1# -*- mode: perl; -*- 2# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the Apache License 2.0 (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9 10## Test Renegotiation 11 12use strict; 13use warnings; 14 15package ssltests; 16use OpenSSL::Test::Utils; 17 18our @tests = ( 19 { 20 name => "renegotiate-client-no-resume", 21 server => { 22 "Options" => "NoResumptionOnRenegotiation", 23 "MaxProtocol" => "TLSv1.2" 24 }, 25 client => {}, 26 test => { 27 "Method" => "TLS", 28 "HandshakeMode" => "RenegotiateClient", 29 "ResumptionExpected" => "No", 30 "ExpectedResult" => "Success" 31 } 32 }, 33 { 34 name => "renegotiate-client-resume", 35 server => { 36 "MaxProtocol" => "TLSv1.2" 37 }, 38 client => {}, 39 test => { 40 "Method" => "TLS", 41 "HandshakeMode" => "RenegotiateClient", 42 "ResumptionExpected" => "Yes", 43 "ExpectedResult" => "Success" 44 } 45 }, 46 { 47 name => "renegotiate-server-no-resume", 48 server => { 49 "Options" => "NoResumptionOnRenegotiation", 50 "MaxProtocol" => "TLSv1.2" 51 }, 52 client => {}, 53 test => { 54 "Method" => "TLS", 55 "HandshakeMode" => "RenegotiateServer", 56 "ResumptionExpected" => "No", 57 "ExpectedResult" => "Success" 58 } 59 }, 60 { 61 name => "renegotiate-server-resume", 62 server => { 63 "MaxProtocol" => "TLSv1.2" 64 }, 65 client => {}, 66 test => { 67 "Method" => "TLS", 68 "HandshakeMode" => "RenegotiateServer", 69 "ResumptionExpected" => "Yes", 70 "ExpectedResult" => "Success" 71 } 72 }, 73 { 74 name => "renegotiate-client-auth-require", 75 server => { 76 "Options" => "NoResumptionOnRenegotiation", 77 "MaxProtocol" => "TLSv1.2", 78 "VerifyCAFile" => test_pem("root-cert.pem"), 79 "VerifyMode" => "Require", 80 }, 81 client => { 82 "Certificate" => test_pem("ee-client-chain.pem"), 83 "PrivateKey" => test_pem("ee-key.pem"), 84 }, 85 test => { 86 "Method" => "TLS", 87 "HandshakeMode" => "RenegotiateServer", 88 "ResumptionExpected" => "No", 89 "ExpectedResult" => "Success" 90 } 91 }, 92 { 93 name => "renegotiate-client-auth-once", 94 server => { 95 "Options" => "NoResumptionOnRenegotiation", 96 "MaxProtocol" => "TLSv1.2", 97 "VerifyCAFile" => test_pem("root-cert.pem"), 98 "VerifyMode" => "Once", 99 }, 100 client => { 101 "Certificate" => test_pem("ee-client-chain.pem"), 102 "PrivateKey" => test_pem("ee-key.pem"), 103 }, 104 test => { 105 "Method" => "TLS", 106 "HandshakeMode" => "RenegotiateServer", 107 "ResumptionExpected" => "No", 108 "ExpectedResult" => "Success" 109 } 110 } 111); 112our @tests_tls1_2 = ( 113 { 114 name => "renegotiate-aead-to-non-aead", 115 server => { 116 "Options" => "NoResumptionOnRenegotiation", 117 }, 118 client => { 119 "CipherString" => "AES128-GCM-SHA256", 120 "MaxProtocol" => "TLSv1.2", 121 extra => { 122 "RenegotiateCiphers" => "AES128-SHA" 123 } 124 }, 125 test => { 126 "Method" => "TLS", 127 "HandshakeMode" => "RenegotiateClient", 128 "ResumptionExpected" => "No", 129 "ExpectedResult" => "Success" 130 } 131 }, 132 { 133 name => "renegotiate-non-aead-to-aead", 134 server => { 135 "Options" => "NoResumptionOnRenegotiation", 136 }, 137 client => { 138 "CipherString" => "AES128-SHA", 139 "MaxProtocol" => "TLSv1.2", 140 extra => { 141 "RenegotiateCiphers" => "AES128-GCM-SHA256" 142 } 143 }, 144 test => { 145 "Method" => "TLS", 146 "HandshakeMode" => "RenegotiateClient", 147 "ResumptionExpected" => "No", 148 "ExpectedResult" => "Success" 149 } 150 }, 151 { 152 name => "renegotiate-non-aead-to-non-aead", 153 server => { 154 "Options" => "NoResumptionOnRenegotiation", 155 }, 156 client => { 157 "CipherString" => "AES128-SHA", 158 "MaxProtocol" => "TLSv1.2", 159 extra => { 160 "RenegotiateCiphers" => "AES256-SHA" 161 } 162 }, 163 test => { 164 "Method" => "TLS", 165 "HandshakeMode" => "RenegotiateClient", 166 "ResumptionExpected" => "No", 167 "ExpectedResult" => "Success" 168 } 169 }, 170 { 171 name => "renegotiate-aead-to-aead", 172 server => { 173 "Options" => "NoResumptionOnRenegotiation", 174 }, 175 client => { 176 "CipherString" => "AES128-GCM-SHA256", 177 "MaxProtocol" => "TLSv1.2", 178 extra => { 179 "RenegotiateCiphers" => "AES256-GCM-SHA384" 180 } 181 }, 182 test => { 183 "Method" => "TLS", 184 "HandshakeMode" => "RenegotiateClient", 185 "ResumptionExpected" => "No", 186 "ExpectedResult" => "Success" 187 } 188 }, 189 { 190 name => "no-renegotiation-server-by-client", 191 server => { 192 "Options" => "NoRenegotiation", 193 "MaxProtocol" => "TLSv1.2" 194 }, 195 client => { }, 196 test => { 197 "Method" => "TLS", 198 "HandshakeMode" => "RenegotiateClient", 199 "ResumptionExpected" => "No", 200 "ExpectedResult" => "ClientFail" 201 } 202 }, 203 { 204 name => "no-renegotiation-server-by-server", 205 server => { 206 "Options" => "NoRenegotiation", 207 "MaxProtocol" => "TLSv1.2" 208 }, 209 client => { }, 210 test => { 211 "Method" => "TLS", 212 "HandshakeMode" => "RenegotiateServer", 213 "ResumptionExpected" => "No", 214 "ExpectedResult" => "ServerFail" 215 } 216 }, 217 { 218 name => "no-renegotiation-client-by-server", 219 server => { 220 "MaxProtocol" => "TLSv1.2" 221 }, 222 client => { 223 "Options" => "NoRenegotiation", 224 }, 225 test => { 226 "Method" => "TLS", 227 "HandshakeMode" => "RenegotiateServer", 228 "ResumptionExpected" => "No", 229 "ExpectedResult" => "ServerFail" 230 } 231 }, 232 { 233 name => "no-renegotiation-client-by-client", 234 server => { 235 "MaxProtocol" => "TLSv1.2" 236 }, 237 client => { 238 "Options" => "NoRenegotiation", 239 }, 240 test => { 241 "Method" => "TLS", 242 "HandshakeMode" => "RenegotiateClient", 243 "ResumptionExpected" => "No", 244 "ExpectedResult" => "ClientFail" 245 } 246 }, 247 { 248 name => "no-extms-on-renegotiation", 249 server => { 250 "MaxProtocol" => "TLSv1.2" 251 }, 252 client => { 253 "MaxProtocol" => "TLSv1.2", 254 extra => { 255 "RenegotiateNoExtms" => "Yes" 256 } 257 }, 258 test => { 259 "Method" => "TLS", 260 "HandshakeMode" => "RenegotiateClient", 261 "ResumptionExpected" => "No", 262 "ExpectedResult" => "ServerFail" 263 } 264 }, 265 { 266 name => "allow-client-renegotiation", 267 server => { 268 "MaxProtocol" => "TLSv1.2", 269 }, 270 client => { 271 "MaxProtocol" => "TLSv1.2" 272 }, 273 test => { 274 "Method" => "TLS", 275 "HandshakeMode" => "RenegotiateClient", 276 "ResumptionExpected" => "Yes", 277 "ExpectedResult" => "Success" 278 } 279 }, 280 { 281 name => "no-client-renegotiation", 282 server => { 283 "MaxProtocol" => "TLSv1.2", 284 "Options" => "-ClientRenegotiation" 285 }, 286 client => { 287 "MaxProtocol" => "TLSv1.2", 288 }, 289 test => { 290 "Method" => "TLS", 291 "HandshakeMode" => "RenegotiateClient", 292 "ResumptionExpected" => "No", 293 "ExpectedResult" => "ClientFail", 294 "ExpectedServerAlert" => "NoRenegotiation" 295 } 296 } 297); 298 299push @tests, @tests_tls1_2 unless disabled("tls1_2"); 300