diff options
Diffstat (limited to 'openssl-1.1.0h/test/ssl-tests')
41 files changed, 21914 insertions, 0 deletions
diff --git a/openssl-1.1.0h/test/ssl-tests/01-simple.conf b/openssl-1.1.0h/test/ssl-tests/01-simple.conf new file mode 100644 index 0000000..5f4dd84 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/01-simple.conf @@ -0,0 +1,78 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 3 + +test-0 = 0-default +test-1 = 1-Server signature algorithms bug +test-2 = 2-verify-cert +# =========================================================== + +[0-default] +ssl_conf = 0-default-ssl + +[0-default-ssl] +server = 0-default-server +client = 0-default-client + +[0-default-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-default-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success + + +# =========================================================== + +[1-Server signature algorithms bug] +ssl_conf = 1-Server signature algorithms bug-ssl + +[1-Server signature algorithms bug-ssl] +server = 1-Server signature algorithms bug-server +client = 1-Server signature algorithms bug-client + +[1-Server signature algorithms bug-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientSignatureAlgorithms = ECDSA+SHA256 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-Server signature algorithms bug-client] +CipherString = DEFAULT +SignatureAlgorithms = RSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success + + +# =========================================================== + +[2-verify-cert] +ssl_conf = 2-verify-cert-ssl + +[2-verify-cert-ssl] +server = 2-verify-cert-server +client = 2-verify-cert-client + +[2-verify-cert-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-verify-cert-client] +CipherString = DEFAULT +VerifyMode = Peer + +[test-2] +ExpectedClientAlert = UnknownCA +ExpectedResult = ClientFail + + diff --git a/openssl-1.1.0h/test/ssl-tests/01-simple.conf.in b/openssl-1.1.0h/test/ssl-tests/01-simple.conf.in new file mode 100644 index 0000000..086d66d --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/01-simple.conf.in @@ -0,0 +1,42 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## SSL test configurations + +package ssltests; + +our @tests = ( + { + name => "default", + server => { }, + client => { }, + test => { "ExpectedResult" => "Success" }, + }, + + { + name => "Server signature algorithms bug", + # Should have no effect as we aren't doing client auth + server => { "ClientSignatureAlgorithms" => "ECDSA+SHA256" }, + client => { "SignatureAlgorithms" => "RSA+SHA256" }, + test => { "ExpectedResult" => "Success" }, + }, + + { + name => "verify-cert", + server => { }, + client => { + # Don't set up the client root file. + "VerifyCAFile" => undef, + }, + test => { + "ExpectedResult" => "ClientFail", + "ExpectedClientAlert" => "UnknownCA", + }, + }, +); diff --git a/openssl-1.1.0h/test/ssl-tests/02-protocol-version.conf b/openssl-1.1.0h/test/ssl-tests/02-protocol-version.conf new file mode 100644 index 0000000..cb89dbc --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/02-protocol-version.conf @@ -0,0 +1,9975 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 361 + +test-0 = 0-version-negotiation +test-1 = 1-version-negotiation +test-2 = 2-version-negotiation +test-3 = 3-version-negotiation +test-4 = 4-version-negotiation +test-5 = 5-version-negotiation +test-6 = 6-version-negotiation +test-7 = 7-version-negotiation +test-8 = 8-version-negotiation +test-9 = 9-version-negotiation +test-10 = 10-version-negotiation +test-11 = 11-version-negotiation +test-12 = 12-version-negotiation +test-13 = 13-version-negotiation +test-14 = 14-version-negotiation +test-15 = 15-version-negotiation +test-16 = 16-version-negotiation +test-17 = 17-version-negotiation +test-18 = 18-version-negotiation +test-19 = 19-version-negotiation +test-20 = 20-version-negotiation +test-21 = 21-version-negotiation +test-22 = 22-version-negotiation +test-23 = 23-version-negotiation +test-24 = 24-version-negotiation +test-25 = 25-version-negotiation +test-26 = 26-version-negotiation +test-27 = 27-version-negotiation +test-28 = 28-version-negotiation +test-29 = 29-version-negotiation +test-30 = 30-version-negotiation +test-31 = 31-version-negotiation +test-32 = 32-version-negotiation +test-33 = 33-version-negotiation +test-34 = 34-version-negotiation +test-35 = 35-version-negotiation +test-36 = 36-version-negotiation +test-37 = 37-version-negotiation +test-38 = 38-version-negotiation +test-39 = 39-version-negotiation +test-40 = 40-version-negotiation +test-41 = 41-version-negotiation +test-42 = 42-version-negotiation +test-43 = 43-version-negotiation +test-44 = 44-version-negotiation +test-45 = 45-version-negotiation +test-46 = 46-version-negotiation +test-47 = 47-version-negotiation +test-48 = 48-version-negotiation +test-49 = 49-version-negotiation +test-50 = 50-version-negotiation +test-51 = 51-version-negotiation +test-52 = 52-version-negotiation +test-53 = 53-version-negotiation +test-54 = 54-version-negotiation +test-55 = 55-version-negotiation +test-56 = 56-version-negotiation +test-57 = 57-version-negotiation +test-58 = 58-version-negotiation +test-59 = 59-version-negotiation +test-60 = 60-version-negotiation +test-61 = 61-version-negotiation +test-62 = 62-version-negotiation +test-63 = 63-version-negotiation +test-64 = 64-version-negotiation +test-65 = 65-version-negotiation +test-66 = 66-version-negotiation +test-67 = 67-version-negotiation +test-68 = 68-version-negotiation +test-69 = 69-version-negotiation +test-70 = 70-version-negotiation +test-71 = 71-version-negotiation +test-72 = 72-version-negotiation +test-73 = 73-version-negotiation +test-74 = 74-version-negotiation +test-75 = 75-version-negotiation +test-76 = 76-version-negotiation +test-77 = 77-version-negotiation +test-78 = 78-version-negotiation +test-79 = 79-version-negotiation +test-80 = 80-version-negotiation +test-81 = 81-version-negotiation +test-82 = 82-version-negotiation +test-83 = 83-version-negotiation +test-84 = 84-version-negotiation +test-85 = 85-version-negotiation +test-86 = 86-version-negotiation +test-87 = 87-version-negotiation +test-88 = 88-version-negotiation +test-89 = 89-version-negotiation +test-90 = 90-version-negotiation +test-91 = 91-version-negotiation +test-92 = 92-version-negotiation +test-93 = 93-version-negotiation +test-94 = 94-version-negotiation +test-95 = 95-version-negotiation +test-96 = 96-version-negotiation +test-97 = 97-version-negotiation +test-98 = 98-version-negotiation +test-99 = 99-version-negotiation +test-100 = 100-version-negotiation +test-101 = 101-version-negotiation +test-102 = 102-version-negotiation +test-103 = 103-version-negotiation +test-104 = 104-version-negotiation +test-105 = 105-version-negotiation +test-106 = 106-version-negotiation +test-107 = 107-version-negotiation +test-108 = 108-version-negotiation +test-109 = 109-version-negotiation +test-110 = 110-version-negotiation +test-111 = 111-version-negotiation +test-112 = 112-version-negotiation +test-113 = 113-version-negotiation +test-114 = 114-version-negotiation +test-115 = 115-version-negotiation +test-116 = 116-version-negotiation +test-117 = 117-version-negotiation +test-118 = 118-version-negotiation +test-119 = 119-version-negotiation +test-120 = 120-version-negotiation +test-121 = 121-version-negotiation +test-122 = 122-version-negotiation +test-123 = 123-version-negotiation +test-124 = 124-version-negotiation +test-125 = 125-version-negotiation +test-126 = 126-version-negotiation +test-127 = 127-version-negotiation +test-128 = 128-version-negotiation +test-129 = 129-version-negotiation +test-130 = 130-version-negotiation +test-131 = 131-version-negotiation +test-132 = 132-version-negotiation +test-133 = 133-version-negotiation +test-134 = 134-version-negotiation +test-135 = 135-version-negotiation +test-136 = 136-version-negotiation +test-137 = 137-version-negotiation +test-138 = 138-version-negotiation +test-139 = 139-version-negotiation +test-140 = 140-version-negotiation +test-141 = 141-version-negotiation +test-142 = 142-version-negotiation +test-143 = 143-version-negotiation +test-144 = 144-version-negotiation +test-145 = 145-version-negotiation +test-146 = 146-version-negotiation +test-147 = 147-version-negotiation +test-148 = 148-version-negotiation +test-149 = 149-version-negotiation +test-150 = 150-version-negotiation +test-151 = 151-version-negotiation +test-152 = 152-version-negotiation +test-153 = 153-version-negotiation +test-154 = 154-version-negotiation +test-155 = 155-version-negotiation +test-156 = 156-version-negotiation +test-157 = 157-version-negotiation +test-158 = 158-version-negotiation +test-159 = 159-version-negotiation +test-160 = 160-version-negotiation +test-161 = 161-version-negotiation +test-162 = 162-version-negotiation +test-163 = 163-version-negotiation +test-164 = 164-version-negotiation +test-165 = 165-version-negotiation +test-166 = 166-version-negotiation +test-167 = 167-version-negotiation +test-168 = 168-version-negotiation +test-169 = 169-version-negotiation +test-170 = 170-version-negotiation +test-171 = 171-version-negotiation +test-172 = 172-version-negotiation +test-173 = 173-version-negotiation +test-174 = 174-version-negotiation +test-175 = 175-version-negotiation +test-176 = 176-version-negotiation +test-177 = 177-version-negotiation +test-178 = 178-version-negotiation +test-179 = 179-version-negotiation +test-180 = 180-version-negotiation +test-181 = 181-version-negotiation +test-182 = 182-version-negotiation +test-183 = 183-version-negotiation +test-184 = 184-version-negotiation +test-185 = 185-version-negotiation +test-186 = 186-version-negotiation +test-187 = 187-version-negotiation +test-188 = 188-version-negotiation +test-189 = 189-version-negotiation +test-190 = 190-version-negotiation +test-191 = 191-version-negotiation +test-192 = 192-version-negotiation +test-193 = 193-version-negotiation +test-194 = 194-version-negotiation +test-195 = 195-version-negotiation +test-196 = 196-version-negotiation +test-197 = 197-version-negotiation +test-198 = 198-version-negotiation +test-199 = 199-version-negotiation +test-200 = 200-version-negotiation +test-201 = 201-version-negotiation +test-202 = 202-version-negotiation +test-203 = 203-version-negotiation +test-204 = 204-version-negotiation +test-205 = 205-version-negotiation +test-206 = 206-version-negotiation +test-207 = 207-version-negotiation +test-208 = 208-version-negotiation +test-209 = 209-version-negotiation +test-210 = 210-version-negotiation +test-211 = 211-version-negotiation +test-212 = 212-version-negotiation +test-213 = 213-version-negotiation +test-214 = 214-version-negotiation +test-215 = 215-version-negotiation +test-216 = 216-version-negotiation +test-217 = 217-version-negotiation +test-218 = 218-version-negotiation +test-219 = 219-version-negotiation +test-220 = 220-version-negotiation +test-221 = 221-version-negotiation +test-222 = 222-version-negotiation +test-223 = 223-version-negotiation +test-224 = 224-version-negotiation +test-225 = 225-version-negotiation +test-226 = 226-version-negotiation +test-227 = 227-version-negotiation +test-228 = 228-version-negotiation +test-229 = 229-version-negotiation +test-230 = 230-version-negotiation +test-231 = 231-version-negotiation +test-232 = 232-version-negotiation +test-233 = 233-version-negotiation +test-234 = 234-version-negotiation +test-235 = 235-version-negotiation +test-236 = 236-version-negotiation +test-237 = 237-version-negotiation +test-238 = 238-version-negotiation +test-239 = 239-version-negotiation +test-240 = 240-version-negotiation +test-241 = 241-version-negotiation +test-242 = 242-version-negotiation +test-243 = 243-version-negotiation +test-244 = 244-version-negotiation +test-245 = 245-version-negotiation +test-246 = 246-version-negotiation +test-247 = 247-version-negotiation +test-248 = 248-version-negotiation +test-249 = 249-version-negotiation +test-250 = 250-version-negotiation +test-251 = 251-version-negotiation +test-252 = 252-version-negotiation +test-253 = 253-version-negotiation +test-254 = 254-version-negotiation +test-255 = 255-version-negotiation +test-256 = 256-version-negotiation +test-257 = 257-version-negotiation +test-258 = 258-version-negotiation +test-259 = 259-version-negotiation +test-260 = 260-version-negotiation +test-261 = 261-version-negotiation +test-262 = 262-version-negotiation +test-263 = 263-version-negotiation +test-264 = 264-version-negotiation +test-265 = 265-version-negotiation +test-266 = 266-version-negotiation +test-267 = 267-version-negotiation +test-268 = 268-version-negotiation +test-269 = 269-version-negotiation +test-270 = 270-version-negotiation +test-271 = 271-version-negotiation +test-272 = 272-version-negotiation +test-273 = 273-version-negotiation +test-274 = 274-version-negotiation +test-275 = 275-version-negotiation +test-276 = 276-version-negotiation +test-277 = 277-version-negotiation +test-278 = 278-version-negotiation +test-279 = 279-version-negotiation +test-280 = 280-version-negotiation +test-281 = 281-version-negotiation +test-282 = 282-version-negotiation +test-283 = 283-version-negotiation +test-284 = 284-version-negotiation +test-285 = 285-version-negotiation +test-286 = 286-version-negotiation +test-287 = 287-version-negotiation +test-288 = 288-version-negotiation +test-289 = 289-version-negotiation +test-290 = 290-version-negotiation +test-291 = 291-version-negotiation +test-292 = 292-version-negotiation +test-293 = 293-version-negotiation +test-294 = 294-version-negotiation +test-295 = 295-version-negotiation +test-296 = 296-version-negotiation +test-297 = 297-version-negotiation +test-298 = 298-version-negotiation +test-299 = 299-version-negotiation +test-300 = 300-version-negotiation +test-301 = 301-version-negotiation +test-302 = 302-version-negotiation +test-303 = 303-version-negotiation +test-304 = 304-version-negotiation +test-305 = 305-version-negotiation +test-306 = 306-version-negotiation +test-307 = 307-version-negotiation +test-308 = 308-version-negotiation +test-309 = 309-version-negotiation +test-310 = 310-version-negotiation +test-311 = 311-version-negotiation +test-312 = 312-version-negotiation +test-313 = 313-version-negotiation +test-314 = 314-version-negotiation +test-315 = 315-version-negotiation +test-316 = 316-version-negotiation +test-317 = 317-version-negotiation +test-318 = 318-version-negotiation +test-319 = 319-version-negotiation +test-320 = 320-version-negotiation +test-321 = 321-version-negotiation +test-322 = 322-version-negotiation +test-323 = 323-version-negotiation +test-324 = 324-version-negotiation +test-325 = 325-version-negotiation +test-326 = 326-version-negotiation +test-327 = 327-version-negotiation +test-328 = 328-version-negotiation +test-329 = 329-version-negotiation +test-330 = 330-version-negotiation +test-331 = 331-version-negotiation +test-332 = 332-version-negotiation +test-333 = 333-version-negotiation +test-334 = 334-version-negotiation +test-335 = 335-version-negotiation +test-336 = 336-version-negotiation +test-337 = 337-version-negotiation +test-338 = 338-version-negotiation +test-339 = 339-version-negotiation +test-340 = 340-version-negotiation +test-341 = 341-version-negotiation +test-342 = 342-version-negotiation +test-343 = 343-version-negotiation +test-344 = 344-version-negotiation +test-345 = 345-version-negotiation +test-346 = 346-version-negotiation +test-347 = 347-version-negotiation +test-348 = 348-version-negotiation +test-349 = 349-version-negotiation +test-350 = 350-version-negotiation +test-351 = 351-version-negotiation +test-352 = 352-version-negotiation +test-353 = 353-version-negotiation +test-354 = 354-version-negotiation +test-355 = 355-version-negotiation +test-356 = 356-version-negotiation +test-357 = 357-version-negotiation +test-358 = 358-version-negotiation +test-359 = 359-version-negotiation +test-360 = 360-version-negotiation +# =========================================================== + +[0-version-negotiation] +ssl_conf = 0-version-negotiation-ssl + +[0-version-negotiation-ssl] +server = 0-version-negotiation-server +client = 0-version-negotiation-client + +[0-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = InternalError + + +# =========================================================== + +[1-version-negotiation] +ssl_conf = 1-version-negotiation-ssl + +[1-version-negotiation-ssl] +server = 1-version-negotiation-server +client = 1-version-negotiation-client + +[1-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = InternalError + + +# =========================================================== + +[2-version-negotiation] +ssl_conf = 2-version-negotiation-ssl + +[2-version-negotiation-ssl] +server = 2-version-negotiation-server +client = 2-version-negotiation-client + +[2-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = InternalError + + +# =========================================================== + +[3-version-negotiation] +ssl_conf = 3-version-negotiation-ssl + +[3-version-negotiation-ssl] +server = 3-version-negotiation-server +client = 3-version-negotiation-client + +[3-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = InternalError + + +# =========================================================== + +[4-version-negotiation] +ssl_conf = 4-version-negotiation-ssl + +[4-version-negotiation-ssl] +server = 4-version-negotiation-server +client = 4-version-negotiation-client + +[4-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = InternalError + + +# =========================================================== + +[5-version-negotiation] +ssl_conf = 5-version-negotiation-ssl + +[5-version-negotiation-ssl] +server = 5-version-negotiation-server +client = 5-version-negotiation-client + +[5-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = InternalError + + +# =========================================================== + +[6-version-negotiation] +ssl_conf = 6-version-negotiation-ssl + +[6-version-negotiation-ssl] +server = 6-version-negotiation-server +client = 6-version-negotiation-client + +[6-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = InternalError + + +# =========================================================== + +[7-version-negotiation] +ssl_conf = 7-version-negotiation-ssl + +[7-version-negotiation-ssl] +server = 7-version-negotiation-server +client = 7-version-negotiation-client + +[7-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = InternalError + + +# =========================================================== + +[8-version-negotiation] +ssl_conf = 8-version-negotiation-ssl + +[8-version-negotiation-ssl] +server = 8-version-negotiation-server +client = 8-version-negotiation-client + +[8-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedResult = InternalError + + +# =========================================================== + +[9-version-negotiation] +ssl_conf = 9-version-negotiation-ssl + +[9-version-negotiation-ssl] +server = 9-version-negotiation-server +client = 9-version-negotiation-client + +[9-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedResult = InternalError + + +# =========================================================== + +[10-version-negotiation] +ssl_conf = 10-version-negotiation-ssl + +[10-version-negotiation-ssl] +server = 10-version-negotiation-server +client = 10-version-negotiation-client + +[10-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedResult = InternalError + + +# =========================================================== + +[11-version-negotiation] +ssl_conf = 11-version-negotiation-ssl + +[11-version-negotiation-ssl] +server = 11-version-negotiation-server +client = 11-version-negotiation-client + +[11-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedResult = InternalError + + +# =========================================================== + +[12-version-negotiation] +ssl_conf = 12-version-negotiation-ssl + +[12-version-negotiation-ssl] +server = 12-version-negotiation-server +client = 12-version-negotiation-client + +[12-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedResult = InternalError + + +# =========================================================== + +[13-version-negotiation] +ssl_conf = 13-version-negotiation-ssl + +[13-version-negotiation-ssl] +server = 13-version-negotiation-server +client = 13-version-negotiation-client + +[13-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedResult = InternalError + + +# =========================================================== + +[14-version-negotiation] +ssl_conf = 14-version-negotiation-ssl + +[14-version-negotiation-ssl] +server = 14-version-negotiation-server +client = 14-version-negotiation-client + +[14-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedResult = InternalError + + +# =========================================================== + +[15-version-negotiation] +ssl_conf = 15-version-negotiation-ssl + +[15-version-negotiation-ssl] +server = 15-version-negotiation-server +client = 15-version-negotiation-client + +[15-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedResult = InternalError + + +# =========================================================== + +[16-version-negotiation] +ssl_conf = 16-version-negotiation-ssl + +[16-version-negotiation-ssl] +server = 16-version-negotiation-server +client = 16-version-negotiation-client + +[16-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +ExpectedResult = InternalError + + +# =========================================================== + +[17-version-negotiation] +ssl_conf = 17-version-negotiation-ssl + +[17-version-negotiation-ssl] +server = 17-version-negotiation-server +client = 17-version-negotiation-client + +[17-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[17-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-17] +ExpectedResult = InternalError + + +# =========================================================== + +[18-version-negotiation] +ssl_conf = 18-version-negotiation-ssl + +[18-version-negotiation-ssl] +server = 18-version-negotiation-server +client = 18-version-negotiation-client + +[18-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-18] +ExpectedResult = InternalError + + +# =========================================================== + +[19-version-negotiation] +ssl_conf = 19-version-negotiation-ssl + +[19-version-negotiation-ssl] +server = 19-version-negotiation-server +client = 19-version-negotiation-client + +[19-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-19] +ExpectedResult = ServerFail + + +# =========================================================== + +[20-version-negotiation] +ssl_conf = 20-version-negotiation-ssl + +[20-version-negotiation-ssl] +server = 20-version-negotiation-server +client = 20-version-negotiation-client + +[20-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[20-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-20] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[21-version-negotiation] +ssl_conf = 21-version-negotiation-ssl + +[21-version-negotiation-ssl] +server = 21-version-negotiation-server +client = 21-version-negotiation-client + +[21-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[21-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-21] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[22-version-negotiation] +ssl_conf = 22-version-negotiation-ssl + +[22-version-negotiation-ssl] +server = 22-version-negotiation-server +client = 22-version-negotiation-client + +[22-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[22-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-22] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[23-version-negotiation] +ssl_conf = 23-version-negotiation-ssl + +[23-version-negotiation-ssl] +server = 23-version-negotiation-server +client = 23-version-negotiation-client + +[23-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[23-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-23] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[24-version-negotiation] +ssl_conf = 24-version-negotiation-ssl + +[24-version-negotiation-ssl] +server = 24-version-negotiation-server +client = 24-version-negotiation-client + +[24-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[24-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-24] +ExpectedResult = ServerFail + + +# =========================================================== + +[25-version-negotiation] +ssl_conf = 25-version-negotiation-ssl + +[25-version-negotiation-ssl] +server = 25-version-negotiation-server +client = 25-version-negotiation-client + +[25-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[25-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-25] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[26-version-negotiation] +ssl_conf = 26-version-negotiation-ssl + +[26-version-negotiation-ssl] +server = 26-version-negotiation-server +client = 26-version-negotiation-client + +[26-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[26-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-26] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[27-version-negotiation] +ssl_conf = 27-version-negotiation-ssl + +[27-version-negotiation-ssl] +server = 27-version-negotiation-server +client = 27-version-negotiation-client + +[27-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[27-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-27] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[28-version-negotiation] +ssl_conf = 28-version-negotiation-ssl + +[28-version-negotiation-ssl] +server = 28-version-negotiation-server +client = 28-version-negotiation-client + +[28-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[28-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-28] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[29-version-negotiation] +ssl_conf = 29-version-negotiation-ssl + +[29-version-negotiation-ssl] +server = 29-version-negotiation-server +client = 29-version-negotiation-client + +[29-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[29-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-29] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[30-version-negotiation] +ssl_conf = 30-version-negotiation-ssl + +[30-version-negotiation-ssl] +server = 30-version-negotiation-server +client = 30-version-negotiation-client + +[30-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[30-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-30] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[31-version-negotiation] +ssl_conf = 31-version-negotiation-ssl + +[31-version-negotiation-ssl] +server = 31-version-negotiation-server +client = 31-version-negotiation-client + +[31-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[31-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-31] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[32-version-negotiation] +ssl_conf = 32-version-negotiation-ssl + +[32-version-negotiation-ssl] +server = 32-version-negotiation-server +client = 32-version-negotiation-client + +[32-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[32-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-32] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[33-version-negotiation] +ssl_conf = 33-version-negotiation-ssl + +[33-version-negotiation-ssl] +server = 33-version-negotiation-server +client = 33-version-negotiation-client + +[33-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[33-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-33] +ExpectedResult = ServerFail + + +# =========================================================== + +[34-version-negotiation] +ssl_conf = 34-version-negotiation-ssl + +[34-version-negotiation-ssl] +server = 34-version-negotiation-server +client = 34-version-negotiation-client + +[34-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[34-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-34] +ExpectedResult = ServerFail + + +# =========================================================== + +[35-version-negotiation] +ssl_conf = 35-version-negotiation-ssl + +[35-version-negotiation-ssl] +server = 35-version-negotiation-server +client = 35-version-negotiation-client + +[35-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[35-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-35] +ExpectedResult = ServerFail + + +# =========================================================== + +[36-version-negotiation] +ssl_conf = 36-version-negotiation-ssl + +[36-version-negotiation-ssl] +server = 36-version-negotiation-server +client = 36-version-negotiation-client + +[36-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[36-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-36] +ExpectedResult = ServerFail + + +# =========================================================== + +[37-version-negotiation] +ssl_conf = 37-version-negotiation-ssl + +[37-version-negotiation-ssl] +server = 37-version-negotiation-server +client = 37-version-negotiation-client + +[37-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[37-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-37] +ExpectedResult = ServerFail + + +# =========================================================== + +[38-version-negotiation] +ssl_conf = 38-version-negotiation-ssl + +[38-version-negotiation-ssl] +server = 38-version-negotiation-server +client = 38-version-negotiation-client + +[38-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[38-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-38] +ExpectedResult = ServerFail + + +# =========================================================== + +[39-version-negotiation] +ssl_conf = 39-version-negotiation-ssl + +[39-version-negotiation-ssl] +server = 39-version-negotiation-server +client = 39-version-negotiation-client + +[39-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[39-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-39] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[40-version-negotiation] +ssl_conf = 40-version-negotiation-ssl + +[40-version-negotiation-ssl] +server = 40-version-negotiation-server +client = 40-version-negotiation-client + +[40-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[40-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-40] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[41-version-negotiation] +ssl_conf = 41-version-negotiation-ssl + +[41-version-negotiation-ssl] +server = 41-version-negotiation-server +client = 41-version-negotiation-client + +[41-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[41-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-41] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[42-version-negotiation] +ssl_conf = 42-version-negotiation-ssl + +[42-version-negotiation-ssl] +server = 42-version-negotiation-server +client = 42-version-negotiation-client + +[42-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[42-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-42] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[43-version-negotiation] +ssl_conf = 43-version-negotiation-ssl + +[43-version-negotiation-ssl] +server = 43-version-negotiation-server +client = 43-version-negotiation-client + +[43-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[43-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-43] +ExpectedResult = ServerFail + + +# =========================================================== + +[44-version-negotiation] +ssl_conf = 44-version-negotiation-ssl + +[44-version-negotiation-ssl] +server = 44-version-negotiation-server +client = 44-version-negotiation-client + +[44-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[44-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-44] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[45-version-negotiation] +ssl_conf = 45-version-negotiation-ssl + +[45-version-negotiation-ssl] +server = 45-version-negotiation-server +client = 45-version-negotiation-client + +[45-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[45-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-45] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[46-version-negotiation] +ssl_conf = 46-version-negotiation-ssl + +[46-version-negotiation-ssl] +server = 46-version-negotiation-server +client = 46-version-negotiation-client + +[46-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[46-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-46] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[47-version-negotiation] +ssl_conf = 47-version-negotiation-ssl + +[47-version-negotiation-ssl] +server = 47-version-negotiation-server +client = 47-version-negotiation-client + +[47-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[47-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-47] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[48-version-negotiation] +ssl_conf = 48-version-negotiation-ssl + +[48-version-negotiation-ssl] +server = 48-version-negotiation-server +client = 48-version-negotiation-client + +[48-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[48-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-48] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[49-version-negotiation] +ssl_conf = 49-version-negotiation-ssl + +[49-version-negotiation-ssl] +server = 49-version-negotiation-server +client = 49-version-negotiation-client + +[49-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[49-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-49] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[50-version-negotiation] +ssl_conf = 50-version-negotiation-ssl + +[50-version-negotiation-ssl] +server = 50-version-negotiation-server +client = 50-version-negotiation-client + +[50-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[50-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-50] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[51-version-negotiation] +ssl_conf = 51-version-negotiation-ssl + +[51-version-negotiation-ssl] +server = 51-version-negotiation-server +client = 51-version-negotiation-client + +[51-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[51-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-51] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[52-version-negotiation] +ssl_conf = 52-version-negotiation-ssl + +[52-version-negotiation-ssl] +server = 52-version-negotiation-server +client = 52-version-negotiation-client + +[52-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[52-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-52] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[53-version-negotiation] +ssl_conf = 53-version-negotiation-ssl + +[53-version-negotiation-ssl] +server = 53-version-negotiation-server +client = 53-version-negotiation-client + +[53-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[53-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-53] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[54-version-negotiation] +ssl_conf = 54-version-negotiation-ssl + +[54-version-negotiation-ssl] +server = 54-version-negotiation-server +client = 54-version-negotiation-client + +[54-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[54-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-54] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[55-version-negotiation] +ssl_conf = 55-version-negotiation-ssl + +[55-version-negotiation-ssl] +server = 55-version-negotiation-server +client = 55-version-negotiation-client + +[55-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[55-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-55] +ExpectedResult = ServerFail + + +# =========================================================== + +[56-version-negotiation] +ssl_conf = 56-version-negotiation-ssl + +[56-version-negotiation-ssl] +server = 56-version-negotiation-server +client = 56-version-negotiation-client + +[56-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[56-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-56] +ExpectedResult = ServerFail + + +# =========================================================== + +[57-version-negotiation] +ssl_conf = 57-version-negotiation-ssl + +[57-version-negotiation-ssl] +server = 57-version-negotiation-server +client = 57-version-negotiation-client + +[57-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[57-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-57] +ExpectedResult = ServerFail + + +# =========================================================== + +[58-version-negotiation] +ssl_conf = 58-version-negotiation-ssl + +[58-version-negotiation-ssl] +server = 58-version-negotiation-server +client = 58-version-negotiation-client + +[58-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[58-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-58] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[59-version-negotiation] +ssl_conf = 59-version-negotiation-ssl + +[59-version-negotiation-ssl] +server = 59-version-negotiation-server +client = 59-version-negotiation-client + +[59-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[59-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-59] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[60-version-negotiation] +ssl_conf = 60-version-negotiation-ssl + +[60-version-negotiation-ssl] +server = 60-version-negotiation-server +client = 60-version-negotiation-client + +[60-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[60-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-60] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[61-version-negotiation] +ssl_conf = 61-version-negotiation-ssl + +[61-version-negotiation-ssl] +server = 61-version-negotiation-server +client = 61-version-negotiation-client + +[61-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[61-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-61] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[62-version-negotiation] +ssl_conf = 62-version-negotiation-ssl + +[62-version-negotiation-ssl] +server = 62-version-negotiation-server +client = 62-version-negotiation-client + +[62-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[62-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-62] +ExpectedResult = ServerFail + + +# =========================================================== + +[63-version-negotiation] +ssl_conf = 63-version-negotiation-ssl + +[63-version-negotiation-ssl] +server = 63-version-negotiation-server +client = 63-version-negotiation-client + +[63-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[63-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-63] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[64-version-negotiation] +ssl_conf = 64-version-negotiation-ssl + +[64-version-negotiation-ssl] +server = 64-version-negotiation-server +client = 64-version-negotiation-client + +[64-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[64-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-64] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[65-version-negotiation] +ssl_conf = 65-version-negotiation-ssl + +[65-version-negotiation-ssl] +server = 65-version-negotiation-server +client = 65-version-negotiation-client + +[65-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[65-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-65] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[66-version-negotiation] +ssl_conf = 66-version-negotiation-ssl + +[66-version-negotiation-ssl] +server = 66-version-negotiation-server +client = 66-version-negotiation-client + +[66-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[66-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-66] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[67-version-negotiation] +ssl_conf = 67-version-negotiation-ssl + +[67-version-negotiation-ssl] +server = 67-version-negotiation-server +client = 67-version-negotiation-client + +[67-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[67-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-67] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[68-version-negotiation] +ssl_conf = 68-version-negotiation-ssl + +[68-version-negotiation-ssl] +server = 68-version-negotiation-server +client = 68-version-negotiation-client + +[68-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[68-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-68] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[69-version-negotiation] +ssl_conf = 69-version-negotiation-ssl + +[69-version-negotiation-ssl] +server = 69-version-negotiation-server +client = 69-version-negotiation-client + +[69-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[69-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-69] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[70-version-negotiation] +ssl_conf = 70-version-negotiation-ssl + +[70-version-negotiation-ssl] +server = 70-version-negotiation-server +client = 70-version-negotiation-client + +[70-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[70-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-70] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[71-version-negotiation] +ssl_conf = 71-version-negotiation-ssl + +[71-version-negotiation-ssl] +server = 71-version-negotiation-server +client = 71-version-negotiation-client + +[71-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[71-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-71] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[72-version-negotiation] +ssl_conf = 72-version-negotiation-ssl + +[72-version-negotiation-ssl] +server = 72-version-negotiation-server +client = 72-version-negotiation-client + +[72-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[72-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-72] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[73-version-negotiation] +ssl_conf = 73-version-negotiation-ssl + +[73-version-negotiation-ssl] +server = 73-version-negotiation-server +client = 73-version-negotiation-client + +[73-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[73-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-73] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[74-version-negotiation] +ssl_conf = 74-version-negotiation-ssl + +[74-version-negotiation-ssl] +server = 74-version-negotiation-server +client = 74-version-negotiation-client + +[74-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[74-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-74] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[75-version-negotiation] +ssl_conf = 75-version-negotiation-ssl + +[75-version-negotiation-ssl] +server = 75-version-negotiation-server +client = 75-version-negotiation-client + +[75-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[75-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-75] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[76-version-negotiation] +ssl_conf = 76-version-negotiation-ssl + +[76-version-negotiation-ssl] +server = 76-version-negotiation-server +client = 76-version-negotiation-client + +[76-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[76-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-76] +ExpectedResult = ServerFail + + +# =========================================================== + +[77-version-negotiation] +ssl_conf = 77-version-negotiation-ssl + +[77-version-negotiation-ssl] +server = 77-version-negotiation-server +client = 77-version-negotiation-client + +[77-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[77-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-77] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[78-version-negotiation] +ssl_conf = 78-version-negotiation-ssl + +[78-version-negotiation-ssl] +server = 78-version-negotiation-server +client = 78-version-negotiation-client + +[78-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[78-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-78] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[79-version-negotiation] +ssl_conf = 79-version-negotiation-ssl + +[79-version-negotiation-ssl] +server = 79-version-negotiation-server +client = 79-version-negotiation-client + +[79-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[79-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-79] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[80-version-negotiation] +ssl_conf = 80-version-negotiation-ssl + +[80-version-negotiation-ssl] +server = 80-version-negotiation-server +client = 80-version-negotiation-client + +[80-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[80-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-80] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[81-version-negotiation] +ssl_conf = 81-version-negotiation-ssl + +[81-version-negotiation-ssl] +server = 81-version-negotiation-server +client = 81-version-negotiation-client + +[81-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[81-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-81] +ExpectedResult = ServerFail + + +# =========================================================== + +[82-version-negotiation] +ssl_conf = 82-version-negotiation-ssl + +[82-version-negotiation-ssl] +server = 82-version-negotiation-server +client = 82-version-negotiation-client + +[82-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[82-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-82] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[83-version-negotiation] +ssl_conf = 83-version-negotiation-ssl + +[83-version-negotiation-ssl] +server = 83-version-negotiation-server +client = 83-version-negotiation-client + +[83-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[83-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-83] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[84-version-negotiation] +ssl_conf = 84-version-negotiation-ssl + +[84-version-negotiation-ssl] +server = 84-version-negotiation-server +client = 84-version-negotiation-client + +[84-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[84-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-84] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[85-version-negotiation] +ssl_conf = 85-version-negotiation-ssl + +[85-version-negotiation-ssl] +server = 85-version-negotiation-server +client = 85-version-negotiation-client + +[85-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[85-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-85] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[86-version-negotiation] +ssl_conf = 86-version-negotiation-ssl + +[86-version-negotiation-ssl] +server = 86-version-negotiation-server +client = 86-version-negotiation-client + +[86-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[86-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-86] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[87-version-negotiation] +ssl_conf = 87-version-negotiation-ssl + +[87-version-negotiation-ssl] +server = 87-version-negotiation-server +client = 87-version-negotiation-client + +[87-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[87-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-87] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[88-version-negotiation] +ssl_conf = 88-version-negotiation-ssl + +[88-version-negotiation-ssl] +server = 88-version-negotiation-server +client = 88-version-negotiation-client + +[88-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[88-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-88] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[89-version-negotiation] +ssl_conf = 89-version-negotiation-ssl + +[89-version-negotiation-ssl] +server = 89-version-negotiation-server +client = 89-version-negotiation-client + +[89-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[89-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-89] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[90-version-negotiation] +ssl_conf = 90-version-negotiation-ssl + +[90-version-negotiation-ssl] +server = 90-version-negotiation-server +client = 90-version-negotiation-client + +[90-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[90-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-90] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[91-version-negotiation] +ssl_conf = 91-version-negotiation-ssl + +[91-version-negotiation-ssl] +server = 91-version-negotiation-server +client = 91-version-negotiation-client + +[91-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[91-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-91] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[92-version-negotiation] +ssl_conf = 92-version-negotiation-ssl + +[92-version-negotiation-ssl] +server = 92-version-negotiation-server +client = 92-version-negotiation-client + +[92-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[92-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-92] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[93-version-negotiation] +ssl_conf = 93-version-negotiation-ssl + +[93-version-negotiation-ssl] +server = 93-version-negotiation-server +client = 93-version-negotiation-client + +[93-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[93-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-93] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[94-version-negotiation] +ssl_conf = 94-version-negotiation-ssl + +[94-version-negotiation-ssl] +server = 94-version-negotiation-server +client = 94-version-negotiation-client + +[94-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[94-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-94] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[95-version-negotiation] +ssl_conf = 95-version-negotiation-ssl + +[95-version-negotiation-ssl] +server = 95-version-negotiation-server +client = 95-version-negotiation-client + +[95-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[95-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-95] +ExpectedResult = InternalError + + +# =========================================================== + +[96-version-negotiation] +ssl_conf = 96-version-negotiation-ssl + +[96-version-negotiation-ssl] +server = 96-version-negotiation-server +client = 96-version-negotiation-client + +[96-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[96-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-96] +ExpectedResult = InternalError + + +# =========================================================== + +[97-version-negotiation] +ssl_conf = 97-version-negotiation-ssl + +[97-version-negotiation-ssl] +server = 97-version-negotiation-server +client = 97-version-negotiation-client + +[97-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[97-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-97] +ExpectedResult = InternalError + + +# =========================================================== + +[98-version-negotiation] +ssl_conf = 98-version-negotiation-ssl + +[98-version-negotiation-ssl] +server = 98-version-negotiation-server +client = 98-version-negotiation-client + +[98-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[98-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-98] +ExpectedResult = InternalError + + +# =========================================================== + +[99-version-negotiation] +ssl_conf = 99-version-negotiation-ssl + +[99-version-negotiation-ssl] +server = 99-version-negotiation-server +client = 99-version-negotiation-client + +[99-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[99-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-99] +ExpectedResult = InternalError + + +# =========================================================== + +[100-version-negotiation] +ssl_conf = 100-version-negotiation-ssl + +[100-version-negotiation-ssl] +server = 100-version-negotiation-server +client = 100-version-negotiation-client + +[100-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[100-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-100] +ExpectedResult = InternalError + + +# =========================================================== + +[101-version-negotiation] +ssl_conf = 101-version-negotiation-ssl + +[101-version-negotiation-ssl] +server = 101-version-negotiation-server +client = 101-version-negotiation-client + +[101-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[101-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-101] +ExpectedResult = InternalError + + +# =========================================================== + +[102-version-negotiation] +ssl_conf = 102-version-negotiation-ssl + +[102-version-negotiation-ssl] +server = 102-version-negotiation-server +client = 102-version-negotiation-client + +[102-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[102-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-102] +ExpectedResult = InternalError + + +# =========================================================== + +[103-version-negotiation] +ssl_conf = 103-version-negotiation-ssl + +[103-version-negotiation-ssl] +server = 103-version-negotiation-server +client = 103-version-negotiation-client + +[103-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[103-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-103] +ExpectedResult = InternalError + + +# =========================================================== + +[104-version-negotiation] +ssl_conf = 104-version-negotiation-ssl + +[104-version-negotiation-ssl] +server = 104-version-negotiation-server +client = 104-version-negotiation-client + +[104-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[104-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-104] +ExpectedResult = InternalError + + +# =========================================================== + +[105-version-negotiation] +ssl_conf = 105-version-negotiation-ssl + +[105-version-negotiation-ssl] +server = 105-version-negotiation-server +client = 105-version-negotiation-client + +[105-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[105-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-105] +ExpectedResult = InternalError + + +# =========================================================== + +[106-version-negotiation] +ssl_conf = 106-version-negotiation-ssl + +[106-version-negotiation-ssl] +server = 106-version-negotiation-server +client = 106-version-negotiation-client + +[106-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[106-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-106] +ExpectedResult = InternalError + + +# =========================================================== + +[107-version-negotiation] +ssl_conf = 107-version-negotiation-ssl + +[107-version-negotiation-ssl] +server = 107-version-negotiation-server +client = 107-version-negotiation-client + +[107-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[107-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-107] +ExpectedResult = InternalError + + +# =========================================================== + +[108-version-negotiation] +ssl_conf = 108-version-negotiation-ssl + +[108-version-negotiation-ssl] +server = 108-version-negotiation-server +client = 108-version-negotiation-client + +[108-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[108-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-108] +ExpectedResult = InternalError + + +# =========================================================== + +[109-version-negotiation] +ssl_conf = 109-version-negotiation-ssl + +[109-version-negotiation-ssl] +server = 109-version-negotiation-server +client = 109-version-negotiation-client + +[109-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[109-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-109] +ExpectedResult = InternalError + + +# =========================================================== + +[110-version-negotiation] +ssl_conf = 110-version-negotiation-ssl + +[110-version-negotiation-ssl] +server = 110-version-negotiation-server +client = 110-version-negotiation-client + +[110-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[110-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-110] +ExpectedResult = InternalError + + +# =========================================================== + +[111-version-negotiation] +ssl_conf = 111-version-negotiation-ssl + +[111-version-negotiation-ssl] +server = 111-version-negotiation-server +client = 111-version-negotiation-client + +[111-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[111-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-111] +ExpectedResult = InternalError + + +# =========================================================== + +[112-version-negotiation] +ssl_conf = 112-version-negotiation-ssl + +[112-version-negotiation-ssl] +server = 112-version-negotiation-server +client = 112-version-negotiation-client + +[112-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[112-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-112] +ExpectedResult = InternalError + + +# =========================================================== + +[113-version-negotiation] +ssl_conf = 113-version-negotiation-ssl + +[113-version-negotiation-ssl] +server = 113-version-negotiation-server +client = 113-version-negotiation-client + +[113-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[113-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-113] +ExpectedResult = InternalError + + +# =========================================================== + +[114-version-negotiation] +ssl_conf = 114-version-negotiation-ssl + +[114-version-negotiation-ssl] +server = 114-version-negotiation-server +client = 114-version-negotiation-client + +[114-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[114-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-114] +ExpectedResult = ServerFail + + +# =========================================================== + +[115-version-negotiation] +ssl_conf = 115-version-negotiation-ssl + +[115-version-negotiation-ssl] +server = 115-version-negotiation-server +client = 115-version-negotiation-client + +[115-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[115-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-115] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[116-version-negotiation] +ssl_conf = 116-version-negotiation-ssl + +[116-version-negotiation-ssl] +server = 116-version-negotiation-server +client = 116-version-negotiation-client + +[116-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[116-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-116] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[117-version-negotiation] +ssl_conf = 117-version-negotiation-ssl + +[117-version-negotiation-ssl] +server = 117-version-negotiation-server +client = 117-version-negotiation-client + +[117-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[117-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-117] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[118-version-negotiation] +ssl_conf = 118-version-negotiation-ssl + +[118-version-negotiation-ssl] +server = 118-version-negotiation-server +client = 118-version-negotiation-client + +[118-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[118-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-118] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[119-version-negotiation] +ssl_conf = 119-version-negotiation-ssl + +[119-version-negotiation-ssl] +server = 119-version-negotiation-server +client = 119-version-negotiation-client + +[119-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[119-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-119] +ExpectedResult = ServerFail + + +# =========================================================== + +[120-version-negotiation] +ssl_conf = 120-version-negotiation-ssl + +[120-version-negotiation-ssl] +server = 120-version-negotiation-server +client = 120-version-negotiation-client + +[120-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[120-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-120] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[121-version-negotiation] +ssl_conf = 121-version-negotiation-ssl + +[121-version-negotiation-ssl] +server = 121-version-negotiation-server +client = 121-version-negotiation-client + +[121-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[121-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-121] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[122-version-negotiation] +ssl_conf = 122-version-negotiation-ssl + +[122-version-negotiation-ssl] +server = 122-version-negotiation-server +client = 122-version-negotiation-client + +[122-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[122-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-122] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[123-version-negotiation] +ssl_conf = 123-version-negotiation-ssl + +[123-version-negotiation-ssl] +server = 123-version-negotiation-server +client = 123-version-negotiation-client + +[123-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[123-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-123] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[124-version-negotiation] +ssl_conf = 124-version-negotiation-ssl + +[124-version-negotiation-ssl] +server = 124-version-negotiation-server +client = 124-version-negotiation-client + +[124-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[124-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-124] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[125-version-negotiation] +ssl_conf = 125-version-negotiation-ssl + +[125-version-negotiation-ssl] +server = 125-version-negotiation-server +client = 125-version-negotiation-client + +[125-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[125-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-125] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[126-version-negotiation] +ssl_conf = 126-version-negotiation-ssl + +[126-version-negotiation-ssl] +server = 126-version-negotiation-server +client = 126-version-negotiation-client + +[126-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[126-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-126] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[127-version-negotiation] +ssl_conf = 127-version-negotiation-ssl + +[127-version-negotiation-ssl] +server = 127-version-negotiation-server +client = 127-version-negotiation-client + +[127-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[127-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-127] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[128-version-negotiation] +ssl_conf = 128-version-negotiation-ssl + +[128-version-negotiation-ssl] +server = 128-version-negotiation-server +client = 128-version-negotiation-client + +[128-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[128-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-128] +ExpectedResult = ServerFail + + +# =========================================================== + +[129-version-negotiation] +ssl_conf = 129-version-negotiation-ssl + +[129-version-negotiation-ssl] +server = 129-version-negotiation-server +client = 129-version-negotiation-client + +[129-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[129-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-129] +ExpectedResult = ServerFail + + +# =========================================================== + +[130-version-negotiation] +ssl_conf = 130-version-negotiation-ssl + +[130-version-negotiation-ssl] +server = 130-version-negotiation-server +client = 130-version-negotiation-client + +[130-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[130-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-130] +ExpectedResult = ServerFail + + +# =========================================================== + +[131-version-negotiation] +ssl_conf = 131-version-negotiation-ssl + +[131-version-negotiation-ssl] +server = 131-version-negotiation-server +client = 131-version-negotiation-client + +[131-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[131-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-131] +ExpectedResult = ServerFail + + +# =========================================================== + +[132-version-negotiation] +ssl_conf = 132-version-negotiation-ssl + +[132-version-negotiation-ssl] +server = 132-version-negotiation-server +client = 132-version-negotiation-client + +[132-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[132-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-132] +ExpectedResult = ServerFail + + +# =========================================================== + +[133-version-negotiation] +ssl_conf = 133-version-negotiation-ssl + +[133-version-negotiation-ssl] +server = 133-version-negotiation-server +client = 133-version-negotiation-client + +[133-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[133-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-133] +ExpectedResult = ServerFail + + +# =========================================================== + +[134-version-negotiation] +ssl_conf = 134-version-negotiation-ssl + +[134-version-negotiation-ssl] +server = 134-version-negotiation-server +client = 134-version-negotiation-client + +[134-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[134-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-134] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[135-version-negotiation] +ssl_conf = 135-version-negotiation-ssl + +[135-version-negotiation-ssl] +server = 135-version-negotiation-server +client = 135-version-negotiation-client + +[135-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[135-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-135] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[136-version-negotiation] +ssl_conf = 136-version-negotiation-ssl + +[136-version-negotiation-ssl] +server = 136-version-negotiation-server +client = 136-version-negotiation-client + +[136-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[136-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-136] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[137-version-negotiation] +ssl_conf = 137-version-negotiation-ssl + +[137-version-negotiation-ssl] +server = 137-version-negotiation-server +client = 137-version-negotiation-client + +[137-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[137-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-137] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[138-version-negotiation] +ssl_conf = 138-version-negotiation-ssl + +[138-version-negotiation-ssl] +server = 138-version-negotiation-server +client = 138-version-negotiation-client + +[138-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[138-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-138] +ExpectedResult = ServerFail + + +# =========================================================== + +[139-version-negotiation] +ssl_conf = 139-version-negotiation-ssl + +[139-version-negotiation-ssl] +server = 139-version-negotiation-server +client = 139-version-negotiation-client + +[139-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[139-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-139] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[140-version-negotiation] +ssl_conf = 140-version-negotiation-ssl + +[140-version-negotiation-ssl] +server = 140-version-negotiation-server +client = 140-version-negotiation-client + +[140-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[140-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-140] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[141-version-negotiation] +ssl_conf = 141-version-negotiation-ssl + +[141-version-negotiation-ssl] +server = 141-version-negotiation-server +client = 141-version-negotiation-client + +[141-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[141-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-141] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[142-version-negotiation] +ssl_conf = 142-version-negotiation-ssl + +[142-version-negotiation-ssl] +server = 142-version-negotiation-server +client = 142-version-negotiation-client + +[142-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[142-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-142] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[143-version-negotiation] +ssl_conf = 143-version-negotiation-ssl + +[143-version-negotiation-ssl] +server = 143-version-negotiation-server +client = 143-version-negotiation-client + +[143-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[143-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-143] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[144-version-negotiation] +ssl_conf = 144-version-negotiation-ssl + +[144-version-negotiation-ssl] +server = 144-version-negotiation-server +client = 144-version-negotiation-client + +[144-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[144-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-144] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[145-version-negotiation] +ssl_conf = 145-version-negotiation-ssl + +[145-version-negotiation-ssl] +server = 145-version-negotiation-server +client = 145-version-negotiation-client + +[145-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[145-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-145] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[146-version-negotiation] +ssl_conf = 146-version-negotiation-ssl + +[146-version-negotiation-ssl] +server = 146-version-negotiation-server +client = 146-version-negotiation-client + +[146-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[146-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-146] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[147-version-negotiation] +ssl_conf = 147-version-negotiation-ssl + +[147-version-negotiation-ssl] +server = 147-version-negotiation-server +client = 147-version-negotiation-client + +[147-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[147-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-147] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[148-version-negotiation] +ssl_conf = 148-version-negotiation-ssl + +[148-version-negotiation-ssl] +server = 148-version-negotiation-server +client = 148-version-negotiation-client + +[148-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[148-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-148] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[149-version-negotiation] +ssl_conf = 149-version-negotiation-ssl + +[149-version-negotiation-ssl] +server = 149-version-negotiation-server +client = 149-version-negotiation-client + +[149-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[149-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-149] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[150-version-negotiation] +ssl_conf = 150-version-negotiation-ssl + +[150-version-negotiation-ssl] +server = 150-version-negotiation-server +client = 150-version-negotiation-client + +[150-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[150-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-150] +ExpectedResult = ServerFail + + +# =========================================================== + +[151-version-negotiation] +ssl_conf = 151-version-negotiation-ssl + +[151-version-negotiation-ssl] +server = 151-version-negotiation-server +client = 151-version-negotiation-client + +[151-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[151-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-151] +ExpectedResult = ServerFail + + +# =========================================================== + +[152-version-negotiation] +ssl_conf = 152-version-negotiation-ssl + +[152-version-negotiation-ssl] +server = 152-version-negotiation-server +client = 152-version-negotiation-client + +[152-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[152-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-152] +ExpectedResult = ServerFail + + +# =========================================================== + +[153-version-negotiation] +ssl_conf = 153-version-negotiation-ssl + +[153-version-negotiation-ssl] +server = 153-version-negotiation-server +client = 153-version-negotiation-client + +[153-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[153-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-153] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[154-version-negotiation] +ssl_conf = 154-version-negotiation-ssl + +[154-version-negotiation-ssl] +server = 154-version-negotiation-server +client = 154-version-negotiation-client + +[154-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[154-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-154] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[155-version-negotiation] +ssl_conf = 155-version-negotiation-ssl + +[155-version-negotiation-ssl] +server = 155-version-negotiation-server +client = 155-version-negotiation-client + +[155-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[155-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-155] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[156-version-negotiation] +ssl_conf = 156-version-negotiation-ssl + +[156-version-negotiation-ssl] +server = 156-version-negotiation-server +client = 156-version-negotiation-client + +[156-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[156-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-156] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[157-version-negotiation] +ssl_conf = 157-version-negotiation-ssl + +[157-version-negotiation-ssl] +server = 157-version-negotiation-server +client = 157-version-negotiation-client + +[157-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[157-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-157] +ExpectedResult = ServerFail + + +# =========================================================== + +[158-version-negotiation] +ssl_conf = 158-version-negotiation-ssl + +[158-version-negotiation-ssl] +server = 158-version-negotiation-server +client = 158-version-negotiation-client + +[158-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[158-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-158] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[159-version-negotiation] +ssl_conf = 159-version-negotiation-ssl + +[159-version-negotiation-ssl] +server = 159-version-negotiation-server +client = 159-version-negotiation-client + +[159-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[159-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-159] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[160-version-negotiation] +ssl_conf = 160-version-negotiation-ssl + +[160-version-negotiation-ssl] +server = 160-version-negotiation-server +client = 160-version-negotiation-client + +[160-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[160-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-160] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[161-version-negotiation] +ssl_conf = 161-version-negotiation-ssl + +[161-version-negotiation-ssl] +server = 161-version-negotiation-server +client = 161-version-negotiation-client + +[161-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[161-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-161] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[162-version-negotiation] +ssl_conf = 162-version-negotiation-ssl + +[162-version-negotiation-ssl] +server = 162-version-negotiation-server +client = 162-version-negotiation-client + +[162-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[162-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-162] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[163-version-negotiation] +ssl_conf = 163-version-negotiation-ssl + +[163-version-negotiation-ssl] +server = 163-version-negotiation-server +client = 163-version-negotiation-client + +[163-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[163-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-163] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[164-version-negotiation] +ssl_conf = 164-version-negotiation-ssl + +[164-version-negotiation-ssl] +server = 164-version-negotiation-server +client = 164-version-negotiation-client + +[164-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[164-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-164] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[165-version-negotiation] +ssl_conf = 165-version-negotiation-ssl + +[165-version-negotiation-ssl] +server = 165-version-negotiation-server +client = 165-version-negotiation-client + +[165-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[165-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-165] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[166-version-negotiation] +ssl_conf = 166-version-negotiation-ssl + +[166-version-negotiation-ssl] +server = 166-version-negotiation-server +client = 166-version-negotiation-client + +[166-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[166-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-166] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[167-version-negotiation] +ssl_conf = 167-version-negotiation-ssl + +[167-version-negotiation-ssl] +server = 167-version-negotiation-server +client = 167-version-negotiation-client + +[167-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[167-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-167] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[168-version-negotiation] +ssl_conf = 168-version-negotiation-ssl + +[168-version-negotiation-ssl] +server = 168-version-negotiation-server +client = 168-version-negotiation-client + +[168-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[168-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-168] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[169-version-negotiation] +ssl_conf = 169-version-negotiation-ssl + +[169-version-negotiation-ssl] +server = 169-version-negotiation-server +client = 169-version-negotiation-client + +[169-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[169-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-169] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[170-version-negotiation] +ssl_conf = 170-version-negotiation-ssl + +[170-version-negotiation-ssl] +server = 170-version-negotiation-server +client = 170-version-negotiation-client + +[170-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[170-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-170] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[171-version-negotiation] +ssl_conf = 171-version-negotiation-ssl + +[171-version-negotiation-ssl] +server = 171-version-negotiation-server +client = 171-version-negotiation-client + +[171-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[171-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-171] +ExpectedResult = ServerFail + + +# =========================================================== + +[172-version-negotiation] +ssl_conf = 172-version-negotiation-ssl + +[172-version-negotiation-ssl] +server = 172-version-negotiation-server +client = 172-version-negotiation-client + +[172-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[172-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-172] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[173-version-negotiation] +ssl_conf = 173-version-negotiation-ssl + +[173-version-negotiation-ssl] +server = 173-version-negotiation-server +client = 173-version-negotiation-client + +[173-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[173-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-173] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[174-version-negotiation] +ssl_conf = 174-version-negotiation-ssl + +[174-version-negotiation-ssl] +server = 174-version-negotiation-server +client = 174-version-negotiation-client + +[174-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[174-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-174] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[175-version-negotiation] +ssl_conf = 175-version-negotiation-ssl + +[175-version-negotiation-ssl] +server = 175-version-negotiation-server +client = 175-version-negotiation-client + +[175-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[175-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-175] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[176-version-negotiation] +ssl_conf = 176-version-negotiation-ssl + +[176-version-negotiation-ssl] +server = 176-version-negotiation-server +client = 176-version-negotiation-client + +[176-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[176-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-176] +ExpectedResult = ServerFail + + +# =========================================================== + +[177-version-negotiation] +ssl_conf = 177-version-negotiation-ssl + +[177-version-negotiation-ssl] +server = 177-version-negotiation-server +client = 177-version-negotiation-client + +[177-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[177-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-177] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[178-version-negotiation] +ssl_conf = 178-version-negotiation-ssl + +[178-version-negotiation-ssl] +server = 178-version-negotiation-server +client = 178-version-negotiation-client + +[178-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[178-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-178] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[179-version-negotiation] +ssl_conf = 179-version-negotiation-ssl + +[179-version-negotiation-ssl] +server = 179-version-negotiation-server +client = 179-version-negotiation-client + +[179-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[179-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-179] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[180-version-negotiation] +ssl_conf = 180-version-negotiation-ssl + +[180-version-negotiation-ssl] +server = 180-version-negotiation-server +client = 180-version-negotiation-client + +[180-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[180-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-180] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[181-version-negotiation] +ssl_conf = 181-version-negotiation-ssl + +[181-version-negotiation-ssl] +server = 181-version-negotiation-server +client = 181-version-negotiation-client + +[181-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[181-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-181] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[182-version-negotiation] +ssl_conf = 182-version-negotiation-ssl + +[182-version-negotiation-ssl] +server = 182-version-negotiation-server +client = 182-version-negotiation-client + +[182-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[182-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-182] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[183-version-negotiation] +ssl_conf = 183-version-negotiation-ssl + +[183-version-negotiation-ssl] +server = 183-version-negotiation-server +client = 183-version-negotiation-client + +[183-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[183-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-183] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[184-version-negotiation] +ssl_conf = 184-version-negotiation-ssl + +[184-version-negotiation-ssl] +server = 184-version-negotiation-server +client = 184-version-negotiation-client + +[184-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[184-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-184] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[185-version-negotiation] +ssl_conf = 185-version-negotiation-ssl + +[185-version-negotiation-ssl] +server = 185-version-negotiation-server +client = 185-version-negotiation-client + +[185-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[185-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-185] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[186-version-negotiation] +ssl_conf = 186-version-negotiation-ssl + +[186-version-negotiation-ssl] +server = 186-version-negotiation-server +client = 186-version-negotiation-client + +[186-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[186-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-186] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[187-version-negotiation] +ssl_conf = 187-version-negotiation-ssl + +[187-version-negotiation-ssl] +server = 187-version-negotiation-server +client = 187-version-negotiation-client + +[187-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[187-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-187] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[188-version-negotiation] +ssl_conf = 188-version-negotiation-ssl + +[188-version-negotiation-ssl] +server = 188-version-negotiation-server +client = 188-version-negotiation-client + +[188-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[188-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-188] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[189-version-negotiation] +ssl_conf = 189-version-negotiation-ssl + +[189-version-negotiation-ssl] +server = 189-version-negotiation-server +client = 189-version-negotiation-client + +[189-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[189-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-189] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[190-version-negotiation] +ssl_conf = 190-version-negotiation-ssl + +[190-version-negotiation-ssl] +server = 190-version-negotiation-server +client = 190-version-negotiation-client + +[190-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[190-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-190] +ExpectedResult = ServerFail + + +# =========================================================== + +[191-version-negotiation] +ssl_conf = 191-version-negotiation-ssl + +[191-version-negotiation-ssl] +server = 191-version-negotiation-server +client = 191-version-negotiation-client + +[191-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[191-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-191] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[192-version-negotiation] +ssl_conf = 192-version-negotiation-ssl + +[192-version-negotiation-ssl] +server = 192-version-negotiation-server +client = 192-version-negotiation-client + +[192-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[192-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-192] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[193-version-negotiation] +ssl_conf = 193-version-negotiation-ssl + +[193-version-negotiation-ssl] +server = 193-version-negotiation-server +client = 193-version-negotiation-client + +[193-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[193-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-193] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[194-version-negotiation] +ssl_conf = 194-version-negotiation-ssl + +[194-version-negotiation-ssl] +server = 194-version-negotiation-server +client = 194-version-negotiation-client + +[194-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[194-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-194] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[195-version-negotiation] +ssl_conf = 195-version-negotiation-ssl + +[195-version-negotiation-ssl] +server = 195-version-negotiation-server +client = 195-version-negotiation-client + +[195-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[195-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-195] +ExpectedResult = ServerFail + + +# =========================================================== + +[196-version-negotiation] +ssl_conf = 196-version-negotiation-ssl + +[196-version-negotiation-ssl] +server = 196-version-negotiation-server +client = 196-version-negotiation-client + +[196-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[196-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-196] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[197-version-negotiation] +ssl_conf = 197-version-negotiation-ssl + +[197-version-negotiation-ssl] +server = 197-version-negotiation-server +client = 197-version-negotiation-client + +[197-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[197-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-197] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[198-version-negotiation] +ssl_conf = 198-version-negotiation-ssl + +[198-version-negotiation-ssl] +server = 198-version-negotiation-server +client = 198-version-negotiation-client + +[198-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[198-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-198] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[199-version-negotiation] +ssl_conf = 199-version-negotiation-ssl + +[199-version-negotiation-ssl] +server = 199-version-negotiation-server +client = 199-version-negotiation-client + +[199-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[199-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-199] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[200-version-negotiation] +ssl_conf = 200-version-negotiation-ssl + +[200-version-negotiation-ssl] +server = 200-version-negotiation-server +client = 200-version-negotiation-client + +[200-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[200-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-200] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[201-version-negotiation] +ssl_conf = 201-version-negotiation-ssl + +[201-version-negotiation-ssl] +server = 201-version-negotiation-server +client = 201-version-negotiation-client + +[201-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[201-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-201] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[202-version-negotiation] +ssl_conf = 202-version-negotiation-ssl + +[202-version-negotiation-ssl] +server = 202-version-negotiation-server +client = 202-version-negotiation-client + +[202-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[202-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-202] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[203-version-negotiation] +ssl_conf = 203-version-negotiation-ssl + +[203-version-negotiation-ssl] +server = 203-version-negotiation-server +client = 203-version-negotiation-client + +[203-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[203-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-203] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[204-version-negotiation] +ssl_conf = 204-version-negotiation-ssl + +[204-version-negotiation-ssl] +server = 204-version-negotiation-server +client = 204-version-negotiation-client + +[204-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[204-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-204] +ExpectedResult = ServerFail + + +# =========================================================== + +[205-version-negotiation] +ssl_conf = 205-version-negotiation-ssl + +[205-version-negotiation-ssl] +server = 205-version-negotiation-server +client = 205-version-negotiation-client + +[205-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[205-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-205] +ExpectedResult = ServerFail + + +# =========================================================== + +[206-version-negotiation] +ssl_conf = 206-version-negotiation-ssl + +[206-version-negotiation-ssl] +server = 206-version-negotiation-server +client = 206-version-negotiation-client + +[206-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[206-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-206] +ExpectedResult = ServerFail + + +# =========================================================== + +[207-version-negotiation] +ssl_conf = 207-version-negotiation-ssl + +[207-version-negotiation-ssl] +server = 207-version-negotiation-server +client = 207-version-negotiation-client + +[207-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[207-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-207] +ExpectedResult = ServerFail + + +# =========================================================== + +[208-version-negotiation] +ssl_conf = 208-version-negotiation-ssl + +[208-version-negotiation-ssl] +server = 208-version-negotiation-server +client = 208-version-negotiation-client + +[208-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[208-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-208] +ExpectedResult = ServerFail + + +# =========================================================== + +[209-version-negotiation] +ssl_conf = 209-version-negotiation-ssl + +[209-version-negotiation-ssl] +server = 209-version-negotiation-server +client = 209-version-negotiation-client + +[209-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[209-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-209] +ExpectedResult = ServerFail + + +# =========================================================== + +[210-version-negotiation] +ssl_conf = 210-version-negotiation-ssl + +[210-version-negotiation-ssl] +server = 210-version-negotiation-server +client = 210-version-negotiation-client + +[210-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[210-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-210] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[211-version-negotiation] +ssl_conf = 211-version-negotiation-ssl + +[211-version-negotiation-ssl] +server = 211-version-negotiation-server +client = 211-version-negotiation-client + +[211-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[211-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-211] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[212-version-negotiation] +ssl_conf = 212-version-negotiation-ssl + +[212-version-negotiation-ssl] +server = 212-version-negotiation-server +client = 212-version-negotiation-client + +[212-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[212-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-212] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[213-version-negotiation] +ssl_conf = 213-version-negotiation-ssl + +[213-version-negotiation-ssl] +server = 213-version-negotiation-server +client = 213-version-negotiation-client + +[213-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[213-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-213] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[214-version-negotiation] +ssl_conf = 214-version-negotiation-ssl + +[214-version-negotiation-ssl] +server = 214-version-negotiation-server +client = 214-version-negotiation-client + +[214-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[214-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-214] +ExpectedResult = ServerFail + + +# =========================================================== + +[215-version-negotiation] +ssl_conf = 215-version-negotiation-ssl + +[215-version-negotiation-ssl] +server = 215-version-negotiation-server +client = 215-version-negotiation-client + +[215-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[215-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-215] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[216-version-negotiation] +ssl_conf = 216-version-negotiation-ssl + +[216-version-negotiation-ssl] +server = 216-version-negotiation-server +client = 216-version-negotiation-client + +[216-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[216-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-216] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[217-version-negotiation] +ssl_conf = 217-version-negotiation-ssl + +[217-version-negotiation-ssl] +server = 217-version-negotiation-server +client = 217-version-negotiation-client + +[217-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[217-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-217] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[218-version-negotiation] +ssl_conf = 218-version-negotiation-ssl + +[218-version-negotiation-ssl] +server = 218-version-negotiation-server +client = 218-version-negotiation-client + +[218-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[218-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-218] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[219-version-negotiation] +ssl_conf = 219-version-negotiation-ssl + +[219-version-negotiation-ssl] +server = 219-version-negotiation-server +client = 219-version-negotiation-client + +[219-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[219-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-219] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[220-version-negotiation] +ssl_conf = 220-version-negotiation-ssl + +[220-version-negotiation-ssl] +server = 220-version-negotiation-server +client = 220-version-negotiation-client + +[220-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[220-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-220] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[221-version-negotiation] +ssl_conf = 221-version-negotiation-ssl + +[221-version-negotiation-ssl] +server = 221-version-negotiation-server +client = 221-version-negotiation-client + +[221-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[221-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-221] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[222-version-negotiation] +ssl_conf = 222-version-negotiation-ssl + +[222-version-negotiation-ssl] +server = 222-version-negotiation-server +client = 222-version-negotiation-client + +[222-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[222-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-222] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[223-version-negotiation] +ssl_conf = 223-version-negotiation-ssl + +[223-version-negotiation-ssl] +server = 223-version-negotiation-server +client = 223-version-negotiation-client + +[223-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[223-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-223] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[224-version-negotiation] +ssl_conf = 224-version-negotiation-ssl + +[224-version-negotiation-ssl] +server = 224-version-negotiation-server +client = 224-version-negotiation-client + +[224-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[224-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-224] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[225-version-negotiation] +ssl_conf = 225-version-negotiation-ssl + +[225-version-negotiation-ssl] +server = 225-version-negotiation-server +client = 225-version-negotiation-client + +[225-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[225-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-225] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[226-version-negotiation] +ssl_conf = 226-version-negotiation-ssl + +[226-version-negotiation-ssl] +server = 226-version-negotiation-server +client = 226-version-negotiation-client + +[226-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[226-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-226] +ExpectedResult = ServerFail + + +# =========================================================== + +[227-version-negotiation] +ssl_conf = 227-version-negotiation-ssl + +[227-version-negotiation-ssl] +server = 227-version-negotiation-server +client = 227-version-negotiation-client + +[227-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[227-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-227] +ExpectedResult = ServerFail + + +# =========================================================== + +[228-version-negotiation] +ssl_conf = 228-version-negotiation-ssl + +[228-version-negotiation-ssl] +server = 228-version-negotiation-server +client = 228-version-negotiation-client + +[228-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[228-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-228] +ExpectedResult = ServerFail + + +# =========================================================== + +[229-version-negotiation] +ssl_conf = 229-version-negotiation-ssl + +[229-version-negotiation-ssl] +server = 229-version-negotiation-server +client = 229-version-negotiation-client + +[229-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[229-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-229] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[230-version-negotiation] +ssl_conf = 230-version-negotiation-ssl + +[230-version-negotiation-ssl] +server = 230-version-negotiation-server +client = 230-version-negotiation-client + +[230-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[230-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-230] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[231-version-negotiation] +ssl_conf = 231-version-negotiation-ssl + +[231-version-negotiation-ssl] +server = 231-version-negotiation-server +client = 231-version-negotiation-client + +[231-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[231-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-231] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[232-version-negotiation] +ssl_conf = 232-version-negotiation-ssl + +[232-version-negotiation-ssl] +server = 232-version-negotiation-server +client = 232-version-negotiation-client + +[232-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[232-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-232] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[233-version-negotiation] +ssl_conf = 233-version-negotiation-ssl + +[233-version-negotiation-ssl] +server = 233-version-negotiation-server +client = 233-version-negotiation-client + +[233-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[233-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-233] +ExpectedResult = ServerFail + + +# =========================================================== + +[234-version-negotiation] +ssl_conf = 234-version-negotiation-ssl + +[234-version-negotiation-ssl] +server = 234-version-negotiation-server +client = 234-version-negotiation-client + +[234-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[234-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-234] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[235-version-negotiation] +ssl_conf = 235-version-negotiation-ssl + +[235-version-negotiation-ssl] +server = 235-version-negotiation-server +client = 235-version-negotiation-client + +[235-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[235-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-235] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[236-version-negotiation] +ssl_conf = 236-version-negotiation-ssl + +[236-version-negotiation-ssl] +server = 236-version-negotiation-server +client = 236-version-negotiation-client + +[236-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[236-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-236] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[237-version-negotiation] +ssl_conf = 237-version-negotiation-ssl + +[237-version-negotiation-ssl] +server = 237-version-negotiation-server +client = 237-version-negotiation-client + +[237-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[237-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-237] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[238-version-negotiation] +ssl_conf = 238-version-negotiation-ssl + +[238-version-negotiation-ssl] +server = 238-version-negotiation-server +client = 238-version-negotiation-client + +[238-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[238-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-238] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[239-version-negotiation] +ssl_conf = 239-version-negotiation-ssl + +[239-version-negotiation-ssl] +server = 239-version-negotiation-server +client = 239-version-negotiation-client + +[239-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[239-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-239] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[240-version-negotiation] +ssl_conf = 240-version-negotiation-ssl + +[240-version-negotiation-ssl] +server = 240-version-negotiation-server +client = 240-version-negotiation-client + +[240-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[240-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-240] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[241-version-negotiation] +ssl_conf = 241-version-negotiation-ssl + +[241-version-negotiation-ssl] +server = 241-version-negotiation-server +client = 241-version-negotiation-client + +[241-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[241-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-241] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[242-version-negotiation] +ssl_conf = 242-version-negotiation-ssl + +[242-version-negotiation-ssl] +server = 242-version-negotiation-server +client = 242-version-negotiation-client + +[242-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[242-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-242] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[243-version-negotiation] +ssl_conf = 243-version-negotiation-ssl + +[243-version-negotiation-ssl] +server = 243-version-negotiation-server +client = 243-version-negotiation-client + +[243-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[243-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-243] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[244-version-negotiation] +ssl_conf = 244-version-negotiation-ssl + +[244-version-negotiation-ssl] +server = 244-version-negotiation-server +client = 244-version-negotiation-client + +[244-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[244-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-244] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[245-version-negotiation] +ssl_conf = 245-version-negotiation-ssl + +[245-version-negotiation-ssl] +server = 245-version-negotiation-server +client = 245-version-negotiation-client + +[245-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[245-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-245] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[246-version-negotiation] +ssl_conf = 246-version-negotiation-ssl + +[246-version-negotiation-ssl] +server = 246-version-negotiation-server +client = 246-version-negotiation-client + +[246-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[246-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-246] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[247-version-negotiation] +ssl_conf = 247-version-negotiation-ssl + +[247-version-negotiation-ssl] +server = 247-version-negotiation-server +client = 247-version-negotiation-client + +[247-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[247-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-247] +ExpectedResult = ServerFail + + +# =========================================================== + +[248-version-negotiation] +ssl_conf = 248-version-negotiation-ssl + +[248-version-negotiation-ssl] +server = 248-version-negotiation-server +client = 248-version-negotiation-client + +[248-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[248-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-248] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[249-version-negotiation] +ssl_conf = 249-version-negotiation-ssl + +[249-version-negotiation-ssl] +server = 249-version-negotiation-server +client = 249-version-negotiation-client + +[249-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[249-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-249] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[250-version-negotiation] +ssl_conf = 250-version-negotiation-ssl + +[250-version-negotiation-ssl] +server = 250-version-negotiation-server +client = 250-version-negotiation-client + +[250-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[250-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-250] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[251-version-negotiation] +ssl_conf = 251-version-negotiation-ssl + +[251-version-negotiation-ssl] +server = 251-version-negotiation-server +client = 251-version-negotiation-client + +[251-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[251-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-251] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[252-version-negotiation] +ssl_conf = 252-version-negotiation-ssl + +[252-version-negotiation-ssl] +server = 252-version-negotiation-server +client = 252-version-negotiation-client + +[252-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[252-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-252] +ExpectedResult = ServerFail + + +# =========================================================== + +[253-version-negotiation] +ssl_conf = 253-version-negotiation-ssl + +[253-version-negotiation-ssl] +server = 253-version-negotiation-server +client = 253-version-negotiation-client + +[253-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[253-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-253] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[254-version-negotiation] +ssl_conf = 254-version-negotiation-ssl + +[254-version-negotiation-ssl] +server = 254-version-negotiation-server +client = 254-version-negotiation-client + +[254-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[254-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-254] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[255-version-negotiation] +ssl_conf = 255-version-negotiation-ssl + +[255-version-negotiation-ssl] +server = 255-version-negotiation-server +client = 255-version-negotiation-client + +[255-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[255-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-255] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[256-version-negotiation] +ssl_conf = 256-version-negotiation-ssl + +[256-version-negotiation-ssl] +server = 256-version-negotiation-server +client = 256-version-negotiation-client + +[256-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[256-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-256] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[257-version-negotiation] +ssl_conf = 257-version-negotiation-ssl + +[257-version-negotiation-ssl] +server = 257-version-negotiation-server +client = 257-version-negotiation-client + +[257-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[257-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-257] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[258-version-negotiation] +ssl_conf = 258-version-negotiation-ssl + +[258-version-negotiation-ssl] +server = 258-version-negotiation-server +client = 258-version-negotiation-client + +[258-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[258-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-258] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[259-version-negotiation] +ssl_conf = 259-version-negotiation-ssl + +[259-version-negotiation-ssl] +server = 259-version-negotiation-server +client = 259-version-negotiation-client + +[259-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[259-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-259] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[260-version-negotiation] +ssl_conf = 260-version-negotiation-ssl + +[260-version-negotiation-ssl] +server = 260-version-negotiation-server +client = 260-version-negotiation-client + +[260-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[260-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-260] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[261-version-negotiation] +ssl_conf = 261-version-negotiation-ssl + +[261-version-negotiation-ssl] +server = 261-version-negotiation-server +client = 261-version-negotiation-client + +[261-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[261-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-261] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[262-version-negotiation] +ssl_conf = 262-version-negotiation-ssl + +[262-version-negotiation-ssl] +server = 262-version-negotiation-server +client = 262-version-negotiation-client + +[262-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[262-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-262] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[263-version-negotiation] +ssl_conf = 263-version-negotiation-ssl + +[263-version-negotiation-ssl] +server = 263-version-negotiation-server +client = 263-version-negotiation-client + +[263-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[263-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-263] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[264-version-negotiation] +ssl_conf = 264-version-negotiation-ssl + +[264-version-negotiation-ssl] +server = 264-version-negotiation-server +client = 264-version-negotiation-client + +[264-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[264-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-264] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[265-version-negotiation] +ssl_conf = 265-version-negotiation-ssl + +[265-version-negotiation-ssl] +server = 265-version-negotiation-server +client = 265-version-negotiation-client + +[265-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[265-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-265] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[266-version-negotiation] +ssl_conf = 266-version-negotiation-ssl + +[266-version-negotiation-ssl] +server = 266-version-negotiation-server +client = 266-version-negotiation-client + +[266-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[266-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-266] +ExpectedResult = ServerFail + + +# =========================================================== + +[267-version-negotiation] +ssl_conf = 267-version-negotiation-ssl + +[267-version-negotiation-ssl] +server = 267-version-negotiation-server +client = 267-version-negotiation-client + +[267-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[267-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-267] +ExpectedResult = ClientFail + + +# =========================================================== + +[268-version-negotiation] +ssl_conf = 268-version-negotiation-ssl + +[268-version-negotiation-ssl] +server = 268-version-negotiation-server +client = 268-version-negotiation-client + +[268-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[268-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-268] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[269-version-negotiation] +ssl_conf = 269-version-negotiation-ssl + +[269-version-negotiation-ssl] +server = 269-version-negotiation-server +client = 269-version-negotiation-client + +[269-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[269-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-269] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[270-version-negotiation] +ssl_conf = 270-version-negotiation-ssl + +[270-version-negotiation-ssl] +server = 270-version-negotiation-server +client = 270-version-negotiation-client + +[270-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[270-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-270] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[271-version-negotiation] +ssl_conf = 271-version-negotiation-ssl + +[271-version-negotiation-ssl] +server = 271-version-negotiation-server +client = 271-version-negotiation-client + +[271-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[271-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-271] +ExpectedResult = ServerFail + + +# =========================================================== + +[272-version-negotiation] +ssl_conf = 272-version-negotiation-ssl + +[272-version-negotiation-ssl] +server = 272-version-negotiation-server +client = 272-version-negotiation-client + +[272-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[272-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-272] +ExpectedResult = ClientFail + + +# =========================================================== + +[273-version-negotiation] +ssl_conf = 273-version-negotiation-ssl + +[273-version-negotiation-ssl] +server = 273-version-negotiation-server +client = 273-version-negotiation-client + +[273-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[273-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-273] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[274-version-negotiation] +ssl_conf = 274-version-negotiation-ssl + +[274-version-negotiation-ssl] +server = 274-version-negotiation-server +client = 274-version-negotiation-client + +[274-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[274-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-274] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[275-version-negotiation] +ssl_conf = 275-version-negotiation-ssl + +[275-version-negotiation-ssl] +server = 275-version-negotiation-server +client = 275-version-negotiation-client + +[275-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[275-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-275] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[276-version-negotiation] +ssl_conf = 276-version-negotiation-ssl + +[276-version-negotiation-ssl] +server = 276-version-negotiation-server +client = 276-version-negotiation-client + +[276-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[276-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-276] +ExpectedResult = ClientFail + + +# =========================================================== + +[277-version-negotiation] +ssl_conf = 277-version-negotiation-ssl + +[277-version-negotiation-ssl] +server = 277-version-negotiation-server +client = 277-version-negotiation-client + +[277-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[277-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-277] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[278-version-negotiation] +ssl_conf = 278-version-negotiation-ssl + +[278-version-negotiation-ssl] +server = 278-version-negotiation-server +client = 278-version-negotiation-client + +[278-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[278-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-278] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[279-version-negotiation] +ssl_conf = 279-version-negotiation-ssl + +[279-version-negotiation-ssl] +server = 279-version-negotiation-server +client = 279-version-negotiation-client + +[279-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[279-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-279] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[280-version-negotiation] +ssl_conf = 280-version-negotiation-ssl + +[280-version-negotiation-ssl] +server = 280-version-negotiation-server +client = 280-version-negotiation-client + +[280-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[280-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-280] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[281-version-negotiation] +ssl_conf = 281-version-negotiation-ssl + +[281-version-negotiation-ssl] +server = 281-version-negotiation-server +client = 281-version-negotiation-client + +[281-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[281-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-281] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[282-version-negotiation] +ssl_conf = 282-version-negotiation-ssl + +[282-version-negotiation-ssl] +server = 282-version-negotiation-server +client = 282-version-negotiation-client + +[282-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[282-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-282] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[283-version-negotiation] +ssl_conf = 283-version-negotiation-ssl + +[283-version-negotiation-ssl] +server = 283-version-negotiation-server +client = 283-version-negotiation-client + +[283-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[283-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-283] +ExpectedResult = ServerFail + + +# =========================================================== + +[284-version-negotiation] +ssl_conf = 284-version-negotiation-ssl + +[284-version-negotiation-ssl] +server = 284-version-negotiation-server +client = 284-version-negotiation-client + +[284-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[284-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-284] +ExpectedResult = ServerFail + + +# =========================================================== + +[285-version-negotiation] +ssl_conf = 285-version-negotiation-ssl + +[285-version-negotiation-ssl] +server = 285-version-negotiation-server +client = 285-version-negotiation-client + +[285-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[285-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-285] +ExpectedResult = ServerFail + + +# =========================================================== + +[286-version-negotiation] +ssl_conf = 286-version-negotiation-ssl + +[286-version-negotiation-ssl] +server = 286-version-negotiation-server +client = 286-version-negotiation-client + +[286-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[286-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-286] +ExpectedResult = ClientFail + + +# =========================================================== + +[287-version-negotiation] +ssl_conf = 287-version-negotiation-ssl + +[287-version-negotiation-ssl] +server = 287-version-negotiation-server +client = 287-version-negotiation-client + +[287-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[287-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-287] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[288-version-negotiation] +ssl_conf = 288-version-negotiation-ssl + +[288-version-negotiation-ssl] +server = 288-version-negotiation-server +client = 288-version-negotiation-client + +[288-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[288-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-288] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[289-version-negotiation] +ssl_conf = 289-version-negotiation-ssl + +[289-version-negotiation-ssl] +server = 289-version-negotiation-server +client = 289-version-negotiation-client + +[289-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[289-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-289] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[290-version-negotiation] +ssl_conf = 290-version-negotiation-ssl + +[290-version-negotiation-ssl] +server = 290-version-negotiation-server +client = 290-version-negotiation-client + +[290-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[290-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-290] +ExpectedResult = ServerFail + + +# =========================================================== + +[291-version-negotiation] +ssl_conf = 291-version-negotiation-ssl + +[291-version-negotiation-ssl] +server = 291-version-negotiation-server +client = 291-version-negotiation-client + +[291-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[291-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-291] +ExpectedResult = ClientFail + + +# =========================================================== + +[292-version-negotiation] +ssl_conf = 292-version-negotiation-ssl + +[292-version-negotiation-ssl] +server = 292-version-negotiation-server +client = 292-version-negotiation-client + +[292-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[292-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-292] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[293-version-negotiation] +ssl_conf = 293-version-negotiation-ssl + +[293-version-negotiation-ssl] +server = 293-version-negotiation-server +client = 293-version-negotiation-client + +[293-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[293-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-293] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[294-version-negotiation] +ssl_conf = 294-version-negotiation-ssl + +[294-version-negotiation-ssl] +server = 294-version-negotiation-server +client = 294-version-negotiation-client + +[294-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[294-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-294] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[295-version-negotiation] +ssl_conf = 295-version-negotiation-ssl + +[295-version-negotiation-ssl] +server = 295-version-negotiation-server +client = 295-version-negotiation-client + +[295-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[295-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-295] +ExpectedResult = ClientFail + + +# =========================================================== + +[296-version-negotiation] +ssl_conf = 296-version-negotiation-ssl + +[296-version-negotiation-ssl] +server = 296-version-negotiation-server +client = 296-version-negotiation-client + +[296-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[296-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-296] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[297-version-negotiation] +ssl_conf = 297-version-negotiation-ssl + +[297-version-negotiation-ssl] +server = 297-version-negotiation-server +client = 297-version-negotiation-client + +[297-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[297-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-297] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[298-version-negotiation] +ssl_conf = 298-version-negotiation-ssl + +[298-version-negotiation-ssl] +server = 298-version-negotiation-server +client = 298-version-negotiation-client + +[298-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[298-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-298] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[299-version-negotiation] +ssl_conf = 299-version-negotiation-ssl + +[299-version-negotiation-ssl] +server = 299-version-negotiation-server +client = 299-version-negotiation-client + +[299-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[299-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-299] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[300-version-negotiation] +ssl_conf = 300-version-negotiation-ssl + +[300-version-negotiation-ssl] +server = 300-version-negotiation-server +client = 300-version-negotiation-client + +[300-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[300-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-300] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[301-version-negotiation] +ssl_conf = 301-version-negotiation-ssl + +[301-version-negotiation-ssl] +server = 301-version-negotiation-server +client = 301-version-negotiation-client + +[301-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[301-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-301] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[302-version-negotiation] +ssl_conf = 302-version-negotiation-ssl + +[302-version-negotiation-ssl] +server = 302-version-negotiation-server +client = 302-version-negotiation-client + +[302-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[302-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-302] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[303-version-negotiation] +ssl_conf = 303-version-negotiation-ssl + +[303-version-negotiation-ssl] +server = 303-version-negotiation-server +client = 303-version-negotiation-client + +[303-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[303-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-303] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[304-version-negotiation] +ssl_conf = 304-version-negotiation-ssl + +[304-version-negotiation-ssl] +server = 304-version-negotiation-server +client = 304-version-negotiation-client + +[304-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[304-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-304] +ExpectedResult = ServerFail + + +# =========================================================== + +[305-version-negotiation] +ssl_conf = 305-version-negotiation-ssl + +[305-version-negotiation-ssl] +server = 305-version-negotiation-server +client = 305-version-negotiation-client + +[305-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[305-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-305] +ExpectedResult = ClientFail + + +# =========================================================== + +[306-version-negotiation] +ssl_conf = 306-version-negotiation-ssl + +[306-version-negotiation-ssl] +server = 306-version-negotiation-server +client = 306-version-negotiation-client + +[306-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[306-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-306] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[307-version-negotiation] +ssl_conf = 307-version-negotiation-ssl + +[307-version-negotiation-ssl] +server = 307-version-negotiation-server +client = 307-version-negotiation-client + +[307-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[307-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-307] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[308-version-negotiation] +ssl_conf = 308-version-negotiation-ssl + +[308-version-negotiation-ssl] +server = 308-version-negotiation-server +client = 308-version-negotiation-client + +[308-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[308-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-308] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[309-version-negotiation] +ssl_conf = 309-version-negotiation-ssl + +[309-version-negotiation-ssl] +server = 309-version-negotiation-server +client = 309-version-negotiation-client + +[309-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[309-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-309] +ExpectedResult = ServerFail + + +# =========================================================== + +[310-version-negotiation] +ssl_conf = 310-version-negotiation-ssl + +[310-version-negotiation-ssl] +server = 310-version-negotiation-server +client = 310-version-negotiation-client + +[310-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[310-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-310] +ExpectedResult = ClientFail + + +# =========================================================== + +[311-version-negotiation] +ssl_conf = 311-version-negotiation-ssl + +[311-version-negotiation-ssl] +server = 311-version-negotiation-server +client = 311-version-negotiation-client + +[311-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[311-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-311] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[312-version-negotiation] +ssl_conf = 312-version-negotiation-ssl + +[312-version-negotiation-ssl] +server = 312-version-negotiation-server +client = 312-version-negotiation-client + +[312-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[312-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-312] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[313-version-negotiation] +ssl_conf = 313-version-negotiation-ssl + +[313-version-negotiation-ssl] +server = 313-version-negotiation-server +client = 313-version-negotiation-client + +[313-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[313-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-313] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[314-version-negotiation] +ssl_conf = 314-version-negotiation-ssl + +[314-version-negotiation-ssl] +server = 314-version-negotiation-server +client = 314-version-negotiation-client + +[314-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[314-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-314] +ExpectedResult = ClientFail + + +# =========================================================== + +[315-version-negotiation] +ssl_conf = 315-version-negotiation-ssl + +[315-version-negotiation-ssl] +server = 315-version-negotiation-server +client = 315-version-negotiation-client + +[315-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[315-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-315] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[316-version-negotiation] +ssl_conf = 316-version-negotiation-ssl + +[316-version-negotiation-ssl] +server = 316-version-negotiation-server +client = 316-version-negotiation-client + +[316-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[316-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-316] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[317-version-negotiation] +ssl_conf = 317-version-negotiation-ssl + +[317-version-negotiation-ssl] +server = 317-version-negotiation-server +client = 317-version-negotiation-client + +[317-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[317-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-317] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[318-version-negotiation] +ssl_conf = 318-version-negotiation-ssl + +[318-version-negotiation-ssl] +server = 318-version-negotiation-server +client = 318-version-negotiation-client + +[318-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[318-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-318] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[319-version-negotiation] +ssl_conf = 319-version-negotiation-ssl + +[319-version-negotiation-ssl] +server = 319-version-negotiation-server +client = 319-version-negotiation-client + +[319-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[319-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-319] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[320-version-negotiation] +ssl_conf = 320-version-negotiation-ssl + +[320-version-negotiation-ssl] +server = 320-version-negotiation-server +client = 320-version-negotiation-client + +[320-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[320-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-320] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[321-version-negotiation] +ssl_conf = 321-version-negotiation-ssl + +[321-version-negotiation-ssl] +server = 321-version-negotiation-server +client = 321-version-negotiation-client + +[321-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[321-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-321] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[322-version-negotiation] +ssl_conf = 322-version-negotiation-ssl + +[322-version-negotiation-ssl] +server = 322-version-negotiation-server +client = 322-version-negotiation-client + +[322-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[322-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-322] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[323-version-negotiation] +ssl_conf = 323-version-negotiation-ssl + +[323-version-negotiation-ssl] +server = 323-version-negotiation-server +client = 323-version-negotiation-client + +[323-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[323-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-323] +ExpectedResult = ServerFail + + +# =========================================================== + +[324-version-negotiation] +ssl_conf = 324-version-negotiation-ssl + +[324-version-negotiation-ssl] +server = 324-version-negotiation-server +client = 324-version-negotiation-client + +[324-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[324-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-324] +ExpectedResult = ClientFail + + +# =========================================================== + +[325-version-negotiation] +ssl_conf = 325-version-negotiation-ssl + +[325-version-negotiation-ssl] +server = 325-version-negotiation-server +client = 325-version-negotiation-client + +[325-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[325-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-325] +ExpectedResult = ClientFail + + +# =========================================================== + +[326-version-negotiation] +ssl_conf = 326-version-negotiation-ssl + +[326-version-negotiation-ssl] +server = 326-version-negotiation-server +client = 326-version-negotiation-client + +[326-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[326-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-326] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[327-version-negotiation] +ssl_conf = 327-version-negotiation-ssl + +[327-version-negotiation-ssl] +server = 327-version-negotiation-server +client = 327-version-negotiation-client + +[327-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[327-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-327] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[328-version-negotiation] +ssl_conf = 328-version-negotiation-ssl + +[328-version-negotiation-ssl] +server = 328-version-negotiation-server +client = 328-version-negotiation-client + +[328-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[328-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-328] +ExpectedResult = ServerFail + + +# =========================================================== + +[329-version-negotiation] +ssl_conf = 329-version-negotiation-ssl + +[329-version-negotiation-ssl] +server = 329-version-negotiation-server +client = 329-version-negotiation-client + +[329-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[329-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-329] +ExpectedResult = ClientFail + + +# =========================================================== + +[330-version-negotiation] +ssl_conf = 330-version-negotiation-ssl + +[330-version-negotiation-ssl] +server = 330-version-negotiation-server +client = 330-version-negotiation-client + +[330-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[330-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-330] +ExpectedResult = ClientFail + + +# =========================================================== + +[331-version-negotiation] +ssl_conf = 331-version-negotiation-ssl + +[331-version-negotiation-ssl] +server = 331-version-negotiation-server +client = 331-version-negotiation-client + +[331-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[331-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-331] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[332-version-negotiation] +ssl_conf = 332-version-negotiation-ssl + +[332-version-negotiation-ssl] +server = 332-version-negotiation-server +client = 332-version-negotiation-client + +[332-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[332-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-332] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[333-version-negotiation] +ssl_conf = 333-version-negotiation-ssl + +[333-version-negotiation-ssl] +server = 333-version-negotiation-server +client = 333-version-negotiation-client + +[333-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[333-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-333] +ExpectedResult = ClientFail + + +# =========================================================== + +[334-version-negotiation] +ssl_conf = 334-version-negotiation-ssl + +[334-version-negotiation-ssl] +server = 334-version-negotiation-server +client = 334-version-negotiation-client + +[334-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[334-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-334] +ExpectedResult = ClientFail + + +# =========================================================== + +[335-version-negotiation] +ssl_conf = 335-version-negotiation-ssl + +[335-version-negotiation-ssl] +server = 335-version-negotiation-server +client = 335-version-negotiation-client + +[335-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[335-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-335] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[336-version-negotiation] +ssl_conf = 336-version-negotiation-ssl + +[336-version-negotiation-ssl] +server = 336-version-negotiation-server +client = 336-version-negotiation-client + +[336-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[336-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-336] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[337-version-negotiation] +ssl_conf = 337-version-negotiation-ssl + +[337-version-negotiation-ssl] +server = 337-version-negotiation-server +client = 337-version-negotiation-client + +[337-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[337-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-337] +ExpectedResult = ClientFail + + +# =========================================================== + +[338-version-negotiation] +ssl_conf = 338-version-negotiation-ssl + +[338-version-negotiation-ssl] +server = 338-version-negotiation-server +client = 338-version-negotiation-client + +[338-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[338-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-338] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[339-version-negotiation] +ssl_conf = 339-version-negotiation-ssl + +[339-version-negotiation-ssl] +server = 339-version-negotiation-server +client = 339-version-negotiation-client + +[339-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[339-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-339] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[340-version-negotiation] +ssl_conf = 340-version-negotiation-ssl + +[340-version-negotiation-ssl] +server = 340-version-negotiation-server +client = 340-version-negotiation-client + +[340-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[340-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-340] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[341-version-negotiation] +ssl_conf = 341-version-negotiation-ssl + +[341-version-negotiation-ssl] +server = 341-version-negotiation-server +client = 341-version-negotiation-client + +[341-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[341-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-341] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[342-version-negotiation] +ssl_conf = 342-version-negotiation-ssl + +[342-version-negotiation-ssl] +server = 342-version-negotiation-server +client = 342-version-negotiation-client + +[342-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[342-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-342] +ExpectedResult = ServerFail + + +# =========================================================== + +[343-version-negotiation] +ssl_conf = 343-version-negotiation-ssl + +[343-version-negotiation-ssl] +server = 343-version-negotiation-server +client = 343-version-negotiation-client + +[343-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[343-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-343] +ExpectedResult = ClientFail + + +# =========================================================== + +[344-version-negotiation] +ssl_conf = 344-version-negotiation-ssl + +[344-version-negotiation-ssl] +server = 344-version-negotiation-server +client = 344-version-negotiation-client + +[344-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[344-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-344] +ExpectedResult = ClientFail + + +# =========================================================== + +[345-version-negotiation] +ssl_conf = 345-version-negotiation-ssl + +[345-version-negotiation-ssl] +server = 345-version-negotiation-server +client = 345-version-negotiation-client + +[345-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[345-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-345] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[346-version-negotiation] +ssl_conf = 346-version-negotiation-ssl + +[346-version-negotiation-ssl] +server = 346-version-negotiation-server +client = 346-version-negotiation-client + +[346-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[346-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-346] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[347-version-negotiation] +ssl_conf = 347-version-negotiation-ssl + +[347-version-negotiation-ssl] +server = 347-version-negotiation-server +client = 347-version-negotiation-client + +[347-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[347-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-347] +ExpectedResult = ServerFail + + +# =========================================================== + +[348-version-negotiation] +ssl_conf = 348-version-negotiation-ssl + +[348-version-negotiation-ssl] +server = 348-version-negotiation-server +client = 348-version-negotiation-client + +[348-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[348-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-348] +ExpectedResult = ClientFail + + +# =========================================================== + +[349-version-negotiation] +ssl_conf = 349-version-negotiation-ssl + +[349-version-negotiation-ssl] +server = 349-version-negotiation-server +client = 349-version-negotiation-client + +[349-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[349-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-349] +ExpectedResult = ClientFail + + +# =========================================================== + +[350-version-negotiation] +ssl_conf = 350-version-negotiation-ssl + +[350-version-negotiation-ssl] +server = 350-version-negotiation-server +client = 350-version-negotiation-client + +[350-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[350-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-350] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[351-version-negotiation] +ssl_conf = 351-version-negotiation-ssl + +[351-version-negotiation-ssl] +server = 351-version-negotiation-server +client = 351-version-negotiation-client + +[351-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[351-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-351] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[352-version-negotiation] +ssl_conf = 352-version-negotiation-ssl + +[352-version-negotiation-ssl] +server = 352-version-negotiation-server +client = 352-version-negotiation-client + +[352-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[352-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-352] +ExpectedResult = ClientFail + + +# =========================================================== + +[353-version-negotiation] +ssl_conf = 353-version-negotiation-ssl + +[353-version-negotiation-ssl] +server = 353-version-negotiation-server +client = 353-version-negotiation-client + +[353-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[353-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-353] +ExpectedResult = ClientFail + + +# =========================================================== + +[354-version-negotiation] +ssl_conf = 354-version-negotiation-ssl + +[354-version-negotiation-ssl] +server = 354-version-negotiation-server +client = 354-version-negotiation-client + +[354-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[354-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-354] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[355-version-negotiation] +ssl_conf = 355-version-negotiation-ssl + +[355-version-negotiation-ssl] +server = 355-version-negotiation-server +client = 355-version-negotiation-client + +[355-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[355-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-355] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[356-version-negotiation] +ssl_conf = 356-version-negotiation-ssl + +[356-version-negotiation-ssl] +server = 356-version-negotiation-server +client = 356-version-negotiation-client + +[356-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[356-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-356] +ExpectedResult = ClientFail + + +# =========================================================== + +[357-version-negotiation] +ssl_conf = 357-version-negotiation-ssl + +[357-version-negotiation-ssl] +server = 357-version-negotiation-server +client = 357-version-negotiation-client + +[357-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[357-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-357] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[358-version-negotiation] +ssl_conf = 358-version-negotiation-ssl + +[358-version-negotiation-ssl] +server = 358-version-negotiation-server +client = 358-version-negotiation-client + +[358-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[358-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-358] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[359-version-negotiation] +ssl_conf = 359-version-negotiation-ssl + +[359-version-negotiation-ssl] +server = 359-version-negotiation-server +client = 359-version-negotiation-client + +[359-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[359-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-359] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[360-version-negotiation] +ssl_conf = 360-version-negotiation-ssl + +[360-version-negotiation-ssl] +server = 360-version-negotiation-server +client = 360-version-negotiation-client + +[360-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[360-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-360] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + diff --git a/openssl-1.1.0h/test/ssl-tests/02-protocol-version.conf.in b/openssl-1.1.0h/test/ssl-tests/02-protocol-version.conf.in new file mode 100644 index 0000000..26d64b5 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/02-protocol-version.conf.in @@ -0,0 +1,19 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test TLS version negotiation + +package ssltests; + +use strict; +use warnings; + +use protocol_version; + +our @tests = generate_version_tests("TLS"); diff --git a/openssl-1.1.0h/test/ssl-tests/03-custom_verify.conf b/openssl-1.1.0h/test/ssl-tests/03-custom_verify.conf new file mode 100644 index 0000000..8dca715 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/03-custom_verify.conf @@ -0,0 +1,238 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 9 + +test-0 = 0-verify-success +test-1 = 1-verify-custom-reject +test-2 = 2-verify-custom-allow +test-3 = 3-noverify-success +test-4 = 4-noverify-ignore-custom-reject +test-5 = 5-noverify-accept-custom-allow +test-6 = 6-verify-fail-no-root +test-7 = 7-verify-custom-success-no-root +test-8 = 8-verify-custom-fail-no-root +# =========================================================== + +[0-verify-success] +ssl_conf = 0-verify-success-ssl + +[0-verify-success-ssl] +server = 0-verify-success-server +client = 0-verify-success-client + +[0-verify-success-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-verify-success-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success + + +# =========================================================== + +[1-verify-custom-reject] +ssl_conf = 1-verify-custom-reject-ssl + +[1-verify-custom-reject-ssl] +server = 1-verify-custom-reject-server +client = 1-verify-custom-reject-client + +[1-verify-custom-reject-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-verify-custom-reject-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedClientAlert = HandshakeFailure +ExpectedResult = ClientFail +client = 1-verify-custom-reject-client-extra + +[1-verify-custom-reject-client-extra] +VerifyCallback = RejectAll + + +# =========================================================== + +[2-verify-custom-allow] +ssl_conf = 2-verify-custom-allow-ssl + +[2-verify-custom-allow-ssl] +server = 2-verify-custom-allow-server +client = 2-verify-custom-allow-client + +[2-verify-custom-allow-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-verify-custom-allow-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success +client = 2-verify-custom-allow-client-extra + +[2-verify-custom-allow-client-extra] +VerifyCallback = AcceptAll + + +# =========================================================== + +[3-noverify-success] +ssl_conf = 3-noverify-success-ssl + +[3-noverify-success-ssl] +server = 3-noverify-success-server +client = 3-noverify-success-client + +[3-noverify-success-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-noverify-success-client] +CipherString = DEFAULT + +[test-3] +ExpectedResult = Success + + +# =========================================================== + +[4-noverify-ignore-custom-reject] +ssl_conf = 4-noverify-ignore-custom-reject-ssl + +[4-noverify-ignore-custom-reject-ssl] +server = 4-noverify-ignore-custom-reject-server +client = 4-noverify-ignore-custom-reject-client + +[4-noverify-ignore-custom-reject-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-noverify-ignore-custom-reject-client] +CipherString = DEFAULT + +[test-4] +ExpectedResult = Success +client = 4-noverify-ignore-custom-reject-client-extra + +[4-noverify-ignore-custom-reject-client-extra] +VerifyCallback = RejectAll + + +# =========================================================== + +[5-noverify-accept-custom-allow] +ssl_conf = 5-noverify-accept-custom-allow-ssl + +[5-noverify-accept-custom-allow-ssl] +server = 5-noverify-accept-custom-allow-server +client = 5-noverify-accept-custom-allow-client + +[5-noverify-accept-custom-allow-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-noverify-accept-custom-allow-client] +CipherString = DEFAULT + +[test-5] +ExpectedResult = Success +client = 5-noverify-accept-custom-allow-client-extra + +[5-noverify-accept-custom-allow-client-extra] +VerifyCallback = AcceptAll + + +# =========================================================== + +[6-verify-fail-no-root] +ssl_conf = 6-verify-fail-no-root-ssl + +[6-verify-fail-no-root-ssl] +server = 6-verify-fail-no-root-server +client = 6-verify-fail-no-root-client + +[6-verify-fail-no-root-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-verify-fail-no-root-client] +CipherString = DEFAULT +VerifyMode = Peer + +[test-6] +ExpectedClientAlert = UnknownCA +ExpectedResult = ClientFail + + +# =========================================================== + +[7-verify-custom-success-no-root] +ssl_conf = 7-verify-custom-success-no-root-ssl + +[7-verify-custom-success-no-root-ssl] +server = 7-verify-custom-success-no-root-server +client = 7-verify-custom-success-no-root-client + +[7-verify-custom-success-no-root-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-verify-custom-success-no-root-client] +CipherString = DEFAULT +VerifyMode = Peer + +[test-7] +ExpectedResult = Success +client = 7-verify-custom-success-no-root-client-extra + +[7-verify-custom-success-no-root-client-extra] +VerifyCallback = AcceptAll + + +# =========================================================== + +[8-verify-custom-fail-no-root] +ssl_conf = 8-verify-custom-fail-no-root-ssl + +[8-verify-custom-fail-no-root-ssl] +server = 8-verify-custom-fail-no-root-server +client = 8-verify-custom-fail-no-root-client + +[8-verify-custom-fail-no-root-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-verify-custom-fail-no-root-client] +CipherString = DEFAULT +VerifyMode = Peer + +[test-8] +ExpectedClientAlert = HandshakeFailure +ExpectedResult = ClientFail +client = 8-verify-custom-fail-no-root-client-extra + +[8-verify-custom-fail-no-root-client-extra] +VerifyCallback = RejectAll + + diff --git a/openssl-1.1.0h/test/ssl-tests/03-custom_verify.conf.in b/openssl-1.1.0h/test/ssl-tests/03-custom_verify.conf.in new file mode 100644 index 0000000..287ca9b --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/03-custom_verify.conf.in @@ -0,0 +1,145 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## SSL test configurations + +package ssltests; + +our @tests = ( + + # Sanity-check that verification indeed succeeds without the + # restrictive callback. + { + name => "verify-success", + server => { }, + client => { }, + test => { "ExpectedResult" => "Success" }, + }, + + # Same test as above but with a custom callback that always fails. + { + name => "verify-custom-reject", + server => { }, + client => { + extra => { + "VerifyCallback" => "RejectAll", + }, + }, + test => { + "ExpectedResult" => "ClientFail", + "ExpectedClientAlert" => "HandshakeFailure", + }, + }, + + # Same test as above but with a custom callback that always succeeds. + { + name => "verify-custom-allow", + server => { }, + client => { + extra => { + "VerifyCallback" => "AcceptAll", + }, + }, + test => { + "ExpectedResult" => "Success", + }, + }, + + # Sanity-check that verification indeed succeeds if peer verification + # is not requested. + { + name => "noverify-success", + server => { }, + client => { + "VerifyMode" => undef, + "VerifyCAFile" => undef, + }, + test => { "ExpectedResult" => "Success" }, + }, + + # Same test as above but with a custom callback that always fails. + # The callback return has no impact on handshake success in this mode. + { + name => "noverify-ignore-custom-reject", + server => { }, + client => { + "VerifyMode" => undef, + "VerifyCAFile" => undef, + extra => { + "VerifyCallback" => "RejectAll", + }, + }, + test => { + "ExpectedResult" => "Success", + }, + }, + + # Same test as above but with a custom callback that always succeeds. + # The callback return has no impact on handshake success in this mode. + { + name => "noverify-accept-custom-allow", + server => { }, + client => { + "VerifyMode" => undef, + "VerifyCAFile" => undef, + extra => { + "VerifyCallback" => "AcceptAll", + }, + }, + test => { + "ExpectedResult" => "Success", + }, + }, + + # Sanity-check that verification indeed fails without the + # permissive callback. + { + name => "verify-fail-no-root", + server => { }, + client => { + # Don't set up the client root file. + "VerifyCAFile" => undef, + }, + test => { + "ExpectedResult" => "ClientFail", + "ExpectedClientAlert" => "UnknownCA", + }, + }, + + # Same test as above but with a custom callback that always succeeds. + { + name => "verify-custom-success-no-root", + server => { }, + client => { + "VerifyCAFile" => undef, + extra => { + "VerifyCallback" => "AcceptAll", + }, + }, + test => { + "ExpectedResult" => "Success" + }, + }, + + # Same test as above but with a custom callback that always fails. + { + name => "verify-custom-fail-no-root", + server => { }, + client => { + "VerifyCAFile" => undef, + extra => { + "VerifyCallback" => "RejectAll", + }, + }, + test => { + "ExpectedResult" => "ClientFail", + "ExpectedClientAlert" => "HandshakeFailure", + }, + }, +); diff --git a/openssl-1.1.0h/test/ssl-tests/04-client_auth.conf b/openssl-1.1.0h/test/ssl-tests/04-client_auth.conf new file mode 100644 index 0000000..0e91bed --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/04-client_auth.conf @@ -0,0 +1,592 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 20 + +test-0 = 0-server-auth-flex +test-1 = 1-client-auth-flex-request +test-2 = 2-client-auth-flex-require-fail +test-3 = 3-client-auth-flex-require +test-4 = 4-client-auth-flex-noroot +test-5 = 5-server-auth-TLSv1 +test-6 = 6-client-auth-TLSv1-request +test-7 = 7-client-auth-TLSv1-require-fail +test-8 = 8-client-auth-TLSv1-require +test-9 = 9-client-auth-TLSv1-noroot +test-10 = 10-server-auth-TLSv1.1 +test-11 = 11-client-auth-TLSv1.1-request +test-12 = 12-client-auth-TLSv1.1-require-fail +test-13 = 13-client-auth-TLSv1.1-require +test-14 = 14-client-auth-TLSv1.1-noroot +test-15 = 15-server-auth-TLSv1.2 +test-16 = 16-client-auth-TLSv1.2-request +test-17 = 17-client-auth-TLSv1.2-require-fail +test-18 = 18-client-auth-TLSv1.2-require +test-19 = 19-client-auth-TLSv1.2-noroot +# =========================================================== + +[0-server-auth-flex] +ssl_conf = 0-server-auth-flex-ssl + +[0-server-auth-flex-ssl] +server = 0-server-auth-flex-server +client = 0-server-auth-flex-client + +[0-server-auth-flex-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-server-auth-flex-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success + + +# =========================================================== + +[1-client-auth-flex-request] +ssl_conf = 1-client-auth-flex-request-ssl + +[1-client-auth-flex-request-ssl] +server = 1-client-auth-flex-request-server +client = 1-client-auth-flex-request-client + +[1-client-auth-flex-request-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Request + +[1-client-auth-flex-request-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success + + +# =========================================================== + +[2-client-auth-flex-require-fail] +ssl_conf = 2-client-auth-flex-require-fail-ssl + +[2-client-auth-flex-require-fail-ssl] +server = 2-client-auth-flex-require-fail-server +client = 2-client-auth-flex-require-fail-client + +[2-client-auth-flex-require-fail-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[2-client-auth-flex-require-fail-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = ServerFail +ExpectedServerAlert = HandshakeFailure + + +# =========================================================== + +[3-client-auth-flex-require] +ssl_conf = 3-client-auth-flex-require-ssl + +[3-client-auth-flex-require-ssl] +server = 3-client-auth-flex-require-server +client = 3-client-auth-flex-require-client + +[3-client-auth-flex-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[3-client-auth-flex-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success + + +# =========================================================== + +[4-client-auth-flex-noroot] +ssl_conf = 4-client-auth-flex-noroot-ssl + +[4-client-auth-flex-noroot-ssl] +server = 4-client-auth-flex-noroot-server +client = 4-client-auth-flex-noroot-client + +[4-client-auth-flex-noroot-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Require + +[4-client-auth-flex-noroot-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA + + +# =========================================================== + +[5-server-auth-TLSv1] +ssl_conf = 5-server-auth-TLSv1-ssl + +[5-server-auth-TLSv1-ssl] +server = 5-server-auth-TLSv1-server +client = 5-server-auth-TLSv1-client + +[5-server-auth-TLSv1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-server-auth-TLSv1-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = Success + + +# =========================================================== + +[6-client-auth-TLSv1-request] +ssl_conf = 6-client-auth-TLSv1-request-ssl + +[6-client-auth-TLSv1-request-ssl] +server = 6-client-auth-TLSv1-request-server +client = 6-client-auth-TLSv1-request-client + +[6-client-auth-TLSv1-request-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Request + +[6-client-auth-TLSv1-request-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = Success + + +# =========================================================== + +[7-client-auth-TLSv1-require-fail] +ssl_conf = 7-client-auth-TLSv1-require-fail-ssl + +[7-client-auth-TLSv1-require-fail-ssl] +server = 7-client-auth-TLSv1-require-fail-server +client = 7-client-auth-TLSv1-require-fail-client + +[7-client-auth-TLSv1-require-fail-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[7-client-auth-TLSv1-require-fail-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = ServerFail +ExpectedServerAlert = HandshakeFailure + + +# =========================================================== + +[8-client-auth-TLSv1-require] +ssl_conf = 8-client-auth-TLSv1-require-ssl + +[8-client-auth-TLSv1-require-ssl] +server = 8-client-auth-TLSv1-require-server +client = 8-client-auth-TLSv1-require-client + +[8-client-auth-TLSv1-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[8-client-auth-TLSv1-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedResult = Success + + +# =========================================================== + +[9-client-auth-TLSv1-noroot] +ssl_conf = 9-client-auth-TLSv1-noroot-ssl + +[9-client-auth-TLSv1-noroot-ssl] +server = 9-client-auth-TLSv1-noroot-server +client = 9-client-auth-TLSv1-noroot-client + +[9-client-auth-TLSv1-noroot-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Require + +[9-client-auth-TLSv1-noroot-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA + + +# =========================================================== + +[10-server-auth-TLSv1.1] +ssl_conf = 10-server-auth-TLSv1.1-ssl + +[10-server-auth-TLSv1.1-ssl] +server = 10-server-auth-TLSv1.1-server +client = 10-server-auth-TLSv1.1-client + +[10-server-auth-TLSv1.1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-server-auth-TLSv1.1-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedResult = Success + + +# =========================================================== + +[11-client-auth-TLSv1.1-request] +ssl_conf = 11-client-auth-TLSv1.1-request-ssl + +[11-client-auth-TLSv1.1-request-ssl] +server = 11-client-auth-TLSv1.1-request-server +client = 11-client-auth-TLSv1.1-request-client + +[11-client-auth-TLSv1.1-request-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Request + +[11-client-auth-TLSv1.1-request-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedResult = Success + + +# =========================================================== + +[12-client-auth-TLSv1.1-require-fail] +ssl_conf = 12-client-auth-TLSv1.1-require-fail-ssl + +[12-client-auth-TLSv1.1-require-fail-ssl] +server = 12-client-auth-TLSv1.1-require-fail-server +client = 12-client-auth-TLSv1.1-require-fail-client + +[12-client-auth-TLSv1.1-require-fail-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[12-client-auth-TLSv1.1-require-fail-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedResult = ServerFail +ExpectedServerAlert = HandshakeFailure + + +# =========================================================== + +[13-client-auth-TLSv1.1-require] +ssl_conf = 13-client-auth-TLSv1.1-require-ssl + +[13-client-auth-TLSv1.1-require-ssl] +server = 13-client-auth-TLSv1.1-require-server +client = 13-client-auth-TLSv1.1-require-client + +[13-client-auth-TLSv1.1-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[13-client-auth-TLSv1.1-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedResult = Success + + +# =========================================================== + +[14-client-auth-TLSv1.1-noroot] +ssl_conf = 14-client-auth-TLSv1.1-noroot-ssl + +[14-client-auth-TLSv1.1-noroot-ssl] +server = 14-client-auth-TLSv1.1-noroot-server +client = 14-client-auth-TLSv1.1-noroot-client + +[14-client-auth-TLSv1.1-noroot-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Require + +[14-client-auth-TLSv1.1-noroot-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA + + +# =========================================================== + +[15-server-auth-TLSv1.2] +ssl_conf = 15-server-auth-TLSv1.2-ssl + +[15-server-auth-TLSv1.2-ssl] +server = 15-server-auth-TLSv1.2-server +client = 15-server-auth-TLSv1.2-client + +[15-server-auth-TLSv1.2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-server-auth-TLSv1.2-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedResult = Success + + +# =========================================================== + +[16-client-auth-TLSv1.2-request] +ssl_conf = 16-client-auth-TLSv1.2-request-ssl + +[16-client-auth-TLSv1.2-request-ssl] +server = 16-client-auth-TLSv1.2-request-server +client = 16-client-auth-TLSv1.2-request-client + +[16-client-auth-TLSv1.2-request-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Request + +[16-client-auth-TLSv1.2-request-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +ExpectedResult = Success + + +# =========================================================== + +[17-client-auth-TLSv1.2-require-fail] +ssl_conf = 17-client-auth-TLSv1.2-require-fail-ssl + +[17-client-auth-TLSv1.2-require-fail-ssl] +server = 17-client-auth-TLSv1.2-require-fail-server +client = 17-client-auth-TLSv1.2-require-fail-client + +[17-client-auth-TLSv1.2-require-fail-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[17-client-auth-TLSv1.2-require-fail-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-17] +ExpectedResult = ServerFail +ExpectedServerAlert = HandshakeFailure + + +# =========================================================== + +[18-client-auth-TLSv1.2-require] +ssl_conf = 18-client-auth-TLSv1.2-require-ssl + +[18-client-auth-TLSv1.2-require-ssl] +server = 18-client-auth-TLSv1.2-require-server +client = 18-client-auth-TLSv1.2-require-client + +[18-client-auth-TLSv1.2-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[18-client-auth-TLSv1.2-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-18] +ExpectedResult = Success + + +# =========================================================== + +[19-client-auth-TLSv1.2-noroot] +ssl_conf = 19-client-auth-TLSv1.2-noroot-ssl + +[19-client-auth-TLSv1.2-noroot-ssl] +server = 19-client-auth-TLSv1.2-noroot-server +client = 19-client-auth-TLSv1.2-noroot-client + +[19-client-auth-TLSv1.2-noroot-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Require + +[19-client-auth-TLSv1.2-noroot-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-19] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA + + diff --git a/openssl-1.1.0h/test/ssl-tests/04-client_auth.conf.in b/openssl-1.1.0h/test/ssl-tests/04-client_auth.conf.in new file mode 100644 index 0000000..8738aaa --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/04-client_auth.conf.in @@ -0,0 +1,123 @@ +# -*- mode: perl; -*- + +## SSL test configurations + +package ssltests; + +use strict; +use warnings; + +use OpenSSL::Test; +use OpenSSL::Test::Utils qw(anydisabled); +setup("no_test_here"); + +# We test version-flexible negotiation (undef) and each protocol version. +my @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"); + +my @is_disabled = (0); +push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2"); + +our @tests = (); + +sub generate_tests() { + + foreach (0..$#protocols) { + my $protocol = $protocols[$_]; + my $protocol_name = $protocol || "flex"; + my $caalert; + if (!$is_disabled[$_]) { + if ($protocol_name eq "SSLv3") { + $caalert = "BadCertificate"; + } else { + $caalert = "UnknownCA"; + } + # Sanity-check simple handshake. + push @tests, { + name => "server-auth-${protocol_name}", + server => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol + }, + client => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol + }, + test => { "ExpectedResult" => "Success" }, + }; + + # Handshake with client cert requested but not required or received. + push @tests, { + name => "client-auth-${protocol_name}-request", + server => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "VerifyMode" => "Request" + }, + client => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol + }, + test => { "ExpectedResult" => "Success" }, + }; + + # Handshake with client cert required but not present. + push @tests, { + name => "client-auth-${protocol_name}-require-fail", + server => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require", + }, + client => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol + }, + test => { + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => "HandshakeFailure", + }, + }; + + # Successful handshake with client authentication. + push @tests, { + name => "client-auth-${protocol_name}-require", + server => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Request", + }, + client => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { "ExpectedResult" => "Success" }, + }; + + # Handshake with client authentication but without the root certificate. + push @tests, { + name => "client-auth-${protocol_name}-noroot", + server => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "VerifyMode" => "Require", + }, + client => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => $caalert, + }, + }; + } + } +} + +generate_tests(); diff --git a/openssl-1.1.0h/test/ssl-tests/05-sni.conf b/openssl-1.1.0h/test/ssl-tests/05-sni.conf new file mode 100644 index 0000000..e1fb3d9 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/05-sni.conf @@ -0,0 +1,203 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 6 + +test-0 = 0-SNI-switch-context +test-1 = 1-SNI-keep-context +test-2 = 2-SNI-no-server-support +test-3 = 3-SNI-no-client-support +test-4 = 4-SNI-bad-sni-ignore-mismatch +test-5 = 5-SNI-bad-sni-reject-mismatch +# =========================================================== + +[0-SNI-switch-context] +ssl_conf = 0-SNI-switch-context-ssl + +[0-SNI-switch-context-ssl] +server = 0-SNI-switch-context-server +client = 0-SNI-switch-context-client +server2 = 0-SNI-switch-context-server + +[0-SNI-switch-context-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-SNI-switch-context-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +ExpectedServerName = server2 +server = 0-SNI-switch-context-server-extra +server2 = 0-SNI-switch-context-server-extra +client = 0-SNI-switch-context-client-extra + +[0-SNI-switch-context-server-extra] +ServerNameCallback = IgnoreMismatch + +[0-SNI-switch-context-client-extra] +ServerName = server2 + + +# =========================================================== + +[1-SNI-keep-context] +ssl_conf = 1-SNI-keep-context-ssl + +[1-SNI-keep-context-ssl] +server = 1-SNI-keep-context-server +client = 1-SNI-keep-context-client +server2 = 1-SNI-keep-context-server + +[1-SNI-keep-context-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-SNI-keep-context-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success +ExpectedServerName = server1 +server = 1-SNI-keep-context-server-extra +server2 = 1-SNI-keep-context-server-extra +client = 1-SNI-keep-context-client-extra + +[1-SNI-keep-context-server-extra] +ServerNameCallback = IgnoreMismatch + +[1-SNI-keep-context-client-extra] +ServerName = server1 + + +# =========================================================== + +[2-SNI-no-server-support] +ssl_conf = 2-SNI-no-server-support-ssl + +[2-SNI-no-server-support-ssl] +server = 2-SNI-no-server-support-server +client = 2-SNI-no-server-support-client + +[2-SNI-no-server-support-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-SNI-no-server-support-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success +client = 2-SNI-no-server-support-client-extra + +[2-SNI-no-server-support-client-extra] +ServerName = server1 + + +# =========================================================== + +[3-SNI-no-client-support] +ssl_conf = 3-SNI-no-client-support-ssl + +[3-SNI-no-client-support-ssl] +server = 3-SNI-no-client-support-server +client = 3-SNI-no-client-support-client +server2 = 3-SNI-no-client-support-server + +[3-SNI-no-client-support-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-SNI-no-client-support-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +ExpectedServerName = server1 +server = 3-SNI-no-client-support-server-extra +server2 = 3-SNI-no-client-support-server-extra + +[3-SNI-no-client-support-server-extra] +ServerNameCallback = IgnoreMismatch + + +# =========================================================== + +[4-SNI-bad-sni-ignore-mismatch] +ssl_conf = 4-SNI-bad-sni-ignore-mismatch-ssl + +[4-SNI-bad-sni-ignore-mismatch-ssl] +server = 4-SNI-bad-sni-ignore-mismatch-server +client = 4-SNI-bad-sni-ignore-mismatch-client +server2 = 4-SNI-bad-sni-ignore-mismatch-server + +[4-SNI-bad-sni-ignore-mismatch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-SNI-bad-sni-ignore-mismatch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success +ExpectedServerName = server1 +server = 4-SNI-bad-sni-ignore-mismatch-server-extra +server2 = 4-SNI-bad-sni-ignore-mismatch-server-extra +client = 4-SNI-bad-sni-ignore-mismatch-client-extra + +[4-SNI-bad-sni-ignore-mismatch-server-extra] +ServerNameCallback = IgnoreMismatch + +[4-SNI-bad-sni-ignore-mismatch-client-extra] +ServerName = invalid + + +# =========================================================== + +[5-SNI-bad-sni-reject-mismatch] +ssl_conf = 5-SNI-bad-sni-reject-mismatch-ssl + +[5-SNI-bad-sni-reject-mismatch-ssl] +server = 5-SNI-bad-sni-reject-mismatch-server +client = 5-SNI-bad-sni-reject-mismatch-client +server2 = 5-SNI-bad-sni-reject-mismatch-server + +[5-SNI-bad-sni-reject-mismatch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-SNI-bad-sni-reject-mismatch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = ServerFail +ExpectedServerAlert = UnrecognizedName +server = 5-SNI-bad-sni-reject-mismatch-server-extra +server2 = 5-SNI-bad-sni-reject-mismatch-server-extra +client = 5-SNI-bad-sni-reject-mismatch-client-extra + +[5-SNI-bad-sni-reject-mismatch-server-extra] +ServerNameCallback = RejectMismatch + +[5-SNI-bad-sni-reject-mismatch-client-extra] +ServerName = invalid + + diff --git a/openssl-1.1.0h/test/ssl-tests/05-sni.conf.in b/openssl-1.1.0h/test/ssl-tests/05-sni.conf.in new file mode 100644 index 0000000..76003e7 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/05-sni.conf.in @@ -0,0 +1,112 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## SSL test configurations + +use strict; +use warnings; + +package ssltests; + +our @tests = ( + { + name => "SNI-switch-context", + server => { + extra => { + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + client => { + extra => { + "ServerName" => "server2", + }, + }, + test => { + "ExpectedServerName" => "server2", + "ExpectedResult" => "Success" + }, + }, + { + name => "SNI-keep-context", + server => { + extra => { + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + client => { + extra => { + "ServerName" => "server1", + }, + }, + test => { + "ExpectedServerName" => "server1", + "ExpectedResult" => "Success" + }, + }, + { + name => "SNI-no-server-support", + server => { }, + client => { + extra => { + "ServerName" => "server1", + }, + }, + test => { "ExpectedResult" => "Success" }, + }, + { + name => "SNI-no-client-support", + server => { + extra => { + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + client => { }, + test => { + # We expect that the callback is still called + # to let the application decide whether they tolerate + # missing SNI (as our test callback does). + "ExpectedServerName" => "server1", + "ExpectedResult" => "Success" + }, + }, + { + name => "SNI-bad-sni-ignore-mismatch", + server => { + extra => { + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + client => { + extra => { + "ServerName" => "invalid", + }, + }, + test => { + "ExpectedServerName" => "server1", + "ExpectedResult" => "Success" + }, + }, + { + name => "SNI-bad-sni-reject-mismatch", + server => { + extra => { + "ServerNameCallback" => "RejectMismatch", + }, + }, + client => { + extra => { + "ServerName" => "invalid", + }, + }, + test => { + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => "UnrecognizedName" + }, + }, +); diff --git a/openssl-1.1.0h/test/ssl-tests/06-sni-ticket.conf b/openssl-1.1.0h/test/ssl-tests/06-sni-ticket.conf new file mode 100644 index 0000000..9620e01 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/06-sni-ticket.conf @@ -0,0 +1,734 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 17 + +test-0 = 0-sni-session-ticket +test-1 = 1-sni-session-ticket +test-2 = 2-sni-session-ticket +test-3 = 3-sni-session-ticket +test-4 = 4-sni-session-ticket +test-5 = 5-sni-session-ticket +test-6 = 6-sni-session-ticket +test-7 = 7-sni-session-ticket +test-8 = 8-sni-session-ticket +test-9 = 9-sni-session-ticket +test-10 = 10-sni-session-ticket +test-11 = 11-sni-session-ticket +test-12 = 12-sni-session-ticket +test-13 = 13-sni-session-ticket +test-14 = 14-sni-session-ticket +test-15 = 15-sni-session-ticket +test-16 = 16-sni-session-ticket +# =========================================================== + +[0-sni-session-ticket] +ssl_conf = 0-sni-session-ticket-ssl + +[0-sni-session-ticket-ssl] +server = 0-sni-session-ticket-server +client = 0-sni-session-ticket-client +server2 = 0-sni-session-ticket-server2 + +[0-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-sni-session-ticket-client] +CipherString = DEFAULT +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +SessionTicketExpected = No +server = 0-sni-session-ticket-server-extra +client = 0-sni-session-ticket-client-extra + +[0-sni-session-ticket-server-extra] +BrokenSessionTicket = Yes + +[0-sni-session-ticket-client-extra] +ServerName = server1 + + +# =========================================================== + +[1-sni-session-ticket] +ssl_conf = 1-sni-session-ticket-ssl + +[1-sni-session-ticket-ssl] +server = 1-sni-session-ticket-server +client = 1-sni-session-ticket-client +server2 = 1-sni-session-ticket-server2 + +[1-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-sni-session-ticket-client] +CipherString = DEFAULT +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success +ExpectedServerName = server1 +SessionTicketExpected = Yes +server = 1-sni-session-ticket-server-extra +client = 1-sni-session-ticket-client-extra + +[1-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[1-sni-session-ticket-client-extra] +ServerName = server1 + + +# =========================================================== + +[2-sni-session-ticket] +ssl_conf = 2-sni-session-ticket-ssl + +[2-sni-session-ticket-ssl] +server = 2-sni-session-ticket-server +client = 2-sni-session-ticket-client +server2 = 2-sni-session-ticket-server2 + +[2-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-sni-session-ticket-client] +CipherString = DEFAULT +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success +ExpectedServerName = server2 +SessionTicketExpected = Yes +server = 2-sni-session-ticket-server-extra +client = 2-sni-session-ticket-client-extra + +[2-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[2-sni-session-ticket-client-extra] +ServerName = server2 + + +# =========================================================== + +[3-sni-session-ticket] +ssl_conf = 3-sni-session-ticket-ssl + +[3-sni-session-ticket-ssl] +server = 3-sni-session-ticket-server +client = 3-sni-session-ticket-client +server2 = 3-sni-session-ticket-server2 + +[3-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-sni-session-ticket-client] +CipherString = DEFAULT +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +ExpectedServerName = server1 +SessionTicketExpected = Yes +server = 3-sni-session-ticket-server-extra +client = 3-sni-session-ticket-client-extra + +[3-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[3-sni-session-ticket-client-extra] +ServerName = server1 + + +# =========================================================== + +[4-sni-session-ticket] +ssl_conf = 4-sni-session-ticket-ssl + +[4-sni-session-ticket-ssl] +server = 4-sni-session-ticket-server +client = 4-sni-session-ticket-client +server2 = 4-sni-session-ticket-server2 + +[4-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-sni-session-ticket-client] +CipherString = DEFAULT +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success +ExpectedServerName = server2 +SessionTicketExpected = No +server = 4-sni-session-ticket-server-extra +client = 4-sni-session-ticket-client-extra + +[4-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[4-sni-session-ticket-client-extra] +ServerName = server2 + + +# =========================================================== + +[5-sni-session-ticket] +ssl_conf = 5-sni-session-ticket-ssl + +[5-sni-session-ticket-ssl] +server = 5-sni-session-ticket-server +client = 5-sni-session-ticket-client +server2 = 5-sni-session-ticket-server2 + +[5-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-sni-session-ticket-client] +CipherString = DEFAULT +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = Success +ExpectedServerName = server1 +SessionTicketExpected = No +server = 5-sni-session-ticket-server-extra +client = 5-sni-session-ticket-client-extra + +[5-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[5-sni-session-ticket-client-extra] +ServerName = server1 + + +# =========================================================== + +[6-sni-session-ticket] +ssl_conf = 6-sni-session-ticket-ssl + +[6-sni-session-ticket-ssl] +server = 6-sni-session-ticket-server +client = 6-sni-session-ticket-client +server2 = 6-sni-session-ticket-server2 + +[6-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-sni-session-ticket-client] +CipherString = DEFAULT +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = Success +ExpectedServerName = server2 +SessionTicketExpected = No +server = 6-sni-session-ticket-server-extra +client = 6-sni-session-ticket-client-extra + +[6-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[6-sni-session-ticket-client-extra] +ServerName = server2 + + +# =========================================================== + +[7-sni-session-ticket] +ssl_conf = 7-sni-session-ticket-ssl + +[7-sni-session-ticket-ssl] +server = 7-sni-session-ticket-server +client = 7-sni-session-ticket-client +server2 = 7-sni-session-ticket-server2 + +[7-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-sni-session-ticket-client] +CipherString = DEFAULT +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = Success +ExpectedServerName = server1 +SessionTicketExpected = No +server = 7-sni-session-ticket-server-extra +client = 7-sni-session-ticket-client-extra + +[7-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[7-sni-session-ticket-client-extra] +ServerName = server1 + + +# =========================================================== + +[8-sni-session-ticket] +ssl_conf = 8-sni-session-ticket-ssl + +[8-sni-session-ticket-ssl] +server = 8-sni-session-ticket-server +client = 8-sni-session-ticket-client +server2 = 8-sni-session-ticket-server2 + +[8-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-sni-session-ticket-client] +CipherString = DEFAULT +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedResult = Success +ExpectedServerName = server2 +SessionTicketExpected = No +server = 8-sni-session-ticket-server-extra +client = 8-sni-session-ticket-client-extra + +[8-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[8-sni-session-ticket-client-extra] +ServerName = server2 + + +# =========================================================== + +[9-sni-session-ticket] +ssl_conf = 9-sni-session-ticket-ssl + +[9-sni-session-ticket-ssl] +server = 9-sni-session-ticket-server +client = 9-sni-session-ticket-client +server2 = 9-sni-session-ticket-server2 + +[9-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-sni-session-ticket-client] +CipherString = DEFAULT +Options = -SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedResult = Success +ExpectedServerName = server1 +SessionTicketExpected = No +server = 9-sni-session-ticket-server-extra +client = 9-sni-session-ticket-client-extra + +[9-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[9-sni-session-ticket-client-extra] +ServerName = server1 + + +# =========================================================== + +[10-sni-session-ticket] +ssl_conf = 10-sni-session-ticket-ssl + +[10-sni-session-ticket-ssl] +server = 10-sni-session-ticket-server +client = 10-sni-session-ticket-client +server2 = 10-sni-session-ticket-server2 + +[10-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-sni-session-ticket-client] +CipherString = DEFAULT +Options = -SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedResult = Success +ExpectedServerName = server2 +SessionTicketExpected = No +server = 10-sni-session-ticket-server-extra +client = 10-sni-session-ticket-client-extra + +[10-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[10-sni-session-ticket-client-extra] +ServerName = server2 + + +# =========================================================== + +[11-sni-session-ticket] +ssl_conf = 11-sni-session-ticket-ssl + +[11-sni-session-ticket-ssl] +server = 11-sni-session-ticket-server +client = 11-sni-session-ticket-client +server2 = 11-sni-session-ticket-server2 + +[11-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-sni-session-ticket-client] +CipherString = DEFAULT +Options = -SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedResult = Success +ExpectedServerName = server1 +SessionTicketExpected = No +server = 11-sni-session-ticket-server-extra +client = 11-sni-session-ticket-client-extra + +[11-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[11-sni-session-ticket-client-extra] +ServerName = server1 + + +# =========================================================== + +[12-sni-session-ticket] +ssl_conf = 12-sni-session-ticket-ssl + +[12-sni-session-ticket-ssl] +server = 12-sni-session-ticket-server +client = 12-sni-session-ticket-client +server2 = 12-sni-session-ticket-server2 + +[12-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-sni-session-ticket-client] +CipherString = DEFAULT +Options = -SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedResult = Success +ExpectedServerName = server2 +SessionTicketExpected = No +server = 12-sni-session-ticket-server-extra +client = 12-sni-session-ticket-client-extra + +[12-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[12-sni-session-ticket-client-extra] +ServerName = server2 + + +# =========================================================== + +[13-sni-session-ticket] +ssl_conf = 13-sni-session-ticket-ssl + +[13-sni-session-ticket-ssl] +server = 13-sni-session-ticket-server +client = 13-sni-session-ticket-client +server2 = 13-sni-session-ticket-server2 + +[13-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-sni-session-ticket-client] +CipherString = DEFAULT +Options = -SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedResult = Success +ExpectedServerName = server1 +SessionTicketExpected = No +server = 13-sni-session-ticket-server-extra +client = 13-sni-session-ticket-client-extra + +[13-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[13-sni-session-ticket-client-extra] +ServerName = server1 + + +# =========================================================== + +[14-sni-session-ticket] +ssl_conf = 14-sni-session-ticket-ssl + +[14-sni-session-ticket-ssl] +server = 14-sni-session-ticket-server +client = 14-sni-session-ticket-client +server2 = 14-sni-session-ticket-server2 + +[14-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-sni-session-ticket-client] +CipherString = DEFAULT +Options = -SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedResult = Success +ExpectedServerName = server2 +SessionTicketExpected = No +server = 14-sni-session-ticket-server-extra +client = 14-sni-session-ticket-client-extra + +[14-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[14-sni-session-ticket-client-extra] +ServerName = server2 + + +# =========================================================== + +[15-sni-session-ticket] +ssl_conf = 15-sni-session-ticket-ssl + +[15-sni-session-ticket-ssl] +server = 15-sni-session-ticket-server +client = 15-sni-session-ticket-client +server2 = 15-sni-session-ticket-server2 + +[15-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-sni-session-ticket-client] +CipherString = DEFAULT +Options = -SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedResult = Success +ExpectedServerName = server1 +SessionTicketExpected = No +server = 15-sni-session-ticket-server-extra +client = 15-sni-session-ticket-client-extra + +[15-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[15-sni-session-ticket-client-extra] +ServerName = server1 + + +# =========================================================== + +[16-sni-session-ticket] +ssl_conf = 16-sni-session-ticket-ssl + +[16-sni-session-ticket-ssl] +server = 16-sni-session-ticket-server +client = 16-sni-session-ticket-client +server2 = 16-sni-session-ticket-server2 + +[16-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-sni-session-ticket-client] +CipherString = DEFAULT +Options = -SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +ExpectedResult = Success +ExpectedServerName = server2 +SessionTicketExpected = No +server = 16-sni-session-ticket-server-extra +client = 16-sni-session-ticket-client-extra + +[16-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[16-sni-session-ticket-client-extra] +ServerName = server2 + + diff --git a/openssl-1.1.0h/test/ssl-tests/06-sni-ticket.conf.in b/openssl-1.1.0h/test/ssl-tests/06-sni-ticket.conf.in new file mode 100644 index 0000000..ea92b62 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/06-sni-ticket.conf.in @@ -0,0 +1,95 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test Session ticket + +use strict; +use warnings; + +package ssltests; + + +our @tests = (); + +sub generate_tests() { + foreach my $c ("SessionTicket", "-SessionTicket") { + foreach my $s1 ("SessionTicket", "-SessionTicket") { + foreach my $s2 ("SessionTicket", "-SessionTicket") { + foreach my $n ("server1", "server2") { + my $result = expected_result($c, $s1, $s2, $n); + push @tests, { + "name" => "sni-session-ticket", + "client" => { + "Options" => $c, + "extra" => { + "ServerName" => $n, + }, + }, + "server" => { + "Options" => $s1, + "extra" => { + # We don't test mismatch here. + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + "server2" => { + "Options" => $s2, + }, + "test" => { + "ExpectedServerName" => $n, + "ExpectedResult" => "Success", + "SessionTicketExpected" => $result, + } + }; + } + } + } + } +} + +# If the client has session tickets disabled, then No support +# If the server initial_ctx has session tickets disabled, then No support +# If SNI is in use, then if the "switched-to" context has session tickets disabled, +# then No support +sub expected_result { + my ($c, $s1, $s2, $n) = @_; + + return "No" if $c eq "-SessionTicket"; + return "No" if $s1 eq "-SessionTicket"; + return "No" if ($s2 eq "-SessionTicket" && $n eq "server2"); + + return "Yes"; + +} + +# Add a "Broken" case. +push @tests, { + "name" => "sni-session-ticket", + "client" => { + "Options" => "SessionTicket", + "extra" => { + "ServerName" => "server1", + } + }, + "server" => { + "Options" => "SessionTicket", + "extra" => { + "BrokenSessionTicket" => "Yes", + }, + }, + "server2" => { + "Options" => "SessionTicket", + }, + "test" => { + "ExpectedResult" => "Success", + "SessionTicketExpected" => "No", + } +}; + +generate_tests(); diff --git a/openssl-1.1.0h/test/ssl-tests/07-dtls-protocol-version.conf b/openssl-1.1.0h/test/ssl-tests/07-dtls-protocol-version.conf new file mode 100644 index 0000000..3304a3b --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/07-dtls-protocol-version.conf @@ -0,0 +1,1820 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 64 + +test-0 = 0-version-negotiation +test-1 = 1-version-negotiation +test-2 = 2-version-negotiation +test-3 = 3-version-negotiation +test-4 = 4-version-negotiation +test-5 = 5-version-negotiation +test-6 = 6-version-negotiation +test-7 = 7-version-negotiation +test-8 = 8-version-negotiation +test-9 = 9-version-negotiation +test-10 = 10-version-negotiation +test-11 = 11-version-negotiation +test-12 = 12-version-negotiation +test-13 = 13-version-negotiation +test-14 = 14-version-negotiation +test-15 = 15-version-negotiation +test-16 = 16-version-negotiation +test-17 = 17-version-negotiation +test-18 = 18-version-negotiation +test-19 = 19-version-negotiation +test-20 = 20-version-negotiation +test-21 = 21-version-negotiation +test-22 = 22-version-negotiation +test-23 = 23-version-negotiation +test-24 = 24-version-negotiation +test-25 = 25-version-negotiation +test-26 = 26-version-negotiation +test-27 = 27-version-negotiation +test-28 = 28-version-negotiation +test-29 = 29-version-negotiation +test-30 = 30-version-negotiation +test-31 = 31-version-negotiation +test-32 = 32-version-negotiation +test-33 = 33-version-negotiation +test-34 = 34-version-negotiation +test-35 = 35-version-negotiation +test-36 = 36-version-negotiation +test-37 = 37-version-negotiation +test-38 = 38-version-negotiation +test-39 = 39-version-negotiation +test-40 = 40-version-negotiation +test-41 = 41-version-negotiation +test-42 = 42-version-negotiation +test-43 = 43-version-negotiation +test-44 = 44-version-negotiation +test-45 = 45-version-negotiation +test-46 = 46-version-negotiation +test-47 = 47-version-negotiation +test-48 = 48-version-negotiation +test-49 = 49-version-negotiation +test-50 = 50-version-negotiation +test-51 = 51-version-negotiation +test-52 = 52-version-negotiation +test-53 = 53-version-negotiation +test-54 = 54-version-negotiation +test-55 = 55-version-negotiation +test-56 = 56-version-negotiation +test-57 = 57-version-negotiation +test-58 = 58-version-negotiation +test-59 = 59-version-negotiation +test-60 = 60-version-negotiation +test-61 = 61-version-negotiation +test-62 = 62-version-negotiation +test-63 = 63-version-negotiation +# =========================================================== + +[0-version-negotiation] +ssl_conf = 0-version-negotiation-ssl + +[0-version-negotiation-ssl] +server = 0-version-negotiation-server +client = 0-version-negotiation-client + +[0-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[1-version-negotiation] +ssl_conf = 1-version-negotiation-ssl + +[1-version-negotiation-ssl] +server = 1-version-negotiation-server +client = 1-version-negotiation-client + +[1-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[2-version-negotiation] +ssl_conf = 2-version-negotiation-ssl + +[2-version-negotiation-ssl] +server = 2-version-negotiation-server +client = 2-version-negotiation-client + +[2-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[3-version-negotiation] +ssl_conf = 3-version-negotiation-ssl + +[3-version-negotiation-ssl] +server = 3-version-negotiation-server +client = 3-version-negotiation-client + +[3-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[4-version-negotiation] +ssl_conf = 4-version-negotiation-ssl + +[4-version-negotiation-ssl] +server = 4-version-negotiation-server +client = 4-version-negotiation-client + +[4-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[5-version-negotiation] +ssl_conf = 5-version-negotiation-ssl + +[5-version-negotiation-ssl] +server = 5-version-negotiation-server +client = 5-version-negotiation-client + +[5-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[6-version-negotiation] +ssl_conf = 6-version-negotiation-ssl + +[6-version-negotiation-ssl] +server = 6-version-negotiation-server +client = 6-version-negotiation-client + +[6-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = ServerFail +Method = DTLS + + +# =========================================================== + +[7-version-negotiation] +ssl_conf = 7-version-negotiation-ssl + +[7-version-negotiation-ssl] +server = 7-version-negotiation-server +client = 7-version-negotiation-client + +[7-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = ServerFail +Method = DTLS + + +# =========================================================== + +[8-version-negotiation] +ssl_conf = 8-version-negotiation-ssl + +[8-version-negotiation-ssl] +server = 8-version-negotiation-server +client = 8-version-negotiation-client + +[8-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[9-version-negotiation] +ssl_conf = 9-version-negotiation-ssl + +[9-version-negotiation-ssl] +server = 9-version-negotiation-server +client = 9-version-negotiation-client + +[9-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[10-version-negotiation] +ssl_conf = 10-version-negotiation-ssl + +[10-version-negotiation-ssl] +server = 10-version-negotiation-server +client = 10-version-negotiation-client + +[10-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[11-version-negotiation] +ssl_conf = 11-version-negotiation-ssl + +[11-version-negotiation-ssl] +server = 11-version-negotiation-server +client = 11-version-negotiation-client + +[11-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[12-version-negotiation] +ssl_conf = 12-version-negotiation-ssl + +[12-version-negotiation-ssl] +server = 12-version-negotiation-server +client = 12-version-negotiation-client + +[12-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[13-version-negotiation] +ssl_conf = 13-version-negotiation-ssl + +[13-version-negotiation-ssl] +server = 13-version-negotiation-server +client = 13-version-negotiation-client + +[13-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[14-version-negotiation] +ssl_conf = 14-version-negotiation-ssl + +[14-version-negotiation-ssl] +server = 14-version-negotiation-server +client = 14-version-negotiation-client + +[14-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[15-version-negotiation] +ssl_conf = 15-version-negotiation-ssl + +[15-version-negotiation-ssl] +server = 15-version-negotiation-server +client = 15-version-negotiation-client + +[15-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[16-version-negotiation] +ssl_conf = 16-version-negotiation-ssl + +[16-version-negotiation-ssl] +server = 16-version-negotiation-server +client = 16-version-negotiation-client + +[16-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[17-version-negotiation] +ssl_conf = 17-version-negotiation-ssl + +[17-version-negotiation-ssl] +server = 17-version-negotiation-server +client = 17-version-negotiation-client + +[17-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[17-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-17] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[18-version-negotiation] +ssl_conf = 18-version-negotiation-ssl + +[18-version-negotiation-ssl] +server = 18-version-negotiation-server +client = 18-version-negotiation-client + +[18-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-18] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[19-version-negotiation] +ssl_conf = 19-version-negotiation-ssl + +[19-version-negotiation-ssl] +server = 19-version-negotiation-server +client = 19-version-negotiation-client + +[19-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-19] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[20-version-negotiation] +ssl_conf = 20-version-negotiation-ssl + +[20-version-negotiation-ssl] +server = 20-version-negotiation-server +client = 20-version-negotiation-client + +[20-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[20-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-20] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[21-version-negotiation] +ssl_conf = 21-version-negotiation-ssl + +[21-version-negotiation-ssl] +server = 21-version-negotiation-server +client = 21-version-negotiation-client + +[21-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[21-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-21] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[22-version-negotiation] +ssl_conf = 22-version-negotiation-ssl + +[22-version-negotiation-ssl] +server = 22-version-negotiation-server +client = 22-version-negotiation-client + +[22-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[22-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-22] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[23-version-negotiation] +ssl_conf = 23-version-negotiation-ssl + +[23-version-negotiation-ssl] +server = 23-version-negotiation-server +client = 23-version-negotiation-client + +[23-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[23-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-23] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[24-version-negotiation] +ssl_conf = 24-version-negotiation-ssl + +[24-version-negotiation-ssl] +server = 24-version-negotiation-server +client = 24-version-negotiation-client + +[24-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[24-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-24] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[25-version-negotiation] +ssl_conf = 25-version-negotiation-ssl + +[25-version-negotiation-ssl] +server = 25-version-negotiation-server +client = 25-version-negotiation-client + +[25-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[25-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-25] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[26-version-negotiation] +ssl_conf = 26-version-negotiation-ssl + +[26-version-negotiation-ssl] +server = 26-version-negotiation-server +client = 26-version-negotiation-client + +[26-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[26-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-26] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[27-version-negotiation] +ssl_conf = 27-version-negotiation-ssl + +[27-version-negotiation-ssl] +server = 27-version-negotiation-server +client = 27-version-negotiation-client + +[27-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[27-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-27] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[28-version-negotiation] +ssl_conf = 28-version-negotiation-ssl + +[28-version-negotiation-ssl] +server = 28-version-negotiation-server +client = 28-version-negotiation-client + +[28-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[28-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-28] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[29-version-negotiation] +ssl_conf = 29-version-negotiation-ssl + +[29-version-negotiation-ssl] +server = 29-version-negotiation-server +client = 29-version-negotiation-client + +[29-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[29-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-29] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[30-version-negotiation] +ssl_conf = 30-version-negotiation-ssl + +[30-version-negotiation-ssl] +server = 30-version-negotiation-server +client = 30-version-negotiation-client + +[30-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[30-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-30] +ExpectedResult = ServerFail +Method = DTLS + + +# =========================================================== + +[31-version-negotiation] +ssl_conf = 31-version-negotiation-ssl + +[31-version-negotiation-ssl] +server = 31-version-negotiation-server +client = 31-version-negotiation-client + +[31-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[31-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-31] +ExpectedResult = ServerFail +Method = DTLS + + +# =========================================================== + +[32-version-negotiation] +ssl_conf = 32-version-negotiation-ssl + +[32-version-negotiation-ssl] +server = 32-version-negotiation-server +client = 32-version-negotiation-client + +[32-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[32-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-32] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[33-version-negotiation] +ssl_conf = 33-version-negotiation-ssl + +[33-version-negotiation-ssl] +server = 33-version-negotiation-server +client = 33-version-negotiation-client + +[33-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[33-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-33] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[34-version-negotiation] +ssl_conf = 34-version-negotiation-ssl + +[34-version-negotiation-ssl] +server = 34-version-negotiation-server +client = 34-version-negotiation-client + +[34-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[34-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-34] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[35-version-negotiation] +ssl_conf = 35-version-negotiation-ssl + +[35-version-negotiation-ssl] +server = 35-version-negotiation-server +client = 35-version-negotiation-client + +[35-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[35-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-35] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[36-version-negotiation] +ssl_conf = 36-version-negotiation-ssl + +[36-version-negotiation-ssl] +server = 36-version-negotiation-server +client = 36-version-negotiation-client + +[36-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[36-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-36] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[37-version-negotiation] +ssl_conf = 37-version-negotiation-ssl + +[37-version-negotiation-ssl] +server = 37-version-negotiation-server +client = 37-version-negotiation-client + +[37-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[37-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-37] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[38-version-negotiation] +ssl_conf = 38-version-negotiation-ssl + +[38-version-negotiation-ssl] +server = 38-version-negotiation-server +client = 38-version-negotiation-client + +[38-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[38-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-38] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[39-version-negotiation] +ssl_conf = 39-version-negotiation-ssl + +[39-version-negotiation-ssl] +server = 39-version-negotiation-server +client = 39-version-negotiation-client + +[39-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[39-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-39] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[40-version-negotiation] +ssl_conf = 40-version-negotiation-ssl + +[40-version-negotiation-ssl] +server = 40-version-negotiation-server +client = 40-version-negotiation-client + +[40-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[40-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-40] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[41-version-negotiation] +ssl_conf = 41-version-negotiation-ssl + +[41-version-negotiation-ssl] +server = 41-version-negotiation-server +client = 41-version-negotiation-client + +[41-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[41-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-41] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[42-version-negotiation] +ssl_conf = 42-version-negotiation-ssl + +[42-version-negotiation-ssl] +server = 42-version-negotiation-server +client = 42-version-negotiation-client + +[42-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[42-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-42] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[43-version-negotiation] +ssl_conf = 43-version-negotiation-ssl + +[43-version-negotiation-ssl] +server = 43-version-negotiation-server +client = 43-version-negotiation-client + +[43-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[43-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-43] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[44-version-negotiation] +ssl_conf = 44-version-negotiation-ssl + +[44-version-negotiation-ssl] +server = 44-version-negotiation-server +client = 44-version-negotiation-client + +[44-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[44-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-44] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[45-version-negotiation] +ssl_conf = 45-version-negotiation-ssl + +[45-version-negotiation-ssl] +server = 45-version-negotiation-server +client = 45-version-negotiation-client + +[45-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[45-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-45] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[46-version-negotiation] +ssl_conf = 46-version-negotiation-ssl + +[46-version-negotiation-ssl] +server = 46-version-negotiation-server +client = 46-version-negotiation-client + +[46-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[46-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-46] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[47-version-negotiation] +ssl_conf = 47-version-negotiation-ssl + +[47-version-negotiation-ssl] +server = 47-version-negotiation-server +client = 47-version-negotiation-client + +[47-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[47-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-47] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[48-version-negotiation] +ssl_conf = 48-version-negotiation-ssl + +[48-version-negotiation-ssl] +server = 48-version-negotiation-server +client = 48-version-negotiation-client + +[48-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[48-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-48] +ExpectedResult = ClientFail +Method = DTLS + + +# =========================================================== + +[49-version-negotiation] +ssl_conf = 49-version-negotiation-ssl + +[49-version-negotiation-ssl] +server = 49-version-negotiation-server +client = 49-version-negotiation-client + +[49-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[49-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-49] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[50-version-negotiation] +ssl_conf = 50-version-negotiation-ssl + +[50-version-negotiation-ssl] +server = 50-version-negotiation-server +client = 50-version-negotiation-client + +[50-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[50-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-50] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[51-version-negotiation] +ssl_conf = 51-version-negotiation-ssl + +[51-version-negotiation-ssl] +server = 51-version-negotiation-server +client = 51-version-negotiation-client + +[51-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[51-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-51] +ExpectedResult = ClientFail +Method = DTLS + + +# =========================================================== + +[52-version-negotiation] +ssl_conf = 52-version-negotiation-ssl + +[52-version-negotiation-ssl] +server = 52-version-negotiation-server +client = 52-version-negotiation-client + +[52-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[52-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-52] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[53-version-negotiation] +ssl_conf = 53-version-negotiation-ssl + +[53-version-negotiation-ssl] +server = 53-version-negotiation-server +client = 53-version-negotiation-client + +[53-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[53-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-53] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[54-version-negotiation] +ssl_conf = 54-version-negotiation-ssl + +[54-version-negotiation-ssl] +server = 54-version-negotiation-server +client = 54-version-negotiation-client + +[54-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[54-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-54] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[55-version-negotiation] +ssl_conf = 55-version-negotiation-ssl + +[55-version-negotiation-ssl] +server = 55-version-negotiation-server +client = 55-version-negotiation-client + +[55-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[55-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-55] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[56-version-negotiation] +ssl_conf = 56-version-negotiation-ssl + +[56-version-negotiation-ssl] +server = 56-version-negotiation-server +client = 56-version-negotiation-client + +[56-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[56-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-56] +ExpectedResult = ClientFail +Method = DTLS + + +# =========================================================== + +[57-version-negotiation] +ssl_conf = 57-version-negotiation-ssl + +[57-version-negotiation-ssl] +server = 57-version-negotiation-server +client = 57-version-negotiation-client + +[57-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[57-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-57] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[58-version-negotiation] +ssl_conf = 58-version-negotiation-ssl + +[58-version-negotiation-ssl] +server = 58-version-negotiation-server +client = 58-version-negotiation-client + +[58-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[58-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-58] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[59-version-negotiation] +ssl_conf = 59-version-negotiation-ssl + +[59-version-negotiation-ssl] +server = 59-version-negotiation-server +client = 59-version-negotiation-client + +[59-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[59-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-59] +ExpectedResult = ClientFail +Method = DTLS + + +# =========================================================== + +[60-version-negotiation] +ssl_conf = 60-version-negotiation-ssl + +[60-version-negotiation-ssl] +server = 60-version-negotiation-server +client = 60-version-negotiation-client + +[60-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[60-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-60] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[61-version-negotiation] +ssl_conf = 61-version-negotiation-ssl + +[61-version-negotiation-ssl] +server = 61-version-negotiation-server +client = 61-version-negotiation-client + +[61-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[61-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-61] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[62-version-negotiation] +ssl_conf = 62-version-negotiation-ssl + +[62-version-negotiation-ssl] +server = 62-version-negotiation-server +client = 62-version-negotiation-client + +[62-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[62-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-62] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[63-version-negotiation] +ssl_conf = 63-version-negotiation-ssl + +[63-version-negotiation-ssl] +server = 63-version-negotiation-server +client = 63-version-negotiation-client + +[63-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[63-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-63] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + diff --git a/openssl-1.1.0h/test/ssl-tests/07-dtls-protocol-version.conf.in b/openssl-1.1.0h/test/ssl-tests/07-dtls-protocol-version.conf.in new file mode 100644 index 0000000..fb3c44a --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/07-dtls-protocol-version.conf.in @@ -0,0 +1,19 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test DTLS version negotiation + +package ssltests; + +use strict; +use warnings; + +use protocol_version; + +our @tests = generate_version_tests("DTLS"); diff --git a/openssl-1.1.0h/test/ssl-tests/08-npn.conf b/openssl-1.1.0h/test/ssl-tests/08-npn.conf new file mode 100644 index 0000000..9115ef4 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/08-npn.conf @@ -0,0 +1,794 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 20 + +test-0 = 0-npn-simple +test-1 = 1-npn-client-finds-match +test-2 = 2-npn-client-honours-server-pref +test-3 = 3-npn-client-first-pref-on-mismatch +test-4 = 4-npn-no-server-support +test-5 = 5-npn-no-client-support +test-6 = 6-npn-with-sni-no-context-switch +test-7 = 7-npn-with-sni-context-switch +test-8 = 8-npn-selected-sni-server-supports-npn +test-9 = 9-npn-selected-sni-server-does-not-support-npn +test-10 = 10-alpn-preferred-over-npn +test-11 = 11-sni-npn-preferred-over-alpn +test-12 = 12-npn-simple-resumption +test-13 = 13-npn-server-switch-resumption +test-14 = 14-npn-client-switch-resumption +test-15 = 15-npn-client-first-pref-on-mismatch-resumption +test-16 = 16-npn-no-server-support-resumption +test-17 = 17-npn-no-client-support-resumption +test-18 = 18-alpn-preferred-over-npn-resumption +test-19 = 19-npn-used-if-alpn-not-supported-resumption +# =========================================================== + +[0-npn-simple] +ssl_conf = 0-npn-simple-ssl + +[0-npn-simple-ssl] +server = 0-npn-simple-server +client = 0-npn-simple-client + +[0-npn-simple-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-npn-simple-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedNPNProtocol = foo +server = 0-npn-simple-server-extra +client = 0-npn-simple-client-extra + +[0-npn-simple-server-extra] +NPNProtocols = foo + +[0-npn-simple-client-extra] +NPNProtocols = foo + + +# =========================================================== + +[1-npn-client-finds-match] +ssl_conf = 1-npn-client-finds-match-ssl + +[1-npn-client-finds-match-ssl] +server = 1-npn-client-finds-match-server +client = 1-npn-client-finds-match-client + +[1-npn-client-finds-match-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-npn-client-finds-match-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedNPNProtocol = bar +server = 1-npn-client-finds-match-server-extra +client = 1-npn-client-finds-match-client-extra + +[1-npn-client-finds-match-server-extra] +NPNProtocols = baz,bar + +[1-npn-client-finds-match-client-extra] +NPNProtocols = foo,bar + + +# =========================================================== + +[2-npn-client-honours-server-pref] +ssl_conf = 2-npn-client-honours-server-pref-ssl + +[2-npn-client-honours-server-pref-ssl] +server = 2-npn-client-honours-server-pref-server +client = 2-npn-client-honours-server-pref-client + +[2-npn-client-honours-server-pref-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-npn-client-honours-server-pref-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedNPNProtocol = bar +server = 2-npn-client-honours-server-pref-server-extra +client = 2-npn-client-honours-server-pref-client-extra + +[2-npn-client-honours-server-pref-server-extra] +NPNProtocols = bar,foo + +[2-npn-client-honours-server-pref-client-extra] +NPNProtocols = foo,bar + + +# =========================================================== + +[3-npn-client-first-pref-on-mismatch] +ssl_conf = 3-npn-client-first-pref-on-mismatch-ssl + +[3-npn-client-first-pref-on-mismatch-ssl] +server = 3-npn-client-first-pref-on-mismatch-server +client = 3-npn-client-first-pref-on-mismatch-client + +[3-npn-client-first-pref-on-mismatch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-npn-client-first-pref-on-mismatch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedNPNProtocol = foo +server = 3-npn-client-first-pref-on-mismatch-server-extra +client = 3-npn-client-first-pref-on-mismatch-client-extra + +[3-npn-client-first-pref-on-mismatch-server-extra] +NPNProtocols = baz + +[3-npn-client-first-pref-on-mismatch-client-extra] +NPNProtocols = foo,bar + + +# =========================================================== + +[4-npn-no-server-support] +ssl_conf = 4-npn-no-server-support-ssl + +[4-npn-no-server-support-ssl] +server = 4-npn-no-server-support-server +client = 4-npn-no-server-support-client + +[4-npn-no-server-support-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-npn-no-server-support-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +client = 4-npn-no-server-support-client-extra + +[4-npn-no-server-support-client-extra] +NPNProtocols = foo + + +# =========================================================== + +[5-npn-no-client-support] +ssl_conf = 5-npn-no-client-support-ssl + +[5-npn-no-client-support-ssl] +server = 5-npn-no-client-support-server +client = 5-npn-no-client-support-client + +[5-npn-no-client-support-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-npn-no-client-support-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +server = 5-npn-no-client-support-server-extra + +[5-npn-no-client-support-server-extra] +NPNProtocols = foo + + +# =========================================================== + +[6-npn-with-sni-no-context-switch] +ssl_conf = 6-npn-with-sni-no-context-switch-ssl + +[6-npn-with-sni-no-context-switch-ssl] +server = 6-npn-with-sni-no-context-switch-server +client = 6-npn-with-sni-no-context-switch-client +server2 = 6-npn-with-sni-no-context-switch-server2 + +[6-npn-with-sni-no-context-switch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-npn-with-sni-no-context-switch-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-npn-with-sni-no-context-switch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedNPNProtocol = foo +ExpectedServerName = server1 +server = 6-npn-with-sni-no-context-switch-server-extra +server2 = 6-npn-with-sni-no-context-switch-server2-extra +client = 6-npn-with-sni-no-context-switch-client-extra + +[6-npn-with-sni-no-context-switch-server-extra] +NPNProtocols = foo +ServerNameCallback = IgnoreMismatch + +[6-npn-with-sni-no-context-switch-server2-extra] +NPNProtocols = bar + +[6-npn-with-sni-no-context-switch-client-extra] +NPNProtocols = foo,bar +ServerName = server1 + + +# =========================================================== + +[7-npn-with-sni-context-switch] +ssl_conf = 7-npn-with-sni-context-switch-ssl + +[7-npn-with-sni-context-switch-ssl] +server = 7-npn-with-sni-context-switch-server +client = 7-npn-with-sni-context-switch-client +server2 = 7-npn-with-sni-context-switch-server2 + +[7-npn-with-sni-context-switch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-npn-with-sni-context-switch-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-npn-with-sni-context-switch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedNPNProtocol = bar +ExpectedServerName = server2 +server = 7-npn-with-sni-context-switch-server-extra +server2 = 7-npn-with-sni-context-switch-server2-extra +client = 7-npn-with-sni-context-switch-client-extra + +[7-npn-with-sni-context-switch-server-extra] +NPNProtocols = foo +ServerNameCallback = IgnoreMismatch + +[7-npn-with-sni-context-switch-server2-extra] +NPNProtocols = bar + +[7-npn-with-sni-context-switch-client-extra] +NPNProtocols = foo,bar +ServerName = server2 + + +# =========================================================== + +[8-npn-selected-sni-server-supports-npn] +ssl_conf = 8-npn-selected-sni-server-supports-npn-ssl + +[8-npn-selected-sni-server-supports-npn-ssl] +server = 8-npn-selected-sni-server-supports-npn-server +client = 8-npn-selected-sni-server-supports-npn-client +server2 = 8-npn-selected-sni-server-supports-npn-server2 + +[8-npn-selected-sni-server-supports-npn-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-npn-selected-sni-server-supports-npn-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-npn-selected-sni-server-supports-npn-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedNPNProtocol = bar +ExpectedServerName = server2 +server = 8-npn-selected-sni-server-supports-npn-server-extra +server2 = 8-npn-selected-sni-server-supports-npn-server2-extra +client = 8-npn-selected-sni-server-supports-npn-client-extra + +[8-npn-selected-sni-server-supports-npn-server-extra] +ServerNameCallback = IgnoreMismatch + +[8-npn-selected-sni-server-supports-npn-server2-extra] +NPNProtocols = bar + +[8-npn-selected-sni-server-supports-npn-client-extra] +NPNProtocols = foo,bar +ServerName = server2 + + +# =========================================================== + +[9-npn-selected-sni-server-does-not-support-npn] +ssl_conf = 9-npn-selected-sni-server-does-not-support-npn-ssl + +[9-npn-selected-sni-server-does-not-support-npn-ssl] +server = 9-npn-selected-sni-server-does-not-support-npn-server +client = 9-npn-selected-sni-server-does-not-support-npn-client +server2 = 9-npn-selected-sni-server-does-not-support-npn-server2 + +[9-npn-selected-sni-server-does-not-support-npn-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-npn-selected-sni-server-does-not-support-npn-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-npn-selected-sni-server-does-not-support-npn-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedServerName = server2 +server = 9-npn-selected-sni-server-does-not-support-npn-server-extra +client = 9-npn-selected-sni-server-does-not-support-npn-client-extra + +[9-npn-selected-sni-server-does-not-support-npn-server-extra] +NPNProtocols = bar +ServerNameCallback = IgnoreMismatch + +[9-npn-selected-sni-server-does-not-support-npn-client-extra] +NPNProtocols = foo,bar +ServerName = server2 + + +# =========================================================== + +[10-alpn-preferred-over-npn] +ssl_conf = 10-alpn-preferred-over-npn-ssl + +[10-alpn-preferred-over-npn-ssl] +server = 10-alpn-preferred-over-npn-server +client = 10-alpn-preferred-over-npn-client + +[10-alpn-preferred-over-npn-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-alpn-preferred-over-npn-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedALPNProtocol = foo +server = 10-alpn-preferred-over-npn-server-extra +client = 10-alpn-preferred-over-npn-client-extra + +[10-alpn-preferred-over-npn-server-extra] +ALPNProtocols = foo +NPNProtocols = bar + +[10-alpn-preferred-over-npn-client-extra] +ALPNProtocols = foo +NPNProtocols = bar + + +# =========================================================== + +[11-sni-npn-preferred-over-alpn] +ssl_conf = 11-sni-npn-preferred-over-alpn-ssl + +[11-sni-npn-preferred-over-alpn-ssl] +server = 11-sni-npn-preferred-over-alpn-server +client = 11-sni-npn-preferred-over-alpn-client +server2 = 11-sni-npn-preferred-over-alpn-server2 + +[11-sni-npn-preferred-over-alpn-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-sni-npn-preferred-over-alpn-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-sni-npn-preferred-over-alpn-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedNPNProtocol = bar +ExpectedServerName = server2 +server = 11-sni-npn-preferred-over-alpn-server-extra +server2 = 11-sni-npn-preferred-over-alpn-server2-extra +client = 11-sni-npn-preferred-over-alpn-client-extra + +[11-sni-npn-preferred-over-alpn-server-extra] +ALPNProtocols = foo +ServerNameCallback = IgnoreMismatch + +[11-sni-npn-preferred-over-alpn-server2-extra] +NPNProtocols = bar + +[11-sni-npn-preferred-over-alpn-client-extra] +ALPNProtocols = foo +NPNProtocols = bar +ServerName = server2 + + +# =========================================================== + +[12-npn-simple-resumption] +ssl_conf = 12-npn-simple-resumption-ssl + +[12-npn-simple-resumption-ssl] +server = 12-npn-simple-resumption-server +client = 12-npn-simple-resumption-client +resume-server = 12-npn-simple-resumption-server +resume-client = 12-npn-simple-resumption-client + +[12-npn-simple-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-npn-simple-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedNPNProtocol = foo +HandshakeMode = Resume +ResumptionExpected = Yes +server = 12-npn-simple-resumption-server-extra +resume-server = 12-npn-simple-resumption-server-extra +client = 12-npn-simple-resumption-client-extra +resume-client = 12-npn-simple-resumption-client-extra + +[12-npn-simple-resumption-server-extra] +NPNProtocols = foo + +[12-npn-simple-resumption-client-extra] +NPNProtocols = foo + + +# =========================================================== + +[13-npn-server-switch-resumption] +ssl_conf = 13-npn-server-switch-resumption-ssl + +[13-npn-server-switch-resumption-ssl] +server = 13-npn-server-switch-resumption-server +client = 13-npn-server-switch-resumption-client +resume-server = 13-npn-server-switch-resumption-resume-server +resume-client = 13-npn-server-switch-resumption-client + +[13-npn-server-switch-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-npn-server-switch-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-npn-server-switch-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedNPNProtocol = baz +HandshakeMode = Resume +ResumptionExpected = Yes +server = 13-npn-server-switch-resumption-server-extra +resume-server = 13-npn-server-switch-resumption-resume-server-extra +client = 13-npn-server-switch-resumption-client-extra +resume-client = 13-npn-server-switch-resumption-client-extra + +[13-npn-server-switch-resumption-server-extra] +NPNProtocols = bar,foo + +[13-npn-server-switch-resumption-resume-server-extra] +NPNProtocols = baz,foo + +[13-npn-server-switch-resumption-client-extra] +NPNProtocols = foo,bar,baz + + +# =========================================================== + +[14-npn-client-switch-resumption] +ssl_conf = 14-npn-client-switch-resumption-ssl + +[14-npn-client-switch-resumption-ssl] +server = 14-npn-client-switch-resumption-server +client = 14-npn-client-switch-resumption-client +resume-server = 14-npn-client-switch-resumption-server +resume-client = 14-npn-client-switch-resumption-resume-client + +[14-npn-client-switch-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-npn-client-switch-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[14-npn-client-switch-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedNPNProtocol = bar +HandshakeMode = Resume +ResumptionExpected = Yes +server = 14-npn-client-switch-resumption-server-extra +resume-server = 14-npn-client-switch-resumption-server-extra +client = 14-npn-client-switch-resumption-client-extra +resume-client = 14-npn-client-switch-resumption-resume-client-extra + +[14-npn-client-switch-resumption-server-extra] +NPNProtocols = foo,bar,baz + +[14-npn-client-switch-resumption-client-extra] +NPNProtocols = foo,baz + +[14-npn-client-switch-resumption-resume-client-extra] +NPNProtocols = bar,baz + + +# =========================================================== + +[15-npn-client-first-pref-on-mismatch-resumption] +ssl_conf = 15-npn-client-first-pref-on-mismatch-resumption-ssl + +[15-npn-client-first-pref-on-mismatch-resumption-ssl] +server = 15-npn-client-first-pref-on-mismatch-resumption-server +client = 15-npn-client-first-pref-on-mismatch-resumption-client +resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server +resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client + +[15-npn-client-first-pref-on-mismatch-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-npn-client-first-pref-on-mismatch-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-npn-client-first-pref-on-mismatch-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedNPNProtocol = foo +HandshakeMode = Resume +ResumptionExpected = Yes +server = 15-npn-client-first-pref-on-mismatch-resumption-server-extra +resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra +client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra +resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra + +[15-npn-client-first-pref-on-mismatch-resumption-server-extra] +NPNProtocols = bar + +[15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra] +NPNProtocols = baz + +[15-npn-client-first-pref-on-mismatch-resumption-client-extra] +NPNProtocols = foo,bar + + +# =========================================================== + +[16-npn-no-server-support-resumption] +ssl_conf = 16-npn-no-server-support-resumption-ssl + +[16-npn-no-server-support-resumption-ssl] +server = 16-npn-no-server-support-resumption-server +client = 16-npn-no-server-support-resumption-client +resume-server = 16-npn-no-server-support-resumption-resume-server +resume-client = 16-npn-no-server-support-resumption-client + +[16-npn-no-server-support-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-npn-no-server-support-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-npn-no-server-support-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +HandshakeMode = Resume +ResumptionExpected = Yes +server = 16-npn-no-server-support-resumption-server-extra +client = 16-npn-no-server-support-resumption-client-extra +resume-client = 16-npn-no-server-support-resumption-client-extra + +[16-npn-no-server-support-resumption-server-extra] +NPNProtocols = foo + +[16-npn-no-server-support-resumption-client-extra] +NPNProtocols = foo + + +# =========================================================== + +[17-npn-no-client-support-resumption] +ssl_conf = 17-npn-no-client-support-resumption-ssl + +[17-npn-no-client-support-resumption-ssl] +server = 17-npn-no-client-support-resumption-server +client = 17-npn-no-client-support-resumption-client +resume-server = 17-npn-no-client-support-resumption-server +resume-client = 17-npn-no-client-support-resumption-resume-client + +[17-npn-no-client-support-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[17-npn-no-client-support-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[17-npn-no-client-support-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-17] +HandshakeMode = Resume +ResumptionExpected = Yes +server = 17-npn-no-client-support-resumption-server-extra +resume-server = 17-npn-no-client-support-resumption-server-extra +client = 17-npn-no-client-support-resumption-client-extra + +[17-npn-no-client-support-resumption-server-extra] +NPNProtocols = foo + +[17-npn-no-client-support-resumption-client-extra] +NPNProtocols = foo + + +# =========================================================== + +[18-alpn-preferred-over-npn-resumption] +ssl_conf = 18-alpn-preferred-over-npn-resumption-ssl + +[18-alpn-preferred-over-npn-resumption-ssl] +server = 18-alpn-preferred-over-npn-resumption-server +client = 18-alpn-preferred-over-npn-resumption-client +resume-server = 18-alpn-preferred-over-npn-resumption-resume-server +resume-client = 18-alpn-preferred-over-npn-resumption-client + +[18-alpn-preferred-over-npn-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-alpn-preferred-over-npn-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-alpn-preferred-over-npn-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-18] +ExpectedALPNProtocol = foo +HandshakeMode = Resume +ResumptionExpected = Yes +server = 18-alpn-preferred-over-npn-resumption-server-extra +resume-server = 18-alpn-preferred-over-npn-resumption-resume-server-extra +client = 18-alpn-preferred-over-npn-resumption-client-extra +resume-client = 18-alpn-preferred-over-npn-resumption-client-extra + +[18-alpn-preferred-over-npn-resumption-server-extra] +NPNProtocols = bar + +[18-alpn-preferred-over-npn-resumption-resume-server-extra] +ALPNProtocols = foo +NPNProtocols = baz + +[18-alpn-preferred-over-npn-resumption-client-extra] +ALPNProtocols = foo +NPNProtocols = bar,baz + + +# =========================================================== + +[19-npn-used-if-alpn-not-supported-resumption] +ssl_conf = 19-npn-used-if-alpn-not-supported-resumption-ssl + +[19-npn-used-if-alpn-not-supported-resumption-ssl] +server = 19-npn-used-if-alpn-not-supported-resumption-server +client = 19-npn-used-if-alpn-not-supported-resumption-client +resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server +resume-client = 19-npn-used-if-alpn-not-supported-resumption-client + +[19-npn-used-if-alpn-not-supported-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-npn-used-if-alpn-not-supported-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-npn-used-if-alpn-not-supported-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-19] +ExpectedNPNProtocol = baz +HandshakeMode = Resume +ResumptionExpected = Yes +server = 19-npn-used-if-alpn-not-supported-resumption-server-extra +resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server-extra +client = 19-npn-used-if-alpn-not-supported-resumption-client-extra +resume-client = 19-npn-used-if-alpn-not-supported-resumption-client-extra + +[19-npn-used-if-alpn-not-supported-resumption-server-extra] +ALPNProtocols = foo +NPNProtocols = bar + +[19-npn-used-if-alpn-not-supported-resumption-resume-server-extra] +NPNProtocols = baz + +[19-npn-used-if-alpn-not-supported-resumption-client-extra] +ALPNProtocols = foo +NPNProtocols = bar,baz + + diff --git a/openssl-1.1.0h/test/ssl-tests/08-npn.conf.in b/openssl-1.1.0h/test/ssl-tests/08-npn.conf.in new file mode 100644 index 0000000..bcb632f --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/08-npn.conf.in @@ -0,0 +1,420 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test NPN negotiation + +use strict; +use warnings; + +package ssltests; + + +our @tests = ( + { + name => "npn-simple", + server => { + extra => { + "NPNProtocols" => "foo", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo", + }, + }, + test => { + "ExpectedNPNProtocol" => "foo", + }, + }, + { + name => "npn-client-finds-match", + server => { + extra => { + "NPNProtocols" => "baz,bar", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + }, + }, + test => { + "ExpectedNPNProtocol" => "bar", + }, + }, + { + name => "npn-client-honours-server-pref", + server => { + extra => { + "NPNProtocols" => "bar,foo", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + }, + }, + test => { + "ExpectedNPNProtocol" => "bar", + }, + }, + { + name => "npn-client-first-pref-on-mismatch", + server => { + extra => { + "NPNProtocols" => "baz", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + }, + }, + test => { + "ExpectedNPNProtocol" => "foo", + }, + }, + { + name => "npn-no-server-support", + server => { }, + client => { + extra => { + "NPNProtocols" => "foo", + }, + }, + test => { + "ExpectedNPNProtocol" => undef, + }, + }, + { + name => "npn-no-client-support", + server => { + extra => { + "NPNProtocols" => "foo", + }, + }, + client => { }, + test => { + "ExpectedNPNProtocol" => undef, + }, + }, + { + name => "npn-with-sni-no-context-switch", + server => { + extra => { + "NPNProtocols" => "foo", + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { + extra => { + "NPNProtocols" => "bar", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + "ServerName" => "server1", + }, + }, + test => { + "ExpectedServerName" => "server1", + "ExpectedNPNProtocol" => "foo", + }, + }, + { + name => "npn-with-sni-context-switch", + server => { + extra => { + "NPNProtocols" => "foo", + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { + extra => { + "NPNProtocols" => "bar", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + "ServerName" => "server2", + }, + }, + test => { + "ExpectedServerName" => "server2", + "ExpectedNPNProtocol" => "bar", + }, + }, + { + name => "npn-selected-sni-server-supports-npn", + server => { + extra => { + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { + extra => { + "NPNProtocols" => "bar", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + "ServerName" => "server2", + }, + }, + test => { + "ExpectedServerName" => "server2", + "ExpectedNPNProtocol" => "bar", + }, + }, + { + name => "npn-selected-sni-server-does-not-support-npn", + server => { + extra => { + "NPNProtocols" => "bar", + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + "ServerName" => "server2", + }, + }, + test => { + "ExpectedServerName" => "server2", + "ExpectedNPNProtocol" => undef, + }, + }, + { + name => "alpn-preferred-over-npn", + server => { + extra => { + "ALPNProtocols" => "foo", + "NPNProtocols" => "bar", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo", + "NPNProtocols" => "bar", + }, + }, + test => { + "ExpectedALPNProtocol" => "foo", + "ExpectedNPNProtocol" => undef, + }, + }, + { + name => "sni-npn-preferred-over-alpn", + server => { + extra => { + "ServerNameCallback" => "IgnoreMismatch", + "ALPNProtocols" => "foo", + }, + }, + server2 => { + extra => { + "NPNProtocols" => "bar", + }, + }, + client => { + extra => { + "ServerName" => "server2", + "ALPNProtocols" => "foo", + "NPNProtocols" => "bar", + }, + }, + test => { + "ExpectedALPNProtocol" => undef, + "ExpectedNPNProtocol" => "bar", + "ExpectedServerName" => "server2", + }, + }, + { + name => "npn-simple-resumption", + server => { + extra => { + "NPNProtocols" => "foo", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedNPNProtocol" => "foo", + }, + }, + { + name => "npn-server-switch-resumption", + server => { + extra => { + "NPNProtocols" => "bar,foo", + }, + }, + resume_server => { + extra => { + "NPNProtocols" => "baz,foo", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar,baz", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedNPNProtocol" => "baz", + }, + }, + { + name => "npn-client-switch-resumption", + server => { + extra => { + "NPNProtocols" => "foo,bar,baz", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,baz", + }, + }, + resume_client => { + extra => { + "NPNProtocols" => "bar,baz", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedNPNProtocol" => "bar", + }, + }, + { + name => "npn-client-first-pref-on-mismatch-resumption", + server => { + extra => { + "NPNProtocols" => "bar", + }, + }, + resume_server => { + extra => { + "NPNProtocols" => "baz", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedNPNProtocol" => "foo", + }, + }, + { + name => "npn-no-server-support-resumption", + server => { + extra => { + "NPNProtocols" => "foo", + }, + }, + resume_server => { }, + client => { + extra => { + "NPNProtocols" => "foo", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedNPNProtocol" => undef, + }, + }, + { + name => "npn-no-client-support-resumption", + server => { + extra => { + "NPNProtocols" => "foo", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo", + }, + }, + resume_client => { }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedNPNProtocol" => undef, + }, + }, + { + name => "alpn-preferred-over-npn-resumption", + server => { + extra => { + "NPNProtocols" => "bar", + }, + }, + resume_server => { + extra => { + "ALPNProtocols" => "foo", + "NPNProtocols" => "baz", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo", + "NPNProtocols" => "bar,baz", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedALPNProtocol" => "foo", + "ExpectedNPNProtocol" => undef, + }, + }, + { + name => "npn-used-if-alpn-not-supported-resumption", + server => { + extra => { + "ALPNProtocols" => "foo", + "NPNProtocols" => "bar", + }, + }, + resume_server => { + extra => { + "NPNProtocols" => "baz", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo", + "NPNProtocols" => "bar,baz", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedALPNProtocol" => undef, + "ExpectedNPNProtocol" => "baz", + }, + }, +); diff --git a/openssl-1.1.0h/test/ssl-tests/09-alpn.conf b/openssl-1.1.0h/test/ssl-tests/09-alpn.conf new file mode 100644 index 0000000..e7e6cb9 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/09-alpn.conf @@ -0,0 +1,619 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 16 + +test-0 = 0-alpn-simple +test-1 = 1-alpn-server-finds-match +test-2 = 2-alpn-server-honours-server-pref +test-3 = 3-alpn-alert-on-mismatch +test-4 = 4-alpn-no-server-support +test-5 = 5-alpn-no-client-support +test-6 = 6-alpn-with-sni-no-context-switch +test-7 = 7-alpn-with-sni-context-switch +test-8 = 8-alpn-selected-sni-server-supports-alpn +test-9 = 9-alpn-selected-sni-server-does-not-support-alpn +test-10 = 10-alpn-simple-resumption +test-11 = 11-alpn-server-switch-resumption +test-12 = 12-alpn-client-switch-resumption +test-13 = 13-alpn-alert-on-mismatch-resumption +test-14 = 14-alpn-no-server-support-resumption +test-15 = 15-alpn-no-client-support-resumption +# =========================================================== + +[0-alpn-simple] +ssl_conf = 0-alpn-simple-ssl + +[0-alpn-simple-ssl] +server = 0-alpn-simple-server +client = 0-alpn-simple-client + +[0-alpn-simple-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-alpn-simple-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedALPNProtocol = foo +server = 0-alpn-simple-server-extra +client = 0-alpn-simple-client-extra + +[0-alpn-simple-server-extra] +ALPNProtocols = foo + +[0-alpn-simple-client-extra] +ALPNProtocols = foo + + +# =========================================================== + +[1-alpn-server-finds-match] +ssl_conf = 1-alpn-server-finds-match-ssl + +[1-alpn-server-finds-match-ssl] +server = 1-alpn-server-finds-match-server +client = 1-alpn-server-finds-match-client + +[1-alpn-server-finds-match-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-alpn-server-finds-match-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedALPNProtocol = bar +server = 1-alpn-server-finds-match-server-extra +client = 1-alpn-server-finds-match-client-extra + +[1-alpn-server-finds-match-server-extra] +ALPNProtocols = baz,bar + +[1-alpn-server-finds-match-client-extra] +ALPNProtocols = foo,bar + + +# =========================================================== + +[2-alpn-server-honours-server-pref] +ssl_conf = 2-alpn-server-honours-server-pref-ssl + +[2-alpn-server-honours-server-pref-ssl] +server = 2-alpn-server-honours-server-pref-server +client = 2-alpn-server-honours-server-pref-client + +[2-alpn-server-honours-server-pref-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-alpn-server-honours-server-pref-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedALPNProtocol = bar +server = 2-alpn-server-honours-server-pref-server-extra +client = 2-alpn-server-honours-server-pref-client-extra + +[2-alpn-server-honours-server-pref-server-extra] +ALPNProtocols = bar,foo + +[2-alpn-server-honours-server-pref-client-extra] +ALPNProtocols = foo,bar + + +# =========================================================== + +[3-alpn-alert-on-mismatch] +ssl_conf = 3-alpn-alert-on-mismatch-ssl + +[3-alpn-alert-on-mismatch-ssl] +server = 3-alpn-alert-on-mismatch-server +client = 3-alpn-alert-on-mismatch-client + +[3-alpn-alert-on-mismatch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-alpn-alert-on-mismatch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = ServerFail +ExpectedServerAlert = NoApplicationProtocol +server = 3-alpn-alert-on-mismatch-server-extra +client = 3-alpn-alert-on-mismatch-client-extra + +[3-alpn-alert-on-mismatch-server-extra] +ALPNProtocols = baz + +[3-alpn-alert-on-mismatch-client-extra] +ALPNProtocols = foo,bar + + +# =========================================================== + +[4-alpn-no-server-support] +ssl_conf = 4-alpn-no-server-support-ssl + +[4-alpn-no-server-support-ssl] +server = 4-alpn-no-server-support-server +client = 4-alpn-no-server-support-client + +[4-alpn-no-server-support-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-alpn-no-server-support-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +client = 4-alpn-no-server-support-client-extra + +[4-alpn-no-server-support-client-extra] +ALPNProtocols = foo + + +# =========================================================== + +[5-alpn-no-client-support] +ssl_conf = 5-alpn-no-client-support-ssl + +[5-alpn-no-client-support-ssl] +server = 5-alpn-no-client-support-server +client = 5-alpn-no-client-support-client + +[5-alpn-no-client-support-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-alpn-no-client-support-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +server = 5-alpn-no-client-support-server-extra + +[5-alpn-no-client-support-server-extra] +ALPNProtocols = foo + + +# =========================================================== + +[6-alpn-with-sni-no-context-switch] +ssl_conf = 6-alpn-with-sni-no-context-switch-ssl + +[6-alpn-with-sni-no-context-switch-ssl] +server = 6-alpn-with-sni-no-context-switch-server +client = 6-alpn-with-sni-no-context-switch-client +server2 = 6-alpn-with-sni-no-context-switch-server2 + +[6-alpn-with-sni-no-context-switch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-alpn-with-sni-no-context-switch-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-alpn-with-sni-no-context-switch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedALPNProtocol = foo +ExpectedServerName = server1 +server = 6-alpn-with-sni-no-context-switch-server-extra +server2 = 6-alpn-with-sni-no-context-switch-server2-extra +client = 6-alpn-with-sni-no-context-switch-client-extra + +[6-alpn-with-sni-no-context-switch-server-extra] +ALPNProtocols = foo +ServerNameCallback = IgnoreMismatch + +[6-alpn-with-sni-no-context-switch-server2-extra] +ALPNProtocols = bar + +[6-alpn-with-sni-no-context-switch-client-extra] +ALPNProtocols = foo,bar +ServerName = server1 + + +# =========================================================== + +[7-alpn-with-sni-context-switch] +ssl_conf = 7-alpn-with-sni-context-switch-ssl + +[7-alpn-with-sni-context-switch-ssl] +server = 7-alpn-with-sni-context-switch-server +client = 7-alpn-with-sni-context-switch-client +server2 = 7-alpn-with-sni-context-switch-server2 + +[7-alpn-with-sni-context-switch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-alpn-with-sni-context-switch-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-alpn-with-sni-context-switch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedALPNProtocol = bar +ExpectedServerName = server2 +server = 7-alpn-with-sni-context-switch-server-extra +server2 = 7-alpn-with-sni-context-switch-server2-extra +client = 7-alpn-with-sni-context-switch-client-extra + +[7-alpn-with-sni-context-switch-server-extra] +ALPNProtocols = foo +ServerNameCallback = IgnoreMismatch + +[7-alpn-with-sni-context-switch-server2-extra] +ALPNProtocols = bar + +[7-alpn-with-sni-context-switch-client-extra] +ALPNProtocols = foo,bar +ServerName = server2 + + +# =========================================================== + +[8-alpn-selected-sni-server-supports-alpn] +ssl_conf = 8-alpn-selected-sni-server-supports-alpn-ssl + +[8-alpn-selected-sni-server-supports-alpn-ssl] +server = 8-alpn-selected-sni-server-supports-alpn-server +client = 8-alpn-selected-sni-server-supports-alpn-client +server2 = 8-alpn-selected-sni-server-supports-alpn-server2 + +[8-alpn-selected-sni-server-supports-alpn-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-alpn-selected-sni-server-supports-alpn-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-alpn-selected-sni-server-supports-alpn-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedALPNProtocol = bar +ExpectedServerName = server2 +server = 8-alpn-selected-sni-server-supports-alpn-server-extra +server2 = 8-alpn-selected-sni-server-supports-alpn-server2-extra +client = 8-alpn-selected-sni-server-supports-alpn-client-extra + +[8-alpn-selected-sni-server-supports-alpn-server-extra] +ServerNameCallback = IgnoreMismatch + +[8-alpn-selected-sni-server-supports-alpn-server2-extra] +ALPNProtocols = bar + +[8-alpn-selected-sni-server-supports-alpn-client-extra] +ALPNProtocols = foo,bar +ServerName = server2 + + +# =========================================================== + +[9-alpn-selected-sni-server-does-not-support-alpn] +ssl_conf = 9-alpn-selected-sni-server-does-not-support-alpn-ssl + +[9-alpn-selected-sni-server-does-not-support-alpn-ssl] +server = 9-alpn-selected-sni-server-does-not-support-alpn-server +client = 9-alpn-selected-sni-server-does-not-support-alpn-client +server2 = 9-alpn-selected-sni-server-does-not-support-alpn-server2 + +[9-alpn-selected-sni-server-does-not-support-alpn-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-alpn-selected-sni-server-does-not-support-alpn-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-alpn-selected-sni-server-does-not-support-alpn-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedServerName = server2 +server = 9-alpn-selected-sni-server-does-not-support-alpn-server-extra +client = 9-alpn-selected-sni-server-does-not-support-alpn-client-extra + +[9-alpn-selected-sni-server-does-not-support-alpn-server-extra] +ALPNProtocols = bar +ServerNameCallback = IgnoreMismatch + +[9-alpn-selected-sni-server-does-not-support-alpn-client-extra] +ALPNProtocols = foo,bar +ServerName = server2 + + +# =========================================================== + +[10-alpn-simple-resumption] +ssl_conf = 10-alpn-simple-resumption-ssl + +[10-alpn-simple-resumption-ssl] +server = 10-alpn-simple-resumption-server +client = 10-alpn-simple-resumption-client +resume-server = 10-alpn-simple-resumption-server +resume-client = 10-alpn-simple-resumption-client + +[10-alpn-simple-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-alpn-simple-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedALPNProtocol = foo +HandshakeMode = Resume +ResumptionExpected = Yes +server = 10-alpn-simple-resumption-server-extra +resume-server = 10-alpn-simple-resumption-server-extra +client = 10-alpn-simple-resumption-client-extra +resume-client = 10-alpn-simple-resumption-client-extra + +[10-alpn-simple-resumption-server-extra] +ALPNProtocols = foo + +[10-alpn-simple-resumption-client-extra] +ALPNProtocols = foo + + +# =========================================================== + +[11-alpn-server-switch-resumption] +ssl_conf = 11-alpn-server-switch-resumption-ssl + +[11-alpn-server-switch-resumption-ssl] +server = 11-alpn-server-switch-resumption-server +client = 11-alpn-server-switch-resumption-client +resume-server = 11-alpn-server-switch-resumption-resume-server +resume-client = 11-alpn-server-switch-resumption-client + +[11-alpn-server-switch-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-alpn-server-switch-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-alpn-server-switch-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedALPNProtocol = baz +HandshakeMode = Resume +ResumptionExpected = Yes +server = 11-alpn-server-switch-resumption-server-extra +resume-server = 11-alpn-server-switch-resumption-resume-server-extra +client = 11-alpn-server-switch-resumption-client-extra +resume-client = 11-alpn-server-switch-resumption-client-extra + +[11-alpn-server-switch-resumption-server-extra] +ALPNProtocols = bar,foo + +[11-alpn-server-switch-resumption-resume-server-extra] +ALPNProtocols = baz,foo + +[11-alpn-server-switch-resumption-client-extra] +ALPNProtocols = foo,bar,baz + + +# =========================================================== + +[12-alpn-client-switch-resumption] +ssl_conf = 12-alpn-client-switch-resumption-ssl + +[12-alpn-client-switch-resumption-ssl] +server = 12-alpn-client-switch-resumption-server +client = 12-alpn-client-switch-resumption-client +resume-server = 12-alpn-client-switch-resumption-server +resume-client = 12-alpn-client-switch-resumption-resume-client + +[12-alpn-client-switch-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-alpn-client-switch-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[12-alpn-client-switch-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedALPNProtocol = bar +HandshakeMode = Resume +ResumptionExpected = Yes +server = 12-alpn-client-switch-resumption-server-extra +resume-server = 12-alpn-client-switch-resumption-server-extra +client = 12-alpn-client-switch-resumption-client-extra +resume-client = 12-alpn-client-switch-resumption-resume-client-extra + +[12-alpn-client-switch-resumption-server-extra] +ALPNProtocols = foo,bar,baz + +[12-alpn-client-switch-resumption-client-extra] +ALPNProtocols = foo,baz + +[12-alpn-client-switch-resumption-resume-client-extra] +ALPNProtocols = bar,baz + + +# =========================================================== + +[13-alpn-alert-on-mismatch-resumption] +ssl_conf = 13-alpn-alert-on-mismatch-resumption-ssl + +[13-alpn-alert-on-mismatch-resumption-ssl] +server = 13-alpn-alert-on-mismatch-resumption-server +client = 13-alpn-alert-on-mismatch-resumption-client +resume-server = 13-alpn-alert-on-mismatch-resumption-resume-server +resume-client = 13-alpn-alert-on-mismatch-resumption-client + +[13-alpn-alert-on-mismatch-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-alpn-alert-on-mismatch-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-alpn-alert-on-mismatch-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedResult = ServerFail +ExpectedServerAlert = NoApplicationProtocol +HandshakeMode = Resume +server = 13-alpn-alert-on-mismatch-resumption-server-extra +resume-server = 13-alpn-alert-on-mismatch-resumption-resume-server-extra +client = 13-alpn-alert-on-mismatch-resumption-client-extra +resume-client = 13-alpn-alert-on-mismatch-resumption-client-extra + +[13-alpn-alert-on-mismatch-resumption-server-extra] +ALPNProtocols = bar + +[13-alpn-alert-on-mismatch-resumption-resume-server-extra] +ALPNProtocols = baz + +[13-alpn-alert-on-mismatch-resumption-client-extra] +ALPNProtocols = foo,bar + + +# =========================================================== + +[14-alpn-no-server-support-resumption] +ssl_conf = 14-alpn-no-server-support-resumption-ssl + +[14-alpn-no-server-support-resumption-ssl] +server = 14-alpn-no-server-support-resumption-server +client = 14-alpn-no-server-support-resumption-client +resume-server = 14-alpn-no-server-support-resumption-resume-server +resume-client = 14-alpn-no-server-support-resumption-client + +[14-alpn-no-server-support-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-alpn-no-server-support-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-alpn-no-server-support-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +HandshakeMode = Resume +ResumptionExpected = Yes +server = 14-alpn-no-server-support-resumption-server-extra +client = 14-alpn-no-server-support-resumption-client-extra +resume-client = 14-alpn-no-server-support-resumption-client-extra + +[14-alpn-no-server-support-resumption-server-extra] +ALPNProtocols = foo + +[14-alpn-no-server-support-resumption-client-extra] +ALPNProtocols = foo + + +# =========================================================== + +[15-alpn-no-client-support-resumption] +ssl_conf = 15-alpn-no-client-support-resumption-ssl + +[15-alpn-no-client-support-resumption-ssl] +server = 15-alpn-no-client-support-resumption-server +client = 15-alpn-no-client-support-resumption-client +resume-server = 15-alpn-no-client-support-resumption-server +resume-client = 15-alpn-no-client-support-resumption-resume-client + +[15-alpn-no-client-support-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-alpn-no-client-support-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[15-alpn-no-client-support-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +HandshakeMode = Resume +ResumptionExpected = Yes +server = 15-alpn-no-client-support-resumption-server-extra +resume-server = 15-alpn-no-client-support-resumption-server-extra +client = 15-alpn-no-client-support-resumption-client-extra + +[15-alpn-no-client-support-resumption-server-extra] +ALPNProtocols = foo + +[15-alpn-no-client-support-resumption-client-extra] +ALPNProtocols = foo + + diff --git a/openssl-1.1.0h/test/ssl-tests/09-alpn.conf.in b/openssl-1.1.0h/test/ssl-tests/09-alpn.conf.in new file mode 100644 index 0000000..37035f1 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/09-alpn.conf.in @@ -0,0 +1,324 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test ALPN negotiation + +use strict; +use warnings; + +package ssltests; + + +our @tests = ( + { + name => "alpn-simple", + server => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + test => { + "ExpectedALPNProtocol" => "foo", + }, + }, + { + name => "alpn-server-finds-match", + server => { + extra => { + "ALPNProtocols" => "baz,bar", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + }, + }, + test => { + "ExpectedALPNProtocol" => "bar", + }, + }, + { + name => "alpn-server-honours-server-pref", + server => { + extra => { + "ALPNProtocols" => "bar,foo", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + }, + }, + test => { + "ExpectedALPNProtocol" => "bar", + }, + }, + { + name => "alpn-alert-on-mismatch", + server => { + extra => { + "ALPNProtocols" => "baz", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + }, + }, + test => { + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => "NoApplicationProtocol", + }, + }, + { + name => "alpn-no-server-support", + server => { }, + client => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + test => { + "ExpectedALPNProtocol" => undef, + }, + }, + { + name => "alpn-no-client-support", + server => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + client => { }, + test => { + "ExpectedALPNProtocol" => undef, + }, + }, + { + name => "alpn-with-sni-no-context-switch", + server => { + extra => { + "ALPNProtocols" => "foo", + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { + extra => { + "ALPNProtocols" => "bar", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + "ServerName" => "server1", + }, + }, + test => { + "ExpectedServerName" => "server1", + "ExpectedALPNProtocol" => "foo", + }, + }, + { + name => "alpn-with-sni-context-switch", + server => { + extra => { + "ALPNProtocols" => "foo", + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { + extra => { + "ALPNProtocols" => "bar", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + "ServerName" => "server2", + }, + }, + test => { + "ExpectedServerName" => "server2", + "ExpectedALPNProtocol" => "bar", + }, + }, + { + name => "alpn-selected-sni-server-supports-alpn", + server => { + extra => { + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { + extra => { + "ALPNProtocols" => "bar", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + "ServerName" => "server2", + }, + }, + test => { + "ExpectedServerName" => "server2", + "ExpectedALPNProtocol" => "bar", + }, + }, + { + name => "alpn-selected-sni-server-does-not-support-alpn", + server => { + extra => { + "ALPNProtocols" => "bar", + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + "ServerName" => "server2", + }, + }, + test => { + "ExpectedServerName" => "server2", + "ExpectedALPNProtocol" => undef, + }, + }, + { + name => "alpn-simple-resumption", + server => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedALPNProtocol" => "foo", + }, + }, + { + name => "alpn-server-switch-resumption", + server => { + extra => { + "ALPNProtocols" => "bar,foo", + }, + }, + resume_server => { + extra => { + "ALPNProtocols" => "baz,foo", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar,baz", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedALPNProtocol" => "baz", + }, + }, + { + name => "alpn-client-switch-resumption", + server => { + extra => { + "ALPNProtocols" => "foo,bar,baz", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,baz", + }, + }, + resume_client => { + extra => { + "ALPNProtocols" => "bar,baz", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedALPNProtocol" => "bar", + }, + }, + { + name => "alpn-alert-on-mismatch-resumption", + server => { + extra => { + "ALPNProtocols" => "bar", + }, + }, + resume_server => { + extra => { + "ALPNProtocols" => "baz", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => "NoApplicationProtocol", + }, + }, + { + name => "alpn-no-server-support-resumption", + server => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + resume_server => { }, + client => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedALPNProtocol" => undef, + }, + }, + { + name => "alpn-no-client-support-resumption", + server => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + resume_client => { }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedALPNProtocol" => undef, + }, + }, +); diff --git a/openssl-1.1.0h/test/ssl-tests/10-resumption.conf b/openssl-1.1.0h/test/ssl-tests/10-resumption.conf new file mode 100644 index 0000000..b2deee4 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/10-resumption.conf @@ -0,0 +1,1336 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 36 + +test-0 = 0-resumption +test-1 = 1-resumption +test-2 = 2-resumption +test-3 = 3-resumption +test-4 = 4-resumption +test-5 = 5-resumption +test-6 = 6-resumption +test-7 = 7-resumption +test-8 = 8-resumption +test-9 = 9-resumption +test-10 = 10-resumption +test-11 = 11-resumption +test-12 = 12-resumption +test-13 = 13-resumption +test-14 = 14-resumption +test-15 = 15-resumption +test-16 = 16-resumption +test-17 = 17-resumption +test-18 = 18-resumption +test-19 = 19-resumption +test-20 = 20-resumption +test-21 = 21-resumption +test-22 = 22-resumption +test-23 = 23-resumption +test-24 = 24-resumption +test-25 = 25-resumption +test-26 = 26-resumption +test-27 = 27-resumption +test-28 = 28-resumption +test-29 = 29-resumption +test-30 = 30-resumption +test-31 = 31-resumption +test-32 = 32-resumption +test-33 = 33-resumption +test-34 = 34-resumption +test-35 = 35-resumption +# =========================================================== + +[0-resumption] +ssl_conf = 0-resumption-ssl + +[0-resumption-ssl] +server = 0-resumption-server +client = 0-resumption-client +resume-server = 0-resumption-resume-server +resume-client = 0-resumption-client + +[0-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[1-resumption] +ssl_conf = 1-resumption-ssl + +[1-resumption-ssl] +server = 1-resumption-server +client = 1-resumption-client +resume-server = 1-resumption-resume-server +resume-client = 1-resumption-client + +[1-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[2-resumption] +ssl_conf = 2-resumption-ssl + +[2-resumption-ssl] +server = 2-resumption-server +client = 2-resumption-client +resume-server = 2-resumption-resume-server +resume-client = 2-resumption-client + +[2-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[3-resumption] +ssl_conf = 3-resumption-ssl + +[3-resumption-ssl] +server = 3-resumption-server +client = 3-resumption-client +resume-server = 3-resumption-resume-server +resume-client = 3-resumption-client + +[3-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[4-resumption] +ssl_conf = 4-resumption-ssl + +[4-resumption-ssl] +server = 4-resumption-server +client = 4-resumption-client +resume-server = 4-resumption-resume-server +resume-client = 4-resumption-client + +[4-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[5-resumption] +ssl_conf = 5-resumption-ssl + +[5-resumption-ssl] +server = 5-resumption-server +client = 5-resumption-client +resume-server = 5-resumption-resume-server +resume-client = 5-resumption-client + +[5-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[6-resumption] +ssl_conf = 6-resumption-ssl + +[6-resumption-ssl] +server = 6-resumption-server +client = 6-resumption-client +resume-server = 6-resumption-resume-server +resume-client = 6-resumption-client + +[6-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[7-resumption] +ssl_conf = 7-resumption-ssl + +[7-resumption-ssl] +server = 7-resumption-server +client = 7-resumption-client +resume-server = 7-resumption-resume-server +resume-client = 7-resumption-client + +[7-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[8-resumption] +ssl_conf = 8-resumption-ssl + +[8-resumption-ssl] +server = 8-resumption-server +client = 8-resumption-client +resume-server = 8-resumption-resume-server +resume-client = 8-resumption-client + +[8-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[9-resumption] +ssl_conf = 9-resumption-ssl + +[9-resumption-ssl] +server = 9-resumption-server +client = 9-resumption-client +resume-server = 9-resumption-resume-server +resume-client = 9-resumption-client + +[9-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[10-resumption] +ssl_conf = 10-resumption-ssl + +[10-resumption-ssl] +server = 10-resumption-server +client = 10-resumption-client +resume-server = 10-resumption-resume-server +resume-client = 10-resumption-client + +[10-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[11-resumption] +ssl_conf = 11-resumption-ssl + +[11-resumption-ssl] +server = 11-resumption-server +client = 11-resumption-client +resume-server = 11-resumption-resume-server +resume-client = 11-resumption-client + +[11-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[12-resumption] +ssl_conf = 12-resumption-ssl + +[12-resumption-ssl] +server = 12-resumption-server +client = 12-resumption-client +resume-server = 12-resumption-resume-server +resume-client = 12-resumption-client + +[12-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[13-resumption] +ssl_conf = 13-resumption-ssl + +[13-resumption-ssl] +server = 13-resumption-server +client = 13-resumption-client +resume-server = 13-resumption-resume-server +resume-client = 13-resumption-client + +[13-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[14-resumption] +ssl_conf = 14-resumption-ssl + +[14-resumption-ssl] +server = 14-resumption-server +client = 14-resumption-client +resume-server = 14-resumption-resume-server +resume-client = 14-resumption-client + +[14-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[15-resumption] +ssl_conf = 15-resumption-ssl + +[15-resumption-ssl] +server = 15-resumption-server +client = 15-resumption-client +resume-server = 15-resumption-resume-server +resume-client = 15-resumption-client + +[15-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[16-resumption] +ssl_conf = 16-resumption-ssl + +[16-resumption-ssl] +server = 16-resumption-server +client = 16-resumption-client +resume-server = 16-resumption-resume-server +resume-client = 16-resumption-client + +[16-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[17-resumption] +ssl_conf = 17-resumption-ssl + +[17-resumption-ssl] +server = 17-resumption-server +client = 17-resumption-client +resume-server = 17-resumption-resume-server +resume-client = 17-resumption-client + +[17-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[17-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[17-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-17] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[18-resumption] +ssl_conf = 18-resumption-ssl + +[18-resumption-ssl] +server = 18-resumption-server +client = 18-resumption-client +resume-server = 18-resumption-server +resume-client = 18-resumption-resume-client + +[18-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[18-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-18] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[19-resumption] +ssl_conf = 19-resumption-ssl + +[19-resumption-ssl] +server = 19-resumption-server +client = 19-resumption-client +resume-server = 19-resumption-server +resume-client = 19-resumption-resume-client + +[19-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[19-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-19] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[20-resumption] +ssl_conf = 20-resumption-ssl + +[20-resumption-ssl] +server = 20-resumption-server +client = 20-resumption-client +resume-server = 20-resumption-server +resume-client = 20-resumption-resume-client + +[20-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[20-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[20-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-20] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[21-resumption] +ssl_conf = 21-resumption-ssl + +[21-resumption-ssl] +server = 21-resumption-server +client = 21-resumption-client +resume-server = 21-resumption-server +resume-client = 21-resumption-resume-client + +[21-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[21-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[21-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-21] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[22-resumption] +ssl_conf = 22-resumption-ssl + +[22-resumption-ssl] +server = 22-resumption-server +client = 22-resumption-client +resume-server = 22-resumption-server +resume-client = 22-resumption-resume-client + +[22-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[22-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[22-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-22] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[23-resumption] +ssl_conf = 23-resumption-ssl + +[23-resumption-ssl] +server = 23-resumption-server +client = 23-resumption-client +resume-server = 23-resumption-server +resume-client = 23-resumption-resume-client + +[23-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[23-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[23-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-23] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[24-resumption] +ssl_conf = 24-resumption-ssl + +[24-resumption-ssl] +server = 24-resumption-server +client = 24-resumption-client +resume-server = 24-resumption-server +resume-client = 24-resumption-resume-client + +[24-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[24-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[24-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-24] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[25-resumption] +ssl_conf = 25-resumption-ssl + +[25-resumption-ssl] +server = 25-resumption-server +client = 25-resumption-client +resume-server = 25-resumption-server +resume-client = 25-resumption-resume-client + +[25-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[25-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[25-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-25] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[26-resumption] +ssl_conf = 26-resumption-ssl + +[26-resumption-ssl] +server = 26-resumption-server +client = 26-resumption-client +resume-server = 26-resumption-server +resume-client = 26-resumption-resume-client + +[26-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[26-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[26-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-26] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[27-resumption] +ssl_conf = 27-resumption-ssl + +[27-resumption-ssl] +server = 27-resumption-server +client = 27-resumption-client +resume-server = 27-resumption-server +resume-client = 27-resumption-resume-client + +[27-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[27-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[27-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-27] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[28-resumption] +ssl_conf = 28-resumption-ssl + +[28-resumption-ssl] +server = 28-resumption-server +client = 28-resumption-client +resume-server = 28-resumption-server +resume-client = 28-resumption-resume-client + +[28-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[28-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[28-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-28] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[29-resumption] +ssl_conf = 29-resumption-ssl + +[29-resumption-ssl] +server = 29-resumption-server +client = 29-resumption-client +resume-server = 29-resumption-server +resume-client = 29-resumption-resume-client + +[29-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[29-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[29-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-29] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[30-resumption] +ssl_conf = 30-resumption-ssl + +[30-resumption-ssl] +server = 30-resumption-server +client = 30-resumption-client +resume-server = 30-resumption-server +resume-client = 30-resumption-resume-client + +[30-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[30-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[30-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-30] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[31-resumption] +ssl_conf = 31-resumption-ssl + +[31-resumption-ssl] +server = 31-resumption-server +client = 31-resumption-client +resume-server = 31-resumption-server +resume-client = 31-resumption-resume-client + +[31-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[31-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[31-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-31] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[32-resumption] +ssl_conf = 32-resumption-ssl + +[32-resumption-ssl] +server = 32-resumption-server +client = 32-resumption-client +resume-server = 32-resumption-server +resume-client = 32-resumption-resume-client + +[32-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[32-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[32-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-32] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[33-resumption] +ssl_conf = 33-resumption-ssl + +[33-resumption-ssl] +server = 33-resumption-server +client = 33-resumption-client +resume-server = 33-resumption-server +resume-client = 33-resumption-resume-client + +[33-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[33-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[33-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-33] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[34-resumption] +ssl_conf = 34-resumption-ssl + +[34-resumption-ssl] +server = 34-resumption-server +client = 34-resumption-client +resume-server = 34-resumption-server +resume-client = 34-resumption-resume-client + +[34-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[34-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[34-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-34] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[35-resumption] +ssl_conf = 35-resumption-ssl + +[35-resumption-ssl] +server = 35-resumption-server +client = 35-resumption-client +resume-server = 35-resumption-server +resume-client = 35-resumption-resume-client + +[35-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[35-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[35-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-35] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = Yes + + diff --git a/openssl-1.1.0h/test/ssl-tests/10-resumption.conf.in b/openssl-1.1.0h/test/ssl-tests/10-resumption.conf.in new file mode 100644 index 0000000..989135f --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/10-resumption.conf.in @@ -0,0 +1,19 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test version negotiation upon resumption. + +use strict; +use warnings; + +package ssltests; + +use protocol_version; + +our @tests = generate_resumption_tests("TLS"); diff --git a/openssl-1.1.0h/test/ssl-tests/11-dtls_resumption.conf b/openssl-1.1.0h/test/ssl-tests/11-dtls_resumption.conf new file mode 100644 index 0000000..ceed959 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/11-dtls_resumption.conf @@ -0,0 +1,612 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 16 + +test-0 = 0-resumption +test-1 = 1-resumption +test-2 = 2-resumption +test-3 = 3-resumption +test-4 = 4-resumption +test-5 = 5-resumption +test-6 = 6-resumption +test-7 = 7-resumption +test-8 = 8-resumption +test-9 = 9-resumption +test-10 = 10-resumption +test-11 = 11-resumption +test-12 = 12-resumption +test-13 = 13-resumption +test-14 = 14-resumption +test-15 = 15-resumption +# =========================================================== + +[0-resumption] +ssl_conf = 0-resumption-ssl + +[0-resumption-ssl] +server = 0-resumption-server +client = 0-resumption-client +resume-server = 0-resumption-resume-server +resume-client = 0-resumption-client + +[0-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedProtocol = DTLSv1 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = Yes + + +# =========================================================== + +[1-resumption] +ssl_conf = 1-resumption-ssl + +[1-resumption-ssl] +server = 1-resumption-server +client = 1-resumption-client +resume-server = 1-resumption-resume-server +resume-client = 1-resumption-client + +[1-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedProtocol = DTLSv1 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = Yes + + +# =========================================================== + +[2-resumption] +ssl_conf = 2-resumption-ssl + +[2-resumption-ssl] +server = 2-resumption-server +client = 2-resumption-client +resume-server = 2-resumption-resume-server +resume-client = 2-resumption-client + +[2-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedProtocol = DTLSv1.2 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[3-resumption] +ssl_conf = 3-resumption-ssl + +[3-resumption-ssl] +server = 3-resumption-server +client = 3-resumption-client +resume-server = 3-resumption-resume-server +resume-client = 3-resumption-client + +[3-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedProtocol = DTLSv1.2 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[4-resumption] +ssl_conf = 4-resumption-ssl + +[4-resumption-ssl] +server = 4-resumption-server +client = 4-resumption-client +resume-server = 4-resumption-resume-server +resume-client = 4-resumption-client + +[4-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedProtocol = DTLSv1 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[5-resumption] +ssl_conf = 5-resumption-ssl + +[5-resumption-ssl] +server = 5-resumption-server +client = 5-resumption-client +resume-server = 5-resumption-resume-server +resume-client = 5-resumption-client + +[5-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedProtocol = DTLSv1 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[6-resumption] +ssl_conf = 6-resumption-ssl + +[6-resumption-ssl] +server = 6-resumption-server +client = 6-resumption-client +resume-server = 6-resumption-resume-server +resume-client = 6-resumption-client + +[6-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedProtocol = DTLSv1.2 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = Yes + + +# =========================================================== + +[7-resumption] +ssl_conf = 7-resumption-ssl + +[7-resumption-ssl] +server = 7-resumption-server +client = 7-resumption-client +resume-server = 7-resumption-resume-server +resume-client = 7-resumption-client + +[7-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedProtocol = DTLSv1.2 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = Yes + + +# =========================================================== + +[8-resumption] +ssl_conf = 8-resumption-ssl + +[8-resumption-ssl] +server = 8-resumption-server +client = 8-resumption-client +resume-server = 8-resumption-server +resume-client = 8-resumption-resume-client + +[8-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-resumption-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[8-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedProtocol = DTLSv1 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = Yes + + +# =========================================================== + +[9-resumption] +ssl_conf = 9-resumption-ssl + +[9-resumption-ssl] +server = 9-resumption-server +client = 9-resumption-client +resume-server = 9-resumption-server +resume-client = 9-resumption-resume-client + +[9-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-resumption-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[9-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedProtocol = DTLSv1 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = Yes + + +# =========================================================== + +[10-resumption] +ssl_conf = 10-resumption-ssl + +[10-resumption-ssl] +server = 10-resumption-server +client = 10-resumption-client +resume-server = 10-resumption-server +resume-client = 10-resumption-resume-client + +[10-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-resumption-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[10-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedProtocol = DTLSv1.2 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[11-resumption] +ssl_conf = 11-resumption-ssl + +[11-resumption-ssl] +server = 11-resumption-server +client = 11-resumption-client +resume-server = 11-resumption-server +resume-client = 11-resumption-resume-client + +[11-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-resumption-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[11-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedProtocol = DTLSv1.2 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[12-resumption] +ssl_conf = 12-resumption-ssl + +[12-resumption-ssl] +server = 12-resumption-server +client = 12-resumption-client +resume-server = 12-resumption-server +resume-client = 12-resumption-resume-client + +[12-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-resumption-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[12-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedProtocol = DTLSv1 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[13-resumption] +ssl_conf = 13-resumption-ssl + +[13-resumption-ssl] +server = 13-resumption-server +client = 13-resumption-client +resume-server = 13-resumption-server +resume-client = 13-resumption-resume-client + +[13-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-resumption-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[13-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedProtocol = DTLSv1 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[14-resumption] +ssl_conf = 14-resumption-ssl + +[14-resumption-ssl] +server = 14-resumption-server +client = 14-resumption-client +resume-server = 14-resumption-server +resume-client = 14-resumption-resume-client + +[14-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-resumption-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[14-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedProtocol = DTLSv1.2 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = Yes + + +# =========================================================== + +[15-resumption] +ssl_conf = 15-resumption-ssl + +[15-resumption-ssl] +server = 15-resumption-server +client = 15-resumption-client +resume-server = 15-resumption-server +resume-client = 15-resumption-resume-client + +[15-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-resumption-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[15-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedProtocol = DTLSv1.2 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = Yes + + diff --git a/openssl-1.1.0h/test/ssl-tests/11-dtls_resumption.conf.in b/openssl-1.1.0h/test/ssl-tests/11-dtls_resumption.conf.in new file mode 100644 index 0000000..16dec1d --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/11-dtls_resumption.conf.in @@ -0,0 +1,19 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test version negotiation upon resumption. + +use strict; +use warnings; + +package ssltests; + +use protocol_version; + +our @tests = generate_resumption_tests("DTLS"); diff --git a/openssl-1.1.0h/test/ssl-tests/12-ct.conf b/openssl-1.1.0h/test/ssl-tests/12-ct.conf new file mode 100644 index 0000000..2e6e9de --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/12-ct.conf @@ -0,0 +1,191 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 6 + +test-0 = 0-ct-permissive-without-scts +test-1 = 1-ct-permissive-with-scts +test-2 = 2-ct-strict-without-scts +test-3 = 3-ct-strict-with-scts +test-4 = 4-ct-permissive-resumption +test-5 = 5-ct-strict-resumption +# =========================================================== + +[0-ct-permissive-without-scts] +ssl_conf = 0-ct-permissive-without-scts-ssl + +[0-ct-permissive-without-scts-ssl] +server = 0-ct-permissive-without-scts-server +client = 0-ct-permissive-without-scts-client + +[0-ct-permissive-without-scts-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-ct-permissive-without-scts-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +client = 0-ct-permissive-without-scts-client-extra + +[0-ct-permissive-without-scts-client-extra] +CTValidation = Permissive + + +# =========================================================== + +[1-ct-permissive-with-scts] +ssl_conf = 1-ct-permissive-with-scts-ssl + +[1-ct-permissive-with-scts-ssl] +server = 1-ct-permissive-with-scts-server +client = 1-ct-permissive-with-scts-client + +[1-ct-permissive-with-scts-server] +Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem + +[1-ct-permissive-with-scts-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success +client = 1-ct-permissive-with-scts-client-extra + +[1-ct-permissive-with-scts-client-extra] +CTValidation = Permissive + + +# =========================================================== + +[2-ct-strict-without-scts] +ssl_conf = 2-ct-strict-without-scts-ssl + +[2-ct-strict-without-scts-ssl] +server = 2-ct-strict-without-scts-server +client = 2-ct-strict-without-scts-client + +[2-ct-strict-without-scts-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-ct-strict-without-scts-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedClientAlert = HandshakeFailure +ExpectedResult = ClientFail +client = 2-ct-strict-without-scts-client-extra + +[2-ct-strict-without-scts-client-extra] +CTValidation = Strict + + +# =========================================================== + +[3-ct-strict-with-scts] +ssl_conf = 3-ct-strict-with-scts-ssl + +[3-ct-strict-with-scts-ssl] +server = 3-ct-strict-with-scts-server +client = 3-ct-strict-with-scts-client + +[3-ct-strict-with-scts-server] +Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem + +[3-ct-strict-with-scts-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +client = 3-ct-strict-with-scts-client-extra + +[3-ct-strict-with-scts-client-extra] +CTValidation = Strict + + +# =========================================================== + +[4-ct-permissive-resumption] +ssl_conf = 4-ct-permissive-resumption-ssl + +[4-ct-permissive-resumption-ssl] +server = 4-ct-permissive-resumption-server +client = 4-ct-permissive-resumption-client +resume-server = 4-ct-permissive-resumption-server +resume-client = 4-ct-permissive-resumption-client + +[4-ct-permissive-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem + +[4-ct-permissive-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success +HandshakeMode = Resume +ResumptionExpected = Yes +client = 4-ct-permissive-resumption-client-extra +resume-client = 4-ct-permissive-resumption-client-extra + +[4-ct-permissive-resumption-client-extra] +CTValidation = Permissive + + +# =========================================================== + +[5-ct-strict-resumption] +ssl_conf = 5-ct-strict-resumption-ssl + +[5-ct-strict-resumption-ssl] +server = 5-ct-strict-resumption-server +client = 5-ct-strict-resumption-client +resume-server = 5-ct-strict-resumption-server +resume-client = 5-ct-strict-resumption-resume-client + +[5-ct-strict-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem + +[5-ct-strict-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem +VerifyMode = Peer + +[5-ct-strict-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = Success +HandshakeMode = Resume +ResumptionExpected = Yes +client = 5-ct-strict-resumption-client-extra +resume-client = 5-ct-strict-resumption-resume-client-extra + +[5-ct-strict-resumption-client-extra] +CTValidation = Strict + +[5-ct-strict-resumption-resume-client-extra] +CTValidation = Strict + + diff --git a/openssl-1.1.0h/test/ssl-tests/12-ct.conf.in b/openssl-1.1.0h/test/ssl-tests/12-ct.conf.in new file mode 100644 index 0000000..d412dfd --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/12-ct.conf.in @@ -0,0 +1,119 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test CT support + +use strict; +use warnings; + +package ssltests; + + +our @tests = ( + { + name => "ct-permissive-without-scts", + server => { }, + client => { + extra => { + "CTValidation" => "Permissive", + }, + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "ct-permissive-with-scts", + server => { + "Certificate" => test_pem("embeddedSCTs1.pem"), + "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), + }, + client => { + "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), + extra => { + "CTValidation" => "Permissive", + }, + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "ct-strict-without-scts", + server => { }, + client => { + extra => { + "CTValidation" => "Strict", + }, + }, + test => { + "ExpectedResult" => "ClientFail", + "ExpectedClientAlert" => "HandshakeFailure", + }, + }, + { + name => "ct-strict-with-scts", + server => { + "Certificate" => test_pem("embeddedSCTs1.pem"), + "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), + }, + client => { + "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), + extra => { + "CTValidation" => "Strict", + }, + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "ct-permissive-resumption", + server => { + "Certificate" => test_pem("embeddedSCTs1.pem"), + "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), + }, + client => { + "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), + extra => { + "CTValidation" => "Permissive", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedResult" => "Success", + }, + }, + { + name => "ct-strict-resumption", + server => { + "Certificate" => test_pem("embeddedSCTs1.pem"), + "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), + }, + client => { + "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), + extra => { + "CTValidation" => "Strict", + }, + }, + # SCTs are not present during resumption, so the resumption + # should succeed. + resume_client => { + extra => { + "CTValidation" => "Strict", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedResult" => "Success", + }, + }, +); diff --git a/openssl-1.1.0h/test/ssl-tests/13-fragmentation.conf b/openssl-1.1.0h/test/ssl-tests/13-fragmentation.conf new file mode 100644 index 0000000..4c1e9e2 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/13-fragmentation.conf @@ -0,0 +1,397 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 16 + +test-0 = 0-one-fragment-minus-app-data +test-1 = 1-one-fragment-app-data +test-2 = 2-one-fragment-plus-app-data +test-3 = 3-small-app-data +test-4 = 4-small-app-data-large-fragment-size +test-5 = 5-medium-app-data +test-6 = 6-medium-plus-app-data +test-7 = 7-large-app-data +test-8 = 8-large-app-data-large-fragment-size +test-9 = 9-large-app-data-odd-fragment-size +test-10 = 10-large-app-data-aes-sha1-multibuffer +test-11 = 11-large-app-data-aes-sha2-multibuffer +test-12 = 12-large-app-data-aes-sha1-multibuffer-odd-fragment +test-13 = 13-large-app-data-aes-sha2-multibuffer-odd-fragment +test-14 = 14-small-app-data-aes-sha1-multibuffer +test-15 = 15-small-app-data-aes-sha2-multibuffer +# =========================================================== + +[0-one-fragment-minus-app-data] +ssl_conf = 0-one-fragment-minus-app-data-ssl + +[0-one-fragment-minus-app-data-ssl] +server = 0-one-fragment-minus-app-data-server +client = 0-one-fragment-minus-app-data-client + +[0-one-fragment-minus-app-data-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-one-fragment-minus-app-data-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ApplicationData = 511 + + +# =========================================================== + +[1-one-fragment-app-data] +ssl_conf = 1-one-fragment-app-data-ssl + +[1-one-fragment-app-data-ssl] +server = 1-one-fragment-app-data-server +client = 1-one-fragment-app-data-client + +[1-one-fragment-app-data-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-one-fragment-app-data-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ApplicationData = 512 + + +# =========================================================== + +[2-one-fragment-plus-app-data] +ssl_conf = 2-one-fragment-plus-app-data-ssl + +[2-one-fragment-plus-app-data-ssl] +server = 2-one-fragment-plus-app-data-server +client = 2-one-fragment-plus-app-data-client + +[2-one-fragment-plus-app-data-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-one-fragment-plus-app-data-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ApplicationData = 513 + + +# =========================================================== + +[3-small-app-data] +ssl_conf = 3-small-app-data-ssl + +[3-small-app-data-ssl] +server = 3-small-app-data-server +client = 3-small-app-data-client + +[3-small-app-data-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-small-app-data-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ApplicationData = 4097 + + +# =========================================================== + +[4-small-app-data-large-fragment-size] +ssl_conf = 4-small-app-data-large-fragment-size-ssl + +[4-small-app-data-large-fragment-size-ssl] +server = 4-small-app-data-large-fragment-size-server +client = 4-small-app-data-large-fragment-size-client + +[4-small-app-data-large-fragment-size-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-small-app-data-large-fragment-size-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ApplicationData = 4097 +MaxFragmentSize = 16384 + + +# =========================================================== + +[5-medium-app-data] +ssl_conf = 5-medium-app-data-ssl + +[5-medium-app-data-ssl] +server = 5-medium-app-data-server +client = 5-medium-app-data-client + +[5-medium-app-data-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-medium-app-data-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ApplicationData = 32775 + + +# =========================================================== + +[6-medium-plus-app-data] +ssl_conf = 6-medium-plus-app-data-ssl + +[6-medium-plus-app-data-ssl] +server = 6-medium-plus-app-data-server +client = 6-medium-plus-app-data-client + +[6-medium-plus-app-data-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-medium-plus-app-data-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ApplicationData = 131069 + + +# =========================================================== + +[7-large-app-data] +ssl_conf = 7-large-app-data-ssl + +[7-large-app-data-ssl] +server = 7-large-app-data-server +client = 7-large-app-data-client + +[7-large-app-data-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-large-app-data-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ApplicationData = 1048576 + + +# =========================================================== + +[8-large-app-data-large-fragment-size] +ssl_conf = 8-large-app-data-large-fragment-size-ssl + +[8-large-app-data-large-fragment-size-ssl] +server = 8-large-app-data-large-fragment-size-server +client = 8-large-app-data-large-fragment-size-client + +[8-large-app-data-large-fragment-size-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-large-app-data-large-fragment-size-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ApplicationData = 1048576 +MaxFragmentSize = 16384 + + +# =========================================================== + +[9-large-app-data-odd-fragment-size] +ssl_conf = 9-large-app-data-odd-fragment-size-ssl + +[9-large-app-data-odd-fragment-size-ssl] +server = 9-large-app-data-odd-fragment-size-server +client = 9-large-app-data-odd-fragment-size-client + +[9-large-app-data-odd-fragment-size-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-large-app-data-odd-fragment-size-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ApplicationData = 1048576 +MaxFragmentSize = 5115 + + +# =========================================================== + +[10-large-app-data-aes-sha1-multibuffer] +ssl_conf = 10-large-app-data-aes-sha1-multibuffer-ssl + +[10-large-app-data-aes-sha1-multibuffer-ssl] +server = 10-large-app-data-aes-sha1-multibuffer-server +client = 10-large-app-data-aes-sha1-multibuffer-client + +[10-large-app-data-aes-sha1-multibuffer-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-large-app-data-aes-sha1-multibuffer-client] +CipherString = AES128-SHA +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ApplicationData = 1048576 +MaxFragmentSize = 4096 + + +# =========================================================== + +[11-large-app-data-aes-sha2-multibuffer] +ssl_conf = 11-large-app-data-aes-sha2-multibuffer-ssl + +[11-large-app-data-aes-sha2-multibuffer-ssl] +server = 11-large-app-data-aes-sha2-multibuffer-server +client = 11-large-app-data-aes-sha2-multibuffer-client + +[11-large-app-data-aes-sha2-multibuffer-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-large-app-data-aes-sha2-multibuffer-client] +CipherString = AES128-SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ApplicationData = 1048576 +MaxFragmentSize = 4096 + + +# =========================================================== + +[12-large-app-data-aes-sha1-multibuffer-odd-fragment] +ssl_conf = 12-large-app-data-aes-sha1-multibuffer-odd-fragment-ssl + +[12-large-app-data-aes-sha1-multibuffer-odd-fragment-ssl] +server = 12-large-app-data-aes-sha1-multibuffer-odd-fragment-server +client = 12-large-app-data-aes-sha1-multibuffer-odd-fragment-client + +[12-large-app-data-aes-sha1-multibuffer-odd-fragment-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-large-app-data-aes-sha1-multibuffer-odd-fragment-client] +CipherString = AES128-SHA +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ApplicationData = 1048579 +MaxFragmentSize = 5115 + + +# =========================================================== + +[13-large-app-data-aes-sha2-multibuffer-odd-fragment] +ssl_conf = 13-large-app-data-aes-sha2-multibuffer-odd-fragment-ssl + +[13-large-app-data-aes-sha2-multibuffer-odd-fragment-ssl] +server = 13-large-app-data-aes-sha2-multibuffer-odd-fragment-server +client = 13-large-app-data-aes-sha2-multibuffer-odd-fragment-client + +[13-large-app-data-aes-sha2-multibuffer-odd-fragment-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-large-app-data-aes-sha2-multibuffer-odd-fragment-client] +CipherString = AES128-SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ApplicationData = 1048573 +MaxFragmentSize = 5125 + + +# =========================================================== + +[14-small-app-data-aes-sha1-multibuffer] +ssl_conf = 14-small-app-data-aes-sha1-multibuffer-ssl + +[14-small-app-data-aes-sha1-multibuffer-ssl] +server = 14-small-app-data-aes-sha1-multibuffer-server +client = 14-small-app-data-aes-sha1-multibuffer-client + +[14-small-app-data-aes-sha1-multibuffer-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-small-app-data-aes-sha1-multibuffer-client] +CipherString = AES128-SHA +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ApplicationData = 4096 +MaxFragmentSize = 4096 + + +# =========================================================== + +[15-small-app-data-aes-sha2-multibuffer] +ssl_conf = 15-small-app-data-aes-sha2-multibuffer-ssl + +[15-small-app-data-aes-sha2-multibuffer-ssl] +server = 15-small-app-data-aes-sha2-multibuffer-server +client = 15-small-app-data-aes-sha2-multibuffer-client + +[15-small-app-data-aes-sha2-multibuffer-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-small-app-data-aes-sha2-multibuffer-client] +CipherString = AES128-SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ApplicationData = 4096 +MaxFragmentSize = 4096 + + diff --git a/openssl-1.1.0h/test/ssl-tests/13-fragmentation.conf.in b/openssl-1.1.0h/test/ssl-tests/13-fragmentation.conf.in new file mode 100644 index 0000000..6c2501b --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/13-fragmentation.conf.in @@ -0,0 +1,181 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test packet fragmentation + +use strict; +use warnings; + +package ssltests; + + +our @tests = ( + # Default fragment size is 512. + { + name => "one-fragment-minus-app-data", + server => { }, + client => { }, + test => { + ApplicationData => 511, + } + }, + { + name => "one-fragment-app-data", + server => { }, + client => { }, + test => { + ApplicationData => 512, + } + }, + { + name => "one-fragment-plus-app-data", + server => { }, + client => { }, + test => { + ApplicationData => 513, + } + }, + { + name => "small-app-data", + server => { }, + client => { }, + test => { + ApplicationData => 4 * 1024 + 1, + } + }, + { + name => "small-app-data-large-fragment-size", + server => { }, + client => { }, + test => { + ApplicationData => 4 * 1024 + 1, + MaxFragmentSize => 16384, + } + }, + { + name => "medium-app-data", + server => { }, + client => { }, + test => { + ApplicationData => 32 * 1024 + 7, + } + }, + # Exceeds the 64kB write buffer size. + { + name => "medium-plus-app-data", + server => { }, + client => { }, + test => { + ApplicationData => 128 * 1024 - 3, + } + }, + { + name => "large-app-data", + server => { }, + client => { }, + test => { + ApplicationData => 1024 * 1024, + } + }, + { + name => "large-app-data-large-fragment-size", + server => { }, + client => { }, + test => { + ApplicationData => 1024 * 1024, + MaxFragmentSize => 16384, + } + }, + { + name => "large-app-data-odd-fragment-size", + server => { }, + client => { }, + test => { + ApplicationData => 1024 * 1024, + MaxFragmentSize => 5 * 1024 - 5, + } + }, + # When the buffer / fragment size ratio is sufficiently large, + # multi-buffer code kicks in on some platforms for AES-SHA. The + # exact minimum ratio depends on the platform, and is usually + # around 4. Since the the test buffer is 64kB, a 4kB fragment is + # easily sufficient. + # + # (We run this test on all platforms though it's only true multibuffer + # on some of them.) + { + name => "large-app-data-aes-sha1-multibuffer", + server => { }, + client => { + CipherString => "AES128-SHA", + }, + test => { + ApplicationData => 1024 * 1024, + MaxFragmentSize => 4 * 1024, + } + }, + { + name => "large-app-data-aes-sha2-multibuffer", + server => { }, + client => { + CipherString => "AES128-SHA256", + }, + test => { + ApplicationData => 1024 * 1024, + MaxFragmentSize => 4 * 1024, + } + }, + { + name => "large-app-data-aes-sha1-multibuffer-odd-fragment", + server => { }, + client => { + CipherString => "AES128-SHA", + }, + test => { + ApplicationData => 1024 * 1024 + 3, + MaxFragmentSize => 5 * 1024 - 5, + } + }, + { + name => "large-app-data-aes-sha2-multibuffer-odd-fragment", + server => { }, + client => { + CipherString => "AES128-SHA256", + }, + test => { + ApplicationData => 1024 * 1024 - 3, + MaxFragmentSize => 5 * 1024 + 5, + } + }, + # Test that multibuffer-capable code also handles small data correctly. + # Here fragment size == app data size < buffer size, + # so no multibuffering should happen. + { + name => "small-app-data-aes-sha1-multibuffer", + server => { }, + client => { + CipherString => "AES128-SHA", + }, + test => { + ApplicationData => 4 * 1024, + MaxFragmentSize => 4 * 1024, + } + }, + { + name => "small-app-data-aes-sha2-multibuffer", + server => { }, + client => { + CipherString => "AES128-SHA256", + }, + test => { + ApplicationData => 4 * 1024, + MaxFragmentSize => 4 * 1024, + } + }, +); diff --git a/openssl-1.1.0h/test/ssl-tests/14-curves.conf b/openssl-1.1.0h/test/ssl-tests/14-curves.conf new file mode 100644 index 0000000..7f7ac4b --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/14-curves.conf @@ -0,0 +1,787 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 29 + +test-0 = 0-curve-sect163k1 +test-1 = 1-curve-sect163r1 +test-2 = 2-curve-sect163r2 +test-3 = 3-curve-sect193r1 +test-4 = 4-curve-sect193r2 +test-5 = 5-curve-sect233k1 +test-6 = 6-curve-sect233r1 +test-7 = 7-curve-sect239k1 +test-8 = 8-curve-sect283k1 +test-9 = 9-curve-sect283r1 +test-10 = 10-curve-sect409k1 +test-11 = 11-curve-sect409r1 +test-12 = 12-curve-sect571k1 +test-13 = 13-curve-sect571r1 +test-14 = 14-curve-secp160k1 +test-15 = 15-curve-secp160r1 +test-16 = 16-curve-secp160r2 +test-17 = 17-curve-secp192k1 +test-18 = 18-curve-prime192v1 +test-19 = 19-curve-secp224k1 +test-20 = 20-curve-secp224r1 +test-21 = 21-curve-secp256k1 +test-22 = 22-curve-prime256v1 +test-23 = 23-curve-secp384r1 +test-24 = 24-curve-secp521r1 +test-25 = 25-curve-brainpoolP256r1 +test-26 = 26-curve-brainpoolP384r1 +test-27 = 27-curve-brainpoolP512r1 +test-28 = 28-curve-X25519 +# =========================================================== + +[0-curve-sect163k1] +ssl_conf = 0-curve-sect163k1-ssl + +[0-curve-sect163k1-ssl] +server = 0-curve-sect163k1-server +client = 0-curve-sect163k1-client + +[0-curve-sect163k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect163k1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-curve-sect163k1-client] +CipherString = ECDHE +Curves = sect163k1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +ExpectedTmpKeyType = sect163k1 + + +# =========================================================== + +[1-curve-sect163r1] +ssl_conf = 1-curve-sect163r1-ssl + +[1-curve-sect163r1-ssl] +server = 1-curve-sect163r1-server +client = 1-curve-sect163r1-client + +[1-curve-sect163r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect163r1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-curve-sect163r1-client] +CipherString = ECDHE +Curves = sect163r1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success +ExpectedTmpKeyType = sect163r1 + + +# =========================================================== + +[2-curve-sect163r2] +ssl_conf = 2-curve-sect163r2-ssl + +[2-curve-sect163r2-ssl] +server = 2-curve-sect163r2-server +client = 2-curve-sect163r2-client + +[2-curve-sect163r2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect163r2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-curve-sect163r2-client] +CipherString = ECDHE +Curves = sect163r2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success +ExpectedTmpKeyType = sect163r2 + + +# =========================================================== + +[3-curve-sect193r1] +ssl_conf = 3-curve-sect193r1-ssl + +[3-curve-sect193r1-ssl] +server = 3-curve-sect193r1-server +client = 3-curve-sect193r1-client + +[3-curve-sect193r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect193r1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-curve-sect193r1-client] +CipherString = ECDHE +Curves = sect193r1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +ExpectedTmpKeyType = sect193r1 + + +# =========================================================== + +[4-curve-sect193r2] +ssl_conf = 4-curve-sect193r2-ssl + +[4-curve-sect193r2-ssl] +server = 4-curve-sect193r2-server +client = 4-curve-sect193r2-client + +[4-curve-sect193r2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect193r2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-curve-sect193r2-client] +CipherString = ECDHE +Curves = sect193r2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success +ExpectedTmpKeyType = sect193r2 + + +# =========================================================== + +[5-curve-sect233k1] +ssl_conf = 5-curve-sect233k1-ssl + +[5-curve-sect233k1-ssl] +server = 5-curve-sect233k1-server +client = 5-curve-sect233k1-client + +[5-curve-sect233k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect233k1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-curve-sect233k1-client] +CipherString = ECDHE +Curves = sect233k1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = Success +ExpectedTmpKeyType = sect233k1 + + +# =========================================================== + +[6-curve-sect233r1] +ssl_conf = 6-curve-sect233r1-ssl + +[6-curve-sect233r1-ssl] +server = 6-curve-sect233r1-server +client = 6-curve-sect233r1-client + +[6-curve-sect233r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect233r1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-curve-sect233r1-client] +CipherString = ECDHE +Curves = sect233r1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = Success +ExpectedTmpKeyType = sect233r1 + + +# =========================================================== + +[7-curve-sect239k1] +ssl_conf = 7-curve-sect239k1-ssl + +[7-curve-sect239k1-ssl] +server = 7-curve-sect239k1-server +client = 7-curve-sect239k1-client + +[7-curve-sect239k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect239k1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-curve-sect239k1-client] +CipherString = ECDHE +Curves = sect239k1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = Success +ExpectedTmpKeyType = sect239k1 + + +# =========================================================== + +[8-curve-sect283k1] +ssl_conf = 8-curve-sect283k1-ssl + +[8-curve-sect283k1-ssl] +server = 8-curve-sect283k1-server +client = 8-curve-sect283k1-client + +[8-curve-sect283k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect283k1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-curve-sect283k1-client] +CipherString = ECDHE +Curves = sect283k1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedResult = Success +ExpectedTmpKeyType = sect283k1 + + +# =========================================================== + +[9-curve-sect283r1] +ssl_conf = 9-curve-sect283r1-ssl + +[9-curve-sect283r1-ssl] +server = 9-curve-sect283r1-server +client = 9-curve-sect283r1-client + +[9-curve-sect283r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect283r1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-curve-sect283r1-client] +CipherString = ECDHE +Curves = sect283r1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedResult = Success +ExpectedTmpKeyType = sect283r1 + + +# =========================================================== + +[10-curve-sect409k1] +ssl_conf = 10-curve-sect409k1-ssl + +[10-curve-sect409k1-ssl] +server = 10-curve-sect409k1-server +client = 10-curve-sect409k1-client + +[10-curve-sect409k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect409k1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-curve-sect409k1-client] +CipherString = ECDHE +Curves = sect409k1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedResult = Success +ExpectedTmpKeyType = sect409k1 + + +# =========================================================== + +[11-curve-sect409r1] +ssl_conf = 11-curve-sect409r1-ssl + +[11-curve-sect409r1-ssl] +server = 11-curve-sect409r1-server +client = 11-curve-sect409r1-client + +[11-curve-sect409r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect409r1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-curve-sect409r1-client] +CipherString = ECDHE +Curves = sect409r1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedResult = Success +ExpectedTmpKeyType = sect409r1 + + +# =========================================================== + +[12-curve-sect571k1] +ssl_conf = 12-curve-sect571k1-ssl + +[12-curve-sect571k1-ssl] +server = 12-curve-sect571k1-server +client = 12-curve-sect571k1-client + +[12-curve-sect571k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect571k1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-curve-sect571k1-client] +CipherString = ECDHE +Curves = sect571k1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedResult = Success +ExpectedTmpKeyType = sect571k1 + + +# =========================================================== + +[13-curve-sect571r1] +ssl_conf = 13-curve-sect571r1-ssl + +[13-curve-sect571r1-ssl] +server = 13-curve-sect571r1-server +client = 13-curve-sect571r1-client + +[13-curve-sect571r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect571r1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-curve-sect571r1-client] +CipherString = ECDHE +Curves = sect571r1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedResult = Success +ExpectedTmpKeyType = sect571r1 + + +# =========================================================== + +[14-curve-secp160k1] +ssl_conf = 14-curve-secp160k1-ssl + +[14-curve-secp160k1-ssl] +server = 14-curve-secp160k1-server +client = 14-curve-secp160k1-client + +[14-curve-secp160k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp160k1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-curve-secp160k1-client] +CipherString = ECDHE +Curves = secp160k1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedResult = Success +ExpectedTmpKeyType = secp160k1 + + +# =========================================================== + +[15-curve-secp160r1] +ssl_conf = 15-curve-secp160r1-ssl + +[15-curve-secp160r1-ssl] +server = 15-curve-secp160r1-server +client = 15-curve-secp160r1-client + +[15-curve-secp160r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp160r1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-curve-secp160r1-client] +CipherString = ECDHE +Curves = secp160r1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedResult = Success +ExpectedTmpKeyType = secp160r1 + + +# =========================================================== + +[16-curve-secp160r2] +ssl_conf = 16-curve-secp160r2-ssl + +[16-curve-secp160r2-ssl] +server = 16-curve-secp160r2-server +client = 16-curve-secp160r2-client + +[16-curve-secp160r2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp160r2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-curve-secp160r2-client] +CipherString = ECDHE +Curves = secp160r2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +ExpectedResult = Success +ExpectedTmpKeyType = secp160r2 + + +# =========================================================== + +[17-curve-secp192k1] +ssl_conf = 17-curve-secp192k1-ssl + +[17-curve-secp192k1-ssl] +server = 17-curve-secp192k1-server +client = 17-curve-secp192k1-client + +[17-curve-secp192k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp192k1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[17-curve-secp192k1-client] +CipherString = ECDHE +Curves = secp192k1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-17] +ExpectedResult = Success +ExpectedTmpKeyType = secp192k1 + + +# =========================================================== + +[18-curve-prime192v1] +ssl_conf = 18-curve-prime192v1-ssl + +[18-curve-prime192v1-ssl] +server = 18-curve-prime192v1-server +client = 18-curve-prime192v1-client + +[18-curve-prime192v1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = prime192v1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-curve-prime192v1-client] +CipherString = ECDHE +Curves = prime192v1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-18] +ExpectedResult = Success +ExpectedTmpKeyType = prime192v1 + + +# =========================================================== + +[19-curve-secp224k1] +ssl_conf = 19-curve-secp224k1-ssl + +[19-curve-secp224k1-ssl] +server = 19-curve-secp224k1-server +client = 19-curve-secp224k1-client + +[19-curve-secp224k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp224k1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-curve-secp224k1-client] +CipherString = ECDHE +Curves = secp224k1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-19] +ExpectedResult = Success +ExpectedTmpKeyType = secp224k1 + + +# =========================================================== + +[20-curve-secp224r1] +ssl_conf = 20-curve-secp224r1-ssl + +[20-curve-secp224r1-ssl] +server = 20-curve-secp224r1-server +client = 20-curve-secp224r1-client + +[20-curve-secp224r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp224r1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[20-curve-secp224r1-client] +CipherString = ECDHE +Curves = secp224r1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-20] +ExpectedResult = Success +ExpectedTmpKeyType = secp224r1 + + +# =========================================================== + +[21-curve-secp256k1] +ssl_conf = 21-curve-secp256k1-ssl + +[21-curve-secp256k1-ssl] +server = 21-curve-secp256k1-server +client = 21-curve-secp256k1-client + +[21-curve-secp256k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp256k1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[21-curve-secp256k1-client] +CipherString = ECDHE +Curves = secp256k1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-21] +ExpectedResult = Success +ExpectedTmpKeyType = secp256k1 + + +# =========================================================== + +[22-curve-prime256v1] +ssl_conf = 22-curve-prime256v1-ssl + +[22-curve-prime256v1-ssl] +server = 22-curve-prime256v1-server +client = 22-curve-prime256v1-client + +[22-curve-prime256v1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = prime256v1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[22-curve-prime256v1-client] +CipherString = ECDHE +Curves = prime256v1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-22] +ExpectedResult = Success +ExpectedTmpKeyType = prime256v1 + + +# =========================================================== + +[23-curve-secp384r1] +ssl_conf = 23-curve-secp384r1-ssl + +[23-curve-secp384r1-ssl] +server = 23-curve-secp384r1-server +client = 23-curve-secp384r1-client + +[23-curve-secp384r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp384r1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[23-curve-secp384r1-client] +CipherString = ECDHE +Curves = secp384r1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-23] +ExpectedResult = Success +ExpectedTmpKeyType = secp384r1 + + +# =========================================================== + +[24-curve-secp521r1] +ssl_conf = 24-curve-secp521r1-ssl + +[24-curve-secp521r1-ssl] +server = 24-curve-secp521r1-server +client = 24-curve-secp521r1-client + +[24-curve-secp521r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp521r1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[24-curve-secp521r1-client] +CipherString = ECDHE +Curves = secp521r1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-24] +ExpectedResult = Success +ExpectedTmpKeyType = secp521r1 + + +# =========================================================== + +[25-curve-brainpoolP256r1] +ssl_conf = 25-curve-brainpoolP256r1-ssl + +[25-curve-brainpoolP256r1-ssl] +server = 25-curve-brainpoolP256r1-server +client = 25-curve-brainpoolP256r1-client + +[25-curve-brainpoolP256r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = brainpoolP256r1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[25-curve-brainpoolP256r1-client] +CipherString = ECDHE +Curves = brainpoolP256r1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-25] +ExpectedResult = Success +ExpectedTmpKeyType = brainpoolP256r1 + + +# =========================================================== + +[26-curve-brainpoolP384r1] +ssl_conf = 26-curve-brainpoolP384r1-ssl + +[26-curve-brainpoolP384r1-ssl] +server = 26-curve-brainpoolP384r1-server +client = 26-curve-brainpoolP384r1-client + +[26-curve-brainpoolP384r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = brainpoolP384r1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[26-curve-brainpoolP384r1-client] +CipherString = ECDHE +Curves = brainpoolP384r1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-26] +ExpectedResult = Success +ExpectedTmpKeyType = brainpoolP384r1 + + +# =========================================================== + +[27-curve-brainpoolP512r1] +ssl_conf = 27-curve-brainpoolP512r1-ssl + +[27-curve-brainpoolP512r1-ssl] +server = 27-curve-brainpoolP512r1-server +client = 27-curve-brainpoolP512r1-client + +[27-curve-brainpoolP512r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = brainpoolP512r1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[27-curve-brainpoolP512r1-client] +CipherString = ECDHE +Curves = brainpoolP512r1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-27] +ExpectedResult = Success +ExpectedTmpKeyType = brainpoolP512r1 + + +# =========================================================== + +[28-curve-X25519] +ssl_conf = 28-curve-X25519-ssl + +[28-curve-X25519-ssl] +server = 28-curve-X25519-server +client = 28-curve-X25519-client + +[28-curve-X25519-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = X25519 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[28-curve-X25519-client] +CipherString = ECDHE +Curves = X25519 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-28] +ExpectedResult = Success +ExpectedTmpKeyType = X25519 + + diff --git a/openssl-1.1.0h/test/ssl-tests/14-curves.conf.in b/openssl-1.1.0h/test/ssl-tests/14-curves.conf.in new file mode 100644 index 0000000..0b7c09c --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/14-curves.conf.in @@ -0,0 +1,44 @@ +# -*- mode: perl; -*- + +## SSL test configurations + +package ssltests; + +use strict; +use warnings; + +use OpenSSL::Test; +use OpenSSL::Test::Utils qw(anydisabled); + +my @curves = ("sect163k1", "sect163r1", "sect163r2", "sect193r1", + "sect193r2", "sect233k1", "sect233r1", "sect239k1", + "sect283k1", "sect283r1", "sect409k1", "sect409r1", + "sect571k1", "sect571r1", "secp160k1", "secp160r1", + "secp160r2", "secp192k1", "prime192v1", "secp224k1", + "secp224r1", "secp256k1", "prime256v1", "secp384r1", + "secp521r1", "brainpoolP256r1", "brainpoolP384r1", + "brainpoolP512r1", "X25519"); + +our @tests = (); + +sub generate_tests() { + foreach (0..$#curves) { + my $curve = $curves[$_]; + push @tests, { + name => "curve-${curve}", + server => { + "Curves" => $curve + }, + client => { + "CipherString" => "ECDHE", + "Curves" => $curve + }, + test => { + "ExpectedTmpKeyType" => $curve, + "ExpectedResult" => "Success" + }, + }; + } +} + +generate_tests(); diff --git a/openssl-1.1.0h/test/ssl-tests/15-certstatus.conf b/openssl-1.1.0h/test/ssl-tests/15-certstatus.conf new file mode 100644 index 0000000..bf6c41c --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/15-certstatus.conf @@ -0,0 +1,62 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 2 + +test-0 = 0-certstatus-good +test-1 = 1-certstatus-bad +# =========================================================== + +[0-certstatus-good] +ssl_conf = 0-certstatus-good-ssl + +[0-certstatus-good-ssl] +server = 0-certstatus-good-server +client = 0-certstatus-good-client + +[0-certstatus-good-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-certstatus-good-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +Method = TLS +server = 0-certstatus-good-server-extra + +[0-certstatus-good-server-extra] +CertStatus = GoodResponse + + +# =========================================================== + +[1-certstatus-bad] +ssl_conf = 1-certstatus-bad-ssl + +[1-certstatus-bad-ssl] +server = 1-certstatus-bad-server +client = 1-certstatus-bad-client + +[1-certstatus-bad-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-certstatus-bad-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = ClientFail +Method = TLS +server = 1-certstatus-bad-server-extra + +[1-certstatus-bad-server-extra] +CertStatus = BadResponse + + diff --git a/openssl-1.1.0h/test/ssl-tests/15-certstatus.conf.in b/openssl-1.1.0h/test/ssl-tests/15-certstatus.conf.in new file mode 100644 index 0000000..074602d --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/15-certstatus.conf.in @@ -0,0 +1,45 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test CertStatus messages + +use strict; +use warnings; + +package ssltests; + + +our @tests = ( + { + name => "certstatus-good", + server => { + extra => { + "CertStatus" => "GoodResponse", + }, + }, + client => {}, + test => { + "Method" => "TLS", + "ExpectedResult" => "Success" + } + }, + { + name => "certstatus-bad", + server => { + extra => { + "CertStatus" => "BadResponse", + }, + }, + client => {}, + test => { + "Method" => "TLS", + "ExpectedResult" => "ClientFail" + } + }, +); diff --git a/openssl-1.1.0h/test/ssl-tests/16-certstatus.conf b/openssl-1.1.0h/test/ssl-tests/16-certstatus.conf new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/16-certstatus.conf diff --git a/openssl-1.1.0h/test/ssl-tests/16-dtls-certstatus.conf b/openssl-1.1.0h/test/ssl-tests/16-dtls-certstatus.conf new file mode 100644 index 0000000..a561803 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/16-dtls-certstatus.conf @@ -0,0 +1,62 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 2 + +test-0 = 0-certstatus-good +test-1 = 1-certstatus-bad +# =========================================================== + +[0-certstatus-good] +ssl_conf = 0-certstatus-good-ssl + +[0-certstatus-good-ssl] +server = 0-certstatus-good-server +client = 0-certstatus-good-client + +[0-certstatus-good-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-certstatus-good-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +Method = DTLS +server = 0-certstatus-good-server-extra + +[0-certstatus-good-server-extra] +CertStatus = GoodResponse + + +# =========================================================== + +[1-certstatus-bad] +ssl_conf = 1-certstatus-bad-ssl + +[1-certstatus-bad-ssl] +server = 1-certstatus-bad-server +client = 1-certstatus-bad-client + +[1-certstatus-bad-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-certstatus-bad-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = ClientFail +Method = DTLS +server = 1-certstatus-bad-server-extra + +[1-certstatus-bad-server-extra] +CertStatus = BadResponse + + diff --git a/openssl-1.1.0h/test/ssl-tests/16-dtls-certstatus.conf.in b/openssl-1.1.0h/test/ssl-tests/16-dtls-certstatus.conf.in new file mode 100644 index 0000000..7280029 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/16-dtls-certstatus.conf.in @@ -0,0 +1,45 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test DTLS CertStatus messages + +use strict; +use warnings; + +package ssltests; + + +our @tests = ( + { + name => "certstatus-good", + server => { + extra => { + "CertStatus" => "GoodResponse", + }, + }, + client => {}, + test => { + "Method" => "DTLS", + "ExpectedResult" => "Success" + } + }, + { + name => "certstatus-bad", + server => { + extra => { + "CertStatus" => "BadResponse", + }, + }, + client => {}, + test => { + "Method" => "DTLS", + "ExpectedResult" => "ClientFail" + } + }, +); diff --git a/openssl-1.1.0h/test/ssl-tests/17-renegotiate.conf b/openssl-1.1.0h/test/ssl-tests/17-renegotiate.conf new file mode 100644 index 0000000..48f569f --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/17-renegotiate.conf @@ -0,0 +1,428 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 14 + +test-0 = 0-renegotiate-client-no-resume +test-1 = 1-renegotiate-client-resume +test-2 = 2-renegotiate-server-no-resume +test-3 = 3-renegotiate-server-resume +test-4 = 4-renegotiate-client-auth-require +test-5 = 5-renegotiate-client-auth-once +test-6 = 6-renegotiate-aead-to-non-aead +test-7 = 7-renegotiate-non-aead-to-aead +test-8 = 8-renegotiate-non-aead-to-non-aead +test-9 = 9-renegotiate-aead-to-aead +test-10 = 10-no-renegotiation-server-by-client +test-11 = 11-no-renegotiation-server-by-server +test-12 = 12-no-renegotiation-client-by-server +test-13 = 13-no-renegotiation-client-by-client +# =========================================================== + +[0-renegotiate-client-no-resume] +ssl_conf = 0-renegotiate-client-no-resume-ssl + +[0-renegotiate-client-no-resume-ssl] +server = 0-renegotiate-client-no-resume-server +client = 0-renegotiate-client-no-resume-client + +[0-renegotiate-client-no-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-renegotiate-client-no-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = TLS +ResumptionExpected = No + + +# =========================================================== + +[1-renegotiate-client-resume] +ssl_conf = 1-renegotiate-client-resume-ssl + +[1-renegotiate-client-resume-ssl] +server = 1-renegotiate-client-resume-server +client = 1-renegotiate-client-resume-client + +[1-renegotiate-client-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-renegotiate-client-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = TLS +ResumptionExpected = Yes + + +# =========================================================== + +[2-renegotiate-server-no-resume] +ssl_conf = 2-renegotiate-server-no-resume-ssl + +[2-renegotiate-server-no-resume-ssl] +server = 2-renegotiate-server-no-resume-server +client = 2-renegotiate-server-no-resume-client + +[2-renegotiate-server-no-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-renegotiate-server-no-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success +HandshakeMode = RenegotiateServer +Method = TLS +ResumptionExpected = No + + +# =========================================================== + +[3-renegotiate-server-resume] +ssl_conf = 3-renegotiate-server-resume-ssl + +[3-renegotiate-server-resume-ssl] +server = 3-renegotiate-server-resume-server +client = 3-renegotiate-server-resume-client + +[3-renegotiate-server-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-renegotiate-server-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +HandshakeMode = RenegotiateServer +Method = TLS +ResumptionExpected = Yes + + +# =========================================================== + +[4-renegotiate-client-auth-require] +ssl_conf = 4-renegotiate-client-auth-require-ssl + +[4-renegotiate-client-auth-require-ssl] +server = 4-renegotiate-client-auth-require-server +client = 4-renegotiate-client-auth-require-client + +[4-renegotiate-client-auth-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[4-renegotiate-client-auth-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success +HandshakeMode = RenegotiateServer +Method = TLS +ResumptionExpected = No + + +# =========================================================== + +[5-renegotiate-client-auth-once] +ssl_conf = 5-renegotiate-client-auth-once-ssl + +[5-renegotiate-client-auth-once-ssl] +server = 5-renegotiate-client-auth-once-server +client = 5-renegotiate-client-auth-once-client + +[5-renegotiate-client-auth-once-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Once + +[5-renegotiate-client-auth-once-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = Success +HandshakeMode = RenegotiateServer +Method = TLS +ResumptionExpected = No + + +# =========================================================== + +[6-renegotiate-aead-to-non-aead] +ssl_conf = 6-renegotiate-aead-to-non-aead-ssl + +[6-renegotiate-aead-to-non-aead-ssl] +server = 6-renegotiate-aead-to-non-aead-server +client = 6-renegotiate-aead-to-non-aead-client + +[6-renegotiate-aead-to-non-aead-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-renegotiate-aead-to-non-aead-client] +CipherString = AES128-GCM-SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = TLS +ResumptionExpected = No +client = 6-renegotiate-aead-to-non-aead-client-extra + +[6-renegotiate-aead-to-non-aead-client-extra] +RenegotiateCiphers = AES128-SHA + + +# =========================================================== + +[7-renegotiate-non-aead-to-aead] +ssl_conf = 7-renegotiate-non-aead-to-aead-ssl + +[7-renegotiate-non-aead-to-aead-ssl] +server = 7-renegotiate-non-aead-to-aead-server +client = 7-renegotiate-non-aead-to-aead-client + +[7-renegotiate-non-aead-to-aead-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-renegotiate-non-aead-to-aead-client] +CipherString = AES128-SHA +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = TLS +ResumptionExpected = No +client = 7-renegotiate-non-aead-to-aead-client-extra + +[7-renegotiate-non-aead-to-aead-client-extra] +RenegotiateCiphers = AES128-GCM-SHA256 + + +# =========================================================== + +[8-renegotiate-non-aead-to-non-aead] +ssl_conf = 8-renegotiate-non-aead-to-non-aead-ssl + +[8-renegotiate-non-aead-to-non-aead-ssl] +server = 8-renegotiate-non-aead-to-non-aead-server +client = 8-renegotiate-non-aead-to-non-aead-client + +[8-renegotiate-non-aead-to-non-aead-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-renegotiate-non-aead-to-non-aead-client] +CipherString = AES128-SHA +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = TLS +ResumptionExpected = No +client = 8-renegotiate-non-aead-to-non-aead-client-extra + +[8-renegotiate-non-aead-to-non-aead-client-extra] +RenegotiateCiphers = AES256-SHA + + +# =========================================================== + +[9-renegotiate-aead-to-aead] +ssl_conf = 9-renegotiate-aead-to-aead-ssl + +[9-renegotiate-aead-to-aead-ssl] +server = 9-renegotiate-aead-to-aead-server +client = 9-renegotiate-aead-to-aead-client + +[9-renegotiate-aead-to-aead-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-renegotiate-aead-to-aead-client] +CipherString = AES128-GCM-SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = TLS +ResumptionExpected = No +client = 9-renegotiate-aead-to-aead-client-extra + +[9-renegotiate-aead-to-aead-client-extra] +RenegotiateCiphers = AES256-GCM-SHA384 + + +# =========================================================== + +[10-no-renegotiation-server-by-client] +ssl_conf = 10-no-renegotiation-server-by-client-ssl + +[10-no-renegotiation-server-by-client-ssl] +server = 10-no-renegotiation-server-by-client-server +client = 10-no-renegotiation-server-by-client-client + +[10-no-renegotiation-server-by-client-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = NoRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-no-renegotiation-server-by-client-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedResult = ClientFail +HandshakeMode = RenegotiateClient +Method = TLS +ResumptionExpected = No + + +# =========================================================== + +[11-no-renegotiation-server-by-server] +ssl_conf = 11-no-renegotiation-server-by-server-ssl + +[11-no-renegotiation-server-by-server-ssl] +server = 11-no-renegotiation-server-by-server-server +client = 11-no-renegotiation-server-by-server-client + +[11-no-renegotiation-server-by-server-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = NoRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-no-renegotiation-server-by-server-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedResult = ServerFail +HandshakeMode = RenegotiateServer +Method = TLS +ResumptionExpected = No + + +# =========================================================== + +[12-no-renegotiation-client-by-server] +ssl_conf = 12-no-renegotiation-client-by-server-ssl + +[12-no-renegotiation-client-by-server-ssl] +server = 12-no-renegotiation-client-by-server-server +client = 12-no-renegotiation-client-by-server-client + +[12-no-renegotiation-client-by-server-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-no-renegotiation-client-by-server-client] +CipherString = DEFAULT +Options = NoRenegotiation +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedResult = ServerFail +HandshakeMode = RenegotiateServer +Method = TLS +ResumptionExpected = No + + +# =========================================================== + +[13-no-renegotiation-client-by-client] +ssl_conf = 13-no-renegotiation-client-by-client-ssl + +[13-no-renegotiation-client-by-client-ssl] +server = 13-no-renegotiation-client-by-client-server +client = 13-no-renegotiation-client-by-client-client + +[13-no-renegotiation-client-by-client-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-no-renegotiation-client-by-client-client] +CipherString = DEFAULT +Options = NoRenegotiation +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedResult = ClientFail +HandshakeMode = RenegotiateClient +Method = TLS +ResumptionExpected = No + + diff --git a/openssl-1.1.0h/test/ssl-tests/17-renegotiate.conf.in b/openssl-1.1.0h/test/ssl-tests/17-renegotiate.conf.in new file mode 100644 index 0000000..bd656d0 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/17-renegotiate.conf.in @@ -0,0 +1,243 @@ +# -*- mode: perl; -*- +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test Renegotiation + +use strict; +use warnings; + +package ssltests; +use OpenSSL::Test::Utils; + +our @tests = ( + { + name => "renegotiate-client-no-resume", + server => { + "Options" => "NoResumptionOnRenegotiation" + }, + client => {}, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-client-resume", + server => {}, + client => {}, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "Yes", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-server-no-resume", + server => { + "Options" => "NoResumptionOnRenegotiation" + }, + client => {}, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-server-resume", + server => {}, + client => {}, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "Yes", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-client-auth-require", + server => { + "Options" => "NoResumptionOnRenegotiation", + "MaxProtocol" => "TLSv1.2", + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require", + }, + client => { + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-client-auth-once", + server => { + "Options" => "NoResumptionOnRenegotiation", + "MaxProtocol" => "TLSv1.2", + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Once", + }, + client => { + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + } +); +our @tests_tls1_2 = ( + { + name => "renegotiate-aead-to-non-aead", + server => { + "Options" => "NoResumptionOnRenegotiation", + "MaxProtocol" => "TLSv1.2" + }, + client => { + "CipherString" => "AES128-GCM-SHA256", + extra => { + "RenegotiateCiphers" => "AES128-SHA" + } + }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-non-aead-to-aead", + server => { + "Options" => "NoResumptionOnRenegotiation", + "MaxProtocol" => "TLSv1.2" + }, + client => { + "CipherString" => "AES128-SHA", + extra => { + "RenegotiateCiphers" => "AES128-GCM-SHA256" + } + }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-non-aead-to-non-aead", + server => { + "Options" => "NoResumptionOnRenegotiation", + "MaxProtocol" => "TLSv1.2" + }, + client => { + "CipherString" => "AES128-SHA", + extra => { + "RenegotiateCiphers" => "AES256-SHA" + } + }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-aead-to-aead", + server => { + "Options" => "NoResumptionOnRenegotiation", + "MaxProtocol" => "TLSv1.2" + }, + client => { + "CipherString" => "AES128-GCM-SHA256", + extra => { + "RenegotiateCiphers" => "AES256-GCM-SHA384" + } + }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "no-renegotiation-server-by-client", + server => { + "Options" => "NoRenegotiation", + "MaxProtocol" => "TLSv1.2" + }, + client => { }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "ClientFail" + } + }, + { + name => "no-renegotiation-server-by-server", + server => { + "Options" => "NoRenegotiation", + "MaxProtocol" => "TLSv1.2" + }, + client => { }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "ServerFail" + } + }, + { + name => "no-renegotiation-client-by-server", + server => { + "MaxProtocol" => "TLSv1.2" + }, + client => { + "Options" => "NoRenegotiation", + }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "ServerFail" + } + }, + { + name => "no-renegotiation-client-by-client", + server => { + "MaxProtocol" => "TLSv1.2" + }, + client => { + "Options" => "NoRenegotiation", + }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "ClientFail" + } + } +); + +push @tests, @tests_tls1_2 unless disabled("tls1_2"); diff --git a/openssl-1.1.0h/test/ssl-tests/18-dtls-renegotiate.conf b/openssl-1.1.0h/test/ssl-tests/18-dtls-renegotiate.conf new file mode 100644 index 0000000..3d8ebd7 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/18-dtls-renegotiate.conf @@ -0,0 +1,276 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 9 + +test-0 = 0-renegotiate-client-no-resume +test-1 = 1-renegotiate-client-resume +test-2 = 2-renegotiate-server-resume +test-3 = 3-renegotiate-client-auth-require +test-4 = 4-renegotiate-client-auth-once +test-5 = 5-renegotiate-aead-to-non-aead +test-6 = 6-renegotiate-non-aead-to-aead +test-7 = 7-renegotiate-non-aead-to-non-aead +test-8 = 8-renegotiate-aead-to-aead +# =========================================================== + +[0-renegotiate-client-no-resume] +ssl_conf = 0-renegotiate-client-no-resume-ssl + +[0-renegotiate-client-no-resume-ssl] +server = 0-renegotiate-client-no-resume-server +client = 0-renegotiate-client-no-resume-client + +[0-renegotiate-client-no-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-renegotiate-client-no-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[1-renegotiate-client-resume] +ssl_conf = 1-renegotiate-client-resume-ssl + +[1-renegotiate-client-resume-ssl] +server = 1-renegotiate-client-resume-server +client = 1-renegotiate-client-resume-client + +[1-renegotiate-client-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-renegotiate-client-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = DTLS +ResumptionExpected = Yes + + +# =========================================================== + +[2-renegotiate-server-resume] +ssl_conf = 2-renegotiate-server-resume-ssl + +[2-renegotiate-server-resume-ssl] +server = 2-renegotiate-server-resume-server +client = 2-renegotiate-server-resume-client + +[2-renegotiate-server-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-renegotiate-server-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success +HandshakeMode = RenegotiateServer +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[3-renegotiate-client-auth-require] +ssl_conf = 3-renegotiate-client-auth-require-ssl + +[3-renegotiate-client-auth-require-ssl] +server = 3-renegotiate-client-auth-require-server +client = 3-renegotiate-client-auth-require-client + +[3-renegotiate-client-auth-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[3-renegotiate-client-auth-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +HandshakeMode = RenegotiateServer +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[4-renegotiate-client-auth-once] +ssl_conf = 4-renegotiate-client-auth-once-ssl + +[4-renegotiate-client-auth-once-ssl] +server = 4-renegotiate-client-auth-once-server +client = 4-renegotiate-client-auth-once-client + +[4-renegotiate-client-auth-once-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Once + +[4-renegotiate-client-auth-once-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success +HandshakeMode = RenegotiateServer +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[5-renegotiate-aead-to-non-aead] +ssl_conf = 5-renegotiate-aead-to-non-aead-ssl + +[5-renegotiate-aead-to-non-aead-ssl] +server = 5-renegotiate-aead-to-non-aead-server +client = 5-renegotiate-aead-to-non-aead-client + +[5-renegotiate-aead-to-non-aead-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-renegotiate-aead-to-non-aead-client] +CipherString = AES128-GCM-SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = DTLS +ResumptionExpected = No +client = 5-renegotiate-aead-to-non-aead-client-extra + +[5-renegotiate-aead-to-non-aead-client-extra] +RenegotiateCiphers = AES128-SHA + + +# =========================================================== + +[6-renegotiate-non-aead-to-aead] +ssl_conf = 6-renegotiate-non-aead-to-aead-ssl + +[6-renegotiate-non-aead-to-aead-ssl] +server = 6-renegotiate-non-aead-to-aead-server +client = 6-renegotiate-non-aead-to-aead-client + +[6-renegotiate-non-aead-to-aead-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-renegotiate-non-aead-to-aead-client] +CipherString = AES128-SHA +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = DTLS +ResumptionExpected = No +client = 6-renegotiate-non-aead-to-aead-client-extra + +[6-renegotiate-non-aead-to-aead-client-extra] +RenegotiateCiphers = AES128-GCM-SHA256 + + +# =========================================================== + +[7-renegotiate-non-aead-to-non-aead] +ssl_conf = 7-renegotiate-non-aead-to-non-aead-ssl + +[7-renegotiate-non-aead-to-non-aead-ssl] +server = 7-renegotiate-non-aead-to-non-aead-server +client = 7-renegotiate-non-aead-to-non-aead-client + +[7-renegotiate-non-aead-to-non-aead-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-renegotiate-non-aead-to-non-aead-client] +CipherString = AES128-SHA +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = DTLS +ResumptionExpected = No +client = 7-renegotiate-non-aead-to-non-aead-client-extra + +[7-renegotiate-non-aead-to-non-aead-client-extra] +RenegotiateCiphers = AES256-SHA + + +# =========================================================== + +[8-renegotiate-aead-to-aead] +ssl_conf = 8-renegotiate-aead-to-aead-ssl + +[8-renegotiate-aead-to-aead-ssl] +server = 8-renegotiate-aead-to-aead-server +client = 8-renegotiate-aead-to-aead-client + +[8-renegotiate-aead-to-aead-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-renegotiate-aead-to-aead-client] +CipherString = AES128-GCM-SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = DTLS +ResumptionExpected = No +client = 8-renegotiate-aead-to-aead-client-extra + +[8-renegotiate-aead-to-aead-client-extra] +RenegotiateCiphers = AES256-GCM-SHA384 + + diff --git a/openssl-1.1.0h/test/ssl-tests/18-dtls-renegotiate.conf.in b/openssl-1.1.0h/test/ssl-tests/18-dtls-renegotiate.conf.in new file mode 100644 index 0000000..7a65a85 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/18-dtls-renegotiate.conf.in @@ -0,0 +1,174 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test Renegotiation + +use strict; +use warnings; + +package ssltests; +use OpenSSL::Test::Utils; + +our @tests = ( + { + name => "renegotiate-client-no-resume", + server => { + "Options" => "NoResumptionOnRenegotiation" + }, + client => {}, + test => { + "Method" => "DTLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-client-resume", + server => {}, + client => {}, + test => { + "Method" => "DTLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "Yes", + "ExpectedResult" => "Success" + } + }, +# Note: Unlike the TLS tests, we will never do resumption with server +# initiated reneg. This is because an OpenSSL DTLS client will always do a full +# handshake (i.e. it doesn't supply a session id) when it receives a +# HelloRequest. This is different to the OpenSSL TLS implementation where an +# OpenSSL client will always try an abbreviated handshake (i.e. it will supply +# the session id). This goes all the way to commit 48ae85b6f when abbreviated +# handshake support was first added. Neither behaviour is wrong, but the +# discrepancy is strange. TODO: Should we harmonise the TLS and DTLS behaviour, +# and if so, what to? + { + name => "renegotiate-server-resume", + server => {}, + client => {}, + test => { + "Method" => "DTLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-client-auth-require", + server => { + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require", + }, + client => { + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "Method" => "DTLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-client-auth-once", + server => { + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Once", + }, + client => { + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "Method" => "DTLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + } +); +our @tests_dtls1_2 = ( + { + name => "renegotiate-aead-to-non-aead", + server => { + "Options" => "NoResumptionOnRenegotiation" + }, + client => { + "CipherString" => "AES128-GCM-SHA256", + extra => { + "RenegotiateCiphers" => "AES128-SHA" + } + }, + test => { + "Method" => "DTLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-non-aead-to-aead", + server => { + "Options" => "NoResumptionOnRenegotiation" + }, + client => { + "CipherString" => "AES128-SHA", + extra => { + "RenegotiateCiphers" => "AES128-GCM-SHA256" + } + }, + test => { + "Method" => "DTLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-non-aead-to-non-aead", + server => { + "Options" => "NoResumptionOnRenegotiation" + }, + client => { + "CipherString" => "AES128-SHA", + extra => { + "RenegotiateCiphers" => "AES256-SHA" + } + }, + test => { + "Method" => "DTLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-aead-to-aead", + server => { + "Options" => "NoResumptionOnRenegotiation" + }, + client => { + "CipherString" => "AES128-GCM-SHA256", + extra => { + "RenegotiateCiphers" => "AES256-GCM-SHA384" + } + }, + test => { + "Method" => "DTLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, +); + + +push @tests, @tests_dtls1_2 unless disabled("dtls1_2"); diff --git a/openssl-1.1.0h/test/ssl-tests/19-mac-then-encrypt.conf b/openssl-1.1.0h/test/ssl-tests/19-mac-then-encrypt.conf new file mode 100644 index 0000000..40480ed --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/19-mac-then-encrypt.conf @@ -0,0 +1,156 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 6 + +test-0 = 0-disable-encrypt-then-mac-server-sha +test-1 = 1-disable-encrypt-then-mac-client-sha +test-2 = 2-disable-encrypt-then-mac-both-sha +test-3 = 3-disable-encrypt-then-mac-server-sha2 +test-4 = 4-disable-encrypt-then-mac-client-sha2 +test-5 = 5-disable-encrypt-then-mac-both-sha2 +# =========================================================== + +[0-disable-encrypt-then-mac-server-sha] +ssl_conf = 0-disable-encrypt-then-mac-server-sha-ssl + +[0-disable-encrypt-then-mac-server-sha-ssl] +server = 0-disable-encrypt-then-mac-server-sha-server +client = 0-disable-encrypt-then-mac-server-sha-client + +[0-disable-encrypt-then-mac-server-sha-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -EncryptThenMac +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-disable-encrypt-then-mac-server-sha-client] +CipherString = AES128-SHA +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success + + +# =========================================================== + +[1-disable-encrypt-then-mac-client-sha] +ssl_conf = 1-disable-encrypt-then-mac-client-sha-ssl + +[1-disable-encrypt-then-mac-client-sha-ssl] +server = 1-disable-encrypt-then-mac-client-sha-server +client = 1-disable-encrypt-then-mac-client-sha-client + +[1-disable-encrypt-then-mac-client-sha-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-disable-encrypt-then-mac-client-sha-client] +CipherString = AES128-SHA +Options = -EncryptThenMac +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success + + +# =========================================================== + +[2-disable-encrypt-then-mac-both-sha] +ssl_conf = 2-disable-encrypt-then-mac-both-sha-ssl + +[2-disable-encrypt-then-mac-both-sha-ssl] +server = 2-disable-encrypt-then-mac-both-sha-server +client = 2-disable-encrypt-then-mac-both-sha-client + +[2-disable-encrypt-then-mac-both-sha-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -EncryptThenMac +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-disable-encrypt-then-mac-both-sha-client] +CipherString = AES128-SHA +Options = -EncryptThenMac +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success + + +# =========================================================== + +[3-disable-encrypt-then-mac-server-sha2] +ssl_conf = 3-disable-encrypt-then-mac-server-sha2-ssl + +[3-disable-encrypt-then-mac-server-sha2-ssl] +server = 3-disable-encrypt-then-mac-server-sha2-server +client = 3-disable-encrypt-then-mac-server-sha2-client + +[3-disable-encrypt-then-mac-server-sha2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -EncryptThenMac +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-disable-encrypt-then-mac-server-sha2-client] +CipherString = AES128-SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success + + +# =========================================================== + +[4-disable-encrypt-then-mac-client-sha2] +ssl_conf = 4-disable-encrypt-then-mac-client-sha2-ssl + +[4-disable-encrypt-then-mac-client-sha2-ssl] +server = 4-disable-encrypt-then-mac-client-sha2-server +client = 4-disable-encrypt-then-mac-client-sha2-client + +[4-disable-encrypt-then-mac-client-sha2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-disable-encrypt-then-mac-client-sha2-client] +CipherString = AES128-SHA256 +Options = -EncryptThenMac +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success + + +# =========================================================== + +[5-disable-encrypt-then-mac-both-sha2] +ssl_conf = 5-disable-encrypt-then-mac-both-sha2-ssl + +[5-disable-encrypt-then-mac-both-sha2-ssl] +server = 5-disable-encrypt-then-mac-both-sha2-server +client = 5-disable-encrypt-then-mac-both-sha2-client + +[5-disable-encrypt-then-mac-both-sha2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -EncryptThenMac +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-disable-encrypt-then-mac-both-sha2-client] +CipherString = AES128-SHA256 +Options = -EncryptThenMac +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = Success + + diff --git a/openssl-1.1.0h/test/ssl-tests/19-mac-then-encrypt.conf.in b/openssl-1.1.0h/test/ssl-tests/19-mac-then-encrypt.conf.in new file mode 100644 index 0000000..01afe25 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/19-mac-then-encrypt.conf.in @@ -0,0 +1,89 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## SSL test configurations + +package ssltests; + +our @tests = ( + { + name => "disable-encrypt-then-mac-server-sha", + server => { + "Options" => "-EncryptThenMac", + }, + client => { + "CipherString" => "AES128-SHA", + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "disable-encrypt-then-mac-client-sha", + server => { + }, + client => { + "CipherString" => "AES128-SHA", + "Options" => "-EncryptThenMac", + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "disable-encrypt-then-mac-both-sha", + server => { + "Options" => "-EncryptThenMac", + }, + client => { + "CipherString" => "AES128-SHA", + "Options" => "-EncryptThenMac", + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "disable-encrypt-then-mac-server-sha2", + server => { + "Options" => "-EncryptThenMac", + }, + client => { + "CipherString" => "AES128-SHA256", + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "disable-encrypt-then-mac-client-sha2", + server => { + }, + client => { + "CipherString" => "AES128-SHA256", + "Options" => "-EncryptThenMac", + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "disable-encrypt-then-mac-both-sha2", + server => { + "Options" => "-EncryptThenMac", + }, + client => { + "CipherString" => "AES128-SHA256", + "Options" => "-EncryptThenMac", + }, + test => { + "ExpectedResult" => "Success", + }, + }, +); diff --git a/openssl-1.1.0h/test/ssl-tests/protocol_version.pm b/openssl-1.1.0h/test/ssl-tests/protocol_version.pm new file mode 100644 index 0000000..c711362 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/protocol_version.pm @@ -0,0 +1,247 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test version negotiation + +package ssltests; + +use strict; +use warnings; + +use List::Util qw/max min/; + +use OpenSSL::Test; +use OpenSSL::Test::Utils qw/anydisabled alldisabled/; +setup("no_test_here"); + +my @tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"); +# undef stands for "no limit". +my @min_tls_protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"); +my @max_tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", undef); + +my @is_tls_disabled = anydisabled("ssl3", "tls1", "tls1_1", "tls1_2"); + +my $min_tls_enabled; my $max_tls_enabled; + +# Protocol configuration works in cascades, i.e., +# $no_tls1_1 disables TLSv1.1 and below. +# +# $min_enabled and $max_enabled will be correct if there is at least one +# protocol enabled. +foreach my $i (0..$#tls_protocols) { + if (!$is_tls_disabled[$i]) { + $min_tls_enabled = $i; + last; + } +} + +foreach my $i (0..$#tls_protocols) { + if (!$is_tls_disabled[$i]) { + $max_tls_enabled = $i; + } +} + +my @dtls_protocols = ("DTLSv1", "DTLSv1.2"); +# undef stands for "no limit". +my @min_dtls_protocols = (undef, "DTLSv1", "DTLSv1.2"); +my @max_dtls_protocols = ("DTLSv1", "DTLSv1.2", undef); + +my @is_dtls_disabled = anydisabled("dtls1", "dtls1_2"); + +my $min_dtls_enabled; my $max_dtls_enabled; + +# $min_enabled and $max_enabled will be correct if there is at least one +# protocol enabled. +foreach my $i (0..$#dtls_protocols) { + if (!$is_dtls_disabled[$i]) { + $min_dtls_enabled = $i; + last; + } +} + +foreach my $i (0..$#dtls_protocols) { + if (!$is_dtls_disabled[$i]) { + $max_dtls_enabled = $i; + } +} + +sub no_tests { + my ($dtls) = @_; + return $dtls ? alldisabled("dtls1", "dtls1_2") : + alldisabled("ssl3", "tls1", "tls1_1", "tls1_2"); +} + +sub generate_version_tests { + my ($method) = @_; + + my $dtls = $method eq "DTLS"; + # Don't write the redundant "Method = TLS" into the configuration. + undef $method if !$dtls; + + my @protocols = $dtls ? @dtls_protocols : @tls_protocols; + my @min_protocols = $dtls ? @min_dtls_protocols : @min_tls_protocols; + my @max_protocols = $dtls ? @max_dtls_protocols : @max_tls_protocols; + my $min_enabled = $dtls ? $min_dtls_enabled : $min_tls_enabled; + my $max_enabled = $dtls ? $max_dtls_enabled : $max_tls_enabled; + + if (no_tests($dtls)) { + return; + } + + my @tests = (); + + foreach my $c_min (0..$#min_protocols) { + my $c_max_min = $c_min == 0 ? 0 : $c_min - 1; + foreach my $c_max ($c_max_min..$#max_protocols) { + foreach my $s_min (0..$#min_protocols) { + my $s_max_min = $s_min == 0 ? 0 : $s_min - 1; + foreach my $s_max ($s_max_min..$#max_protocols) { + my ($result, $protocol) = + expected_result($c_min, $c_max, $s_min, $s_max, + $min_enabled, $max_enabled, \@protocols); + push @tests, { + "name" => "version-negotiation", + "client" => { + "MinProtocol" => $min_protocols[$c_min], + "MaxProtocol" => $max_protocols[$c_max], + }, + "server" => { + "MinProtocol" => $min_protocols[$s_min], + "MaxProtocol" => $max_protocols[$s_max], + }, + "test" => { + "ExpectedResult" => $result, + "ExpectedProtocol" => $protocol, + "Method" => $method, + } + }; + } + } + } + } + return @tests; +} + +sub generate_resumption_tests { + my ($method) = @_; + + my $dtls = $method eq "DTLS"; + # Don't write the redundant "Method = TLS" into the configuration. + undef $method if !$dtls; + + my @protocols = $dtls ? @dtls_protocols : @tls_protocols; + my $min_enabled = $dtls ? $min_dtls_enabled : $min_tls_enabled; + + if (no_tests($dtls)) { + return; + } + + my @server_tests = (); + my @client_tests = (); + + # Obtain the first session against a fixed-version server/client. + foreach my $original_protocol($min_enabled..$#protocols) { + # Upgrade or downgrade the server/client max version support and test + # that it upgrades, downgrades or resumes the session as well. + foreach my $resume_protocol($min_enabled..$#protocols) { + my $resumption_expected; + # We should only resume on exact version match. + if ($original_protocol eq $resume_protocol) { + $resumption_expected = "Yes"; + } else { + $resumption_expected = "No"; + } + + foreach my $ticket ("SessionTicket", "-SessionTicket") { + # Client is flexible, server upgrades/downgrades. + push @server_tests, { + "name" => "resumption", + "client" => { }, + "server" => { + "MinProtocol" => $protocols[$original_protocol], + "MaxProtocol" => $protocols[$original_protocol], + "Options" => $ticket, + }, + "resume_server" => { + "MaxProtocol" => $protocols[$resume_protocol], + }, + "test" => { + "ExpectedProtocol" => $protocols[$resume_protocol], + "Method" => $method, + "HandshakeMode" => "Resume", + "ResumptionExpected" => $resumption_expected, + } + }; + # Server is flexible, client upgrades/downgrades. + push @client_tests, { + "name" => "resumption", + "client" => { + "MinProtocol" => $protocols[$original_protocol], + "MaxProtocol" => $protocols[$original_protocol], + }, + "server" => { + "Options" => $ticket, + }, + "resume_client" => { + "MaxProtocol" => $protocols[$resume_protocol], + }, + "test" => { + "ExpectedProtocol" => $protocols[$resume_protocol], + "Method" => $method, + "HandshakeMode" => "Resume", + "ResumptionExpected" => $resumption_expected, + } + }; + } + } + } + + return (@server_tests, @client_tests); +} + +sub expected_result { + my ($c_min, $c_max, $s_min, $s_max, $min_enabled, $max_enabled, + $protocols) = @_; + + # Adjust for "undef" (no limit). + $c_min = $c_min == 0 ? 0 : $c_min - 1; + $c_max = $c_max == scalar @$protocols ? $c_max - 1 : $c_max; + $s_min = $s_min == 0 ? 0 : $s_min - 1; + $s_max = $s_max == scalar @$protocols ? $s_max - 1 : $s_max; + + # We now have at least one protocol enabled, so $min_enabled and + # $max_enabled are well-defined. + $c_min = max $c_min, $min_enabled; + $s_min = max $s_min, $min_enabled; + $c_max = min $c_max, $max_enabled; + $s_max = min $s_max, $max_enabled; + + if ($c_min > $c_max) { + # Client should fail to even send a hello. + # This results in an internal error since the server will be + # waiting for input that never arrives. + return ("InternalError", undef); + } elsif ($s_min > $s_max) { + # Server has no protocols, should always fail. + return ("ServerFail", undef); + } elsif ($s_min > $c_max) { + # Server doesn't support the client range. + return ("ServerFail", undef); + } elsif ($c_min > $s_max) { + # Server will try with a version that is lower than the lowest + # supported client version. + return ("ClientFail", undef); + } else { + # Server and client ranges overlap. + my $max_common = $s_max < $c_max ? $s_max : $c_max; + return ("Success", $protocols->[$max_common]); + } +} + +1; diff --git a/openssl-1.1.0h/test/ssl-tests/ssltests_base.pm b/openssl-1.1.0h/test/ssl-tests/ssltests_base.pm new file mode 100644 index 0000000..dc81642 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/ssltests_base.pm @@ -0,0 +1,30 @@ +# -*- mode: perl; -*- +# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +## SSL test configurations + +package ssltests; + +sub test_pem +{ + my ($file) = @_; + my $dir_sep = $^O ne "VMS" ? "/" : ""; + return "\${ENV::TEST_CERTS_DIR}" . $dir_sep . $file, +} + +our %base_server = ( + "Certificate" => test_pem("servercert.pem"), + "PrivateKey" => test_pem("serverkey.pem"), + "CipherString" => "DEFAULT", +); + +our %base_client = ( + "VerifyCAFile" => test_pem("rootcert.pem"), + "VerifyMode" => "Peer", + "CipherString" => "DEFAULT", +); |