }, + { + name => "ECDSA with brainpool", + server => { + "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), + "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), + "Groups" => "brainpoolP256r1", + }, + client => { + #We don't restrict this to TLSv1.2, although use of brainpool + #should force this anyway so that this should succeed + "CipherString" => "aECDSA", + "RequestCAFile" => test_pem("root-cert.pem"), + "Groups" => "brainpoolP256r1", + }, + test => { + "ExpectedServerCertType" =>, "brainpoolP256r1", + "ExpectedServerSignType" =>, "EC", + # Note: certificate_authorities not sent for TLS < 1.3 + "ExpectedServerCANames" =>, "empty", + "ExpectedResult" => "Success" + }, + }, + { + name => "RSA CipherString Selection", + server => $server, + client => { + "CipherString" => "aRSA", + "MaxProtocol" => "TLSv1.2", + }, + test => { + "ExpectedServerCertType" =>, "RSA", + "ExpectedServerSignType" =>, "RSA-PSS", + "ExpectedResult" => "Success" + }, + }, + { + name => "RSA-PSS Certificate CipherString Selection", + server => $server_pss, + client => { + "CipherString" => "aRSA", + "MaxProtocol" => "TLSv1.2", + }, + test => { + "ExpectedServerCertType" =>, "RSA-PSS", + "ExpectedServerSignType" =>, "RSA-PSS", + "ExpectedResult" => "Success" + }, + }, + { + name => "P-256 CipherString and Signature Algorithm Selection", + server => $server, + client => { + "CipherString" => "aECDSA", + "MaxProtocol" => "TLSv1.2", + "SignatureAlgorithms" => "ECDSA+SHA256:ed25519", + }, + test => { + "ExpectedServerCertType" => "P-256", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "EC", + "ExpectedResult" => "Success" + }, + }, + { + name => "Ed25519 CipherString and Curves Selection", + server => $server, + client => { + "CipherString" => "aECDSA", + "MaxProtocol" => "TLSv1.2", + "SignatureAlgorithms" => "ECDSA+SHA256:ed25519", + # Excluding P-256 from the supported curves list means server + # certificate should be Ed25519 and not P-256 + "Curves" => "X25519" + }, + test => { + "ExpectedServerCertType" =>, "Ed25519", + "ExpectedServerSignType" =>, "Ed25519", + "ExpectedResult" => "Success" + }, + }, + { + name => "Ed448 CipherString and Curves Selection", + server => $server, + client => { + "CipherString" => "aECDSA", + "MaxProtocol" => "TLSv1.2", + "SignatureAlgorithms" => "ECDSA+SHA256:ed448", + "VerifyCAFile" => test_pem("root-ed448-cert.pem"), + # Excluding P-256 from the supported curves list means server + # certificate should be Ed25519 and not P-256 + "Curves" => "X448" + }, + test => { + "ExpectedServerCertType" =>, "Ed448", + "ExpectedServerSignType" =>, "Ed448", + "ExpectedResult" => "Success" + }, + }, + { + name => "ECDSA CipherString Selection, no ECDSA certificate", + server => { + "MaxProtocol" => "TLSv1.2" + }, + client => { + "CipherString" => "aECDSA", + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedResult" => "ServerFail" + }, + }, + { + name => "ECDSA Signature Algorithm Selection", + server => $server, + client => { + "SignatureAlgorithms" => "ECDSA+SHA256", + }, + test => { + "ExpectedServerCertType" => "P-256", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "EC", + "ExpectedResult" => "Success" + }, + }, + { + name => "ECDSA Signature Algorithm Selection SHA384", + server => $server, + client => { + "SignatureAlgorithms" => "ECDSA+SHA384", + }, + test => { + "ExpectedServerCertType" => "P-256", + "ExpectedServerSignHash" => "SHA384", + "ExpectedServerSignType" => "EC", + "ExpectedResult" => "Success" + }, + }, + { + name => "ECDSA Signature Algorithm Selection SHA1", + server => $server, + client => { + "SignatureAlgorithms" => "ECDSA+SHA1", + }, + test => { + "ExpectedServerCertType" => "P-256", + "ExpectedServerSignHash" => "SHA1", + "ExpectedServerSignType" => "EC", + "ExpectedResult" => "Success" + }, + }, + { + name => "ECDSA Signature Algorithm Selection compressed point", + server => { + "ECDSA.Certificate" => test_pem("server-cecdsa-cert.pem"), + "ECDSA.PrivateKey" => test_pem("server-cecdsa-key.pem"), + "MaxProtocol" => "TLSv1.2" + }, + client => { + "SignatureAlgorithms" => "ECDSA+SHA256", + }, + test => { + "ExpectedServerCertType" => "P-256", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "EC", + "ExpectedResult" => "Success" + }, + }, + { + name => "ECDSA Signature Algorithm Selection, no ECDSA certificate", + server => { + "MaxProtocol" => "TLSv1.2" + }, + client => { + "SignatureAlgorithms" => "ECDSA+SHA256", + }, + test => { + "ExpectedResult" => "ServerFail" + }, + }, + { + name => "RSA Signature Algorithm Selection", + server => $server, + client => { + "SignatureAlgorithms" => "RSA+SHA256", + }, + test => { + "ExpectedServerCertType" => "RSA", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "RSA", + "ExpectedResult" => "Success" + }, + }, + { + name => "RSA-PSS Signature Algorithm Selection", + server => $server, + client => { + "SignatureAlgorithms" => "RSA-PSS+SHA256", + }, + test => { + "ExpectedServerCertType" => "RSA", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "RSA-PSS", + "ExpectedResult" => "Success" + }, + }, + { + name => "RSA-PSS Certificate Legacy Signature Algorithm Selection", + server => $server_pss, + client => { + "SignatureAlgorithms" => "RSA-PSS+SHA256", + }, + test => { + "ExpectedServerCertType" => "RSA", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "RSA-PSS", + "ExpectedResult" => "Success" + }, + }, + { + name => "RSA-PSS Certificate Unified Signature Algorithm Selection", + server => $server_pss, + client => { + "SignatureAlgorithms" => "rsa_pss_pss_sha256", + }, + test => { + "ExpectedServerCertType" => "RSA-PSS", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "RSA-PSS", + "ExpectedResult" => "Success" + }, + }, + { + name => "Only RSA-PSS Certificate", + server => $server_pss_only, + client => {}, + test => { + "ExpectedServerCertType" => "RSA-PSS", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "RSA-PSS", + "ExpectedResult" => "Success" + }, + }, + { + name => "Only RSA-PSS Certificate Valid Signature Algorithms", + server => $server_pss_only, + client => { + "SignatureAlgorithms" => "rsa_pss_pss_sha512", + }, + test => { + "ExpectedServerCertType" => "RSA-PSS", + "ExpectedServerSignHash" => "SHA512", + "ExpectedServerSignType" => "RSA-PSS", + "ExpectedResult" => "Success" + }, + }, + { + name => "RSA-PSS Certificate, no PSS signature algorithms", + server => $server_pss_only, + client => { + "SignatureAlgorithms" => "RSA+SHA256", + }, + test => { + "ExpectedResult" => "ServerFail" + }, + }, + { + name => "Only RSA-PSS Restricted Certificate", + server => $server_pss_restrict_only, + client => {}, + test => { + "ExpectedServerCertType" => "RSA-PSS", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "RSA-PSS", + "ExpectedResult" => "Success" + }, + }, + { + name => "RSA-PSS Restricted Certificate Valid Signature Algorithms", + server => $server_pss_restrict_only, + client => { + "SignatureAlgorithms" => "rsa_pss_pss_sha256:rsa_pss_pss_sha512", + }, + test => { + "ExpectedServerCertType" => "RSA-PSS", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "RSA-PSS", + "ExpectedResult" => "Success" + }, + }, + { + name => "RSA-PSS Restricted Cert client prefers invalid Signature Algorithm", + server => $server_pss_restrict_only, + client => { + "SignatureAlgorithms" => "rsa_pss_pss_sha512:rsa_pss_pss_sha256", + }, + test => { + "ExpectedServerCertType" => "RSA-PSS", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "RSA-PSS", + "ExpectedResult" => "Success" + }, + }, + { + name => "RSA-PSS Restricted Certificate Invalid Signature Algorithms", + server => $server_pss_restrict_only, + client => { + "SignatureAlgorithms" => "rsa_pss_pss_sha512", + }, + test => { + "ExpectedResult" => "ServerFail" + }, + }, + { + name => "RSA key exchange with all RSA certificate types", + server => $server_rsa_all, + client => { + "CipherString" => "kRSA", + "MaxProtocol" => "TLSv1.2", + }, + test => { + "ExpectedServerCertType" =>, "RSA", + "ExpectedResult" => "Success" + }, + }, + { + name => "RSA key exchange with only RSA-PSS certificate", + server => $server_pss_only, + client => { + "CipherString" => "kRSA", + "MaxProtocol" => "TLSv1.2", + }, + test => { + "ExpectedResult" => "ServerFail" + }, + }, + { + name => "Suite B P-256 Hash Algorithm Selection", + server => { + "ECDSA.Certificate" => test_pem("p256-server-cert.pem"), + "ECDSA.PrivateKey" => test_pem("p256-server-key.pem"), + "MaxProtocol" => "TLSv1.2", + "CipherString" => "SUITEB128" + }, + client => { + "VerifyCAFile" => test_pem("p384-root.pem"), + "SignatureAlgorithms" => "ECDSA+SHA384:ECDSA+SHA256" + }, + test => { + "ExpectedServerCertType" => "P-256", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "EC", + "ExpectedResult" => "Success" + }, + }, + { + name => "Suite B P-384 Hash Algorithm Selection", + server => { + "ECDSA.Certificate" => test_pem("p384-server-cert.pem"), + "ECDSA.PrivateKey" => test_pem("p384-server-key.pem"), + "MaxProtocol" => "TLSv1.2", + "CipherString" => "SUITEB128" + }, + client => { + "VerifyCAFile" => test_pem("p384-root.pem"), + "SignatureAlgorithms" => "ECDSA+SHA256:ECDSA+SHA384" + }, + test => { + "ExpectedServerCertType" => "P-384", + "ExpectedServerSignHash" => "SHA384", + "ExpectedServerSignType" => "EC", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.2 Ed25519 Client Auth", + server => { + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require" + }, + client => { + "Ed25519.Certificate" => test_pem("client-ed25519-cert.pem"), + "Ed25519.PrivateKey" => test_pem("client-ed25519-key.pem"), + "MinProtocol" => "TLSv1.2", + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedClientCertType" => "Ed25519", + "ExpectedClientSignType" => "Ed25519", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.2 Ed448 Client Auth", + server => { + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require" + }, + client => { + "Ed448.Certificate" => test_pem("client-ed448-cert.pem"), + "Ed448.PrivateKey" => test_pem("client-ed448-key.pem"), + "MinProtocol" => "TLSv1.2", + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedClientCertType" => "Ed448", + "ExpectedClientSignType" => "Ed448", + "ExpectedResult" => "Success" + }, + }, +); + +my @tests_tls_1_1 = ( + { + name => "Only RSA-PSS Certificate, TLS v1.1", + server => $server_pss_only, + client => { + "MaxProtocol" => "TLSv1.1", + }, + test => { + "ExpectedResult" => "ServerFail" + }, + }, +); + +push @tests, @tests_tls_1_1 unless disabled("tls1_1"); + +my $server_tls_1_3 = { + "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), + "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), + "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"), + "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"), + "Ed448.Certificate" => test_pem("server-ed448-cert.pem"), + "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"), + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3" +}; + +my $server_tls_1_3_pss = { + "PSS.Certificate" => test_pem("server-pss-cert.pem"), + "PSS.PrivateKey" => test_pem("server-pss-key.pem"), + "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), + "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), + "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"), + "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"), + "Ed448.Certificate" => test_pem("server-ed448-cert.pem"), + "Ed448.PrivateKey" => test_pem("server-ed449-key.pem"), + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3" +}; + +my $client_tls_1_3 = { + "RSA.Certificate" => test_pem("ee-client-chain.pem"), + "RSA.PrivateKey" => test_pem("ee-key.pem"), + "ECDSA.Certificate" => test_pem("ee-ecdsa-client-chain.pem"), + "ECDSA.PrivateKey" => test_pem("ee-ecdsa-key.pem"), + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3" +}; + +my @tests_tls_1_3 = ( + { + name => "TLS 1.3 ECDSA Signature Algorithm Selection", + server => $server_tls_1_3, + client => { + "SignatureAlgorithms" => "ECDSA+SHA256", + }, + test => { + "ExpectedServerCertType" => "P-256", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "EC", + "ExpectedServerCANames" => "empty", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 ECDSA Signature Algorithm Selection compressed point", + server => { + "ECDSA.Certificate" => test_pem("server-cecdsa-cert.pem"), + "ECDSA.PrivateKey" => test_pem("server-cecdsa-key.pem"), + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3" + }, + client => { + "SignatureAlgorithms" => "ECDSA+SHA256", + }, + test => { + "ExpectedServerCertType" => "P-256", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "EC", + "ExpectedServerCANames" => "empty", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 ECDSA Signature Algorithm Selection SHA1", + server => $server_tls_1_3, + client => { + "SignatureAlgorithms" => "ECDSA+SHA1", + }, + test => { + "ExpectedResult" => "ServerFail" + }, + }, + { + name => "TLS 1.3 ECDSA Signature Algorithm Selection with PSS", + server => $server_tls_1_3, + client => { + "SignatureAlgorithms" => "ECDSA+SHA256:RSA-PSS+SHA256", + "RequestCAFile" => test_pem("root-cert.pem"), + }, + test => { + "ExpectedServerCertType" => "P-256", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "EC", + "ExpectedServerCANames" => test_pem("root-cert.pem"), + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS", + server => $server_tls_1_3, + client => { + "SignatureAlgorithms" => "ECDSA+SHA384:RSA-PSS+SHA384", + }, + test => { + "ExpectedServerCertType" => "RSA", + "ExpectedServerSignHash" => "SHA384", + "ExpectedServerSignType" => "RSA-PSS", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3" + }, + client => { + "SignatureAlgorithms" => "ECDSA+SHA256", + }, + test => { + "ExpectedResult" => "ServerFail" + }, + }, + { + name => "TLS 1.3 RSA Signature Algorithm Selection, no PSS", + server => $server_tls_1_3, + client => { + "SignatureAlgorithms" => "RSA+SHA256", + }, + test => { + "ExpectedResult" => "ServerFail" + }, + }, + { + name => "TLS 1.3 RSA-PSS Signature Algorithm Selection", + server => $server_tls_1_3, + client => { + "SignatureAlgorithms" => "RSA-PSS+SHA256", + }, + test => { + "ExpectedServerCertType" => "RSA", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "RSA-PSS", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 Ed25519 Signature Algorithm Selection", + server => $server_tls_1_3, + client => { + "SignatureAlgorithms" => "ed25519", + }, + test => { + "ExpectedServerCertType" => "Ed25519", + "ExpectedServerSignType" => "Ed25519", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 Ed448 Signature Algorithm Selection", + server => $server_tls_1_3, + client => { + "SignatureAlgorithms" => "ed448", + "VerifyCAFile" => test_pem("root-ed448-cert.pem"), + }, + test => { + "ExpectedServerCertType" => "Ed448", + "ExpectedServerSignType" => "Ed448", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 Ed25519 CipherString and Groups Selection", + server => $server_tls_1_3, + client => { + "SignatureAlgorithms" => "ECDSA+SHA256:ed25519", + # Excluding P-256 from the supported groups list should + # mean server still uses a P-256 certificate because supported + # groups is not used in signature selection for TLS 1.3 + "Groups" => "X25519" + }, + test => { + "ExpectedServerCertType" =>, "P-256", + "ExpectedServerSignType" =>, "EC", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 Ed448 CipherString and Groups Selection", + server => $server_tls_1_3, + client => { + "SignatureAlgorithms" => "ECDSA+SHA256:ed448", + # Excluding P-256 from the supported groups list should + # mean server still uses a P-256 certificate because supported + # groups is not used in signature selection for TLS 1.3 + "Groups" => "X448" + }, + test => { + "ExpectedServerCertType" =>, "P-256", + "ExpectedServerSignType" =>, "EC", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection", + server => { + "ClientSignatureAlgorithms" => "PSS+SHA256", + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require" + }, + client => $client_tls_1_3, + test => { + "ExpectedClientCertType" => "RSA", + "ExpectedClientSignHash" => "SHA256", + "ExpectedClientSignType" => "RSA-PSS", + "ExpectedClientCANames" => "empty", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names", + server => { + "ClientSignatureAlgorithms" => "PSS+SHA256", + "VerifyCAFile" => test_pem("root-cert.pem"), + "RequestCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require" + }, + client => $client_tls_1_3, + test => { + "ExpectedClientCertType" => "RSA", + "ExpectedClientSignHash" => "SHA256", + "ExpectedClientSignType" => "RSA-PSS", + "ExpectedClientCANames" => test_pem("root-cert.pem"), + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 ECDSA Client Auth Signature Algorithm Selection", + server => { + "ClientSignatureAlgorithms" => "ECDSA+SHA256", + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require" + }, + client => $client_tls_1_3, + test => { + "ExpectedClientCertType" => "P-256", + "ExpectedClientSignHash" => "SHA256", + "ExpectedClientSignType" => "EC", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 Ed25519 Client Auth", + server => { + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require" + }, + client => { + "EdDSA.Certificate" => test_pem("client-ed25519-cert.pem"), + "EdDSA.PrivateKey" => test_pem("client-ed25519-key.pem"), + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3" + }, + test => { + "ExpectedClientCertType" => "Ed25519", + "ExpectedClientSignType" => "Ed25519", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 Ed448 Client Auth", + server => { + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require" + }, + client => { + "EdDSA.Certificate" => test_pem("client-ed448-cert.pem"), + "EdDSA.PrivateKey" => test_pem("client-ed448-key.pem"), + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3" + }, + test => { + "ExpectedClientCertType" => "Ed448", + "ExpectedClientSignType" => "Ed448", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 ECDSA with brainpool", + server => { + "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), + "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), + "Groups" => "brainpoolP256r1", + }, + client => { + "RequestCAFile" => test_pem("root-cert.pem"), + "Groups" => "brainpoolP256r1", + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3" + }, + test => { + "ExpectedResult" => "ServerFail" + }, + }, +); + +push @tests, @tests_tls_1_3 unless disabled("tls1_3"); + +my @tests_dsa_tls_1_2 = ( + { + name => "TLS 1.2 DSA Certificate Test", + server => { + "DSA.Certificate" => test_pem("server-dsa-cert.pem"), + "DSA.PrivateKey" => test_pem("server-dsa-key.pem"), + "DHParameters" => test_pem("dhp2048.pem"), + "MinProtocol" => "TLSv1.2", + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ALL", + }, + client => { + "SignatureAlgorithms" => "DSA+SHA256:DSA+SHA1", + "CipherString" => "ALL", + }, + test => { + "ExpectedResult" => "Success" + }, + }, +); + +my @tests_dsa_tls_1_3 = ( + { + name => "TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms", + server => { + "ClientSignatureAlgorithms" => "ECDSA+SHA1:DSA+SHA256:RSA+SHA256", + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Request" + }, + client => {}, + test => { + "ExpectedResult" => "ServerFail" + }, + }, + { + name => "TLS 1.3 DSA Certificate Test", + server => { + "DSA.Certificate" => test_pem("server-dsa-cert.pem"), + "DSA.PrivateKey" => test_pem("server-dsa-key.pem"), + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "CipherString" => "ALL", + }, + client => { + "SignatureAlgorithms" => "DSA+SHA1:DSA+SHA256:ECDSA+SHA256", + "CipherString" => "ALL", + }, + test => { + "ExpectedResult" => "ServerFail" + }, + }, +); + +if (!disabled("dsa")) { + push @tests, @tests_dsa_tls_1_2 unless disabled("dh"); + push @tests, @tests_dsa_tls_1_3 unless disabled("tls1_3"); +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/21-key-update.conf b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/21-key-update.conf new file mode 100644 index 000000000..b79eb4449 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/21-key-update.conf @@ -0,0 +1,112 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 4 + +test-0 = 0-update-key-client-update-not-requested +test-1 = 1-update-key-server-update-not-requested +test-2 = 2-update-key-client-update-requested +test-3 = 3-update-key-server-update-requested +# =========================================================== + +[0-update-key-client-update-not-requested] +ssl_conf = 0-update-key-client-update-not-requested-ssl + +[0-update-key-client-update-not-requested-ssl] +server = 0-update-key-client-update-not-requested-server +client = 0-update-key-client-update-not-requested-client + +[0-update-key-client-update-not-requested-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-update-key-client-update-not-requested-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +HandshakeMode = KeyUpdateClient +KeyUpdateType = KeyUpdateNotRequested +ResumptionExpected = No + + +# =========================================================== + +[1-update-key-server-update-not-requested] +ssl_conf = 1-update-key-server-update-not-requested-ssl + +[1-update-key-server-update-not-requested-ssl] +server = 1-update-key-server-update-not-requested-server +client = 1-update-key-server-update-not-requested-client + +[1-update-key-server-update-not-requested-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-update-key-server-update-not-requested-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success +HandshakeMode = KeyUpdateServer +KeyUpdateType = KeyUpdateNotRequested +ResumptionExpected = No + + +# =========================================================== + +[2-update-key-client-update-requested] +ssl_conf = 2-update-key-client-update-requested-ssl + +[2-update-key-client-update-requested-ssl] +server = 2-update-key-client-update-requested-server +client = 2-update-key-client-update-requested-client + +[2-update-key-client-update-requested-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-update-key-client-update-requested-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success +HandshakeMode = KeyUpdateClient +KeyUpdateType = KeyUpdateRequested +ResumptionExpected = No + + +# =========================================================== + +[3-update-key-server-update-requested] +ssl_conf = 3-update-key-server-update-requested-ssl + +[3-update-key-server-update-requested-ssl] +server = 3-update-key-server-update-requested-server +client = 3-update-key-server-update-requested-client + +[3-update-key-server-update-requested-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-update-key-server-update-requested-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +HandshakeMode = KeyUpdateServer +KeyUpdateType = KeyUpdateRequested +ResumptionExpected = No + + diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/21-key-update.conf.in b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/21-key-update.conf.in new file mode 100644 index 000000000..4bebb487d --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/21-key-update.conf.in @@ -0,0 +1,62 @@ +# -*- mode: perl; -*- +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test KeyUpdate + +use strict; +use warnings; + +package ssltests; + +our @tests = ( + { + name => "update-key-client-update-not-requested", + server => {}, + client => {}, + test => { + "HandshakeMode" => "KeyUpdateClient", + "KeyUpdateType" => "KeyUpdateNotRequested", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "update-key-server-update-not-requested", + server => {}, + client => {}, + test => { + "HandshakeMode" => "KeyUpdateServer", + "KeyUpdateType" => "KeyUpdateNotRequested", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "update-key-client-update-requested", + server => {}, + client => {}, + test => { + "HandshakeMode" => "KeyUpdateClient", + "KeyUpdateType" => "KeyUpdateRequested", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "update-key-server-update-requested", + server => {}, + client => {}, + test => { + "HandshakeMode" => "KeyUpdateServer", + "KeyUpdateType" => "KeyUpdateRequested", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + } +); diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/22-compression.conf b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/22-compression.conf new file mode 100644 index 000000000..c85d3129a --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/22-compression.conf @@ -0,0 +1,216 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 8 + +test-0 = 0-tlsv1_3-both-compress +test-1 = 1-tlsv1_3-client-compress +test-2 = 2-tlsv1_3-server-compress +test-3 = 3-tlsv1_3-neither-compress +test-4 = 4-tlsv1_2-both-compress +test-5 = 5-tlsv1_2-client-compress +test-6 = 6-tlsv1_2-server-compress +test-7 = 7-tlsv1_2-neither-compress +# =========================================================== + +[0-tlsv1_3-both-compress] +ssl_conf = 0-tlsv1_3-both-compress-ssl + +[0-tlsv1_3-both-compress-ssl] +server = 0-tlsv1_3-both-compress-server +client = 0-tlsv1_3-both-compress-client + +[0-tlsv1_3-both-compress-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = Compression +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-tlsv1_3-both-compress-client] +CipherString = DEFAULT +Options = Compression +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +CompressionExpected = No +ExpectedResult = Success + + +# =========================================================== + +[1-tlsv1_3-client-compress] +ssl_conf = 1-tlsv1_3-client-compress-ssl + +[1-tlsv1_3-client-compress-ssl] +server = 1-tlsv1_3-client-compress-server +client = 1-tlsv1_3-client-compress-client + +[1-tlsv1_3-client-compress-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-tlsv1_3-client-compress-client] +CipherString = DEFAULT +Options = Compression +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +CompressionExpected = No +ExpectedResult = Success + + +# =========================================================== + +[2-tlsv1_3-server-compress] +ssl_conf = 2-tlsv1_3-server-compress-ssl + +[2-tlsv1_3-server-compress-ssl] +server = 2-tlsv1_3-server-compress-server +client = 2-tlsv1_3-server-compress-client + +[2-tlsv1_3-server-compress-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = Compression +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-tlsv1_3-server-compress-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +CompressionExpected = No +ExpectedResult = Success + + +# =========================================================== + +[3-tlsv1_3-neither-compress] +ssl_conf = 3-tlsv1_3-neither-compress-ssl + +[3-tlsv1_3-neither-compress-ssl] +server = 3-tlsv1_3-neither-compress-server +client = 3-tlsv1_3-neither-compress-client + +[3-tlsv1_3-neither-compress-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-tlsv1_3-neither-compress-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +CompressionExpected = No +ExpectedResult = Success + + +# =========================================================== + +[4-tlsv1_2-both-compress] +ssl_conf = 4-tlsv1_2-both-compress-ssl + +[4-tlsv1_2-both-compress-ssl] +server = 4-tlsv1_2-both-compress-server +client = 4-tlsv1_2-both-compress-client + +[4-tlsv1_2-both-compress-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = Compression +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-tlsv1_2-both-compress-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = Compression +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +CompressionExpected = Yes +ExpectedResult = Success + + +# =========================================================== + +[5-tlsv1_2-client-compress] +ssl_conf = 5-tlsv1_2-client-compress-ssl + +[5-tlsv1_2-client-compress-ssl] +server = 5-tlsv1_2-client-compress-server +client = 5-tlsv1_2-client-compress-client + +[5-tlsv1_2-client-compress-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-tlsv1_2-client-compress-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = Compression +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +CompressionExpected = No +ExpectedResult = Success + + +# =========================================================== + +[6-tlsv1_2-server-compress] +ssl_conf = 6-tlsv1_2-server-compress-ssl + +[6-tlsv1_2-server-compress-ssl] +server = 6-tlsv1_2-server-compress-server +client = 6-tlsv1_2-server-compress-client + +[6-tlsv1_2-server-compress-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = Compression +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-tlsv1_2-server-compress-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +CompressionExpected = No +ExpectedResult = Success + + +# =========================================================== + +[7-tlsv1_2-neither-compress] +ssl_conf = 7-tlsv1_2-neither-compress-ssl + +[7-tlsv1_2-neither-compress-ssl] +server = 7-tlsv1_2-neither-compress-server +client = 7-tlsv1_2-neither-compress-client + +[7-tlsv1_2-neither-compress-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-tlsv1_2-neither-compress-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +CompressionExpected = No +ExpectedResult = Success + + diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/22-compression.conf.in b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/22-compression.conf.in new file mode 100644 index 000000000..8d4d82334 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/22-compression.conf.in @@ -0,0 +1,127 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test Compression + +use strict; +use warnings; + +package ssltests; +use OpenSSL::Test::Utils; + +our @tests = (); + +our @tests_tls1_3 = ( + { + name => "tlsv1_3-both-compress", + server => { + "Options" => "Compression" + }, + client => { + "Options" => "Compression" + }, + test => { + "CompressionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "tlsv1_3-client-compress", + server => { + }, + client => { + "Options" => "Compression" + }, + test => { + "CompressionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "tlsv1_3-server-compress", + server => { + "Options" => "Compression" + }, + client => { + }, + test => { + "CompressionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "tlsv1_3-neither-compress", + server => { + }, + client => { + }, + test => { + "CompressionExpected" => "No", + "ExpectedResult" => "Success" + } + }, +); +our @tests_tls1_2 = ( + { + name => "tlsv1_2-both-compress", + server => { + "Options" => "Compression" + }, + client => { + "Options" => "Compression", + "MaxProtocol" => "TLSv1.2" + }, + test => { + "CompressionExpected" => "Yes", + "ExpectedResult" => "Success" + } + }, + { + name => "tlsv1_2-client-compress", + server => { + }, + client => { + "Options" => "Compression", + "MaxProtocol" => "TLSv1.2" + }, + test => { + "CompressionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "tlsv1_2-server-compress", + server => { + "Options" => "Compression" + }, + client => { + "MaxProtocol" => "TLSv1.2" + }, + test => { + "CompressionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "tlsv1_2-neither-compress", + server => { + }, + client => { + "MaxProtocol" => "TLSv1.2" + }, + test => { + "CompressionExpected" => "No", + "ExpectedResult" => "Success" + } + }, +); + +push @tests, @tests_tls1_3 unless disabled("tls1_3"); +push @tests, @tests_tls1_2 unless alldisabled(("tls1_2", "tls1_1", "tls1", + "ssl3")); diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/23-srp.conf b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/23-srp.conf new file mode 100644 index 000000000..610a0bb08 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/23-srp.conf @@ -0,0 +1,148 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 4 + +test-0 = 0-srp +test-1 = 1-srp-bad-password +test-2 = 2-srp-auth +test-3 = 3-srp-auth-bad-password +# =========================================================== + +[0-srp] +ssl_conf = 0-srp-ssl + +[0-srp-ssl] +server = 0-srp-server +client = 0-srp-client + +[0-srp-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = SRP +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-srp-client] +CipherString = SRP +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +server = 0-srp-server-extra +client = 0-srp-client-extra + +[0-srp-server-extra] +SRPPassword = password +SRPUser = user + +[0-srp-client-extra] +SRPPassword = password +SRPUser = user + + +# =========================================================== + +[1-srp-bad-password] +ssl_conf = 1-srp-bad-password-ssl + +[1-srp-bad-password-ssl] +server = 1-srp-bad-password-server +client = 1-srp-bad-password-client + +[1-srp-bad-password-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = SRP +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-srp-bad-password-client] +CipherString = SRP +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = ServerFail +server = 1-srp-bad-password-server-extra +client = 1-srp-bad-password-client-extra + +[1-srp-bad-password-server-extra] +SRPPassword = password +SRPUser = user + +[1-srp-bad-password-client-extra] +SRPPassword = passw0rd +SRPUser = user + + +# =========================================================== + +[2-srp-auth] +ssl_conf = 2-srp-auth-ssl + +[2-srp-auth-ssl] +server = 2-srp-auth-server +client = 2-srp-auth-client + +[2-srp-auth-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = aSRP +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-srp-auth-client] +CipherString = aSRP +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success +server = 2-srp-auth-server-extra +client = 2-srp-auth-client-extra + +[2-srp-auth-server-extra] +SRPPassword = password +SRPUser = user + +[2-srp-auth-client-extra] +SRPPassword = password +SRPUser = user + + +# =========================================================== + +[3-srp-auth-bad-password] +ssl_conf = 3-srp-auth-bad-password-ssl + +[3-srp-auth-bad-password-ssl] +server = 3-srp-auth-bad-password-server +client = 3-srp-auth-bad-password-client + +[3-srp-auth-bad-password-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = aSRP +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-srp-auth-bad-password-client] +CipherString = aSRP +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = ServerFail +server = 3-srp-auth-bad-password-server-extra +client = 3-srp-auth-bad-password-client-extra + +[3-srp-auth-bad-password-server-extra] +SRPPassword = password +SRPUser = user + +[3-srp-auth-bad-password-client-extra] +SRPPassword = passw0rd +SRPUser = user + + diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/23-srp.conf.in b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/23-srp.conf.in new file mode 100644 index 000000000..dcbd9f4ff --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/23-srp.conf.in @@ -0,0 +1,107 @@ +# -*- mode: perl; -*- +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use warnings; + +package ssltests; + +# SRP is only supported up to TLSv1.2 + +our @tests = ( + { + name => "srp", + server => { + "CipherString" => "SRP", + "MaxProtocol" => "TLSv1.2", + extra => { + "SRPUser" => "user", + "SRPPassword" => "password", + }, + }, + client => { + "CipherString" => "SRP", + "MaxProtocol" => "TLSv1.2", + extra => { + "SRPUser" => "user", + "SRPPassword" => "password", + }, + }, + test => { + "ExpectedResult" => "Success" + }, + }, + { + name => "srp-bad-password", + server => { + "CipherString" => "SRP", + "MaxProtocol" => "TLSv1.2", + extra => { + "SRPUser" => "user", + "SRPPassword" => "password", + }, + }, + client => { + "CipherString" => "SRP", + "MaxProtocol" => "TLSv1.2", + extra => { + "SRPUser" => "user", + "SRPPassword" => "passw0rd", + }, + }, + test => { + # Server fails first with bad client Finished. + "ExpectedResult" => "ServerFail" + }, + }, + { + name => "srp-auth", + server => { + "CipherString" => "aSRP", + "MaxProtocol" => "TLSv1.2", + extra => { + "SRPUser" => "user", + "SRPPassword" => "password", + }, + }, + client => { + "CipherString" => "aSRP", + "MaxProtocol" => "TLSv1.2", + extra => { + "SRPUser" => "user", + "SRPPassword" => "password", + }, + }, + test => { + "ExpectedResult" => "Success" + }, + }, + { + name => "srp-auth-bad-password", + server => { + "CipherString" => "aSRP", + "MaxProtocol" => "TLSv1.2", + extra => { + "SRPUser" => "user", + "SRPPassword" => "password", + }, + }, + client => { + "CipherString" => "aSRP", + "MaxProtocol" => "TLSv1.2", + extra => { + "SRPUser" => "user", + "SRPPassword" => "passw0rd", + }, + }, + test => { + # Server fails first with bad client Finished. + "ExpectedResult" => "ServerFail" + }, + }, +); diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/24-padding.conf b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/24-padding.conf new file mode 100644 index 000000000..3c9f45010 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/24-padding.conf @@ -0,0 +1,34 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 1 + +test-0 = 0-default +# =========================================================== + +[0-default] +ssl_conf = 0-default-ssl + +[0-default-ssl] +server = 0-default-server +client = 0-default-client + +[0-default-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +RecordPadding = 64 + +[0-default-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +RecordPadding = 11 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success + + diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/24-padding.conf.in b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/24-padding.conf.in new file mode 100644 index 000000000..7bf256c8d --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/24-padding.conf.in @@ -0,0 +1,25 @@ +# -*- mode: perl; -*- +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## SSL test configurations + +package ssltests; + +our @tests = ( + { + name => "default", + server => { "RecordPadding" => 64, + "MaxProtocol" => "TLSv1.3", + "MinProtocol" => "TLSv1.3" }, + client => { "RecordPadding" => 11, + "MaxProtocol" => "TLSv1.3", + "MinProtocol" => "TLSv1.3" }, + test => { "ExpectedResult" => "Success" }, + }, +); diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/25-cipher.conf b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/25-cipher.conf new file mode 100644 index 000000000..a28c1f7be --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/25-cipher.conf @@ -0,0 +1,244 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 9 + +test-0 = 0-cipher-server-1 +test-1 = 1-cipher-server-2 +test-2 = 2-cipher-server-client-list +test-3 = 3-cipher-server-pref-1 +test-4 = 4-cipher-server-pref-2 +test-5 = 5-cipher-server-pref-client-list +test-6 = 6-cipher-server-pref-not-mobile +test-7 = 7-cipher-server-pref-mobile +test-8 = 8-cipher-server-pref-mobile2 +# =========================================================== + +[0-cipher-server-1] +ssl_conf = 0-cipher-server-1-ssl + +[0-cipher-server-1-ssl] +server = 0-cipher-server-1-server +client = 0-cipher-server-1-client + +[0-cipher-server-1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-cipher-server-1-client] +CipherString = ECDHE-RSA-AES256-SHA384 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedCipher = ECDHE-RSA-AES256-SHA384 + + +# =========================================================== + +[1-cipher-server-2] +ssl_conf = 1-cipher-server-2-ssl + +[1-cipher-server-2-ssl] +server = 1-cipher-server-2-server +client = 1-cipher-server-2-client + +[1-cipher-server-2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-cipher-server-2-client] +CipherString = ECDHE-RSA-AES128-SHA256 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedCipher = ECDHE-RSA-AES128-SHA256 + + +# =========================================================== + +[2-cipher-server-client-list] +ssl_conf = 2-cipher-server-client-list-ssl + +[2-cipher-server-client-list-ssl] +server = 2-cipher-server-client-list-server +client = 2-cipher-server-client-list-client + +[2-cipher-server-client-list-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-cipher-server-client-list-client] +CipherString = ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedCipher = ECDHE-RSA-AES128-SHA256 + + +# =========================================================== + +[3-cipher-server-pref-1] +ssl_conf = 3-cipher-server-pref-1-ssl + +[3-cipher-server-pref-1-ssl] +server = 3-cipher-server-pref-1-server +client = 3-cipher-server-pref-1-client + +[3-cipher-server-pref-1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256 +MaxProtocol = TLSv1.2 +Options = ServerPreference +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-cipher-server-pref-1-client] +CipherString = ECDHE-RSA-AES256-SHA384 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedCipher = ECDHE-RSA-AES256-SHA384 + + +# =========================================================== + +[4-cipher-server-pref-2] +ssl_conf = 4-cipher-server-pref-2-ssl + +[4-cipher-server-pref-2-ssl] +server = 4-cipher-server-pref-2-server +client = 4-cipher-server-pref-2-client + +[4-cipher-server-pref-2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256 +MaxProtocol = TLSv1.2 +Options = ServerPreference +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-cipher-server-pref-2-client] +CipherString = ECDHE-RSA-AES128-SHA256 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedCipher = ECDHE-RSA-AES128-SHA256 + + +# =========================================================== + +[5-cipher-server-pref-client-list] +ssl_conf = 5-cipher-server-pref-client-list-ssl + +[5-cipher-server-pref-client-list-ssl] +server = 5-cipher-server-pref-client-list-server +client = 5-cipher-server-pref-client-list-client + +[5-cipher-server-pref-client-list-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256 +MaxProtocol = TLSv1.2 +Options = ServerPreference +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-cipher-server-pref-client-list-client] +CipherString = ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedCipher = ECDHE-RSA-AES256-SHA384 + + +# =========================================================== + +[6-cipher-server-pref-not-mobile] +ssl_conf = 6-cipher-server-pref-not-mobile-ssl + +[6-cipher-server-pref-not-mobile-ssl] +server = 6-cipher-server-pref-not-mobile-server +client = 6-cipher-server-pref-not-mobile-client + +[6-cipher-server-pref-not-mobile-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305 +MaxProtocol = TLSv1.2 +Options = ServerPreference +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-cipher-server-pref-not-mobile-client] +CipherString = ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedCipher = ECDHE-RSA-AES256-SHA384 + + +# =========================================================== + +[7-cipher-server-pref-mobile] +ssl_conf = 7-cipher-server-pref-mobile-ssl + +[7-cipher-server-pref-mobile-ssl] +server = 7-cipher-server-pref-mobile-server +client = 7-cipher-server-pref-mobile-client + +[7-cipher-server-pref-mobile-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305 +MaxProtocol = TLSv1.2 +Options = ServerPreference,PrioritizeChaCha +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-cipher-server-pref-mobile-client] +CipherString = ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedCipher = ECDHE-RSA-AES256-SHA384 + + +# =========================================================== + +[8-cipher-server-pref-mobile2] +ssl_conf = 8-cipher-server-pref-mobile2-ssl + +[8-cipher-server-pref-mobile2-ssl] +server = 8-cipher-server-pref-mobile2-server +client = 8-cipher-server-pref-mobile2-client + +[8-cipher-server-pref-mobile2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305 +MaxProtocol = TLSv1.2 +Options = ServerPreference,PrioritizeChaCha +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-cipher-server-pref-mobile2-client] +CipherString = ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedCipher = ECDHE-RSA-CHACHA20-POLY1305 + + diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/25-cipher.conf.in b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/25-cipher.conf.in new file mode 100644 index 000000000..8d3917e12 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/25-cipher.conf.in @@ -0,0 +1,156 @@ +# -*- mode: perl; -*- +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test version negotiation + +use strict; +use warnings; + +package ssltests; +use OpenSSL::Test::Utils; + +our @tests = ( + { + name => "cipher-server-1", + server => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256", + }, + client => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES256-SHA384" + }, + test => { + "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384", + }, + }, + { + name => "cipher-server-2", + server => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256", + }, + client => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES128-SHA256" + }, + test => { + "ExpectedCipher" => "ECDHE-RSA-AES128-SHA256", + }, + }, + { + name => "cipher-server-client-list", + server => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256", + }, + client => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", + }, + test => { + "ExpectedCipher" => "ECDHE-RSA-AES128-SHA256", + }, + }, + { + name => "cipher-server-pref-1", + server => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256", + "Options" => "ServerPreference", + }, + client => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES256-SHA384" + }, + test => { + "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384", + }, + }, + { + name => "cipher-server-pref-2", + server => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256", + "Options" => "ServerPreference", + }, + client => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES128-SHA256" + }, + test => { + "ExpectedCipher" => "ECDHE-RSA-AES128-SHA256", + }, + }, + { + name => "cipher-server-pref-client-list", + server => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256", + "Options" => "ServerPreference", + }, + client => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", + }, + test => { + "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384", + }, + }, + { + name => "cipher-server-pref-not-mobile", + server => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305", + "Options" => "ServerPreference", + }, + client => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", + }, + test => { + "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384", + }, + }, + { + name => "cipher-server-pref-mobile", + server => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305", + "Options" => "ServerPreference,PrioritizeChaCha", + }, + client => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305", + }, + test => { + "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384", + }, + }, +); + +my @tests_poly1305 = ( + { + name => "cipher-server-pref-mobile2", + server => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305", + "Options" => "ServerPreference,PrioritizeChaCha", + }, + client => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", + }, + test => { + "ExpectedCipher" => "ECDHE-RSA-CHACHA20-POLY1305", + }, + }, +); + +push @tests, @tests_poly1305 unless disabled("poly1305") || disabled("chacha"); diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/26-tls13_client_auth.conf b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/26-tls13_client_auth.conf new file mode 100644 index 000000000..9c4239190 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/26-tls13_client_auth.conf @@ -0,0 +1,488 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 14 + +test-0 = 0-server-auth-TLSv1.3 +test-1 = 1-client-auth-TLSv1.3-request +test-2 = 2-client-auth-TLSv1.3-require-fail +test-3 = 3-client-auth-TLSv1.3-require +test-4 = 4-client-auth-TLSv1.3-require-non-empty-names +test-5 = 5-client-auth-TLSv1.3-noroot +test-6 = 6-client-auth-TLSv1.3-request-post-handshake +test-7 = 7-client-auth-TLSv1.3-require-fail-post-handshake +test-8 = 8-client-auth-TLSv1.3-require-post-handshake +test-9 = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake +test-10 = 10-client-auth-TLSv1.3-noroot-post-handshake +test-11 = 11-client-auth-TLSv1.3-request-force-client-post-handshake +test-12 = 12-client-auth-TLSv1.3-request-force-server-post-handshake +test-13 = 13-client-auth-TLSv1.3-request-force-both-post-handshake +# =========================================================== + +[0-server-auth-TLSv1.3] +ssl_conf = 0-server-auth-TLSv1.3-ssl + +[0-server-auth-TLSv1.3-ssl] +server = 0-server-auth-TLSv1.3-server +client = 0-server-auth-TLSv1.3-client + +[0-server-auth-TLSv1.3-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-server-auth-TLSv1.3-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success + + +# =========================================================== + +[1-client-auth-TLSv1.3-request] +ssl_conf = 1-client-auth-TLSv1.3-request-ssl + +[1-client-auth-TLSv1.3-request-ssl] +server = 1-client-auth-TLSv1.3-request-server +client = 1-client-auth-TLSv1.3-request-client + +[1-client-auth-TLSv1.3-request-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Request + +[1-client-auth-TLSv1.3-request-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success + + +# =========================================================== + +[2-client-auth-TLSv1.3-require-fail] +ssl_conf = 2-client-auth-TLSv1.3-require-fail-ssl + +[2-client-auth-TLSv1.3-require-fail-ssl] +server = 2-client-auth-TLSv1.3-require-fail-server +client = 2-client-auth-TLSv1.3-require-fail-client + +[2-client-auth-TLSv1.3-require-fail-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[2-client-auth-TLSv1.3-require-fail-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = ServerFail +ExpectedServerAlert = CertificateRequired + + +# =========================================================== + +[3-client-auth-TLSv1.3-require] +ssl_conf = 3-client-auth-TLSv1.3-require-ssl + +[3-client-auth-TLSv1.3-require-ssl] +server = 3-client-auth-TLSv1.3-require-server +client = 3-client-auth-TLSv1.3-require-client + +[3-client-auth-TLSv1.3-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientSignatureAlgorithms = PSS+SHA256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[3-client-auth-TLSv1.3-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedClientCANames = empty +ExpectedClientCertType = RSA +ExpectedClientSignHash = SHA256 +ExpectedClientSignType = RSA-PSS +ExpectedResult = Success + + +# =========================================================== + +[4-client-auth-TLSv1.3-require-non-empty-names] +ssl_conf = 4-client-auth-TLSv1.3-require-non-empty-names-ssl + +[4-client-auth-TLSv1.3-require-non-empty-names-ssl] +server = 4-client-auth-TLSv1.3-require-non-empty-names-server +client = 4-client-auth-TLSv1.3-require-non-empty-names-client + +[4-client-auth-TLSv1.3-require-non-empty-names-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ClientSignatureAlgorithms = PSS+SHA256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[4-client-auth-TLSv1.3-require-non-empty-names-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedClientCertType = RSA +ExpectedClientSignHash = SHA256 +ExpectedClientSignType = RSA-PSS +ExpectedResult = Success + + +# =========================================================== + +[5-client-auth-TLSv1.3-noroot] +ssl_conf = 5-client-auth-TLSv1.3-noroot-ssl + +[5-client-auth-TLSv1.3-noroot-ssl] +server = 5-client-auth-TLSv1.3-noroot-server +client = 5-client-auth-TLSv1.3-noroot-client + +[5-client-auth-TLSv1.3-noroot-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Require + +[5-client-auth-TLSv1.3-noroot-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA + + +# =========================================================== + +[6-client-auth-TLSv1.3-request-post-handshake] +ssl_conf = 6-client-auth-TLSv1.3-request-post-handshake-ssl + +[6-client-auth-TLSv1.3-request-post-handshake-ssl] +server = 6-client-auth-TLSv1.3-request-post-handshake-server +client = 6-client-auth-TLSv1.3-request-post-handshake-client + +[6-client-auth-TLSv1.3-request-post-handshake-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = RequestPostHandshake + +[6-client-auth-TLSv1.3-request-post-handshake-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = ServerFail +HandshakeMode = PostHandshakeAuth + + +# =========================================================== + +[7-client-auth-TLSv1.3-require-fail-post-handshake] +ssl_conf = 7-client-auth-TLSv1.3-require-fail-post-handshake-ssl + +[7-client-auth-TLSv1.3-require-fail-post-handshake-ssl] +server = 7-client-auth-TLSv1.3-require-fail-post-handshake-server +client = 7-client-auth-TLSv1.3-require-fail-post-handshake-client + +[7-client-auth-TLSv1.3-require-fail-post-handshake-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = RequirePostHandshake + +[7-client-auth-TLSv1.3-require-fail-post-handshake-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = ServerFail +HandshakeMode = PostHandshakeAuth + + +# =========================================================== + +[8-client-auth-TLSv1.3-require-post-handshake] +ssl_conf = 8-client-auth-TLSv1.3-require-post-handshake-ssl + +[8-client-auth-TLSv1.3-require-post-handshake-ssl] +server = 8-client-auth-TLSv1.3-require-post-handshake-server +client = 8-client-auth-TLSv1.3-require-post-handshake-client + +[8-client-auth-TLSv1.3-require-post-handshake-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientSignatureAlgorithms = PSS+SHA256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = RequestPostHandshake + +[8-client-auth-TLSv1.3-require-post-handshake-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedClientCANames = empty +ExpectedClientCertType = RSA +ExpectedClientSignHash = SHA256 +ExpectedClientSignType = RSA-PSS +ExpectedResult = Success +HandshakeMode = PostHandshakeAuth +client = 8-client-auth-TLSv1.3-require-post-handshake-client-extra + +[8-client-auth-TLSv1.3-require-post-handshake-client-extra] +EnablePHA = Yes + + +# =========================================================== + +[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake] +ssl_conf = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-ssl + +[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-ssl] +server = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-server +client = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client + +[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ClientSignatureAlgorithms = PSS+SHA256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = RequestPostHandshake + +[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedClientCertType = RSA +ExpectedClientSignHash = SHA256 +ExpectedClientSignType = RSA-PSS +ExpectedResult = Success +HandshakeMode = PostHandshakeAuth +client = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client-extra + +[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client-extra] +EnablePHA = Yes + + +# =========================================================== + +[10-client-auth-TLSv1.3-noroot-post-handshake] +ssl_conf = 10-client-auth-TLSv1.3-noroot-post-handshake-ssl + +[10-client-auth-TLSv1.3-noroot-post-handshake-ssl] +server = 10-client-auth-TLSv1.3-noroot-post-handshake-server +client = 10-client-auth-TLSv1.3-noroot-post-handshake-client + +[10-client-auth-TLSv1.3-noroot-post-handshake-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = RequirePostHandshake + +[10-client-auth-TLSv1.3-noroot-post-handshake-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA +HandshakeMode = PostHandshakeAuth +client = 10-client-auth-TLSv1.3-noroot-post-handshake-client-extra + +[10-client-auth-TLSv1.3-noroot-post-handshake-client-extra] +EnablePHA = Yes + + +# =========================================================== + +[11-client-auth-TLSv1.3-request-force-client-post-handshake] +ssl_conf = 11-client-auth-TLSv1.3-request-force-client-post-handshake-ssl + +[11-client-auth-TLSv1.3-request-force-client-post-handshake-ssl] +server = 11-client-auth-TLSv1.3-request-force-client-post-handshake-server +client = 11-client-auth-TLSv1.3-request-force-client-post-handshake-client + +[11-client-auth-TLSv1.3-request-force-client-post-handshake-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = RequestPostHandshake + +[11-client-auth-TLSv1.3-request-force-client-post-handshake-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedResult = Success +HandshakeMode = PostHandshakeAuth +client = 11-client-auth-TLSv1.3-request-force-client-post-handshake-client-extra + +[11-client-auth-TLSv1.3-request-force-client-post-handshake-client-extra] +EnablePHA = Yes + + +# =========================================================== + +[12-client-auth-TLSv1.3-request-force-server-post-handshake] +ssl_conf = 12-client-auth-TLSv1.3-request-force-server-post-handshake-ssl + +[12-client-auth-TLSv1.3-request-force-server-post-handshake-ssl] +server = 12-client-auth-TLSv1.3-request-force-server-post-handshake-server +client = 12-client-auth-TLSv1.3-request-force-server-post-handshake-client + +[12-client-auth-TLSv1.3-request-force-server-post-handshake-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = RequestPostHandshake + +[12-client-auth-TLSv1.3-request-force-server-post-handshake-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedResult = ClientFail +HandshakeMode = PostHandshakeAuth +server = 12-client-auth-TLSv1.3-request-force-server-post-handshake-server-extra + +[12-client-auth-TLSv1.3-request-force-server-post-handshake-server-extra] +ForcePHA = Yes + + +# =========================================================== + +[13-client-auth-TLSv1.3-request-force-both-post-handshake] +ssl_conf = 13-client-auth-TLSv1.3-request-force-both-post-handshake-ssl + +[13-client-auth-TLSv1.3-request-force-both-post-handshake-ssl] +server = 13-client-auth-TLSv1.3-request-force-both-post-handshake-server +client = 13-client-auth-TLSv1.3-request-force-both-post-handshake-client + +[13-client-auth-TLSv1.3-request-force-both-post-handshake-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = RequestPostHandshake + +[13-client-auth-TLSv1.3-request-force-both-post-handshake-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedResult = Success +HandshakeMode = PostHandshakeAuth +server = 13-client-auth-TLSv1.3-request-force-both-post-handshake-server-extra +client = 13-client-auth-TLSv1.3-request-force-both-post-handshake-client-extra + +[13-client-auth-TLSv1.3-request-force-both-post-handshake-server-extra] +ForcePHA = Yes + +[13-client-auth-TLSv1.3-request-force-both-post-handshake-client-extra] +EnablePHA = Yes + + diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/26-tls13_client_auth.conf.in b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/26-tls13_client_auth.conf.in new file mode 100644 index 000000000..018dd825b --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/26-tls13_client_auth.conf.in @@ -0,0 +1,302 @@ +# -*- mode: perl; -*- +# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test TLSv1.3 certificate authentication +## Similar to 04-client_auth.conf.in output, but specific for +## TLSv1.3 and post-handshake authentication + +use strict; +use warnings; + +package ssltests; +use OpenSSL::Test::Utils; + +our @tests = ( + { + name => "server-auth-TLSv1.3", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "client-auth-TLSv1.3-request", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "VerifyMode" => "Request", + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "client-auth-TLSv1.3-require-fail", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require", + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + }, + test => { + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => "CertificateRequired", + }, + }, + { + name => "client-auth-TLSv1.3-require", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "ClientSignatureAlgorithms" => "PSS+SHA256", + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Request", + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "ExpectedResult" => "Success", + "ExpectedClientCertType" => "RSA", + "ExpectedClientSignType" => "RSA-PSS", + "ExpectedClientSignHash" => "SHA256", + "ExpectedClientCANames" => "empty" + }, + }, + { + name => "client-auth-TLSv1.3-require-non-empty-names", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "ClientSignatureAlgorithms" => "PSS+SHA256", + "ClientCAFile" => test_pem("root-cert.pem"), + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Request", + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "ExpectedResult" => "Success", + "ExpectedClientCertType" => "RSA", + "ExpectedClientSignType" => "RSA-PSS", + "ExpectedClientSignHash" => "SHA256", + "ExpectedClientCANames" => test_pem("root-cert.pem"), + }, + }, + { + name => "client-auth-TLSv1.3-noroot", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "VerifyMode" => "Require", + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => "UnknownCA", + }, + }, + { + name => "client-auth-TLSv1.3-request-post-handshake", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "VerifyMode" => "RequestPostHandshake", + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + }, + test => { + "ExpectedResult" => "ServerFail", + "HandshakeMode" => "PostHandshakeAuth", + }, + }, + { + name => "client-auth-TLSv1.3-require-fail-post-handshake", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "RequirePostHandshake", + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + }, + test => { + "ExpectedResult" => "ServerFail", + "HandshakeMode" => "PostHandshakeAuth", + }, + }, + { + name => "client-auth-TLSv1.3-require-post-handshake", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "ClientSignatureAlgorithms" => "PSS+SHA256", + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "RequestPostHandshake", + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + extra => { + "EnablePHA" => "Yes", + }, + }, + test => { + "ExpectedResult" => "Success", + "HandshakeMode" => "PostHandshakeAuth", + "ExpectedClientCertType" => "RSA", + "ExpectedClientSignType" => "RSA-PSS", + "ExpectedClientSignHash" => "SHA256", + "ExpectedClientCANames" => "empty" + }, + }, + { + name => "client-auth-TLSv1.3-require-non-empty-names-post-handshake", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "ClientSignatureAlgorithms" => "PSS+SHA256", + "ClientCAFile" => test_pem("root-cert.pem"), + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "RequestPostHandshake", + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + extra => { + "EnablePHA" => "Yes", + }, + }, + test => { + "ExpectedResult" => "Success", + "HandshakeMode" => "PostHandshakeAuth", + "ExpectedClientCertType" => "RSA", + "ExpectedClientSignType" => "RSA-PSS", + "ExpectedClientSignHash" => "SHA256", + "ExpectedClientCANames" => test_pem("root-cert.pem"), + }, + }, + { + name => "client-auth-TLSv1.3-noroot-post-handshake", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "VerifyMode" => "RequirePostHandshake", + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + extra => { + "EnablePHA" => "Yes", + }, + }, + test => { + "ExpectedResult" => "ServerFail", + "HandshakeMode" => "PostHandshakeAuth", + "ExpectedServerAlert" => "UnknownCA", + }, + }, + { + name => "client-auth-TLSv1.3-request-force-client-post-handshake", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "VerifyMode" => "RequestPostHandshake", + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + extra => { + "EnablePHA" => "Yes", + }, + }, + test => { + "ExpectedResult" => "Success", + "HandshakeMode" => "PostHandshakeAuth", + }, + }, + { + name => "client-auth-TLSv1.3-request-force-server-post-handshake", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "VerifyMode" => "RequestPostHandshake", + extra => { + "ForcePHA" => "Yes", + }, + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + }, + test => { + "ExpectedResult" => "ClientFail", + "HandshakeMode" => "PostHandshakeAuth", + }, + }, + { + name => "client-auth-TLSv1.3-request-force-both-post-handshake", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "VerifyMode" => "RequestPostHandshake", + extra => { + "ForcePHA" => "Yes", + }, + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + extra => { + "EnablePHA" => "Yes", + }, + }, + test => { + "ExpectedResult" => "Success", + "HandshakeMode" => "PostHandshakeAuth", + }, + }, +); diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/27-ticket-appdata.conf b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/27-ticket-appdata.conf new file mode 100644 index 000000000..863ca7a90 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/27-ticket-appdata.conf @@ -0,0 +1,146 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 4 + +test-0 = 0-session-ticket-app-data12 +test-1 = 1-session-ticket-app-data12 +test-2 = 2-session-ticket-app-data13 +test-3 = 3-session-ticket-app-data13 +# =========================================================== + +[0-session-ticket-app-data12] +ssl_conf = 0-session-ticket-app-data12-ssl + +[0-session-ticket-app-data12-ssl] +server = 0-session-ticket-app-data12-server +client = 0-session-ticket-app-data12-client +resume-server = 0-session-ticket-app-data12-server +resume-client = 0-session-ticket-app-data12-client + +[0-session-ticket-app-data12-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-session-ticket-app-data12-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +ExpectedSessionTicketAppData = HelloWorld +HandshakeMode = Resume +ResumptionExpected = Yes +SessionTicketExpected = Yes +server = 0-session-ticket-app-data12-server-extra +resume-server = 0-session-ticket-app-data12-server-extra + +[0-session-ticket-app-data12-server-extra] +SessionTicketAppData = HelloWorld + + +# =========================================================== + +[1-session-ticket-app-data12] +ssl_conf = 1-session-ticket-app-data12-ssl + +[1-session-ticket-app-data12-ssl] +server = 1-session-ticket-app-data12-server +client = 1-session-ticket-app-data12-client +resume-server = 1-session-ticket-app-data12-server +resume-client = 1-session-ticket-app-data12-client + +[1-session-ticket-app-data12-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-session-ticket-app-data12-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success +ExpectedSessionTicketAppData = +HandshakeMode = Resume +ResumptionExpected = Yes +SessionTicketExpected = Yes + + +# =========================================================== + +[2-session-ticket-app-data13] +ssl_conf = 2-session-ticket-app-data13-ssl + +[2-session-ticket-app-data13-ssl] +server = 2-session-ticket-app-data13-server +client = 2-session-ticket-app-data13-client +resume-server = 2-session-ticket-app-data13-server +resume-client = 2-session-ticket-app-data13-client + +[2-session-ticket-app-data13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-session-ticket-app-data13-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success +ExpectedSessionTicketAppData = HelloWorld +HandshakeMode = Resume +ResumptionExpected = Yes +SessionTicketExpected = Yes +server = 2-session-ticket-app-data13-server-extra +resume-server = 2-session-ticket-app-data13-server-extra + +[2-session-ticket-app-data13-server-extra] +SessionTicketAppData = HelloWorld + + +# =========================================================== + +[3-session-ticket-app-data13] +ssl_conf = 3-session-ticket-app-data13-ssl + +[3-session-ticket-app-data13-ssl] +server = 3-session-ticket-app-data13-server +client = 3-session-ticket-app-data13-client +resume-server = 3-session-ticket-app-data13-server +resume-client = 3-session-ticket-app-data13-client + +[3-session-ticket-app-data13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-session-ticket-app-data13-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +ExpectedSessionTicketAppData = +HandshakeMode = Resume +ResumptionExpected = Yes +SessionTicketExpected = Yes + + diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/27-ticket-appdata.conf.in b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/27-ticket-appdata.conf.in new file mode 100644 index 000000000..ed919d9ba --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/27-ticket-appdata.conf.in @@ -0,0 +1,99 @@ +# -*- mode: perl; -*- +# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test session ticket app data + +use strict; +use warnings; + +package ssltests; +use OpenSSL::Test::Utils; + +our @tests12 = ( + { + "name" => "session-ticket-app-data12", + "client" => { + "MaxProtocol" => "TLSv1.2", + "Options" => "SessionTicket", + }, + "server" => { + "Options" => "SessionTicket", + "extra" => { + "SessionTicketAppData" => "HelloWorld", + }, + }, + "test" => { + "HandshakeMode" => "Resume", + "ExpectedResult" => "Success", + "SessionTicketExpected" => "Yes", + "ResumptionExpected" => "Yes", + "ExpectedSessionTicketAppData" => "HelloWorld", + } + }, + { + "name" => "session-ticket-app-data12", + "client" => { + "MaxProtocol" => "TLSv1.2", + "Options" => "SessionTicket", + }, + "server" => { + "Options" => "SessionTicket", + }, + "test" => { + "HandshakeMode" => "Resume", + "ExpectedResult" => "Success", + "SessionTicketExpected" => "Yes", + "ResumptionExpected" => "Yes", + "ExpectedSessionTicketAppData" => "", + } + } +); +our @tests13 = ( + { + "name" => "session-ticket-app-data13", + "client" => { + "MaxProtocol" => "TLSv1.3", + "Options" => "SessionTicket", + }, + "server" => { + "Options" => "SessionTicket", + "extra" => { + "SessionTicketAppData" => "HelloWorld", + }, + }, + "test" => { + "HandshakeMode" => "Resume", + "ExpectedResult" => "Success", + "SessionTicketExpected" => "Yes", + "ResumptionExpected" => "Yes", + "ExpectedSessionTicketAppData" => "HelloWorld", + } + }, + { + "name" => "session-ticket-app-data13", + "client" => { + "MaxProtocol" => "TLSv1.3", + "Options" => "SessionTicket", + }, + "server" => { + "Options" => "SessionTicket", + }, + "test" => { + "HandshakeMode" => "Resume", + "ExpectedResult" => "Success", + "SessionTicketExpected" => "Yes", + "ResumptionExpected" => "Yes", + "ExpectedSessionTicketAppData" => "", + } + } +); + +our @tests = (); +push @tests, @tests12 unless disabled("tls1_2"); +push @tests, @tests13 unless disabled("tls1_3"); diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/28-seclevel.conf b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/28-seclevel.conf new file mode 100644 index 000000000..99fa8109c --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/28-seclevel.conf @@ -0,0 +1,150 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 6 + +test-0 = 0-SECLEVEL 3 with default key +test-1 = 1-SECLEVEL 4 with ED448 key +test-2 = 2-SECLEVEL 5 server with ED448 key +test-3 = 3-SECLEVEL 5 client with ED448 key +test-4 = 4-SECLEVEL 3 with P-384 key, X25519 ECDHE +test-5 = 5-SECLEVEL 3 with ED448 key, TLSv1.2 +# =========================================================== + +[0-SECLEVEL 3 with default key] +ssl_conf = 0-SECLEVEL 3 with default key-ssl + +[0-SECLEVEL 3 with default key-ssl] +server = 0-SECLEVEL 3 with default key-server +client = 0-SECLEVEL 3 with default key-client + +[0-SECLEVEL 3 with default key-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT:@SECLEVEL=3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-SECLEVEL 3 with default key-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = ServerFail + + +# =========================================================== + +[1-SECLEVEL 4 with ED448 key] +ssl_conf = 1-SECLEVEL 4 with ED448 key-ssl + +[1-SECLEVEL 4 with ED448 key-ssl] +server = 1-SECLEVEL 4 with ED448 key-server +client = 1-SECLEVEL 4 with ED448 key-client + +[1-SECLEVEL 4 with ED448 key-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +CipherString = DEFAULT:@SECLEVEL=4 +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem + +[1-SECLEVEL 4 with ED448 key-client] +CipherString = DEFAULT:@SECLEVEL=4 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success + + +# =========================================================== + +[2-SECLEVEL 5 server with ED448 key] +ssl_conf = 2-SECLEVEL 5 server with ED448 key-ssl + +[2-SECLEVEL 5 server with ED448 key-ssl] +server = 2-SECLEVEL 5 server with ED448 key-server +client = 2-SECLEVEL 5 server with ED448 key-client + +[2-SECLEVEL 5 server with ED448 key-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +CipherString = DEFAULT:@SECLEVEL=5 +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem + +[2-SECLEVEL 5 server with ED448 key-client] +CipherString = DEFAULT:@SECLEVEL=4 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = ServerFail + + +# =========================================================== + +[3-SECLEVEL 5 client with ED448 key] +ssl_conf = 3-SECLEVEL 5 client with ED448 key-ssl + +[3-SECLEVEL 5 client with ED448 key-ssl] +server = 3-SECLEVEL 5 client with ED448 key-server +client = 3-SECLEVEL 5 client with ED448 key-client + +[3-SECLEVEL 5 client with ED448 key-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +CipherString = DEFAULT:@SECLEVEL=4 +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem + +[3-SECLEVEL 5 client with ED448 key-client] +CipherString = DEFAULT:@SECLEVEL=5 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = ServerFail + + +# =========================================================== + +[4-SECLEVEL 3 with P-384 key, X25519 ECDHE] +ssl_conf = 4-SECLEVEL 3 with P-384 key, X25519 ECDHE-ssl + +[4-SECLEVEL 3 with P-384 key, X25519 ECDHE-ssl] +server = 4-SECLEVEL 3 with P-384 key, X25519 ECDHE-server +client = 4-SECLEVEL 3 with P-384 key, X25519 ECDHE-client + +[4-SECLEVEL 3 with P-384 key, X25519 ECDHE-server] +Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem +CipherString = DEFAULT:@SECLEVEL=3 +Groups = X25519 +PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem + +[4-SECLEVEL 3 with P-384 key, X25519 ECDHE-client] +CipherString = ECDHE:@SECLEVEL=3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success + + +# =========================================================== + +[5-SECLEVEL 3 with ED448 key, TLSv1.2] +ssl_conf = 5-SECLEVEL 3 with ED448 key, TLSv1.2-ssl + +[5-SECLEVEL 3 with ED448 key, TLSv1.2-ssl] +server = 5-SECLEVEL 3 with ED448 key, TLSv1.2-server +client = 5-SECLEVEL 3 with ED448 key, TLSv1.2-client + +[5-SECLEVEL 3 with ED448 key, TLSv1.2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +CipherString = DEFAULT:@SECLEVEL=3 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem + +[5-SECLEVEL 3 with ED448 key, TLSv1.2-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = Success + + diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/28-seclevel.conf.in b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/28-seclevel.conf.in new file mode 100644 index 000000000..2c12de792 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/28-seclevel.conf.in @@ -0,0 +1,83 @@ +# -*- mode: perl; -*- +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## SSL test configurations + +package ssltests; +use OpenSSL::Test::Utils; + +our @tests = ( + { + name => "SECLEVEL 3 with default key", + server => { "CipherString" => "DEFAULT:\@SECLEVEL=3" }, + client => { }, + test => { "ExpectedResult" => "ServerFail" }, + }, +); + +our @tests_ec = ( + { + name => "SECLEVEL 4 with ED448 key", + server => { "CipherString" => "DEFAULT:\@SECLEVEL=4", + "Certificate" => test_pem("server-ed448-cert.pem"), + "PrivateKey" => test_pem("server-ed448-key.pem") }, + client => { "CipherString" => "DEFAULT:\@SECLEVEL=4", + "VerifyCAFile" => test_pem("root-ed448-cert.pem") }, + test => { "ExpectedResult" => "Success" }, + }, + { + # The Ed488 signature algorithm will not be enabled. + # Because of the config order, the certificate is first loaded, and + # then the security level is chaged. If you try this with s_server + # the order will be reversed and it will instead fail to load the key. + name => "SECLEVEL 5 server with ED448 key", + server => { "CipherString" => "DEFAULT:\@SECLEVEL=5", + "Certificate" => test_pem("server-ed448-cert.pem"), + "PrivateKey" => test_pem("server-ed448-key.pem") }, + client => { "CipherString" => "DEFAULT:\@SECLEVEL=4", + "VerifyCAFile" => test_pem("root-ed448-cert.pem") }, + test => { "ExpectedResult" => "ServerFail" }, + }, + { + # The client will not sent the Ed488 signature algorithm, so the server + # doesn't have a useable signature algorithm for the certificate. + name => "SECLEVEL 5 client with ED448 key", + server => { "CipherString" => "DEFAULT:\@SECLEVEL=4", + "Certificate" => test_pem("server-ed448-cert.pem"), + "PrivateKey" => test_pem("server-ed448-key.pem") }, + client => { "CipherString" => "DEFAULT:\@SECLEVEL=5", + "VerifyCAFile" => test_pem("root-ed448-cert.pem") }, + test => { "ExpectedResult" => "ServerFail" }, + }, + { + name => "SECLEVEL 3 with P-384 key, X25519 ECDHE", + server => { "CipherString" => "DEFAULT:\@SECLEVEL=3", + "Certificate" => test_pem("p384-server-cert.pem"), + "PrivateKey" => test_pem("p384-server-key.pem"), + "Groups" => "X25519" }, + client => { "CipherString" => "ECDHE:\@SECLEVEL=3", + "VerifyCAFile" => test_pem("p384-root.pem") }, + test => { "ExpectedResult" => "Success" }, + }, +); + +our @tests_tls1_2 = ( + { + name => "SECLEVEL 3 with ED448 key, TLSv1.2", + server => { "CipherString" => "DEFAULT:\@SECLEVEL=3", + "Certificate" => test_pem("server-ed448-cert.pem"), + "PrivateKey" => test_pem("server-ed448-key.pem"), + "MaxProtocol" => "TLSv1.2" }, + client => { "VerifyCAFile" => test_pem("root-ed448-cert.pem") }, + test => { "ExpectedResult" => "Success" }, + }, +); + +push @tests, @tests_ec unless disabled("ec"); +push @tests, @tests_tls1_2 unless disabled("tls1_2") || disabled("ec"); diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/29-dtls-sctp-label-bug.conf b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/29-dtls-sctp-label-bug.conf new file mode 100644 index 000000000..24f9e04f1 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/29-dtls-sctp-label-bug.conf @@ -0,0 +1,116 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 4 + +test-0 = 0-SCTPLabelBug-good1 +test-1 = 1-SCTPLabelBug-good2 +test-2 = 2-SCTPLabelBug-bad1 +test-3 = 3-SCTPLabelBug-bad2 +# =========================================================== + +[0-SCTPLabelBug-good1] +ssl_conf = 0-SCTPLabelBug-good1-ssl + +[0-SCTPLabelBug-good1-ssl] +server = 0-SCTPLabelBug-good1-server +client = 0-SCTPLabelBug-good1-client + +[0-SCTPLabelBug-good1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-SCTPLabelBug-good1-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +EnableClientSCTPLabelBug = No +EnableServerSCTPLabelBug = No +ExpectedResult = Success +Method = DTLS +UseSCTP = Yes + + +# =========================================================== + +[1-SCTPLabelBug-good2] +ssl_conf = 1-SCTPLabelBug-good2-ssl + +[1-SCTPLabelBug-good2-ssl] +server = 1-SCTPLabelBug-good2-server +client = 1-SCTPLabelBug-good2-client + +[1-SCTPLabelBug-good2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-SCTPLabelBug-good2-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +EnableClientSCTPLabelBug = Yes +EnableServerSCTPLabelBug = Yes +ExpectedResult = Success +Method = DTLS +UseSCTP = Yes + + +# =========================================================== + +[2-SCTPLabelBug-bad1] +ssl_conf = 2-SCTPLabelBug-bad1-ssl + +[2-SCTPLabelBug-bad1-ssl] +server = 2-SCTPLabelBug-bad1-server +client = 2-SCTPLabelBug-bad1-client + +[2-SCTPLabelBug-bad1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-SCTPLabelBug-bad1-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +EnableClientSCTPLabelBug = Yes +EnableServerSCTPLabelBug = No +ExpectedResult = ClientFail +Method = DTLS +UseSCTP = Yes + + +# =========================================================== + +[3-SCTPLabelBug-bad2] +ssl_conf = 3-SCTPLabelBug-bad2-ssl + +[3-SCTPLabelBug-bad2-ssl] +server = 3-SCTPLabelBug-bad2-server +client = 3-SCTPLabelBug-bad2-client + +[3-SCTPLabelBug-bad2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-SCTPLabelBug-bad2-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +EnableClientSCTPLabelBug = No +EnableServerSCTPLabelBug = Yes +ExpectedResult = ClientFail +Method = DTLS +UseSCTP = Yes + + diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/29-dtls-sctp-label-bug.conf.in b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/29-dtls-sctp-label-bug.conf.in new file mode 100644 index 000000000..97476999b --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/29-dtls-sctp-label-bug.conf.in @@ -0,0 +1,67 @@ +# -*- mode: perl; -*- +# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG handling + +use strict; +use warnings; + +package ssltests; +use OpenSSL::Test::Utils; + +our @tests = ( + { + name => "SCTPLabelBug-good1", + server => {}, + client => {}, + test => { + "Method" => "DTLS", + "UseSCTP" => "Yes", + "EnableClientSCTPLabelBug" => "No", + "EnableServerSCTPLabelBug" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "SCTPLabelBug-good2", + server => {}, + client => {}, + test => { + "Method" => "DTLS", + "UseSCTP" => "Yes", + "EnableClientSCTPLabelBug" => "Yes", + "EnableServerSCTPLabelBug" => "Yes", + "ExpectedResult" => "Success" + } + }, + { + name => "SCTPLabelBug-bad1", + server => {}, + client => {}, + test => { + "Method" => "DTLS", + "UseSCTP" => "Yes", + "EnableClientSCTPLabelBug" => "Yes", + "EnableServerSCTPLabelBug" => "No", + "ExpectedResult" => "ClientFail" + } + }, + { + name => "SCTPLabelBug-bad2", + server => {}, + client => {}, + test => { + "Method" => "DTLS", + "UseSCTP" => "Yes", + "EnableClientSCTPLabelBug" => "No", + "EnableServerSCTPLabelBug" => "Yes", + "ExpectedResult" => "ClientFail" + } + }, +); diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/protocol_version.pm b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/protocol_version.pm new file mode 100644 index 000000000..943719e84 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/protocol_version.pm @@ -0,0 +1,315 @@ +# -*- mode: perl; -*- +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test version negotiation + +package ssltests; + +use strict; +use warnings; + +use List::Util qw/max min/; + +use OpenSSL::Test; +use OpenSSL::Test::Utils qw/anydisabled alldisabled disabled/; +setup("no_test_here"); + +my @tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"); +# undef stands for "no limit". +my @min_tls_protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"); +my @max_tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3", undef); + +my @is_tls_disabled = anydisabled("ssl3", "tls1", "tls1_1", "tls1_2", "tls1_3"); + +my $min_tls_enabled; my $max_tls_enabled; + +# Protocol configuration works in cascades, i.e., +# $no_tls1_1 disables TLSv1.1 and below. +# +# $min_enabled and $max_enabled will be correct if there is at least one +# protocol enabled. +foreach my $i (0..$#tls_protocols) { + if (!$is_tls_disabled[$i]) { + $min_tls_enabled = $i; + last; + } +} + +foreach my $i (0..$#tls_protocols) { + if (!$is_tls_disabled[$i]) { + $max_tls_enabled = $i; + } +} + +my @dtls_protocols = ("DTLSv1", "DTLSv1.2"); +# undef stands for "no limit". +my @min_dtls_protocols = (undef, "DTLSv1", "DTLSv1.2"); +my @max_dtls_protocols = ("DTLSv1", "DTLSv1.2", undef); + +my @is_dtls_disabled = anydisabled("dtls1", "dtls1_2"); + +my $min_dtls_enabled; my $max_dtls_enabled; + +# $min_enabled and $max_enabled will be correct if there is at least one +# protocol enabled. +foreach my $i (0..$#dtls_protocols) { + if (!$is_dtls_disabled[$i]) { + $min_dtls_enabled = $i; + last; + } +} + +foreach my $i (0..$#dtls_protocols) { + if (!$is_dtls_disabled[$i]) { + $max_dtls_enabled = $i; + } +} + +sub no_tests { + my ($dtls) = @_; + return $dtls ? alldisabled("dtls1", "dtls1_2") : + alldisabled("ssl3", "tls1", "tls1_1", "tls1_2", "tls1_3"); +} + +sub generate_version_tests { + my ($method) = @_; + + my $dtls = $method eq "DTLS"; + # Don't write the redundant "Method = TLS" into the configuration. + undef $method if !$dtls; + + my @protocols = $dtls ? @dtls_protocols : @tls_protocols; + my @min_protocols = $dtls ? @min_dtls_protocols : @min_tls_protocols; + my @max_protocols = $dtls ? @max_dtls_protocols : @max_tls_protocols; + my $min_enabled = $dtls ? $min_dtls_enabled : $min_tls_enabled; + my $max_enabled = $dtls ? $max_dtls_enabled : $max_tls_enabled; + + if (no_tests($dtls)) { + return; + } + + my @tests = (); + + for (my $sctp = 0; $sctp < ($dtls && !disabled("sctp") ? 2 : 1); $sctp++) { + foreach my $c_min (0..$#min_protocols) { + my $c_max_min = $c_min == 0 ? 0 : $c_min - 1; + foreach my $c_max ($c_max_min..$#max_protocols) { + foreach my $s_min (0..$#min_protocols) { + my $s_max_min = $s_min == 0 ? 0 : $s_min - 1; + foreach my $s_max ($s_max_min..$#max_protocols) { + my ($result, $protocol) = + expected_result($c_min, $c_max, $s_min, $s_max, + $min_enabled, $max_enabled, + \@protocols); + push @tests, { + "name" => "version-negotiation", + "client" => { + "MinProtocol" => $min_protocols[$c_min], + "MaxProtocol" => $max_protocols[$c_max], + }, + "server" => { + "MinProtocol" => $min_protocols[$s_min], + "MaxProtocol" => $max_protocols[$s_max], + }, + "test" => { + "ExpectedResult" => $result, + "ExpectedProtocol" => $protocol, + "Method" => $method, + } + }; + $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; + } + } + } + } + } + return @tests if disabled("tls1_3") || disabled("tls1_2") || $dtls; + + #Add some version/ciphersuite sanity check tests + push @tests, { + "name" => "ciphersuite-sanity-check-client", + "client" => { + #Offering only <=TLSv1.2 ciphersuites with TLSv1.3 should fail + "CipherString" => "AES128-SHA", + "Ciphersuites" => "", + }, + "server" => { + "MaxProtocol" => "TLSv1.2" + }, + "test" => { + "ExpectedResult" => "ClientFail", + } + }; + push @tests, { + "name" => "ciphersuite-sanity-check-server", + "client" => { + "CipherString" => "AES128-SHA", + "MaxProtocol" => "TLSv1.2" + }, + "server" => { + #Allowing only <=TLSv1.2 ciphersuites with TLSv1.3 should fail + "CipherString" => "AES128-SHA", + "Ciphersuites" => "", + }, + "test" => { + "ExpectedResult" => "ServerFail", + } + }; + + return @tests; +} + +sub generate_resumption_tests { + my ($method) = @_; + + my $dtls = $method eq "DTLS"; + # Don't write the redundant "Method = TLS" into the configuration. + undef $method if !$dtls; + + my @protocols = $dtls ? @dtls_protocols : @tls_protocols; + my $min_enabled = $dtls ? $min_dtls_enabled : $min_tls_enabled; + my $max_enabled = $dtls ? $max_dtls_enabled : $max_tls_enabled; + + if (no_tests($dtls)) { + return; + } + + my @server_tests = (); + my @client_tests = (); + + # Obtain the first session against a fixed-version server/client. + foreach my $original_protocol($min_enabled..$max_enabled) { + # Upgrade or downgrade the server/client max version support and test + # that it upgrades, downgrades or resumes the session as well. + foreach my $resume_protocol($min_enabled..$max_enabled) { + my $resumption_expected; + # We should only resume on exact version match. + if ($original_protocol eq $resume_protocol) { + $resumption_expected = "Yes"; + } else { + $resumption_expected = "No"; + } + + for (my $sctp = 0; $sctp < ($dtls && !disabled("sctp") ? 2 : 1); + $sctp++) { + foreach my $ticket ("SessionTicket", "-SessionTicket") { + # Client is flexible, server upgrades/downgrades. + push @server_tests, { + "name" => "resumption", + "client" => { }, + "server" => { + "MinProtocol" => $protocols[$original_protocol], + "MaxProtocol" => $protocols[$original_protocol], + "Options" => $ticket, + }, + "resume_server" => { + "MaxProtocol" => $protocols[$resume_protocol], + "Options" => $ticket, + }, + "test" => { + "ExpectedProtocol" => $protocols[$resume_protocol], + "Method" => $method, + "HandshakeMode" => "Resume", + "ResumptionExpected" => $resumption_expected, + } + }; + $server_tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; + # Server is flexible, client upgrades/downgrades. + push @client_tests, { + "name" => "resumption", + "client" => { + "MinProtocol" => $protocols[$original_protocol], + "MaxProtocol" => $protocols[$original_protocol], + }, + "server" => { + "Options" => $ticket, + }, + "resume_client" => { + "MaxProtocol" => $protocols[$resume_protocol], + }, + "test" => { + "ExpectedProtocol" => $protocols[$resume_protocol], + "Method" => $method, + "HandshakeMode" => "Resume", + "ResumptionExpected" => $resumption_expected, + } + }; + $client_tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; + } + } + } + } + + if (!disabled("tls1_3") && !$dtls) { + push @client_tests, { + "name" => "resumption-with-hrr", + "client" => { + }, + "server" => { + "Curves" => "P-256" + }, + "resume_client" => { + }, + "test" => { + "ExpectedProtocol" => "TLSv1.3", + "Method" => "TLS", + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + } + }; + } + + return (@server_tests, @client_tests); +} + +sub expected_result { + my ($c_min, $c_max, $s_min, $s_max, $min_enabled, $max_enabled, + $protocols) = @_; + + # Adjust for "undef" (no limit). + $c_min = $c_min == 0 ? 0 : $c_min - 1; + $c_max = $c_max == scalar @$protocols ? $c_max - 1 : $c_max; + $s_min = $s_min == 0 ? 0 : $s_min - 1; + $s_max = $s_max == scalar @$protocols ? $s_max - 1 : $s_max; + + # We now have at least one protocol enabled, so $min_enabled and + # $max_enabled are well-defined. + $c_min = max $c_min, $min_enabled; + $s_min = max $s_min, $min_enabled; + $c_max = min $c_max, $max_enabled; + $s_max = min $s_max, $max_enabled; + + if ($c_min > $c_max) { + # Client should fail to even send a hello. + return ("ClientFail", undef); + } elsif ($s_min > $s_max) { + # Server has no protocols, should always fail. + return ("ServerFail", undef); + } elsif ($s_min > $c_max) { + # Server doesn't support the client range. + return ("ServerFail", undef); + } elsif ($c_min > $s_max) { + my @prots = @$protocols; + if ($prots[$c_max] eq "TLSv1.3") { + # Client will have sent supported_versions, so server will know + # that there are no overlapping versions. + return ("ServerFail", undef); + } else { + # Server will try with a version that is lower than the lowest + # supported client version. + return ("ClientFail", undef); + } + } else { + # Server and client ranges overlap. + my $max_common = $s_max < $c_max ? $s_max : $c_max; + return ("Success", $protocols->[$max_common]); + } +} + +1; diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/ssltests_base.pm b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/ssltests_base.pm new file mode 100644 index 000000000..dc816429b --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/ssltests_base.pm @@ -0,0 +1,30 @@ +# -*- mode: perl; -*- +# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +## SSL test configurations + +package ssltests; + +sub test_pem +{ + my ($file) = @_; + my $dir_sep = $^O ne "VMS" ? "/" : ""; + return "\${ENV::TEST_CERTS_DIR}" . $dir_sep . $file, +} + +our %base_server = ( + "Certificate" => test_pem("servercert.pem"), + "PrivateKey" => test_pem("serverkey.pem"), + "CipherString" => "DEFAULT", +); + +our %base_client = ( + "VerifyCAFile" => test_pem("rootcert.pem"), + "VerifyMode" => "Peer", + "CipherString" => "DEFAULT", +); |