Add additional ECDSA/Ed25519 selection tests.
Add two tests with ECDSA+SHA256 preferred over Ed25519, the second also excludes P-256 from the supported curves extension which will force the use of Ed25519 in TLS 1.2, but not TLS 1.3: this would fail before the certificate table updates. Add TLS 1.3 test also with P-256 exclude from the groups extension: this should have no effect as the groups extension is not used for signature selection in TLS 1.3 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3858)
This commit is contained in:
Dr. Stephen Henson
parent
13cc257423
commit
50a3a1f04b
2 changed files with 244 additions and 128 deletions
|
|
@ -1,22 +1,24 @@
|
|||
# Generated with generate_ssl_tests.pl
|
||||
|
||||
num_tests = 15
|
||||
num_tests = 17
|
||||
|
||||
test-0 = 0-ECDSA CipherString Selection
|
||||
test-1 = 1-Ed25519 CipherString and Signature Algorithm Selection
|
||||
test-2 = 2-RSA CipherString Selection
|
||||
test-3 = 3-ECDSA CipherString Selection, no ECDSA certificate
|
||||
test-4 = 4-ECDSA Signature Algorithm Selection
|
||||
test-5 = 5-ECDSA Signature Algorithm Selection SHA384
|
||||
test-6 = 6-ECDSA Signature Algorithm Selection SHA1
|
||||
test-7 = 7-ECDSA Signature Algorithm Selection compressed point
|
||||
test-8 = 8-ECDSA Signature Algorithm Selection, no ECDSA certificate
|
||||
test-9 = 9-RSA Signature Algorithm Selection
|
||||
test-10 = 10-RSA-PSS Signature Algorithm Selection
|
||||
test-11 = 11-Suite B P-256 Hash Algorithm Selection
|
||||
test-12 = 12-Suite B P-384 Hash Algorithm Selection
|
||||
test-13 = 13-TLS 1.2 Ed25519 Client Auth
|
||||
test-14 = 14-TLS 1.2 DSA Certificate Test
|
||||
test-3 = 3-P-256 CipherString and Signature Algorithm Selection
|
||||
test-4 = 4-Ed25519 CipherString and Curves Selection
|
||||
test-5 = 5-ECDSA CipherString Selection, no ECDSA certificate
|
||||
test-6 = 6-ECDSA Signature Algorithm Selection
|
||||
test-7 = 7-ECDSA Signature Algorithm Selection SHA384
|
||||
test-8 = 8-ECDSA Signature Algorithm Selection SHA1
|
||||
test-9 = 9-ECDSA Signature Algorithm Selection compressed point
|
||||
test-10 = 10-ECDSA Signature Algorithm Selection, no ECDSA certificate
|
||||
test-11 = 11-RSA Signature Algorithm Selection
|
||||
test-12 = 12-RSA-PSS Signature Algorithm Selection
|
||||
test-13 = 13-Suite B P-256 Hash Algorithm Selection
|
||||
test-14 = 14-Suite B P-384 Hash Algorithm Selection
|
||||
test-15 = 15-TLS 1.2 Ed25519 Client Auth
|
||||
test-16 = 16-TLS 1.2 DSA Certificate Test
|
||||
# ===========================================================
|
||||
|
||||
[0-ECDSA CipherString Selection]
|
||||
|
|
@ -117,39 +119,14 @@ ExpectedServerSignType = RSA-PSS
|
|||
|
||||
# ===========================================================
|
||||
|
||||
[3-ECDSA CipherString Selection, no ECDSA certificate]
|
||||
ssl_conf = 3-ECDSA CipherString Selection, no ECDSA certificate-ssl
|
||||
[3-P-256 CipherString and Signature Algorithm Selection]
|
||||
ssl_conf = 3-P-256 CipherString and Signature Algorithm Selection-ssl
|
||||
|
||||
[3-ECDSA CipherString Selection, no ECDSA certificate-ssl]
|
||||
server = 3-ECDSA CipherString Selection, no ECDSA certificate-server
|
||||
client = 3-ECDSA CipherString Selection, no ECDSA certificate-client
|
||||
[3-P-256 CipherString and Signature Algorithm Selection-ssl]
|
||||
server = 3-P-256 CipherString and Signature Algorithm Selection-server
|
||||
client = 3-P-256 CipherString and Signature Algorithm Selection-client
|
||||
|
||||
[3-ECDSA CipherString Selection, no ECDSA certificate-server]
|
||||
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
||||
CipherString = DEFAULT
|
||||
MaxProtocol = TLSv1.2
|
||||
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
||||
|
||||
[3-ECDSA CipherString Selection, no ECDSA certificate-client]
|
||||
CipherString = aECDSA
|
||||
MaxProtocol = TLSv1.2
|
||||
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
||||
VerifyMode = Peer
|
||||
|
||||
[test-3]
|
||||
ExpectedResult = ServerFail
|
||||
|
||||
|
||||
# ===========================================================
|
||||
|
||||
[4-ECDSA Signature Algorithm Selection]
|
||||
ssl_conf = 4-ECDSA Signature Algorithm Selection-ssl
|
||||
|
||||
[4-ECDSA Signature Algorithm Selection-ssl]
|
||||
server = 4-ECDSA Signature Algorithm Selection-server
|
||||
client = 4-ECDSA Signature Algorithm Selection-client
|
||||
|
||||
[4-ECDSA Signature Algorithm Selection-server]
|
||||
[3-P-256 CipherString and Signature Algorithm Selection-server]
|
||||
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
||||
CipherString = DEFAULT
|
||||
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
|
||||
|
|
@ -159,13 +136,14 @@ EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
|
|||
MaxProtocol = TLSv1.2
|
||||
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
||||
|
||||
[4-ECDSA Signature Algorithm Selection-client]
|
||||
CipherString = DEFAULT
|
||||
SignatureAlgorithms = ECDSA+SHA256
|
||||
[3-P-256 CipherString and Signature Algorithm Selection-client]
|
||||
CipherString = aECDSA
|
||||
MaxProtocol = TLSv1.2
|
||||
SignatureAlgorithms = ECDSA+SHA256:ed25519
|
||||
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
||||
VerifyMode = Peer
|
||||
|
||||
[test-4]
|
||||
[test-3]
|
||||
ExpectedResult = Success
|
||||
ExpectedServerCertType = P-256
|
||||
ExpectedServerSignHash = SHA256
|
||||
|
|
@ -174,14 +152,14 @@ ExpectedServerSignType = EC
|
|||
|
||||
# ===========================================================
|
||||
|
||||
[5-ECDSA Signature Algorithm Selection SHA384]
|
||||
ssl_conf = 5-ECDSA Signature Algorithm Selection SHA384-ssl
|
||||
[4-Ed25519 CipherString and Curves Selection]
|
||||
ssl_conf = 4-Ed25519 CipherString and Curves Selection-ssl
|
||||
|
||||
[5-ECDSA Signature Algorithm Selection SHA384-ssl]
|
||||
server = 5-ECDSA Signature Algorithm Selection SHA384-server
|
||||
client = 5-ECDSA Signature Algorithm Selection SHA384-client
|
||||
[4-Ed25519 CipherString and Curves Selection-ssl]
|
||||
server = 4-Ed25519 CipherString and Curves Selection-server
|
||||
client = 4-Ed25519 CipherString and Curves Selection-client
|
||||
|
||||
[5-ECDSA Signature Algorithm Selection SHA384-server]
|
||||
[4-Ed25519 CipherString and Curves Selection-server]
|
||||
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
||||
CipherString = DEFAULT
|
||||
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
|
||||
|
|
@ -191,13 +169,103 @@ EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
|
|||
MaxProtocol = TLSv1.2
|
||||
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
||||
|
||||
[5-ECDSA Signature Algorithm Selection SHA384-client]
|
||||
[4-Ed25519 CipherString and Curves Selection-client]
|
||||
CipherString = aECDSA
|
||||
Curves = X25519
|
||||
MaxProtocol = TLSv1.2
|
||||
SignatureAlgorithms = ECDSA+SHA256:ed25519
|
||||
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
||||
VerifyMode = Peer
|
||||
|
||||
[test-4]
|
||||
ExpectedResult = Success
|
||||
ExpectedServerCertType = Ed25519
|
||||
ExpectedServerSignType = Ed25519
|
||||
|
||||
|
||||
# ===========================================================
|
||||
|
||||
[5-ECDSA CipherString Selection, no ECDSA certificate]
|
||||
ssl_conf = 5-ECDSA CipherString Selection, no ECDSA certificate-ssl
|
||||
|
||||
[5-ECDSA CipherString Selection, no ECDSA certificate-ssl]
|
||||
server = 5-ECDSA CipherString Selection, no ECDSA certificate-server
|
||||
client = 5-ECDSA CipherString Selection, no ECDSA certificate-client
|
||||
|
||||
[5-ECDSA CipherString Selection, no ECDSA certificate-server]
|
||||
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
||||
CipherString = DEFAULT
|
||||
MaxProtocol = TLSv1.2
|
||||
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
||||
|
||||
[5-ECDSA CipherString Selection, no ECDSA certificate-client]
|
||||
CipherString = aECDSA
|
||||
MaxProtocol = TLSv1.2
|
||||
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
||||
VerifyMode = Peer
|
||||
|
||||
[test-5]
|
||||
ExpectedResult = ServerFail
|
||||
|
||||
|
||||
# ===========================================================
|
||||
|
||||
[6-ECDSA Signature Algorithm Selection]
|
||||
ssl_conf = 6-ECDSA Signature Algorithm Selection-ssl
|
||||
|
||||
[6-ECDSA Signature Algorithm Selection-ssl]
|
||||
server = 6-ECDSA Signature Algorithm Selection-server
|
||||
client = 6-ECDSA Signature Algorithm Selection-client
|
||||
|
||||
[6-ECDSA Signature Algorithm Selection-server]
|
||||
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
||||
CipherString = DEFAULT
|
||||
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
|
||||
ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
|
||||
EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
|
||||
EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
|
||||
MaxProtocol = TLSv1.2
|
||||
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
||||
|
||||
[6-ECDSA Signature Algorithm Selection-client]
|
||||
CipherString = DEFAULT
|
||||
SignatureAlgorithms = ECDSA+SHA256
|
||||
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
||||
VerifyMode = Peer
|
||||
|
||||
[test-6]
|
||||
ExpectedResult = Success
|
||||
ExpectedServerCertType = P-256
|
||||
ExpectedServerSignHash = SHA256
|
||||
ExpectedServerSignType = EC
|
||||
|
||||
|
||||
# ===========================================================
|
||||
|
||||
[7-ECDSA Signature Algorithm Selection SHA384]
|
||||
ssl_conf = 7-ECDSA Signature Algorithm Selection SHA384-ssl
|
||||
|
||||
[7-ECDSA Signature Algorithm Selection SHA384-ssl]
|
||||
server = 7-ECDSA Signature Algorithm Selection SHA384-server
|
||||
client = 7-ECDSA Signature Algorithm Selection SHA384-client
|
||||
|
||||
[7-ECDSA Signature Algorithm Selection SHA384-server]
|
||||
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
||||
CipherString = DEFAULT
|
||||
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
|
||||
ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
|
||||
EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
|
||||
EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
|
||||
MaxProtocol = TLSv1.2
|
||||
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
||||
|
||||
[7-ECDSA Signature Algorithm Selection SHA384-client]
|
||||
CipherString = DEFAULT
|
||||
SignatureAlgorithms = ECDSA+SHA384
|
||||
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
||||
VerifyMode = Peer
|
||||
|
||||
[test-5]
|
||||
[test-7]
|
||||
ExpectedResult = Success
|
||||
ExpectedServerCertType = P-256
|
||||
ExpectedServerSignHash = SHA384
|
||||
|
|
@ -206,14 +274,14 @@ ExpectedServerSignType = EC
|
|||
|
||||
# ===========================================================
|
||||
|
||||
[6-ECDSA Signature Algorithm Selection SHA1]
|
||||
ssl_conf = 6-ECDSA Signature Algorithm Selection SHA1-ssl
|
||||
[8-ECDSA Signature Algorithm Selection SHA1]
|
||||
ssl_conf = 8-ECDSA Signature Algorithm Selection SHA1-ssl
|
||||
|
||||
[6-ECDSA Signature Algorithm Selection SHA1-ssl]
|
||||
server = 6-ECDSA Signature Algorithm Selection SHA1-server
|
||||
client = 6-ECDSA Signature Algorithm Selection SHA1-client
|
||||
[8-ECDSA Signature Algorithm Selection SHA1-ssl]
|
||||
server = 8-ECDSA Signature Algorithm Selection SHA1-server
|
||||
client = 8-ECDSA Signature Algorithm Selection SHA1-client
|
||||
|
||||
[6-ECDSA Signature Algorithm Selection SHA1-server]
|
||||
[8-ECDSA Signature Algorithm Selection SHA1-server]
|
||||
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
||||
CipherString = DEFAULT
|
||||
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
|
||||
|
|
@ -223,13 +291,13 @@ EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
|
|||
MaxProtocol = TLSv1.2
|
||||
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
||||
|
||||
[6-ECDSA Signature Algorithm Selection SHA1-client]
|
||||
[8-ECDSA Signature Algorithm Selection SHA1-client]
|
||||
CipherString = DEFAULT
|
||||
SignatureAlgorithms = ECDSA+SHA1
|
||||
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
||||
VerifyMode = Peer
|
||||
|
||||
[test-6]
|
||||
[test-8]
|
||||
ExpectedResult = Success
|
||||
ExpectedServerCertType = P-256
|
||||
ExpectedServerSignHash = SHA1
|
||||
|
|
@ -238,14 +306,14 @@ ExpectedServerSignType = EC
|
|||
|
||||
# ===========================================================
|
||||
|
||||
[7-ECDSA Signature Algorithm Selection compressed point]
|
||||
ssl_conf = 7-ECDSA Signature Algorithm Selection compressed point-ssl
|
||||
[9-ECDSA Signature Algorithm Selection compressed point]
|
||||
ssl_conf = 9-ECDSA Signature Algorithm Selection compressed point-ssl
|
||||
|
||||
[7-ECDSA Signature Algorithm Selection compressed point-ssl]
|
||||
server = 7-ECDSA Signature Algorithm Selection compressed point-server
|
||||
client = 7-ECDSA Signature Algorithm Selection compressed point-client
|
||||
[9-ECDSA Signature Algorithm Selection compressed point-ssl]
|
||||
server = 9-ECDSA Signature Algorithm Selection compressed point-server
|
||||
client = 9-ECDSA Signature Algorithm Selection compressed point-client
|
||||
|
||||
[7-ECDSA Signature Algorithm Selection compressed point-server]
|
||||
[9-ECDSA Signature Algorithm Selection compressed point-server]
|
||||
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
||||
CipherString = DEFAULT
|
||||
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem
|
||||
|
|
@ -253,13 +321,13 @@ ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem
|
|||
MaxProtocol = TLSv1.2
|
||||
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
||||
|
||||
[7-ECDSA Signature Algorithm Selection compressed point-client]
|
||||
[9-ECDSA Signature Algorithm Selection compressed point-client]
|
||||
CipherString = DEFAULT
|
||||
SignatureAlgorithms = ECDSA+SHA256
|
||||
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
||||
VerifyMode = Peer
|
||||
|
||||
[test-7]
|
||||
[test-9]
|
||||
ExpectedResult = Success
|
||||
ExpectedServerCertType = P-256
|
||||
ExpectedServerSignHash = SHA256
|
||||
|
|
@ -268,39 +336,39 @@ ExpectedServerSignType = EC
|
|||
|
||||
# ===========================================================
|
||||
|
||||
[8-ECDSA Signature Algorithm Selection, no ECDSA certificate]
|
||||
ssl_conf = 8-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl
|
||||
[10-ECDSA Signature Algorithm Selection, no ECDSA certificate]
|
||||
ssl_conf = 10-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl
|
||||
|
||||
[8-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
|
||||
server = 8-ECDSA Signature Algorithm Selection, no ECDSA certificate-server
|
||||
client = 8-ECDSA Signature Algorithm Selection, no ECDSA certificate-client
|
||||
[10-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
|
||||
server = 10-ECDSA Signature Algorithm Selection, no ECDSA certificate-server
|
||||
client = 10-ECDSA Signature Algorithm Selection, no ECDSA certificate-client
|
||||
|
||||
[8-ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
|
||||
[10-ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
|
||||
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
||||
CipherString = DEFAULT
|
||||
MaxProtocol = TLSv1.2
|
||||
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
||||
|
||||
[8-ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
|
||||
[10-ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
|
||||
CipherString = DEFAULT
|
||||
SignatureAlgorithms = ECDSA+SHA256
|
||||
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
||||
VerifyMode = Peer
|
||||
|
||||
[test-8]
|
||||
[test-10]
|
||||
ExpectedResult = ServerFail
|
||||
|
||||
|
||||
# ===========================================================
|
||||
|
||||
[9-RSA Signature Algorithm Selection]
|
||||
ssl_conf = 9-RSA Signature Algorithm Selection-ssl
|
||||
[11-RSA Signature Algorithm Selection]
|
||||
ssl_conf = 11-RSA Signature Algorithm Selection-ssl
|
||||
|
||||
[9-RSA Signature Algorithm Selection-ssl]
|
||||
server = 9-RSA Signature Algorithm Selection-server
|
||||
client = 9-RSA Signature Algorithm Selection-client
|
||||
[11-RSA Signature Algorithm Selection-ssl]
|
||||
server = 11-RSA Signature Algorithm Selection-server
|
||||
client = 11-RSA Signature Algorithm Selection-client
|
||||
|
||||
[9-RSA Signature Algorithm Selection-server]
|
||||
[11-RSA Signature Algorithm Selection-server]
|
||||
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
||||
CipherString = DEFAULT
|
||||
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
|
||||
|
|
@ -310,13 +378,13 @@ EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
|
|||
MaxProtocol = TLSv1.2
|
||||
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
||||
|
||||
[9-RSA Signature Algorithm Selection-client]
|
||||
[11-RSA Signature Algorithm Selection-client]
|
||||
CipherString = DEFAULT
|
||||
SignatureAlgorithms = RSA+SHA256
|
||||
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
||||
VerifyMode = Peer
|
||||
|
||||
[test-9]
|
||||
[test-11]
|
||||
ExpectedResult = Success
|
||||
ExpectedServerCertType = RSA
|
||||
ExpectedServerSignHash = SHA256
|
||||
|
|
@ -325,14 +393,14 @@ ExpectedServerSignType = RSA
|
|||
|
||||
# ===========================================================
|
||||
|
||||
[10-RSA-PSS Signature Algorithm Selection]
|
||||
ssl_conf = 10-RSA-PSS Signature Algorithm Selection-ssl
|
||||
[12-RSA-PSS Signature Algorithm Selection]
|
||||
ssl_conf = 12-RSA-PSS Signature Algorithm Selection-ssl
|
||||
|
||||
[10-RSA-PSS Signature Algorithm Selection-ssl]
|
||||
server = 10-RSA-PSS Signature Algorithm Selection-server
|
||||
client = 10-RSA-PSS Signature Algorithm Selection-client
|
||||
[12-RSA-PSS Signature Algorithm Selection-ssl]
|
||||
server = 12-RSA-PSS Signature Algorithm Selection-server
|
||||
client = 12-RSA-PSS Signature Algorithm Selection-client
|
||||
|
||||
[10-RSA-PSS Signature Algorithm Selection-server]
|
||||
[12-RSA-PSS Signature Algorithm Selection-server]
|
||||
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
||||
CipherString = DEFAULT
|
||||
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
|
||||
|
|
@ -342,13 +410,13 @@ EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
|
|||
MaxProtocol = TLSv1.2
|
||||
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
||||
|
||||
[10-RSA-PSS Signature Algorithm Selection-client]
|
||||
[12-RSA-PSS Signature Algorithm Selection-client]
|
||||
CipherString = DEFAULT
|
||||
SignatureAlgorithms = RSA-PSS+SHA256
|
||||
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
||||
VerifyMode = Peer
|
||||
|
||||
[test-10]
|
||||
[test-12]
|
||||
ExpectedResult = Success
|
||||
ExpectedServerCertType = RSA
|
||||
ExpectedServerSignHash = SHA256
|
||||
|
|
@ -357,14 +425,14 @@ ExpectedServerSignType = RSA-PSS
|
|||
|
||||
# ===========================================================
|
||||
|
||||
[11-Suite B P-256 Hash Algorithm Selection]
|
||||
ssl_conf = 11-Suite B P-256 Hash Algorithm Selection-ssl
|
||||
[13-Suite B P-256 Hash Algorithm Selection]
|
||||
ssl_conf = 13-Suite B P-256 Hash Algorithm Selection-ssl
|
||||
|
||||
[11-Suite B P-256 Hash Algorithm Selection-ssl]
|
||||
server = 11-Suite B P-256 Hash Algorithm Selection-server
|
||||
client = 11-Suite B P-256 Hash Algorithm Selection-client
|
||||
[13-Suite B P-256 Hash Algorithm Selection-ssl]
|
||||
server = 13-Suite B P-256 Hash Algorithm Selection-server
|
||||
client = 13-Suite B P-256 Hash Algorithm Selection-client
|
||||
|
||||
[11-Suite B P-256 Hash Algorithm Selection-server]
|
||||
[13-Suite B P-256 Hash Algorithm Selection-server]
|
||||
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
||||
CipherString = SUITEB128
|
||||
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p256-server-cert.pem
|
||||
|
|
@ -372,13 +440,13 @@ ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p256-server-key.pem
|
|||
MaxProtocol = TLSv1.2
|
||||
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
||||
|
||||
[11-Suite B P-256 Hash Algorithm Selection-client]
|
||||
[13-Suite B P-256 Hash Algorithm Selection-client]
|
||||
CipherString = DEFAULT
|
||||
SignatureAlgorithms = ECDSA+SHA384:ECDSA+SHA256
|
||||
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
|
||||
VerifyMode = Peer
|
||||
|
||||
[test-11]
|
||||
[test-13]
|
||||
ExpectedResult = Success
|
||||
ExpectedServerCertType = P-256
|
||||
ExpectedServerSignHash = SHA256
|
||||
|
|
@ -387,14 +455,14 @@ ExpectedServerSignType = EC
|
|||
|
||||
# ===========================================================
|
||||
|
||||
[12-Suite B P-384 Hash Algorithm Selection]
|
||||
ssl_conf = 12-Suite B P-384 Hash Algorithm Selection-ssl
|
||||
[14-Suite B P-384 Hash Algorithm Selection]
|
||||
ssl_conf = 14-Suite B P-384 Hash Algorithm Selection-ssl
|
||||
|
||||
[12-Suite B P-384 Hash Algorithm Selection-ssl]
|
||||
server = 12-Suite B P-384 Hash Algorithm Selection-server
|
||||
client = 12-Suite B P-384 Hash Algorithm Selection-client
|
||||
[14-Suite B P-384 Hash Algorithm Selection-ssl]
|
||||
server = 14-Suite B P-384 Hash Algorithm Selection-server
|
||||
client = 14-Suite B P-384 Hash Algorithm Selection-client
|
||||
|
||||
[12-Suite B P-384 Hash Algorithm Selection-server]
|
||||
[14-Suite B P-384 Hash Algorithm Selection-server]
|
||||
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
||||
CipherString = SUITEB128
|
||||
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem
|
||||
|
|
@ -402,13 +470,13 @@ ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem
|
|||
MaxProtocol = TLSv1.2
|
||||
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
||||
|
||||
[12-Suite B P-384 Hash Algorithm Selection-client]
|
||||
[14-Suite B P-384 Hash Algorithm Selection-client]
|
||||
CipherString = DEFAULT
|
||||
SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384
|
||||
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
|
||||
VerifyMode = Peer
|
||||
|
||||
[test-12]
|
||||
[test-14]
|
||||
ExpectedResult = Success
|
||||
ExpectedServerCertType = P-384
|
||||
ExpectedServerSignHash = SHA384
|
||||
|
|
@ -417,21 +485,21 @@ ExpectedServerSignType = EC
|
|||
|
||||
# ===========================================================
|
||||
|
||||
[13-TLS 1.2 Ed25519 Client Auth]
|
||||
ssl_conf = 13-TLS 1.2 Ed25519 Client Auth-ssl
|
||||
[15-TLS 1.2 Ed25519 Client Auth]
|
||||
ssl_conf = 15-TLS 1.2 Ed25519 Client Auth-ssl
|
||||
|
||||
[13-TLS 1.2 Ed25519 Client Auth-ssl]
|
||||
server = 13-TLS 1.2 Ed25519 Client Auth-server
|
||||
client = 13-TLS 1.2 Ed25519 Client Auth-client
|
||||
[15-TLS 1.2 Ed25519 Client Auth-ssl]
|
||||
server = 15-TLS 1.2 Ed25519 Client Auth-server
|
||||
client = 15-TLS 1.2 Ed25519 Client Auth-client
|
||||
|
||||
[13-TLS 1.2 Ed25519 Client Auth-server]
|
||||
[15-TLS 1.2 Ed25519 Client Auth-server]
|
||||
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
||||
CipherString = DEFAULT
|
||||
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
||||
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
|
||||
VerifyMode = Require
|
||||
|
||||
[13-TLS 1.2 Ed25519 Client Auth-client]
|
||||
[15-TLS 1.2 Ed25519 Client Auth-client]
|
||||
CipherString = DEFAULT
|
||||
EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem
|
||||
EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem
|
||||
|
|
@ -440,7 +508,7 @@ MinProtocol = TLSv1.2
|
|||
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
||||
VerifyMode = Peer
|
||||
|
||||
[test-13]
|
||||
[test-15]
|
||||
ExpectedClientCertType = Ed25519
|
||||
ExpectedClientSignType = Ed25519
|
||||
ExpectedResult = Success
|
||||
|
|
@ -448,14 +516,14 @@ ExpectedResult = Success
|
|||
|
||||
# ===========================================================
|
||||
|
||||
[14-TLS 1.2 DSA Certificate Test]
|
||||
ssl_conf = 14-TLS 1.2 DSA Certificate Test-ssl
|
||||
[16-TLS 1.2 DSA Certificate Test]
|
||||
ssl_conf = 16-TLS 1.2 DSA Certificate Test-ssl
|
||||
|
||||
[14-TLS 1.2 DSA Certificate Test-ssl]
|
||||
server = 14-TLS 1.2 DSA Certificate Test-server
|
||||
client = 14-TLS 1.2 DSA Certificate Test-client
|
||||
[16-TLS 1.2 DSA Certificate Test-ssl]
|
||||
server = 16-TLS 1.2 DSA Certificate Test-server
|
||||
client = 16-TLS 1.2 DSA Certificate Test-client
|
||||
|
||||
[14-TLS 1.2 DSA Certificate Test-server]
|
||||
[16-TLS 1.2 DSA Certificate Test-server]
|
||||
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
||||
CipherString = ALL
|
||||
DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem
|
||||
|
|
@ -465,13 +533,13 @@ MaxProtocol = TLSv1.2
|
|||
MinProtocol = TLSv1.2
|
||||
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
||||
|
||||
[14-TLS 1.2 DSA Certificate Test-client]
|
||||
[16-TLS 1.2 DSA Certificate Test-client]
|
||||
CipherString = ALL
|
||||
SignatureAlgorithms = DSA+SHA256:DSA+SHA1
|
||||
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
||||
VerifyMode = Peer
|
||||
|
||||
[test-14]
|
||||
[test-16]
|
||||
ExpectedResult = Success
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -64,6 +64,38 @@ our @tests = (
|
|||
"ExpectedResult" => "Success"
|
||||
},
|
||||
},
|
||||
{
|
||||
name => "P-256 CipherString and Signature Algorithm Selection",
|
||||
server => $server,
|
||||
client => {
|
||||
"CipherString" => "aECDSA",
|
||||
"MaxProtocol" => "TLSv1.2",
|
||||
"SignatureAlgorithms" => "ECDSA+SHA256:ed25519",
|
||||
},
|
||||
test => {
|
||||
"ExpectedServerCertType" => "P-256",
|
||||
"ExpectedServerSignHash" => "SHA256",
|
||||
"ExpectedServerSignType" => "EC",
|
||||
"ExpectedResult" => "Success"
|
||||
},
|
||||
},
|
||||
{
|
||||
name => "Ed25519 CipherString and Curves Selection",
|
||||
server => $server,
|
||||
client => {
|
||||
"CipherString" => "aECDSA",
|
||||
"MaxProtocol" => "TLSv1.2",
|
||||
"SignatureAlgorithms" => "ECDSA+SHA256:ed25519",
|
||||
# Excluding P-256 from the supported curves list means server
|
||||
# certificate should be Ed25519 and not P-256
|
||||
"Curves" => "X25519"
|
||||
},
|
||||
test => {
|
||||
"ExpectedServerCertType" =>, "Ed25519",
|
||||
"ExpectedServerSignType" =>, "Ed25519",
|
||||
"ExpectedResult" => "Success"
|
||||
},
|
||||
},
|
||||
{
|
||||
name => "ECDSA CipherString Selection, no ECDSA certificate",
|
||||
server => {
|
||||
|
|
@ -364,6 +396,22 @@ my @tests_tls_1_3 = (
|
|||
"ExpectedResult" => "Success"
|
||||
},
|
||||
},
|
||||
{
|
||||
name => "TLS 1.3 Ed25519 CipherString and Groups Selection",
|
||||
server => $server_tls_1_3,
|
||||
client => {
|
||||
"SignatureAlgorithms" => "ECDSA+SHA256:ed25519",
|
||||
# Excluding P-256 from the supported groups list should
|
||||
# mean server still uses a P-256 certificate because supported
|
||||
# groups is not used in signature selection for TLS 1.3
|
||||
"Groups" => "X25519"
|
||||
},
|
||||
test => {
|
||||
"ExpectedServerCertType" =>, "P-256",
|
||||
"ExpectedServerSignType" =>, "EC",
|
||||
"ExpectedResult" => "Success"
|
||||
},
|
||||
},
|
||||
{
|
||||
name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection",
|
||||
server => {
|
||||
|
|
|
|||
Loading…
Reference in a new issue