From f518cef40c431188b4910ca9bd8ef3778f599bb5 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 6 Feb 2018 17:27:25 +0000 Subject: [PATCH] Enable TLSv1.3 by default [extended tests] Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/5266) --- .travis.yml | 2 +- CHANGES | 20 + Configure | 2 - INSTALL | 27 +- NEWS | 1 + test/recipes/80-test_ssl_new.t | 2 +- test/ssl-tests/02-protocol-version.conf | 478 ++++--- test/ssl-tests/10-resumption.conf | 1505 +++++++++++++++++++---- test/ssl-tests/20-cert-select.conf | 543 +++++++- test/ssl-tests/22-compression.conf | 180 ++- 10 files changed, 2284 insertions(+), 476 deletions(-) diff --git a/.travis.yml b/.travis.yml index b361059395..cfc11b6851 100644 --- a/.travis.yml +++ b/.travis.yml @@ -43,7 +43,7 @@ matrix: sources: - ubuntu-toolchain-r-test compiler: gcc-5 - env: CONFIG_OPTS="--strict-warnings enable-tls1_3" TESTS="-test_fuzz" COMMENT="Move to the BORINGTEST build when interoperable" + env: CONFIG_OPTS="--strict-warnings" TESTS="-test_fuzz" COMMENT="Move to the BORINGTEST build when interoperable" - os: linux compiler: clang-3.9 env: CONFIG_OPTS="--strict-warnings no-deprecated" BUILDONLY="yes" diff --git a/CHANGES b/CHANGES index f0807c6405..178c6c4a65 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,26 @@ Changes between 1.1.0f and 1.1.1 [xx XXX xxxx] + *) Support for TLSv1.3 added. Note that users upgrading from an earlier + version of OpenSSL should review their configuration settings to ensure + that they are still appropriate for TLSv1.3. In particular if no TLSv1.3 + ciphersuites are enabled then OpenSSL will refuse to make a connection + unless (1) TLSv1.3 is explicitly disabled or (2) the ciphersuite + configuration is updated to include suitable ciphersuites. The DEFAULT + ciphersuite configuration does include TLSv1.3 ciphersuites. For further + information on this and other related issues please see: + https://www.openssl.org/blog/blog/2017/05/04/tlsv1.3/ + + NOTE: In this pre-release of OpenSSL a draft version of the + TLSv1.3 standard has been implemented. Implementations of different draft + versions of the standard do not inter-operate, and this version will not + inter-operate with an implementation of the final standard when it is + eventually published. Different pre-release versions may implement + different versions of the draft. The final version of OpenSSL 1.1.1 will + implement the final version of the standard. + TODO(TLS1.3): Remove the above note before final release + [Matt Caswell] + *) Changed Configure so it only says what it does and doesn't dump so much data. Instead, ./configdata.pm should be used as a script to display all sorts of configuration data. diff --git a/Configure b/Configure index a6f5a31969..c90a66ce9f 100755 --- a/Configure +++ b/Configure @@ -435,8 +435,6 @@ our %disabled = ( # "what" => "comment" "ssl3" => "default", "ssl3-method" => "default", "ubsan" => "default", - #TODO(TLS1.3): Temporarily disabled while this is a WIP - "tls1_3" => "default", "tls13downgrade" => "default", "unit-test" => "default", "weak-ssl-ciphers" => "default", diff --git a/INSTALL b/INSTALL index 48c25e6519..9d1f90d15e 100644 --- a/INSTALL +++ b/INSTALL @@ -482,27 +482,24 @@ likely to complement configuration command line with suitable compiler-specific option. - enable-tls1_3 - TODO(TLS1.3): Make this enabled by default - Build support for TLS1.3. Note: This is a WIP feature and - only a single draft version is supported. Implementations - of different draft versions will negotiate TLS 1.2 instead - of (draft) TLS 1.3. Use with caution!! - no- Don't build support for negotiating the specified SSL/TLS - protocol (one of ssl, ssl3, tls, tls1, tls1_1, tls1_2, dtls, - dtls1 or dtls1_2). If "no-tls" is selected then all of tls1, - tls1_1 and tls1_2 are disabled. Similarly "no-dtls" will - disable dtls1 and dtls1_2. The "no-ssl" option is synonymous - with "no-ssl3". Note this only affects version negotiation. - OpenSSL will still provide the methods for applications to - explicitly select the individual protocol versions. + protocol (one of ssl, ssl3, tls, tls1, tls1_1, tls1_2, + tls1_3, dtls, dtls1 or dtls1_2). If "no-tls" is selected then + all of tls1, tls1_1, tls1_2 and tls1_3 are disabled. + Similarly "no-dtls" will disable dtls1 and dtls1_2. The + "no-ssl" option is synonymous with "no-ssl3". Note this only + affects version negotiation. OpenSSL will still provide the + methods for applications to explicitly select the individual + protocol versions. no--method As for no- but in addition do not build the methods for applications to explicitly select individual protocol - versions. + versions. Note that there is no "no-tls1_3-method" option + because there is no application method for TLSv1.3. Using + invidivial protocol methods directly is deprecated. + Applications should use TLS_method() instead. enable- Build with support for the specified algorithm, where diff --git a/NEWS b/NEWS index 0fb5314d80..425fbd53fb 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,7 @@ Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.1 [under development] + o Support for TLSv1.3 added o Move the display of configuration data to configdata.pm. o Allow GNU style "make variables" to be used with Configure. o Add a STORE module (OSSL_STORE) diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t index be0338837a..26bcb39c7b 100644 --- a/test/recipes/80-test_ssl_new.t +++ b/test/recipes/80-test_ssl_new.t @@ -34,7 +34,7 @@ plan tests => 26; # = scalar @conf_srcs # verify generated sources in the default configuration. my $is_default_tls = (disabled("ssl3") && !disabled("tls1") && !disabled("tls1_1") && !disabled("tls1_2") && - disabled("tls1_3")); + !disabled("tls1_3")); my $is_default_dtls = (!disabled("dtls1") && !disabled("dtls1_2")); diff --git a/test/ssl-tests/02-protocol-version.conf b/test/ssl-tests/02-protocol-version.conf index f18d6a3471..d0a64cdb06 100644 --- a/test/ssl-tests/02-protocol-version.conf +++ b/test/ssl-tests/02-protocol-version.conf @@ -1,6 +1,6 @@ # Generated with generate_ssl_tests.pl -num_tests = 676 +num_tests = 678 test-0 = 0-version-negotiation test-1 = 1-version-negotiation @@ -678,6 +678,8 @@ test-672 = 672-version-negotiation test-673 = 673-version-negotiation test-674 = 674-version-negotiation test-675 = 675-version-negotiation +test-676 = 676-ciphersuite-sanity-check-client +test-677 = 677-ciphersuite-sanity-check-server # =========================================================== [0-version-negotiation] @@ -3515,7 +3517,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-108] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -3540,7 +3542,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-109] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -3674,7 +3676,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-114] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -3700,7 +3702,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-115] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -3808,7 +3810,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-119] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -3834,7 +3836,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-120] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -3915,7 +3917,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-123] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -3941,7 +3943,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-124] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -3995,7 +3997,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-126] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -4021,7 +4023,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-127] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -4048,7 +4050,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-128] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -4073,7 +4076,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-129] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -4196,7 +4200,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-134] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -4220,7 +4224,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-135] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -4349,7 +4353,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-140] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -4374,7 +4378,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-141] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -4478,7 +4482,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-145] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -4503,7 +4507,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-146] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -4581,7 +4585,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-149] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -4606,7 +4610,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-150] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -4658,7 +4662,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-152] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -4683,7 +4687,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-153] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -4709,7 +4713,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-154] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -4733,7 +4738,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-155] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -7682,7 +7688,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-264] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -7708,7 +7714,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-265] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -7847,7 +7853,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-270] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -7874,7 +7880,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-271] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -7986,7 +7992,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-275] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8013,7 +8019,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-276] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8097,7 +8103,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-279] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8124,7 +8130,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-280] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8180,7 +8186,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-282] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8207,7 +8213,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-283] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8235,7 +8241,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-284] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -8261,7 +8268,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-285] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -8389,7 +8397,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-290] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8414,7 +8422,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-291] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8548,7 +8556,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-296] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8574,7 +8582,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-297] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8682,7 +8690,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-301] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8708,7 +8716,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-302] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8789,7 +8797,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-305] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8815,7 +8823,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-306] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8869,7 +8877,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-308] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8895,7 +8903,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-309] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8922,7 +8930,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-310] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -8947,7 +8956,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-311] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -11206,7 +11216,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-394] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -11232,7 +11242,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-395] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -11371,7 +11381,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-400] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -11398,7 +11408,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-401] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -11510,7 +11520,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-405] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -11537,7 +11547,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-406] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -11621,7 +11631,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-409] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -11648,7 +11658,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-410] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -11704,7 +11714,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-412] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -11731,7 +11741,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-413] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -11759,7 +11769,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-414] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -11785,7 +11796,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-415] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -11913,7 +11925,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-420] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -11938,7 +11950,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-421] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -12072,7 +12084,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-426] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -12098,7 +12110,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-427] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -12206,7 +12218,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-431] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -12232,7 +12244,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-432] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -12313,7 +12325,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-435] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -12339,7 +12351,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-436] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -12393,7 +12405,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-438] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -12419,7 +12431,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-439] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -12446,7 +12458,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-440] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -12471,7 +12484,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-441] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -13938,7 +13952,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-495] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -14018,7 +14032,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-498] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -14044,7 +14058,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-499] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -14099,7 +14113,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-501] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -14182,7 +14196,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-504] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -14209,7 +14223,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-505] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -14237,7 +14251,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-506] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -14320,7 +14334,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-509] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -14347,7 +14361,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-510] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -14431,7 +14445,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-513] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -14458,7 +14472,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-514] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -14514,7 +14528,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-516] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -14541,7 +14555,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-517] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -14569,7 +14583,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-518] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -14595,7 +14610,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-519] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -14645,7 +14661,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-521] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -14722,7 +14738,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-524] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -14747,7 +14763,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-525] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -14800,7 +14816,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-527] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -14880,7 +14896,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-530] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -14906,7 +14922,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-531] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -14933,7 +14949,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-532] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -15013,7 +15029,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-535] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -15039,7 +15055,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-536] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -15120,7 +15136,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-539] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -15146,7 +15162,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-540] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -15200,7 +15216,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-542] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -15226,7 +15242,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-543] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -15253,7 +15269,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-544] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -15278,7 +15295,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-545] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -16035,7 +16053,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-573] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -16061,7 +16079,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-574] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -16114,7 +16132,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-576] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -16140,7 +16158,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-577] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -16195,7 +16213,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-579] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -16222,7 +16240,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-580] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -16277,7 +16295,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-582] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -16304,7 +16322,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-583] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -16332,7 +16350,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-584] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -16359,7 +16377,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-585] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -16414,7 +16432,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-587] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -16441,7 +16459,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-588] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -16469,7 +16487,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-589] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -16524,7 +16542,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-591] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -16551,7 +16569,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-592] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -16607,7 +16625,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-594] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -16634,7 +16652,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-595] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -16662,7 +16680,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-596] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -16688,7 +16707,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-597] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -16738,7 +16758,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-599] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -16763,7 +16783,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-600] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -16814,7 +16834,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-602] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -16839,7 +16859,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-603] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -16892,7 +16912,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-605] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -16918,7 +16938,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-606] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -16971,7 +16991,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-608] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -16997,7 +17017,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-609] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -17024,7 +17044,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-610] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -17050,7 +17070,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-611] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -17103,7 +17123,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-613] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -17129,7 +17149,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-614] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -17156,7 +17176,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-615] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -17209,7 +17229,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-617] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -17235,7 +17255,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-618] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -17289,7 +17309,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-620] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -17315,7 +17335,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-621] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -17342,7 +17362,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-622] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -17367,7 +17388,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-623] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -17393,7 +17415,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-624] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -17419,7 +17441,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-625] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -17445,7 +17467,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-626] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -17471,7 +17493,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-627] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -17497,7 +17519,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-628] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -17522,7 +17545,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-629] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -17549,7 +17573,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-630] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -17576,7 +17600,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-631] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -17603,7 +17627,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-632] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -17630,7 +17654,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-633] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -17657,7 +17681,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-634] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -17683,7 +17708,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-635] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -17710,7 +17736,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-636] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -17737,7 +17763,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-637] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -17764,7 +17790,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-638] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -17791,7 +17817,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-639] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -17817,7 +17844,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-640] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -17844,7 +17872,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-641] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -17871,7 +17899,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-642] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -17898,7 +17926,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-643] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -17924,7 +17953,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-644] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -17951,7 +17981,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-645] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -17978,7 +18008,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-646] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -18004,7 +18035,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-647] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -18031,7 +18063,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-648] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -18057,7 +18090,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-649] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -18082,7 +18116,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-650] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -18107,7 +18141,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-651] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -18132,7 +18166,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-652] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -18157,7 +18191,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-653] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -18182,7 +18216,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-654] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -18206,7 +18241,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-655] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -18232,7 +18268,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-656] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -18258,7 +18294,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-657] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -18284,7 +18320,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-658] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -18310,7 +18346,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-659] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -18336,7 +18372,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-660] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -18361,7 +18398,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-661] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -18387,7 +18425,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-662] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -18413,7 +18451,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-663] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -18439,7 +18477,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-664] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -18465,7 +18503,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-665] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -18490,7 +18529,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-666] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -18516,7 +18556,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-667] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -18542,7 +18582,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-668] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -18568,7 +18608,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-669] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -18593,7 +18634,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-670] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -18619,7 +18661,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-671] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -18645,7 +18687,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-672] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -18670,7 +18713,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-673] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -18696,7 +18740,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-674] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -18721,6 +18766,55 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-675] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[676-ciphersuite-sanity-check-client] +ssl_conf = 676-ciphersuite-sanity-check-client-ssl + +[676-ciphersuite-sanity-check-client-ssl] +server = 676-ciphersuite-sanity-check-client-server +client = 676-ciphersuite-sanity-check-client-client + +[676-ciphersuite-sanity-check-client-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[676-ciphersuite-sanity-check-client-client] +CipherString = AES128-SHA +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-676] ExpectedResult = ClientFail +# =========================================================== + +[677-ciphersuite-sanity-check-server] +ssl_conf = 677-ciphersuite-sanity-check-server-ssl + +[677-ciphersuite-sanity-check-server-ssl] +server = 677-ciphersuite-sanity-check-server-server +client = 677-ciphersuite-sanity-check-server-client + +[677-ciphersuite-sanity-check-server-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = AES128-SHA +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[677-ciphersuite-sanity-check-server-client] +CipherString = AES128-SHA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-677] +ExpectedResult = ServerFail + + diff --git a/test/ssl-tests/10-resumption.conf b/test/ssl-tests/10-resumption.conf index b2deee4209..73955de754 100644 --- a/test/ssl-tests/10-resumption.conf +++ b/test/ssl-tests/10-resumption.conf @@ -1,6 +1,6 @@ # Generated with generate_ssl_tests.pl -num_tests = 36 +num_tests = 65 test-0 = 0-resumption test-1 = 1-resumption @@ -38,6 +38,35 @@ test-32 = 32-resumption test-33 = 33-resumption test-34 = 34-resumption test-35 = 35-resumption +test-36 = 36-resumption +test-37 = 37-resumption +test-38 = 38-resumption +test-39 = 39-resumption +test-40 = 40-resumption +test-41 = 41-resumption +test-42 = 42-resumption +test-43 = 43-resumption +test-44 = 44-resumption +test-45 = 45-resumption +test-46 = 46-resumption +test-47 = 47-resumption +test-48 = 48-resumption +test-49 = 49-resumption +test-50 = 50-resumption +test-51 = 51-resumption +test-52 = 52-resumption +test-53 = 53-resumption +test-54 = 54-resumption +test-55 = 55-resumption +test-56 = 56-resumption +test-57 = 57-resumption +test-58 = 58-resumption +test-59 = 59-resumption +test-60 = 60-resumption +test-61 = 61-resumption +test-62 = 62-resumption +test-63 = 63-resumption +test-64 = 64-resumption-with-hrr # =========================================================== [0-resumption] @@ -268,15 +297,15 @@ resume-client = 6-resumption-client [6-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [6-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [6-resumption-client] @@ -285,7 +314,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-6] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 HandshakeMode = Resume ResumptionExpected = No @@ -304,15 +333,15 @@ resume-client = 7-resumption-client [7-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [7-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [7-resumption-client] @@ -321,7 +350,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-7] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 HandshakeMode = Resume ResumptionExpected = No @@ -348,7 +377,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [8-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [8-resumption-client] @@ -357,9 +386,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-8] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 HandshakeMode = Resume -ResumptionExpected = Yes +ResumptionExpected = No # =========================================================== @@ -384,7 +413,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [9-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [9-resumption-client] @@ -393,9 +422,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-9] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 HandshakeMode = Resume -ResumptionExpected = Yes +ResumptionExpected = No # =========================================================== @@ -420,7 +449,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [10-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [10-resumption-client] @@ -429,9 +458,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-10] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 HandshakeMode = Resume -ResumptionExpected = No +ResumptionExpected = Yes # =========================================================== @@ -456,7 +485,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [11-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [11-resumption-client] @@ -465,9 +494,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-11] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 HandshakeMode = Resume -ResumptionExpected = No +ResumptionExpected = Yes # =========================================================== @@ -484,15 +513,15 @@ resume-client = 12-resumption-client [12-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [12-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [12-resumption-client] @@ -501,7 +530,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-12] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 HandshakeMode = Resume ResumptionExpected = No @@ -520,15 +549,15 @@ resume-client = 13-resumption-client [13-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [13-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [13-resumption-client] @@ -537,7 +566,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-13] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 HandshakeMode = Resume ResumptionExpected = No @@ -556,15 +585,15 @@ resume-client = 14-resumption-client [14-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [14-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [14-resumption-client] @@ -573,7 +602,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-14] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 HandshakeMode = Resume ResumptionExpected = No @@ -592,15 +621,15 @@ resume-client = 15-resumption-client [15-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [15-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [15-resumption-client] @@ -609,7 +638,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-15] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 HandshakeMode = Resume ResumptionExpected = No @@ -636,7 +665,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [16-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [16-resumption-client] @@ -645,9 +674,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-16] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 HandshakeMode = Resume -ResumptionExpected = Yes +ResumptionExpected = No # =========================================================== @@ -672,7 +701,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [17-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [17-resumption-client] @@ -681,9 +710,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-17] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 HandshakeMode = Resume -ResumptionExpected = Yes +ResumptionExpected = No # =========================================================== @@ -694,32 +723,32 @@ ssl_conf = 18-resumption-ssl [18-resumption-ssl] server = 18-resumption-server client = 18-resumption-client -resume-server = 18-resumption-server -resume-client = 18-resumption-resume-client +resume-server = 18-resumption-resume-server +resume-client = 18-resumption-client [18-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[18-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + [18-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[18-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-18] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 HandshakeMode = Resume -ResumptionExpected = Yes +ResumptionExpected = No # =========================================================== @@ -730,32 +759,32 @@ ssl_conf = 19-resumption-ssl [19-resumption-ssl] server = 19-resumption-server client = 19-resumption-client -resume-server = 19-resumption-server -resume-client = 19-resumption-resume-client +resume-server = 19-resumption-resume-server +resume-client = 19-resumption-client [19-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[19-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + [19-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[19-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-19] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 HandshakeMode = Resume -ResumptionExpected = Yes +ResumptionExpected = No # =========================================================== @@ -766,32 +795,32 @@ ssl_conf = 20-resumption-ssl [20-resumption-ssl] server = 20-resumption-server client = 20-resumption-client -resume-server = 20-resumption-server -resume-client = 20-resumption-resume-client +resume-server = 20-resumption-resume-server +resume-client = 20-resumption-client [20-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[20-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + [20-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[20-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-20] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 HandshakeMode = Resume -ResumptionExpected = No +ResumptionExpected = Yes # =========================================================== @@ -802,32 +831,32 @@ ssl_conf = 21-resumption-ssl [21-resumption-ssl] server = 21-resumption-server client = 21-resumption-client -resume-server = 21-resumption-server -resume-client = 21-resumption-resume-client +resume-server = 21-resumption-resume-server +resume-client = 21-resumption-client [21-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[21-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + [21-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[21-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-21] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 HandshakeMode = Resume -ResumptionExpected = No +ResumptionExpected = Yes # =========================================================== @@ -838,30 +867,30 @@ ssl_conf = 22-resumption-ssl [22-resumption-ssl] server = 22-resumption-server client = 22-resumption-client -resume-server = 22-resumption-server -resume-client = 22-resumption-resume-client +resume-server = 22-resumption-resume-server +resume-client = 22-resumption-client [22-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[22-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + [22-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[22-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-22] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 HandshakeMode = Resume ResumptionExpected = No @@ -874,30 +903,30 @@ ssl_conf = 23-resumption-ssl [23-resumption-ssl] server = 23-resumption-server client = 23-resumption-client -resume-server = 23-resumption-server -resume-client = 23-resumption-resume-client +resume-server = 23-resumption-resume-server +resume-client = 23-resumption-client [23-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[23-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + [23-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[23-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-23] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 HandshakeMode = Resume ResumptionExpected = No @@ -910,25 +939,25 @@ ssl_conf = 24-resumption-ssl [24-resumption-ssl] server = 24-resumption-server client = 24-resumption-client -resume-server = 24-resumption-server -resume-client = 24-resumption-resume-client +resume-server = 24-resumption-resume-server +resume-client = 24-resumption-client [24-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[24-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + [24-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[24-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -946,25 +975,25 @@ ssl_conf = 25-resumption-ssl [25-resumption-ssl] server = 25-resumption-server client = 25-resumption-client -resume-server = 25-resumption-server -resume-client = 25-resumption-resume-client +resume-server = 25-resumption-resume-server +resume-client = 25-resumption-client [25-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[25-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + [25-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[25-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -982,32 +1011,32 @@ ssl_conf = 26-resumption-ssl [26-resumption-ssl] server = 26-resumption-server client = 26-resumption-client -resume-server = 26-resumption-server -resume-client = 26-resumption-resume-client +resume-server = 26-resumption-resume-server +resume-client = 26-resumption-client [26-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[26-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + [26-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[26-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-26] ExpectedProtocol = TLSv1.1 HandshakeMode = Resume -ResumptionExpected = Yes +ResumptionExpected = No # =========================================================== @@ -1018,32 +1047,32 @@ ssl_conf = 27-resumption-ssl [27-resumption-ssl] server = 27-resumption-server client = 27-resumption-client -resume-server = 27-resumption-server -resume-client = 27-resumption-resume-client +resume-server = 27-resumption-resume-server +resume-client = 27-resumption-client [27-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[27-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + [27-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[27-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-27] ExpectedProtocol = TLSv1.1 HandshakeMode = Resume -ResumptionExpected = Yes +ResumptionExpected = No # =========================================================== @@ -1054,25 +1083,25 @@ ssl_conf = 28-resumption-ssl [28-resumption-ssl] server = 28-resumption-server client = 28-resumption-client -resume-server = 28-resumption-server -resume-client = 28-resumption-resume-client +resume-server = 28-resumption-resume-server +resume-client = 28-resumption-client [28-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[28-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + [28-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[28-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -1090,25 +1119,25 @@ ssl_conf = 29-resumption-ssl [29-resumption-ssl] server = 29-resumption-server client = 29-resumption-client -resume-server = 29-resumption-server -resume-client = 29-resumption-resume-client +resume-server = 29-resumption-resume-server +resume-client = 29-resumption-client [29-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[29-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + [29-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[29-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -1126,32 +1155,32 @@ ssl_conf = 30-resumption-ssl [30-resumption-ssl] server = 30-resumption-server client = 30-resumption-client -resume-server = 30-resumption-server -resume-client = 30-resumption-resume-client +resume-server = 30-resumption-resume-server +resume-client = 30-resumption-client [30-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[30-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + [30-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[30-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-30] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 HandshakeMode = Resume -ResumptionExpected = No +ResumptionExpected = Yes # =========================================================== @@ -1162,32 +1191,32 @@ ssl_conf = 31-resumption-ssl [31-resumption-ssl] server = 31-resumption-server client = 31-resumption-client -resume-server = 31-resumption-server -resume-client = 31-resumption-resume-client +resume-server = 31-resumption-resume-server +resume-client = 31-resumption-client [31-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +[31-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + [31-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[31-resumption-resume-client] -CipherString = DEFAULT -MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-31] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 HandshakeMode = Resume -ResumptionExpected = No +ResumptionExpected = Yes # =========================================================== @@ -1209,21 +1238,21 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [32-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [32-resumption-resume-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-32] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 HandshakeMode = Resume -ResumptionExpected = No +ResumptionExpected = Yes # =========================================================== @@ -1245,21 +1274,21 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [33-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [33-resumption-resume-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-33] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 HandshakeMode = Resume -ResumptionExpected = No +ResumptionExpected = Yes # =========================================================== @@ -1281,21 +1310,21 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [34-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [34-resumption-resume-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-34] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 HandshakeMode = Resume -ResumptionExpected = Yes +ResumptionExpected = No # =========================================================== @@ -1317,20 +1346,1062 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [35-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [35-resumption-resume-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-35] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[36-resumption] +ssl_conf = 36-resumption-ssl + +[36-resumption-ssl] +server = 36-resumption-server +client = 36-resumption-client +resume-server = 36-resumption-server +resume-client = 36-resumption-resume-client + +[36-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[36-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[36-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-36] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[37-resumption] +ssl_conf = 37-resumption-ssl + +[37-resumption-ssl] +server = 37-resumption-server +client = 37-resumption-client +resume-server = 37-resumption-server +resume-client = 37-resumption-resume-client + +[37-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[37-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[37-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-37] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[38-resumption] +ssl_conf = 38-resumption-ssl + +[38-resumption-ssl] +server = 38-resumption-server +client = 38-resumption-client +resume-server = 38-resumption-server +resume-client = 38-resumption-resume-client + +[38-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[38-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[38-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-38] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[39-resumption] +ssl_conf = 39-resumption-ssl + +[39-resumption-ssl] +server = 39-resumption-server +client = 39-resumption-client +resume-server = 39-resumption-server +resume-client = 39-resumption-resume-client + +[39-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[39-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[39-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-39] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[40-resumption] +ssl_conf = 40-resumption-ssl + +[40-resumption-ssl] +server = 40-resumption-server +client = 40-resumption-client +resume-server = 40-resumption-server +resume-client = 40-resumption-resume-client + +[40-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[40-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[40-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-40] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[41-resumption] +ssl_conf = 41-resumption-ssl + +[41-resumption-ssl] +server = 41-resumption-server +client = 41-resumption-client +resume-server = 41-resumption-server +resume-client = 41-resumption-resume-client + +[41-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[41-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[41-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-41] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[42-resumption] +ssl_conf = 42-resumption-ssl + +[42-resumption-ssl] +server = 42-resumption-server +client = 42-resumption-client +resume-server = 42-resumption-server +resume-client = 42-resumption-resume-client + +[42-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[42-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[42-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-42] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[43-resumption] +ssl_conf = 43-resumption-ssl + +[43-resumption-ssl] +server = 43-resumption-server +client = 43-resumption-client +resume-server = 43-resumption-server +resume-client = 43-resumption-resume-client + +[43-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[43-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[43-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-43] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[44-resumption] +ssl_conf = 44-resumption-ssl + +[44-resumption-ssl] +server = 44-resumption-server +client = 44-resumption-client +resume-server = 44-resumption-server +resume-client = 44-resumption-resume-client + +[44-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[44-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[44-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-44] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[45-resumption] +ssl_conf = 45-resumption-ssl + +[45-resumption-ssl] +server = 45-resumption-server +client = 45-resumption-client +resume-server = 45-resumption-server +resume-client = 45-resumption-resume-client + +[45-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[45-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[45-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-45] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[46-resumption] +ssl_conf = 46-resumption-ssl + +[46-resumption-ssl] +server = 46-resumption-server +client = 46-resumption-client +resume-server = 46-resumption-server +resume-client = 46-resumption-resume-client + +[46-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[46-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[46-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-46] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[47-resumption] +ssl_conf = 47-resumption-ssl + +[47-resumption-ssl] +server = 47-resumption-server +client = 47-resumption-client +resume-server = 47-resumption-server +resume-client = 47-resumption-resume-client + +[47-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[47-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[47-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-47] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[48-resumption] +ssl_conf = 48-resumption-ssl + +[48-resumption-ssl] +server = 48-resumption-server +client = 48-resumption-client +resume-server = 48-resumption-server +resume-client = 48-resumption-resume-client + +[48-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[48-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[48-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-48] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[49-resumption] +ssl_conf = 49-resumption-ssl + +[49-resumption-ssl] +server = 49-resumption-server +client = 49-resumption-client +resume-server = 49-resumption-server +resume-client = 49-resumption-resume-client + +[49-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[49-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[49-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-49] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[50-resumption] +ssl_conf = 50-resumption-ssl + +[50-resumption-ssl] +server = 50-resumption-server +client = 50-resumption-client +resume-server = 50-resumption-server +resume-client = 50-resumption-resume-client + +[50-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[50-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[50-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-50] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[51-resumption] +ssl_conf = 51-resumption-ssl + +[51-resumption-ssl] +server = 51-resumption-server +client = 51-resumption-client +resume-server = 51-resumption-server +resume-client = 51-resumption-resume-client + +[51-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[51-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[51-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-51] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[52-resumption] +ssl_conf = 52-resumption-ssl + +[52-resumption-ssl] +server = 52-resumption-server +client = 52-resumption-client +resume-server = 52-resumption-server +resume-client = 52-resumption-resume-client + +[52-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[52-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[52-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-52] ExpectedProtocol = TLSv1.2 HandshakeMode = Resume ResumptionExpected = Yes +# =========================================================== + +[53-resumption] +ssl_conf = 53-resumption-ssl + +[53-resumption-ssl] +server = 53-resumption-server +client = 53-resumption-client +resume-server = 53-resumption-server +resume-client = 53-resumption-resume-client + +[53-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[53-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[53-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-53] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[54-resumption] +ssl_conf = 54-resumption-ssl + +[54-resumption-ssl] +server = 54-resumption-server +client = 54-resumption-client +resume-server = 54-resumption-server +resume-client = 54-resumption-resume-client + +[54-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[54-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[54-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-54] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[55-resumption] +ssl_conf = 55-resumption-ssl + +[55-resumption-ssl] +server = 55-resumption-server +client = 55-resumption-client +resume-server = 55-resumption-server +resume-client = 55-resumption-resume-client + +[55-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[55-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[55-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-55] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[56-resumption] +ssl_conf = 56-resumption-ssl + +[56-resumption-ssl] +server = 56-resumption-server +client = 56-resumption-client +resume-server = 56-resumption-server +resume-client = 56-resumption-resume-client + +[56-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[56-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[56-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-56] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[57-resumption] +ssl_conf = 57-resumption-ssl + +[57-resumption-ssl] +server = 57-resumption-server +client = 57-resumption-client +resume-server = 57-resumption-server +resume-client = 57-resumption-resume-client + +[57-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[57-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[57-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-57] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[58-resumption] +ssl_conf = 58-resumption-ssl + +[58-resumption-ssl] +server = 58-resumption-server +client = 58-resumption-client +resume-server = 58-resumption-server +resume-client = 58-resumption-resume-client + +[58-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[58-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[58-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-58] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[59-resumption] +ssl_conf = 59-resumption-ssl + +[59-resumption-ssl] +server = 59-resumption-server +client = 59-resumption-client +resume-server = 59-resumption-server +resume-client = 59-resumption-resume-client + +[59-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[59-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[59-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-59] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[60-resumption] +ssl_conf = 60-resumption-ssl + +[60-resumption-ssl] +server = 60-resumption-server +client = 60-resumption-client +resume-server = 60-resumption-server +resume-client = 60-resumption-resume-client + +[60-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[60-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[60-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-60] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[61-resumption] +ssl_conf = 61-resumption-ssl + +[61-resumption-ssl] +server = 61-resumption-server +client = 61-resumption-client +resume-server = 61-resumption-server +resume-client = 61-resumption-resume-client + +[61-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[61-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[61-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-61] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[62-resumption] +ssl_conf = 62-resumption-ssl + +[62-resumption-ssl] +server = 62-resumption-server +client = 62-resumption-client +resume-server = 62-resumption-server +resume-client = 62-resumption-resume-client + +[62-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[62-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[62-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-62] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[63-resumption] +ssl_conf = 63-resumption-ssl + +[63-resumption-ssl] +server = 63-resumption-server +client = 63-resumption-client +resume-server = 63-resumption-server +resume-client = 63-resumption-resume-client + +[63-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[63-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[63-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-63] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[64-resumption-with-hrr] +ssl_conf = 64-resumption-with-hrr-ssl + +[64-resumption-with-hrr-ssl] +server = 64-resumption-with-hrr-server +client = 64-resumption-with-hrr-client +resume-server = 64-resumption-with-hrr-server +resume-client = 64-resumption-with-hrr-resume-client + +[64-resumption-with-hrr-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = P-256 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[64-resumption-with-hrr-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[64-resumption-with-hrr-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-64] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +Method = TLS +ResumptionExpected = Yes + + diff --git a/test/ssl-tests/20-cert-select.conf b/test/ssl-tests/20-cert-select.conf index 47ff667bb6..609e2166c4 100644 --- a/test/ssl-tests/20-cert-select.conf +++ b/test/ssl-tests/20-cert-select.conf @@ -1,6 +1,6 @@ # Generated with generate_ssl_tests.pl -num_tests = 23 +num_tests = 39 test-0 = 0-ECDSA CipherString Selection test-1 = 1-Ed25519 CipherString and Signature Algorithm Selection @@ -24,7 +24,23 @@ test-18 = 18-Suite B P-256 Hash Algorithm Selection test-19 = 19-Suite B P-384 Hash Algorithm Selection test-20 = 20-TLS 1.2 Ed25519 Client Auth test-21 = 21-Only RSA-PSS Certificate, TLS v1.1 -test-22 = 22-TLS 1.2 DSA Certificate Test +test-22 = 22-TLS 1.3 ECDSA Signature Algorithm Selection +test-23 = 23-TLS 1.3 ECDSA Signature Algorithm Selection compressed point +test-24 = 24-TLS 1.3 ECDSA Signature Algorithm Selection SHA1 +test-25 = 25-TLS 1.3 ECDSA Signature Algorithm Selection with PSS +test-26 = 26-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS +test-27 = 27-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate +test-28 = 28-TLS 1.3 RSA Signature Algorithm Selection, no PSS +test-29 = 29-TLS 1.3 RSA-PSS Signature Algorithm Selection +test-30 = 30-TLS 1.3 Ed25519 Signature Algorithm Selection +test-31 = 31-TLS 1.3 Ed25519 CipherString and Groups Selection +test-32 = 32-TLS 1.3 RSA Client Auth Signature Algorithm Selection +test-33 = 33-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names +test-34 = 34-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection +test-35 = 35-TLS 1.3 Ed25519 Client Auth +test-36 = 36-TLS 1.2 DSA Certificate Test +test-37 = 37-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms +test-38 = 38-TLS 1.3 DSA Certificate Test # =========================================================== [0-ECDSA CipherString Selection] @@ -697,14 +713,467 @@ ExpectedResult = ServerFail # =========================================================== -[22-TLS 1.2 DSA Certificate Test] -ssl_conf = 22-TLS 1.2 DSA Certificate Test-ssl +[22-TLS 1.3 ECDSA Signature Algorithm Selection] +ssl_conf = 22-TLS 1.3 ECDSA Signature Algorithm Selection-ssl -[22-TLS 1.2 DSA Certificate Test-ssl] -server = 22-TLS 1.2 DSA Certificate Test-server -client = 22-TLS 1.2 DSA Certificate Test-client +[22-TLS 1.3 ECDSA Signature Algorithm Selection-ssl] +server = 22-TLS 1.3 ECDSA Signature Algorithm Selection-server +client = 22-TLS 1.3 ECDSA Signature Algorithm Selection-client -[22-TLS 1.2 DSA Certificate Test-server] +[22-TLS 1.3 ECDSA Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[22-TLS 1.3 ECDSA Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-22] +ExpectedResult = Success +ExpectedServerCANames = empty +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = EC + + +# =========================================================== + +[23-TLS 1.3 ECDSA Signature Algorithm Selection compressed point] +ssl_conf = 23-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl + +[23-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl] +server = 23-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server +client = 23-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client + +[23-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[23-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-23] +ExpectedResult = ServerFail + + +# =========================================================== + +[24-TLS 1.3 ECDSA Signature Algorithm Selection SHA1] +ssl_conf = 24-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl + +[24-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl] +server = 24-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server +client = 24-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client + +[24-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[24-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-24] +ExpectedResult = ServerFail + + +# =========================================================== + +[25-TLS 1.3 ECDSA Signature Algorithm Selection with PSS] +ssl_conf = 25-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl + +[25-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl] +server = 25-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server +client = 25-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client + +[25-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[25-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client] +CipherString = DEFAULT +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +SignatureAlgorithms = ECDSA+SHA256:RSA-PSS+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-25] +ExpectedResult = Success +ExpectedServerCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = EC + + +# =========================================================== + +[26-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS] +ssl_conf = 26-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl + +[26-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl] +server = 26-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server +client = 26-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client + +[26-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[26-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA384:RSA-PSS+SHA384 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-26] +ExpectedResult = Success +ExpectedServerCertType = RSA +ExpectedServerSignHash = SHA384 +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[27-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate] +ssl_conf = 27-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl + +[27-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl] +server = 27-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server +client = 27-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client + +[27-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[27-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-27] +ExpectedResult = ServerFail + + +# =========================================================== + +[28-TLS 1.3 RSA Signature Algorithm Selection, no PSS] +ssl_conf = 28-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl + +[28-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl] +server = 28-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server +client = 28-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client + +[28-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[28-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client] +CipherString = DEFAULT +SignatureAlgorithms = RSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-28] +ExpectedResult = ServerFail + + +# =========================================================== + +[29-TLS 1.3 RSA-PSS Signature Algorithm Selection] +ssl_conf = 29-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl + +[29-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl] +server = 29-TLS 1.3 RSA-PSS Signature Algorithm Selection-server +client = 29-TLS 1.3 RSA-PSS Signature Algorithm Selection-client + +[29-TLS 1.3 RSA-PSS Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[29-TLS 1.3 RSA-PSS Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = RSA-PSS+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-29] +ExpectedResult = Success +ExpectedServerCertType = RSA +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[30-TLS 1.3 Ed25519 Signature Algorithm Selection] +ssl_conf = 30-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl + +[30-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl] +server = 30-TLS 1.3 Ed25519 Signature Algorithm Selection-server +client = 30-TLS 1.3 Ed25519 Signature Algorithm Selection-client + +[30-TLS 1.3 Ed25519 Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[30-TLS 1.3 Ed25519 Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = ed25519 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-30] +ExpectedResult = Success +ExpectedServerCertType = Ed25519 +ExpectedServerSignType = Ed25519 + + +# =========================================================== + +[31-TLS 1.3 Ed25519 CipherString and Groups Selection] +ssl_conf = 31-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl + +[31-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl] +server = 31-TLS 1.3 Ed25519 CipherString and Groups Selection-server +client = 31-TLS 1.3 Ed25519 CipherString and Groups Selection-client + +[31-TLS 1.3 Ed25519 CipherString and Groups Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[31-TLS 1.3 Ed25519 CipherString and Groups Selection-client] +CipherString = DEFAULT +Groups = X25519 +SignatureAlgorithms = ECDSA+SHA256:ed25519 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-31] +ExpectedResult = Success +ExpectedServerCertType = P-256 +ExpectedServerSignType = EC + + +# =========================================================== + +[32-TLS 1.3 RSA Client Auth Signature Algorithm Selection] +ssl_conf = 32-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl + +[32-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl] +server = 32-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server +client = 32-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client + +[32-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientSignatureAlgorithms = PSS+SHA256 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[32-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client] +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-32] +ExpectedClientCANames = empty +ExpectedClientCertType = RSA +ExpectedClientSignHash = SHA256 +ExpectedClientSignType = RSA-PSS +ExpectedResult = Success + + +# =========================================================== + +[33-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names] +ssl_conf = 33-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl + +[33-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl] +server = 33-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server +client = 33-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client + +[33-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientSignatureAlgorithms = PSS+SHA256 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[33-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client] +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-33] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedClientCertType = RSA +ExpectedClientSignHash = SHA256 +ExpectedClientSignType = RSA-PSS +ExpectedResult = Success + + +# =========================================================== + +[34-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection] +ssl_conf = 34-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl + +[34-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl] +server = 34-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server +client = 34-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client + +[34-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientSignatureAlgorithms = ECDSA+SHA256 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[34-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client] +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-34] +ExpectedClientCertType = P-256 +ExpectedClientSignHash = SHA256 +ExpectedClientSignType = EC +ExpectedResult = Success + + +# =========================================================== + +[35-TLS 1.3 Ed25519 Client Auth] +ssl_conf = 35-TLS 1.3 Ed25519 Client Auth-ssl + +[35-TLS 1.3 Ed25519 Client Auth-ssl] +server = 35-TLS 1.3 Ed25519 Client Auth-server +client = 35-TLS 1.3 Ed25519 Client Auth-client + +[35-TLS 1.3 Ed25519 Client Auth-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[35-TLS 1.3 Ed25519 Client Auth-client] +CipherString = DEFAULT +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-35] +ExpectedClientCertType = Ed25519 +ExpectedClientSignType = Ed25519 +ExpectedResult = Success + + +# =========================================================== + +[36-TLS 1.2 DSA Certificate Test] +ssl_conf = 36-TLS 1.2 DSA Certificate Test-ssl + +[36-TLS 1.2 DSA Certificate Test-ssl] +server = 36-TLS 1.2 DSA Certificate Test-server +client = 36-TLS 1.2 DSA Certificate Test-client + +[36-TLS 1.2 DSA Certificate Test-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = ALL DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem @@ -714,13 +1183,67 @@ MaxProtocol = TLSv1.2 MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[22-TLS 1.2 DSA Certificate Test-client] +[36-TLS 1.2 DSA Certificate Test-client] CipherString = ALL SignatureAlgorithms = DSA+SHA256:DSA+SHA1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-22] +[test-36] ExpectedResult = Success +# =========================================================== + +[37-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms] +ssl_conf = 37-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl + +[37-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl] +server = 37-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server +client = 37-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client + +[37-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientSignatureAlgorithms = ECDSA+SHA1:DSA+SHA256:RSA+SHA256 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[37-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-37] +ExpectedResult = ServerFail + + +# =========================================================== + +[38-TLS 1.3 DSA Certificate Test] +ssl_conf = 38-TLS 1.3 DSA Certificate Test-ssl + +[38-TLS 1.3 DSA Certificate Test-ssl] +server = 38-TLS 1.3 DSA Certificate Test-server +client = 38-TLS 1.3 DSA Certificate Test-client + +[38-TLS 1.3 DSA Certificate Test-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ALL +DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem +DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[38-TLS 1.3 DSA Certificate Test-client] +CipherString = ALL +SignatureAlgorithms = DSA+SHA1:DSA+SHA256:ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-38] +ExpectedResult = ServerFail + + diff --git a/test/ssl-tests/22-compression.conf b/test/ssl-tests/22-compression.conf index 999b008ede..c85d3129ab 100644 --- a/test/ssl-tests/22-compression.conf +++ b/test/ssl-tests/22-compression.conf @@ -1,55 +1,57 @@ # Generated with generate_ssl_tests.pl -num_tests = 4 +num_tests = 8 -test-0 = 0-tlsv1_2-both-compress -test-1 = 1-tlsv1_2-client-compress -test-2 = 2-tlsv1_2-server-compress -test-3 = 3-tlsv1_2-neither-compress +test-0 = 0-tlsv1_3-both-compress +test-1 = 1-tlsv1_3-client-compress +test-2 = 2-tlsv1_3-server-compress +test-3 = 3-tlsv1_3-neither-compress +test-4 = 4-tlsv1_2-both-compress +test-5 = 5-tlsv1_2-client-compress +test-6 = 6-tlsv1_2-server-compress +test-7 = 7-tlsv1_2-neither-compress # =========================================================== -[0-tlsv1_2-both-compress] -ssl_conf = 0-tlsv1_2-both-compress-ssl +[0-tlsv1_3-both-compress] +ssl_conf = 0-tlsv1_3-both-compress-ssl -[0-tlsv1_2-both-compress-ssl] -server = 0-tlsv1_2-both-compress-server -client = 0-tlsv1_2-both-compress-client +[0-tlsv1_3-both-compress-ssl] +server = 0-tlsv1_3-both-compress-server +client = 0-tlsv1_3-both-compress-client -[0-tlsv1_2-both-compress-server] +[0-tlsv1_3-both-compress-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Options = Compression PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[0-tlsv1_2-both-compress-client] +[0-tlsv1_3-both-compress-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 Options = Compression VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-0] -CompressionExpected = Yes +CompressionExpected = No ExpectedResult = Success # =========================================================== -[1-tlsv1_2-client-compress] -ssl_conf = 1-tlsv1_2-client-compress-ssl +[1-tlsv1_3-client-compress] +ssl_conf = 1-tlsv1_3-client-compress-ssl -[1-tlsv1_2-client-compress-ssl] -server = 1-tlsv1_2-client-compress-server -client = 1-tlsv1_2-client-compress-client +[1-tlsv1_3-client-compress-ssl] +server = 1-tlsv1_3-client-compress-server +client = 1-tlsv1_3-client-compress-client -[1-tlsv1_2-client-compress-server] +[1-tlsv1_3-client-compress-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[1-tlsv1_2-client-compress-client] +[1-tlsv1_3-client-compress-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 Options = Compression VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -61,22 +63,21 @@ ExpectedResult = Success # =========================================================== -[2-tlsv1_2-server-compress] -ssl_conf = 2-tlsv1_2-server-compress-ssl +[2-tlsv1_3-server-compress] +ssl_conf = 2-tlsv1_3-server-compress-ssl -[2-tlsv1_2-server-compress-ssl] -server = 2-tlsv1_2-server-compress-server -client = 2-tlsv1_2-server-compress-client +[2-tlsv1_3-server-compress-ssl] +server = 2-tlsv1_3-server-compress-server +client = 2-tlsv1_3-server-compress-client -[2-tlsv1_2-server-compress-server] +[2-tlsv1_3-server-compress-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Options = Compression PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[2-tlsv1_2-server-compress-client] +[2-tlsv1_3-server-compress-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -87,21 +88,20 @@ ExpectedResult = Success # =========================================================== -[3-tlsv1_2-neither-compress] -ssl_conf = 3-tlsv1_2-neither-compress-ssl +[3-tlsv1_3-neither-compress] +ssl_conf = 3-tlsv1_3-neither-compress-ssl -[3-tlsv1_2-neither-compress-ssl] -server = 3-tlsv1_2-neither-compress-server -client = 3-tlsv1_2-neither-compress-client +[3-tlsv1_3-neither-compress-ssl] +server = 3-tlsv1_3-neither-compress-server +client = 3-tlsv1_3-neither-compress-client -[3-tlsv1_2-neither-compress-server] +[3-tlsv1_3-neither-compress-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[3-tlsv1_2-neither-compress-client] +[3-tlsv1_3-neither-compress-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -110,3 +110,107 @@ CompressionExpected = No ExpectedResult = Success +# =========================================================== + +[4-tlsv1_2-both-compress] +ssl_conf = 4-tlsv1_2-both-compress-ssl + +[4-tlsv1_2-both-compress-ssl] +server = 4-tlsv1_2-both-compress-server +client = 4-tlsv1_2-both-compress-client + +[4-tlsv1_2-both-compress-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = Compression +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-tlsv1_2-both-compress-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = Compression +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +CompressionExpected = Yes +ExpectedResult = Success + + +# =========================================================== + +[5-tlsv1_2-client-compress] +ssl_conf = 5-tlsv1_2-client-compress-ssl + +[5-tlsv1_2-client-compress-ssl] +server = 5-tlsv1_2-client-compress-server +client = 5-tlsv1_2-client-compress-client + +[5-tlsv1_2-client-compress-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-tlsv1_2-client-compress-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = Compression +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +CompressionExpected = No +ExpectedResult = Success + + +# =========================================================== + +[6-tlsv1_2-server-compress] +ssl_conf = 6-tlsv1_2-server-compress-ssl + +[6-tlsv1_2-server-compress-ssl] +server = 6-tlsv1_2-server-compress-server +client = 6-tlsv1_2-server-compress-client + +[6-tlsv1_2-server-compress-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = Compression +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-tlsv1_2-server-compress-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +CompressionExpected = No +ExpectedResult = Success + + +# =========================================================== + +[7-tlsv1_2-neither-compress] +ssl_conf = 7-tlsv1_2-neither-compress-ssl + +[7-tlsv1_2-neither-compress-ssl] +server = 7-tlsv1_2-neither-compress-server +client = 7-tlsv1_2-neither-compress-client + +[7-tlsv1_2-neither-compress-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-tlsv1_2-neither-compress-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +CompressionExpected = No +ExpectedResult = Success + +