1# Generated with generate_ssl_tests.pl 2 3num_tests = 56 4 5test-0 = 0-ECDSA CipherString Selection 6test-1 = 1-ECDSA CipherString Selection 7test-2 = 2-ECDSA CipherString Selection 8test-3 = 3-Ed25519 CipherString and Signature Algorithm Selection 9test-4 = 4-Ed448 CipherString and Signature Algorithm Selection 10test-5 = 5-ECDSA with brainpool 11test-6 = 6-RSA CipherString Selection 12test-7 = 7-RSA-PSS Certificate CipherString Selection 13test-8 = 8-P-256 CipherString and Signature Algorithm Selection 14test-9 = 9-Ed25519 CipherString and Curves Selection 15test-10 = 10-Ed448 CipherString and Curves Selection 16test-11 = 11-ECDSA CipherString Selection, no ECDSA certificate 17test-12 = 12-ECDSA Signature Algorithm Selection 18test-13 = 13-ECDSA Signature Algorithm Selection SHA384 19test-14 = 14-ECDSA Signature Algorithm Selection SHA1 20test-15 = 15-ECDSA Signature Algorithm Selection compressed point 21test-16 = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate 22test-17 = 17-RSA Signature Algorithm Selection 23test-18 = 18-RSA-PSS Signature Algorithm Selection 24test-19 = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection 25test-20 = 20-RSA-PSS Certificate Unified Signature Algorithm Selection 26test-21 = 21-Only RSA-PSS Certificate 27test-22 = 22-Only RSA-PSS Certificate Valid Signature Algorithms 28test-23 = 23-RSA-PSS Certificate, no PSS signature algorithms 29test-24 = 24-Only RSA-PSS Restricted Certificate 30test-25 = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms 31test-26 = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm 32test-27 = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms 33test-28 = 28-RSA key exchange with all RSA certificate types 34test-29 = 29-RSA key exchange with only RSA-PSS certificate 35test-30 = 30-Suite B P-256 Hash Algorithm Selection 36test-31 = 31-Suite B P-384 Hash Algorithm Selection 37test-32 = 32-TLS 1.2 Ed25519 Client Auth 38test-33 = 33-TLS 1.2 Ed448 Client Auth 39test-34 = 34-Only RSA-PSS Certificate, TLS v1.1 40test-35 = 35-TLS 1.3 ECDSA Signature Algorithm Selection 41test-36 = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point 42test-37 = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1 43test-38 = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS 44test-39 = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS 45test-40 = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate 46test-41 = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS 47test-42 = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection 48test-43 = 43-TLS 1.3 Ed25519 Signature Algorithm Selection 49test-44 = 44-TLS 1.3 Ed448 Signature Algorithm Selection 50test-45 = 45-TLS 1.3 Ed25519 CipherString and Groups Selection 51test-46 = 46-TLS 1.3 Ed448 CipherString and Groups Selection 52test-47 = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection 53test-48 = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names 54test-49 = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection 55test-50 = 50-TLS 1.3 Ed25519 Client Auth 56test-51 = 51-TLS 1.3 Ed448 Client Auth 57test-52 = 52-TLS 1.3 ECDSA with brainpool 58test-53 = 53-TLS 1.2 DSA Certificate Test 59test-54 = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms 60test-55 = 55-TLS 1.3 DSA Certificate Test 61# =========================================================== 62 63[0-ECDSA CipherString Selection] 64ssl_conf = 0-ECDSA CipherString Selection-ssl 65 66[0-ECDSA CipherString Selection-ssl] 67server = 0-ECDSA CipherString Selection-server 68client = 0-ECDSA CipherString Selection-client 69 70[0-ECDSA CipherString Selection-server] 71Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 72CipherString = DEFAULT 73ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 74ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 75Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 76Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 77Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 78Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 79MaxProtocol = TLSv1.2 80PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 81 82[0-ECDSA CipherString Selection-client] 83CipherString = aECDSA 84MaxProtocol = TLSv1.2 85RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 86VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 87VerifyMode = Peer 88 89[test-0] 90ExpectedResult = Success 91ExpectedServerCANames = empty 92ExpectedServerCertType = P-256 93ExpectedServerSignType = EC 94 95 96# =========================================================== 97 98[1-ECDSA CipherString Selection] 99ssl_conf = 1-ECDSA CipherString Selection-ssl 100 101[1-ECDSA CipherString Selection-ssl] 102server = 1-ECDSA CipherString Selection-server 103client = 1-ECDSA CipherString Selection-client 104 105[1-ECDSA CipherString Selection-server] 106Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 107CipherString = DEFAULT 108ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 109ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 110Groups = P-384 111MaxProtocol = TLSv1.2 112PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 113 114[1-ECDSA CipherString Selection-client] 115CipherString = aECDSA 116Groups = P-256:P-384 117MaxProtocol = TLSv1.2 118RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 119VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 120VerifyMode = Peer 121 122[test-1] 123ExpectedResult = Success 124ExpectedServerCANames = empty 125ExpectedServerCertType = P-256 126ExpectedServerSignType = EC 127 128 129# =========================================================== 130 131[2-ECDSA CipherString Selection] 132ssl_conf = 2-ECDSA CipherString Selection-ssl 133 134[2-ECDSA CipherString Selection-ssl] 135server = 2-ECDSA CipherString Selection-server 136client = 2-ECDSA CipherString Selection-client 137 138[2-ECDSA CipherString Selection-server] 139Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 140CipherString = DEFAULT 141ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 142ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 143Groups = P-256:P-384 144MaxProtocol = TLSv1.2 145PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 146 147[2-ECDSA CipherString Selection-client] 148CipherString = aECDSA 149Groups = P-384 150MaxProtocol = TLSv1.2 151RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 152VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 153VerifyMode = Peer 154 155[test-2] 156ExpectedResult = ServerFail 157 158 159# =========================================================== 160 161[3-Ed25519 CipherString and Signature Algorithm Selection] 162ssl_conf = 3-Ed25519 CipherString and Signature Algorithm Selection-ssl 163 164[3-Ed25519 CipherString and Signature Algorithm Selection-ssl] 165server = 3-Ed25519 CipherString and Signature Algorithm Selection-server 166client = 3-Ed25519 CipherString and Signature Algorithm Selection-client 167 168[3-Ed25519 CipherString and Signature Algorithm Selection-server] 169Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 170CipherString = DEFAULT 171ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 172ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 173Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 174Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 175Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 176Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 177MaxProtocol = TLSv1.2 178PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 179 180[3-Ed25519 CipherString and Signature Algorithm Selection-client] 181CipherString = aECDSA 182MaxProtocol = TLSv1.2 183RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 184SignatureAlgorithms = ed25519:ECDSA+SHA256 185VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 186VerifyMode = Peer 187 188[test-3] 189ExpectedResult = Success 190ExpectedServerCANames = empty 191ExpectedServerCertType = Ed25519 192ExpectedServerSignType = Ed25519 193 194 195# =========================================================== 196 197[4-Ed448 CipherString and Signature Algorithm Selection] 198ssl_conf = 4-Ed448 CipherString and Signature Algorithm Selection-ssl 199 200[4-Ed448 CipherString and Signature Algorithm Selection-ssl] 201server = 4-Ed448 CipherString and Signature Algorithm Selection-server 202client = 4-Ed448 CipherString and Signature Algorithm Selection-client 203 204[4-Ed448 CipherString and Signature Algorithm Selection-server] 205Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 206CipherString = DEFAULT 207ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 208ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 209Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 210Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 211Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 212Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 213MaxProtocol = TLSv1.2 214PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 215 216[4-Ed448 CipherString and Signature Algorithm Selection-client] 217CipherString = aECDSA 218MaxProtocol = TLSv1.2 219RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem 220SignatureAlgorithms = ed448:ECDSA+SHA256 221VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem 222VerifyMode = Peer 223 224[test-4] 225ExpectedResult = Success 226ExpectedServerCANames = empty 227ExpectedServerCertType = Ed448 228ExpectedServerSignType = Ed448 229 230 231# =========================================================== 232 233[5-ECDSA with brainpool] 234ssl_conf = 5-ECDSA with brainpool-ssl 235 236[5-ECDSA with brainpool-ssl] 237server = 5-ECDSA with brainpool-server 238client = 5-ECDSA with brainpool-client 239 240[5-ECDSA with brainpool-server] 241Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem 242CipherString = DEFAULT 243Groups = brainpoolP256r1 244PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem 245 246[5-ECDSA with brainpool-client] 247CipherString = aECDSA 248Groups = brainpoolP256r1 249RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 250VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 251VerifyMode = Peer 252 253[test-5] 254ExpectedResult = Success 255ExpectedServerCANames = empty 256ExpectedServerCertType = brainpoolP256r1 257ExpectedServerSignType = EC 258 259 260# =========================================================== 261 262[6-RSA CipherString Selection] 263ssl_conf = 6-RSA CipherString Selection-ssl 264 265[6-RSA CipherString Selection-ssl] 266server = 6-RSA CipherString Selection-server 267client = 6-RSA CipherString Selection-client 268 269[6-RSA CipherString Selection-server] 270Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 271CipherString = DEFAULT 272ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 273ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 274Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 275Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 276Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 277Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 278MaxProtocol = TLSv1.2 279PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 280 281[6-RSA CipherString Selection-client] 282CipherString = aRSA 283MaxProtocol = TLSv1.2 284VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 285VerifyMode = Peer 286 287[test-6] 288ExpectedResult = Success 289ExpectedServerCertType = RSA 290ExpectedServerSignType = RSA-PSS 291 292 293# =========================================================== 294 295[7-RSA-PSS Certificate CipherString Selection] 296ssl_conf = 7-RSA-PSS Certificate CipherString Selection-ssl 297 298[7-RSA-PSS Certificate CipherString Selection-ssl] 299server = 7-RSA-PSS Certificate CipherString Selection-server 300client = 7-RSA-PSS Certificate CipherString Selection-client 301 302[7-RSA-PSS Certificate CipherString Selection-server] 303Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 304CipherString = DEFAULT 305ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 306ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 307Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 308Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 309Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 310Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 311MaxProtocol = TLSv1.2 312PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem 313PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem 314PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 315 316[7-RSA-PSS Certificate CipherString Selection-client] 317CipherString = aRSA 318MaxProtocol = TLSv1.2 319VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 320VerifyMode = Peer 321 322[test-7] 323ExpectedResult = Success 324ExpectedServerCertType = RSA-PSS 325ExpectedServerSignType = RSA-PSS 326 327 328# =========================================================== 329 330[8-P-256 CipherString and Signature Algorithm Selection] 331ssl_conf = 8-P-256 CipherString and Signature Algorithm Selection-ssl 332 333[8-P-256 CipherString and Signature Algorithm Selection-ssl] 334server = 8-P-256 CipherString and Signature Algorithm Selection-server 335client = 8-P-256 CipherString and Signature Algorithm Selection-client 336 337[8-P-256 CipherString and Signature Algorithm Selection-server] 338Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 339CipherString = DEFAULT 340ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 341ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 342Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 343Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 344Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 345Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 346MaxProtocol = TLSv1.2 347PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 348 349[8-P-256 CipherString and Signature Algorithm Selection-client] 350CipherString = aECDSA 351MaxProtocol = TLSv1.2 352SignatureAlgorithms = ECDSA+SHA256:ed25519 353VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 354VerifyMode = Peer 355 356[test-8] 357ExpectedResult = Success 358ExpectedServerCertType = P-256 359ExpectedServerSignHash = SHA256 360ExpectedServerSignType = EC 361 362 363# =========================================================== 364 365[9-Ed25519 CipherString and Curves Selection] 366ssl_conf = 9-Ed25519 CipherString and Curves Selection-ssl 367 368[9-Ed25519 CipherString and Curves Selection-ssl] 369server = 9-Ed25519 CipherString and Curves Selection-server 370client = 9-Ed25519 CipherString and Curves Selection-client 371 372[9-Ed25519 CipherString and Curves Selection-server] 373Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 374CipherString = DEFAULT 375ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 376ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 377Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 378Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 379Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 380Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 381MaxProtocol = TLSv1.2 382PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 383 384[9-Ed25519 CipherString and Curves Selection-client] 385CipherString = aECDSA 386Curves = X25519 387MaxProtocol = TLSv1.2 388SignatureAlgorithms = ECDSA+SHA256:ed25519 389VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 390VerifyMode = Peer 391 392[test-9] 393ExpectedResult = Success 394ExpectedServerCertType = Ed25519 395ExpectedServerSignType = Ed25519 396 397 398# =========================================================== 399 400[10-Ed448 CipherString and Curves Selection] 401ssl_conf = 10-Ed448 CipherString and Curves Selection-ssl 402 403[10-Ed448 CipherString and Curves Selection-ssl] 404server = 10-Ed448 CipherString and Curves Selection-server 405client = 10-Ed448 CipherString and Curves Selection-client 406 407[10-Ed448 CipherString and Curves Selection-server] 408Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 409CipherString = DEFAULT 410ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 411ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 412Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 413Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 414Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 415Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 416MaxProtocol = TLSv1.2 417PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 418 419[10-Ed448 CipherString and Curves Selection-client] 420CipherString = aECDSA 421Curves = X448 422MaxProtocol = TLSv1.2 423SignatureAlgorithms = ECDSA+SHA256:ed448 424VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem 425VerifyMode = Peer 426 427[test-10] 428ExpectedResult = Success 429ExpectedServerCertType = Ed448 430ExpectedServerSignType = Ed448 431 432 433# =========================================================== 434 435[11-ECDSA CipherString Selection, no ECDSA certificate] 436ssl_conf = 11-ECDSA CipherString Selection, no ECDSA certificate-ssl 437 438[11-ECDSA CipherString Selection, no ECDSA certificate-ssl] 439server = 11-ECDSA CipherString Selection, no ECDSA certificate-server 440client = 11-ECDSA CipherString Selection, no ECDSA certificate-client 441 442[11-ECDSA CipherString Selection, no ECDSA certificate-server] 443Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 444CipherString = DEFAULT 445MaxProtocol = TLSv1.2 446PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 447 448[11-ECDSA CipherString Selection, no ECDSA certificate-client] 449CipherString = aECDSA 450MaxProtocol = TLSv1.2 451VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 452VerifyMode = Peer 453 454[test-11] 455ExpectedResult = ServerFail 456 457 458# =========================================================== 459 460[12-ECDSA Signature Algorithm Selection] 461ssl_conf = 12-ECDSA Signature Algorithm Selection-ssl 462 463[12-ECDSA Signature Algorithm Selection-ssl] 464server = 12-ECDSA Signature Algorithm Selection-server 465client = 12-ECDSA Signature Algorithm Selection-client 466 467[12-ECDSA Signature Algorithm Selection-server] 468Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 469CipherString = DEFAULT 470ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 471ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 472Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 473Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 474Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 475Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 476MaxProtocol = TLSv1.2 477PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 478 479[12-ECDSA Signature Algorithm Selection-client] 480CipherString = DEFAULT 481SignatureAlgorithms = ECDSA+SHA256 482VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 483VerifyMode = Peer 484 485[test-12] 486ExpectedResult = Success 487ExpectedServerCertType = P-256 488ExpectedServerSignHash = SHA256 489ExpectedServerSignType = EC 490 491 492# =========================================================== 493 494[13-ECDSA Signature Algorithm Selection SHA384] 495ssl_conf = 13-ECDSA Signature Algorithm Selection SHA384-ssl 496 497[13-ECDSA Signature Algorithm Selection SHA384-ssl] 498server = 13-ECDSA Signature Algorithm Selection SHA384-server 499client = 13-ECDSA Signature Algorithm Selection SHA384-client 500 501[13-ECDSA Signature Algorithm Selection SHA384-server] 502Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 503CipherString = DEFAULT 504ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 505ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 506Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 507Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 508Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 509Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 510MaxProtocol = TLSv1.2 511PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 512 513[13-ECDSA Signature Algorithm Selection SHA384-client] 514CipherString = DEFAULT 515SignatureAlgorithms = ECDSA+SHA384 516VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 517VerifyMode = Peer 518 519[test-13] 520ExpectedResult = Success 521ExpectedServerCertType = P-256 522ExpectedServerSignHash = SHA384 523ExpectedServerSignType = EC 524 525 526# =========================================================== 527 528[14-ECDSA Signature Algorithm Selection SHA1] 529ssl_conf = 14-ECDSA Signature Algorithm Selection SHA1-ssl 530 531[14-ECDSA Signature Algorithm Selection SHA1-ssl] 532server = 14-ECDSA Signature Algorithm Selection SHA1-server 533client = 14-ECDSA Signature Algorithm Selection SHA1-client 534 535[14-ECDSA Signature Algorithm Selection SHA1-server] 536Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 537CipherString = DEFAULT 538ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 539ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 540Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 541Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 542Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 543Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 544MaxProtocol = TLSv1.2 545PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 546 547[14-ECDSA Signature Algorithm Selection SHA1-client] 548CipherString = DEFAULT 549SignatureAlgorithms = ECDSA+SHA1 550VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 551VerifyMode = Peer 552 553[test-14] 554ExpectedResult = Success 555ExpectedServerCertType = P-256 556ExpectedServerSignHash = SHA1 557ExpectedServerSignType = EC 558 559 560# =========================================================== 561 562[15-ECDSA Signature Algorithm Selection compressed point] 563ssl_conf = 15-ECDSA Signature Algorithm Selection compressed point-ssl 564 565[15-ECDSA Signature Algorithm Selection compressed point-ssl] 566server = 15-ECDSA Signature Algorithm Selection compressed point-server 567client = 15-ECDSA Signature Algorithm Selection compressed point-client 568 569[15-ECDSA Signature Algorithm Selection compressed point-server] 570Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 571CipherString = DEFAULT 572ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem 573ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem 574MaxProtocol = TLSv1.2 575PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 576 577[15-ECDSA Signature Algorithm Selection compressed point-client] 578CipherString = DEFAULT 579SignatureAlgorithms = ECDSA+SHA256 580VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 581VerifyMode = Peer 582 583[test-15] 584ExpectedResult = Success 585ExpectedServerCertType = P-256 586ExpectedServerSignHash = SHA256 587ExpectedServerSignType = EC 588 589 590# =========================================================== 591 592[16-ECDSA Signature Algorithm Selection, no ECDSA certificate] 593ssl_conf = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl 594 595[16-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl] 596server = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-server 597client = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-client 598 599[16-ECDSA Signature Algorithm Selection, no ECDSA certificate-server] 600Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 601CipherString = DEFAULT 602MaxProtocol = TLSv1.2 603PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 604 605[16-ECDSA Signature Algorithm Selection, no ECDSA certificate-client] 606CipherString = DEFAULT 607SignatureAlgorithms = ECDSA+SHA256 608VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 609VerifyMode = Peer 610 611[test-16] 612ExpectedResult = ServerFail 613 614 615# =========================================================== 616 617[17-RSA Signature Algorithm Selection] 618ssl_conf = 17-RSA Signature Algorithm Selection-ssl 619 620[17-RSA Signature Algorithm Selection-ssl] 621server = 17-RSA Signature Algorithm Selection-server 622client = 17-RSA Signature Algorithm Selection-client 623 624[17-RSA Signature Algorithm Selection-server] 625Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 626CipherString = DEFAULT 627ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 628ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 629Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 630Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 631Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 632Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 633MaxProtocol = TLSv1.2 634PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 635 636[17-RSA Signature Algorithm Selection-client] 637CipherString = DEFAULT 638SignatureAlgorithms = RSA+SHA256 639VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 640VerifyMode = Peer 641 642[test-17] 643ExpectedResult = Success 644ExpectedServerCertType = RSA 645ExpectedServerSignHash = SHA256 646ExpectedServerSignType = RSA 647 648 649# =========================================================== 650 651[18-RSA-PSS Signature Algorithm Selection] 652ssl_conf = 18-RSA-PSS Signature Algorithm Selection-ssl 653 654[18-RSA-PSS Signature Algorithm Selection-ssl] 655server = 18-RSA-PSS Signature Algorithm Selection-server 656client = 18-RSA-PSS Signature Algorithm Selection-client 657 658[18-RSA-PSS Signature Algorithm Selection-server] 659Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 660CipherString = DEFAULT 661ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 662ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 663Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 664Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 665Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 666Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 667MaxProtocol = TLSv1.2 668PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 669 670[18-RSA-PSS Signature Algorithm Selection-client] 671CipherString = DEFAULT 672SignatureAlgorithms = RSA-PSS+SHA256 673VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 674VerifyMode = Peer 675 676[test-18] 677ExpectedResult = Success 678ExpectedServerCertType = RSA 679ExpectedServerSignHash = SHA256 680ExpectedServerSignType = RSA-PSS 681 682 683# =========================================================== 684 685[19-RSA-PSS Certificate Legacy Signature Algorithm Selection] 686ssl_conf = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl 687 688[19-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl] 689server = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-server 690client = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-client 691 692[19-RSA-PSS Certificate Legacy Signature Algorithm Selection-server] 693Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 694CipherString = DEFAULT 695ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 696ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 697Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 698Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 699Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 700Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 701MaxProtocol = TLSv1.2 702PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem 703PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem 704PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 705 706[19-RSA-PSS Certificate Legacy Signature Algorithm Selection-client] 707CipherString = DEFAULT 708SignatureAlgorithms = RSA-PSS+SHA256 709VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 710VerifyMode = Peer 711 712[test-19] 713ExpectedResult = Success 714ExpectedServerCertType = RSA 715ExpectedServerSignHash = SHA256 716ExpectedServerSignType = RSA-PSS 717 718 719# =========================================================== 720 721[20-RSA-PSS Certificate Unified Signature Algorithm Selection] 722ssl_conf = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl 723 724[20-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl] 725server = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-server 726client = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-client 727 728[20-RSA-PSS Certificate Unified Signature Algorithm Selection-server] 729Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 730CipherString = DEFAULT 731ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 732ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 733Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 734Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 735Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 736Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 737MaxProtocol = TLSv1.2 738PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem 739PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem 740PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 741 742[20-RSA-PSS Certificate Unified Signature Algorithm Selection-client] 743CipherString = DEFAULT 744SignatureAlgorithms = rsa_pss_pss_sha256 745VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 746VerifyMode = Peer 747 748[test-20] 749ExpectedResult = Success 750ExpectedServerCertType = RSA-PSS 751ExpectedServerSignHash = SHA256 752ExpectedServerSignType = RSA-PSS 753 754 755# =========================================================== 756 757[21-Only RSA-PSS Certificate] 758ssl_conf = 21-Only RSA-PSS Certificate-ssl 759 760[21-Only RSA-PSS Certificate-ssl] 761server = 21-Only RSA-PSS Certificate-server 762client = 21-Only RSA-PSS Certificate-client 763 764[21-Only RSA-PSS Certificate-server] 765Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem 766CipherString = DEFAULT 767PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem 768 769[21-Only RSA-PSS Certificate-client] 770CipherString = DEFAULT 771VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 772VerifyMode = Peer 773 774[test-21] 775ExpectedResult = Success 776ExpectedServerCertType = RSA-PSS 777ExpectedServerSignHash = SHA256 778ExpectedServerSignType = RSA-PSS 779 780 781# =========================================================== 782 783[22-Only RSA-PSS Certificate Valid Signature Algorithms] 784ssl_conf = 22-Only RSA-PSS Certificate Valid Signature Algorithms-ssl 785 786[22-Only RSA-PSS Certificate Valid Signature Algorithms-ssl] 787server = 22-Only RSA-PSS Certificate Valid Signature Algorithms-server 788client = 22-Only RSA-PSS Certificate Valid Signature Algorithms-client 789 790[22-Only RSA-PSS Certificate Valid Signature Algorithms-server] 791Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem 792CipherString = DEFAULT 793PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem 794 795[22-Only RSA-PSS Certificate Valid Signature Algorithms-client] 796CipherString = DEFAULT 797SignatureAlgorithms = rsa_pss_pss_sha512 798VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 799VerifyMode = Peer 800 801[test-22] 802ExpectedResult = Success 803ExpectedServerCertType = RSA-PSS 804ExpectedServerSignHash = SHA512 805ExpectedServerSignType = RSA-PSS 806 807 808# =========================================================== 809 810[23-RSA-PSS Certificate, no PSS signature algorithms] 811ssl_conf = 23-RSA-PSS Certificate, no PSS signature algorithms-ssl 812 813[23-RSA-PSS Certificate, no PSS signature algorithms-ssl] 814server = 23-RSA-PSS Certificate, no PSS signature algorithms-server 815client = 23-RSA-PSS Certificate, no PSS signature algorithms-client 816 817[23-RSA-PSS Certificate, no PSS signature algorithms-server] 818Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem 819CipherString = DEFAULT 820PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem 821 822[23-RSA-PSS Certificate, no PSS signature algorithms-client] 823CipherString = DEFAULT 824SignatureAlgorithms = RSA+SHA256 825VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 826VerifyMode = Peer 827 828[test-23] 829ExpectedResult = ServerFail 830 831 832# =========================================================== 833 834[24-Only RSA-PSS Restricted Certificate] 835ssl_conf = 24-Only RSA-PSS Restricted Certificate-ssl 836 837[24-Only RSA-PSS Restricted Certificate-ssl] 838server = 24-Only RSA-PSS Restricted Certificate-server 839client = 24-Only RSA-PSS Restricted Certificate-client 840 841[24-Only RSA-PSS Restricted Certificate-server] 842Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem 843CipherString = DEFAULT 844PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem 845 846[24-Only RSA-PSS Restricted Certificate-client] 847CipherString = DEFAULT 848VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 849VerifyMode = Peer 850 851[test-24] 852ExpectedResult = Success 853ExpectedServerCertType = RSA-PSS 854ExpectedServerSignHash = SHA256 855ExpectedServerSignType = RSA-PSS 856 857 858# =========================================================== 859 860[25-RSA-PSS Restricted Certificate Valid Signature Algorithms] 861ssl_conf = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms-ssl 862 863[25-RSA-PSS Restricted Certificate Valid Signature Algorithms-ssl] 864server = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms-server 865client = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms-client 866 867[25-RSA-PSS Restricted Certificate Valid Signature Algorithms-server] 868Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem 869CipherString = DEFAULT 870PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem 871 872[25-RSA-PSS Restricted Certificate Valid Signature Algorithms-client] 873CipherString = DEFAULT 874SignatureAlgorithms = rsa_pss_pss_sha256:rsa_pss_pss_sha512 875VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 876VerifyMode = Peer 877 878[test-25] 879ExpectedResult = Success 880ExpectedServerCertType = RSA-PSS 881ExpectedServerSignHash = SHA256 882ExpectedServerSignType = RSA-PSS 883 884 885# =========================================================== 886 887[26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm] 888ssl_conf = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-ssl 889 890[26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-ssl] 891server = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-server 892client = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-client 893 894[26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-server] 895Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem 896CipherString = DEFAULT 897PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem 898 899[26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-client] 900CipherString = DEFAULT 901SignatureAlgorithms = rsa_pss_pss_sha512:rsa_pss_pss_sha256 902VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 903VerifyMode = Peer 904 905[test-26] 906ExpectedResult = Success 907ExpectedServerCertType = RSA-PSS 908ExpectedServerSignHash = SHA256 909ExpectedServerSignType = RSA-PSS 910 911 912# =========================================================== 913 914[27-RSA-PSS Restricted Certificate Invalid Signature Algorithms] 915ssl_conf = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-ssl 916 917[27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-ssl] 918server = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-server 919client = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-client 920 921[27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-server] 922Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem 923CipherString = DEFAULT 924PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem 925 926[27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-client] 927CipherString = DEFAULT 928SignatureAlgorithms = rsa_pss_pss_sha512 929VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 930VerifyMode = Peer 931 932[test-27] 933ExpectedResult = ServerFail 934 935 936# =========================================================== 937 938[28-RSA key exchange with all RSA certificate types] 939ssl_conf = 28-RSA key exchange with all RSA certificate types-ssl 940 941[28-RSA key exchange with all RSA certificate types-ssl] 942server = 28-RSA key exchange with all RSA certificate types-server 943client = 28-RSA key exchange with all RSA certificate types-client 944 945[28-RSA key exchange with all RSA certificate types-server] 946Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 947CipherString = DEFAULT 948PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem 949PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem 950PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 951 952[28-RSA key exchange with all RSA certificate types-client] 953CipherString = kRSA 954MaxProtocol = TLSv1.2 955VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 956VerifyMode = Peer 957 958[test-28] 959ExpectedResult = Success 960ExpectedServerCertType = RSA 961 962 963# =========================================================== 964 965[29-RSA key exchange with only RSA-PSS certificate] 966ssl_conf = 29-RSA key exchange with only RSA-PSS certificate-ssl 967 968[29-RSA key exchange with only RSA-PSS certificate-ssl] 969server = 29-RSA key exchange with only RSA-PSS certificate-server 970client = 29-RSA key exchange with only RSA-PSS certificate-client 971 972[29-RSA key exchange with only RSA-PSS certificate-server] 973Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem 974CipherString = DEFAULT 975PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem 976 977[29-RSA key exchange with only RSA-PSS certificate-client] 978CipherString = kRSA 979MaxProtocol = TLSv1.2 980VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 981VerifyMode = Peer 982 983[test-29] 984ExpectedResult = ServerFail 985 986 987# =========================================================== 988 989[30-Suite B P-256 Hash Algorithm Selection] 990ssl_conf = 30-Suite B P-256 Hash Algorithm Selection-ssl 991 992[30-Suite B P-256 Hash Algorithm Selection-ssl] 993server = 30-Suite B P-256 Hash Algorithm Selection-server 994client = 30-Suite B P-256 Hash Algorithm Selection-client 995 996[30-Suite B P-256 Hash Algorithm Selection-server] 997Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 998CipherString = SUITEB128 999ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p256-server-cert.pem 1000ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p256-server-key.pem 1001MaxProtocol = TLSv1.2 1002PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1003 1004[30-Suite B P-256 Hash Algorithm Selection-client] 1005CipherString = DEFAULT 1006SignatureAlgorithms = ECDSA+SHA384:ECDSA+SHA256 1007VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem 1008VerifyMode = Peer 1009 1010[test-30] 1011ExpectedResult = Success 1012ExpectedServerCertType = P-256 1013ExpectedServerSignHash = SHA256 1014ExpectedServerSignType = EC 1015 1016 1017# =========================================================== 1018 1019[31-Suite B P-384 Hash Algorithm Selection] 1020ssl_conf = 31-Suite B P-384 Hash Algorithm Selection-ssl 1021 1022[31-Suite B P-384 Hash Algorithm Selection-ssl] 1023server = 31-Suite B P-384 Hash Algorithm Selection-server 1024client = 31-Suite B P-384 Hash Algorithm Selection-client 1025 1026[31-Suite B P-384 Hash Algorithm Selection-server] 1027Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1028CipherString = SUITEB128 1029ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem 1030ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem 1031MaxProtocol = TLSv1.2 1032PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1033 1034[31-Suite B P-384 Hash Algorithm Selection-client] 1035CipherString = DEFAULT 1036SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384 1037VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem 1038VerifyMode = Peer 1039 1040[test-31] 1041ExpectedResult = Success 1042ExpectedServerCertType = P-384 1043ExpectedServerSignHash = SHA384 1044ExpectedServerSignType = EC 1045 1046 1047# =========================================================== 1048 1049[32-TLS 1.2 Ed25519 Client Auth] 1050ssl_conf = 32-TLS 1.2 Ed25519 Client Auth-ssl 1051 1052[32-TLS 1.2 Ed25519 Client Auth-ssl] 1053server = 32-TLS 1.2 Ed25519 Client Auth-server 1054client = 32-TLS 1.2 Ed25519 Client Auth-client 1055 1056[32-TLS 1.2 Ed25519 Client Auth-server] 1057Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1058CipherString = DEFAULT 1059PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1060VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1061VerifyMode = Require 1062 1063[32-TLS 1.2 Ed25519 Client Auth-client] 1064CipherString = DEFAULT 1065Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem 1066Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem 1067MaxProtocol = TLSv1.2 1068MinProtocol = TLSv1.2 1069VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1070VerifyMode = Peer 1071 1072[test-32] 1073ExpectedClientCertType = Ed25519 1074ExpectedClientSignType = Ed25519 1075ExpectedResult = Success 1076 1077 1078# =========================================================== 1079 1080[33-TLS 1.2 Ed448 Client Auth] 1081ssl_conf = 33-TLS 1.2 Ed448 Client Auth-ssl 1082 1083[33-TLS 1.2 Ed448 Client Auth-ssl] 1084server = 33-TLS 1.2 Ed448 Client Auth-server 1085client = 33-TLS 1.2 Ed448 Client Auth-client 1086 1087[33-TLS 1.2 Ed448 Client Auth-server] 1088Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1089CipherString = DEFAULT 1090PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1091VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1092VerifyMode = Require 1093 1094[33-TLS 1.2 Ed448 Client Auth-client] 1095CipherString = DEFAULT 1096Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem 1097Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem 1098MaxProtocol = TLSv1.2 1099MinProtocol = TLSv1.2 1100VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1101VerifyMode = Peer 1102 1103[test-33] 1104ExpectedClientCertType = Ed448 1105ExpectedClientSignType = Ed448 1106ExpectedResult = Success 1107 1108 1109# =========================================================== 1110 1111[34-Only RSA-PSS Certificate, TLS v1.1] 1112ssl_conf = 34-Only RSA-PSS Certificate, TLS v1.1-ssl 1113 1114[34-Only RSA-PSS Certificate, TLS v1.1-ssl] 1115server = 34-Only RSA-PSS Certificate, TLS v1.1-server 1116client = 34-Only RSA-PSS Certificate, TLS v1.1-client 1117 1118[34-Only RSA-PSS Certificate, TLS v1.1-server] 1119Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem 1120CipherString = DEFAULT 1121PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem 1122 1123[34-Only RSA-PSS Certificate, TLS v1.1-client] 1124CipherString = DEFAULT 1125MaxProtocol = TLSv1.1 1126VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1127VerifyMode = Peer 1128 1129[test-34] 1130ExpectedResult = ServerFail 1131 1132 1133# =========================================================== 1134 1135[35-TLS 1.3 ECDSA Signature Algorithm Selection] 1136ssl_conf = 35-TLS 1.3 ECDSA Signature Algorithm Selection-ssl 1137 1138[35-TLS 1.3 ECDSA Signature Algorithm Selection-ssl] 1139server = 35-TLS 1.3 ECDSA Signature Algorithm Selection-server 1140client = 35-TLS 1.3 ECDSA Signature Algorithm Selection-client 1141 1142[35-TLS 1.3 ECDSA Signature Algorithm Selection-server] 1143Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1144CipherString = DEFAULT 1145ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 1146ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 1147Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 1148Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 1149Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 1150Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 1151MaxProtocol = TLSv1.3 1152MinProtocol = TLSv1.3 1153PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1154 1155[35-TLS 1.3 ECDSA Signature Algorithm Selection-client] 1156CipherString = DEFAULT 1157SignatureAlgorithms = ECDSA+SHA256 1158VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1159VerifyMode = Peer 1160 1161[test-35] 1162ExpectedResult = Success 1163ExpectedServerCANames = empty 1164ExpectedServerCertType = P-256 1165ExpectedServerSignHash = SHA256 1166ExpectedServerSignType = EC 1167 1168 1169# =========================================================== 1170 1171[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point] 1172ssl_conf = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl 1173 1174[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl] 1175server = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server 1176client = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client 1177 1178[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server] 1179Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1180CipherString = DEFAULT 1181ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem 1182ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem 1183MaxProtocol = TLSv1.3 1184MinProtocol = TLSv1.3 1185PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1186 1187[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client] 1188CipherString = DEFAULT 1189SignatureAlgorithms = ECDSA+SHA256 1190VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1191VerifyMode = Peer 1192 1193[test-36] 1194ExpectedResult = Success 1195ExpectedServerCANames = empty 1196ExpectedServerCertType = P-256 1197ExpectedServerSignHash = SHA256 1198ExpectedServerSignType = EC 1199 1200 1201# =========================================================== 1202 1203[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1] 1204ssl_conf = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl 1205 1206[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl] 1207server = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server 1208client = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client 1209 1210[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server] 1211Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1212CipherString = DEFAULT 1213ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 1214ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 1215Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 1216Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 1217Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 1218Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 1219MaxProtocol = TLSv1.3 1220MinProtocol = TLSv1.3 1221PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1222 1223[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client] 1224CipherString = DEFAULT 1225SignatureAlgorithms = ECDSA+SHA1 1226VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1227VerifyMode = Peer 1228 1229[test-37] 1230ExpectedResult = ServerFail 1231 1232 1233# =========================================================== 1234 1235[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS] 1236ssl_conf = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl 1237 1238[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl] 1239server = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server 1240client = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client 1241 1242[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server] 1243Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1244CipherString = DEFAULT 1245ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 1246ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 1247Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 1248Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 1249Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 1250Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 1251MaxProtocol = TLSv1.3 1252MinProtocol = TLSv1.3 1253PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1254 1255[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client] 1256CipherString = DEFAULT 1257RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1258SignatureAlgorithms = ECDSA+SHA256:RSA-PSS+SHA256 1259VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1260VerifyMode = Peer 1261 1262[test-38] 1263ExpectedResult = Success 1264ExpectedServerCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1265ExpectedServerCertType = P-256 1266ExpectedServerSignHash = SHA256 1267ExpectedServerSignType = EC 1268 1269 1270# =========================================================== 1271 1272[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS] 1273ssl_conf = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl 1274 1275[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl] 1276server = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server 1277client = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client 1278 1279[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server] 1280Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1281CipherString = DEFAULT 1282ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 1283ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 1284Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 1285Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 1286Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 1287Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 1288MaxProtocol = TLSv1.3 1289MinProtocol = TLSv1.3 1290PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1291 1292[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client] 1293CipherString = DEFAULT 1294SignatureAlgorithms = ECDSA+SHA384:RSA-PSS+SHA384 1295VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1296VerifyMode = Peer 1297 1298[test-39] 1299ExpectedResult = Success 1300ExpectedServerCertType = RSA 1301ExpectedServerSignHash = SHA384 1302ExpectedServerSignType = RSA-PSS 1303 1304 1305# =========================================================== 1306 1307[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate] 1308ssl_conf = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl 1309 1310[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl] 1311server = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server 1312client = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client 1313 1314[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server] 1315Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1316CipherString = DEFAULT 1317MaxProtocol = TLSv1.3 1318MinProtocol = TLSv1.3 1319PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1320 1321[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client] 1322CipherString = DEFAULT 1323SignatureAlgorithms = ECDSA+SHA256 1324VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1325VerifyMode = Peer 1326 1327[test-40] 1328ExpectedResult = ServerFail 1329 1330 1331# =========================================================== 1332 1333[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS] 1334ssl_conf = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl 1335 1336[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl] 1337server = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server 1338client = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client 1339 1340[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server] 1341Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1342CipherString = DEFAULT 1343ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 1344ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 1345Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 1346Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 1347Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 1348Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 1349MaxProtocol = TLSv1.3 1350MinProtocol = TLSv1.3 1351PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1352 1353[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client] 1354CipherString = DEFAULT 1355SignatureAlgorithms = RSA+SHA256 1356VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1357VerifyMode = Peer 1358 1359[test-41] 1360ExpectedResult = ServerFail 1361 1362 1363# =========================================================== 1364 1365[42-TLS 1.3 RSA-PSS Signature Algorithm Selection] 1366ssl_conf = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl 1367 1368[42-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl] 1369server = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-server 1370client = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-client 1371 1372[42-TLS 1.3 RSA-PSS Signature Algorithm Selection-server] 1373Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1374CipherString = DEFAULT 1375ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 1376ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 1377Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 1378Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 1379Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 1380Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 1381MaxProtocol = TLSv1.3 1382MinProtocol = TLSv1.3 1383PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1384 1385[42-TLS 1.3 RSA-PSS Signature Algorithm Selection-client] 1386CipherString = DEFAULT 1387SignatureAlgorithms = RSA-PSS+SHA256 1388VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1389VerifyMode = Peer 1390 1391[test-42] 1392ExpectedResult = Success 1393ExpectedServerCertType = RSA 1394ExpectedServerSignHash = SHA256 1395ExpectedServerSignType = RSA-PSS 1396 1397 1398# =========================================================== 1399 1400[43-TLS 1.3 Ed25519 Signature Algorithm Selection] 1401ssl_conf = 43-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl 1402 1403[43-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl] 1404server = 43-TLS 1.3 Ed25519 Signature Algorithm Selection-server 1405client = 43-TLS 1.3 Ed25519 Signature Algorithm Selection-client 1406 1407[43-TLS 1.3 Ed25519 Signature Algorithm Selection-server] 1408Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1409CipherString = DEFAULT 1410ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 1411ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 1412Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 1413Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 1414Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 1415Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 1416MaxProtocol = TLSv1.3 1417MinProtocol = TLSv1.3 1418PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1419 1420[43-TLS 1.3 Ed25519 Signature Algorithm Selection-client] 1421CipherString = DEFAULT 1422SignatureAlgorithms = ed25519 1423VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1424VerifyMode = Peer 1425 1426[test-43] 1427ExpectedResult = Success 1428ExpectedServerCertType = Ed25519 1429ExpectedServerSignType = Ed25519 1430 1431 1432# =========================================================== 1433 1434[44-TLS 1.3 Ed448 Signature Algorithm Selection] 1435ssl_conf = 44-TLS 1.3 Ed448 Signature Algorithm Selection-ssl 1436 1437[44-TLS 1.3 Ed448 Signature Algorithm Selection-ssl] 1438server = 44-TLS 1.3 Ed448 Signature Algorithm Selection-server 1439client = 44-TLS 1.3 Ed448 Signature Algorithm Selection-client 1440 1441[44-TLS 1.3 Ed448 Signature Algorithm Selection-server] 1442Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1443CipherString = DEFAULT 1444ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 1445ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 1446Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 1447Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 1448Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 1449Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 1450MaxProtocol = TLSv1.3 1451MinProtocol = TLSv1.3 1452PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1453 1454[44-TLS 1.3 Ed448 Signature Algorithm Selection-client] 1455CipherString = DEFAULT 1456SignatureAlgorithms = ed448 1457VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem 1458VerifyMode = Peer 1459 1460[test-44] 1461ExpectedResult = Success 1462ExpectedServerCertType = Ed448 1463ExpectedServerSignType = Ed448 1464 1465 1466# =========================================================== 1467 1468[45-TLS 1.3 Ed25519 CipherString and Groups Selection] 1469ssl_conf = 45-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl 1470 1471[45-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl] 1472server = 45-TLS 1.3 Ed25519 CipherString and Groups Selection-server 1473client = 45-TLS 1.3 Ed25519 CipherString and Groups Selection-client 1474 1475[45-TLS 1.3 Ed25519 CipherString and Groups Selection-server] 1476Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1477CipherString = DEFAULT 1478ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 1479ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 1480Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 1481Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 1482Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 1483Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 1484MaxProtocol = TLSv1.3 1485MinProtocol = TLSv1.3 1486PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1487 1488[45-TLS 1.3 Ed25519 CipherString and Groups Selection-client] 1489CipherString = DEFAULT 1490Groups = X25519 1491SignatureAlgorithms = ECDSA+SHA256:ed25519 1492VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1493VerifyMode = Peer 1494 1495[test-45] 1496ExpectedResult = Success 1497ExpectedServerCertType = P-256 1498ExpectedServerSignType = EC 1499 1500 1501# =========================================================== 1502 1503[46-TLS 1.3 Ed448 CipherString and Groups Selection] 1504ssl_conf = 46-TLS 1.3 Ed448 CipherString and Groups Selection-ssl 1505 1506[46-TLS 1.3 Ed448 CipherString and Groups Selection-ssl] 1507server = 46-TLS 1.3 Ed448 CipherString and Groups Selection-server 1508client = 46-TLS 1.3 Ed448 CipherString and Groups Selection-client 1509 1510[46-TLS 1.3 Ed448 CipherString and Groups Selection-server] 1511Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1512CipherString = DEFAULT 1513ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 1514ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 1515Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 1516Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 1517Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 1518Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 1519MaxProtocol = TLSv1.3 1520MinProtocol = TLSv1.3 1521PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1522 1523[46-TLS 1.3 Ed448 CipherString and Groups Selection-client] 1524CipherString = DEFAULT 1525Groups = X448 1526SignatureAlgorithms = ECDSA+SHA256:ed448 1527VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1528VerifyMode = Peer 1529 1530[test-46] 1531ExpectedResult = Success 1532ExpectedServerCertType = P-256 1533ExpectedServerSignType = EC 1534 1535 1536# =========================================================== 1537 1538[47-TLS 1.3 RSA Client Auth Signature Algorithm Selection] 1539ssl_conf = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl 1540 1541[47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl] 1542server = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server 1543client = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client 1544 1545[47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server] 1546Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1547CipherString = DEFAULT 1548ClientSignatureAlgorithms = PSS+SHA256 1549PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1550VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1551VerifyMode = Require 1552 1553[47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client] 1554CipherString = DEFAULT 1555ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem 1556ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem 1557MaxProtocol = TLSv1.3 1558MinProtocol = TLSv1.3 1559RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 1560RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 1561VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1562VerifyMode = Peer 1563 1564[test-47] 1565ExpectedClientCANames = empty 1566ExpectedClientCertType = RSA 1567ExpectedClientSignHash = SHA256 1568ExpectedClientSignType = RSA-PSS 1569ExpectedResult = Success 1570 1571 1572# =========================================================== 1573 1574[48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names] 1575ssl_conf = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl 1576 1577[48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl] 1578server = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server 1579client = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client 1580 1581[48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server] 1582Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1583CipherString = DEFAULT 1584ClientSignatureAlgorithms = PSS+SHA256 1585PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1586RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1587VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1588VerifyMode = Require 1589 1590[48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client] 1591CipherString = DEFAULT 1592ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem 1593ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem 1594MaxProtocol = TLSv1.3 1595MinProtocol = TLSv1.3 1596RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 1597RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 1598VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1599VerifyMode = Peer 1600 1601[test-48] 1602ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1603ExpectedClientCertType = RSA 1604ExpectedClientSignHash = SHA256 1605ExpectedClientSignType = RSA-PSS 1606ExpectedResult = Success 1607 1608 1609# =========================================================== 1610 1611[49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection] 1612ssl_conf = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl 1613 1614[49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl] 1615server = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server 1616client = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client 1617 1618[49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server] 1619Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1620CipherString = DEFAULT 1621ClientSignatureAlgorithms = ECDSA+SHA256 1622PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1623VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1624VerifyMode = Require 1625 1626[49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client] 1627CipherString = DEFAULT 1628ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem 1629ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem 1630MaxProtocol = TLSv1.3 1631MinProtocol = TLSv1.3 1632RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 1633RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 1634VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1635VerifyMode = Peer 1636 1637[test-49] 1638ExpectedClientCertType = P-256 1639ExpectedClientSignHash = SHA256 1640ExpectedClientSignType = EC 1641ExpectedResult = Success 1642 1643 1644# =========================================================== 1645 1646[50-TLS 1.3 Ed25519 Client Auth] 1647ssl_conf = 50-TLS 1.3 Ed25519 Client Auth-ssl 1648 1649[50-TLS 1.3 Ed25519 Client Auth-ssl] 1650server = 50-TLS 1.3 Ed25519 Client Auth-server 1651client = 50-TLS 1.3 Ed25519 Client Auth-client 1652 1653[50-TLS 1.3 Ed25519 Client Auth-server] 1654Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1655CipherString = DEFAULT 1656PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1657VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1658VerifyMode = Require 1659 1660[50-TLS 1.3 Ed25519 Client Auth-client] 1661CipherString = DEFAULT 1662EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem 1663EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem 1664MaxProtocol = TLSv1.3 1665MinProtocol = TLSv1.3 1666VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1667VerifyMode = Peer 1668 1669[test-50] 1670ExpectedClientCertType = Ed25519 1671ExpectedClientSignType = Ed25519 1672ExpectedResult = Success 1673 1674 1675# =========================================================== 1676 1677[51-TLS 1.3 Ed448 Client Auth] 1678ssl_conf = 51-TLS 1.3 Ed448 Client Auth-ssl 1679 1680[51-TLS 1.3 Ed448 Client Auth-ssl] 1681server = 51-TLS 1.3 Ed448 Client Auth-server 1682client = 51-TLS 1.3 Ed448 Client Auth-client 1683 1684[51-TLS 1.3 Ed448 Client Auth-server] 1685Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1686CipherString = DEFAULT 1687PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1688VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1689VerifyMode = Require 1690 1691[51-TLS 1.3 Ed448 Client Auth-client] 1692CipherString = DEFAULT 1693EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem 1694EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem 1695MaxProtocol = TLSv1.3 1696MinProtocol = TLSv1.3 1697VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1698VerifyMode = Peer 1699 1700[test-51] 1701ExpectedClientCertType = Ed448 1702ExpectedClientSignType = Ed448 1703ExpectedResult = Success 1704 1705 1706# =========================================================== 1707 1708[52-TLS 1.3 ECDSA with brainpool] 1709ssl_conf = 52-TLS 1.3 ECDSA with brainpool-ssl 1710 1711[52-TLS 1.3 ECDSA with brainpool-ssl] 1712server = 52-TLS 1.3 ECDSA with brainpool-server 1713client = 52-TLS 1.3 ECDSA with brainpool-client 1714 1715[52-TLS 1.3 ECDSA with brainpool-server] 1716Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem 1717CipherString = DEFAULT 1718Groups = brainpoolP256r1 1719PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem 1720 1721[52-TLS 1.3 ECDSA with brainpool-client] 1722CipherString = DEFAULT 1723Groups = brainpoolP256r1 1724MaxProtocol = TLSv1.3 1725MinProtocol = TLSv1.3 1726RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1727VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1728VerifyMode = Peer 1729 1730[test-52] 1731ExpectedResult = ServerFail 1732 1733 1734# =========================================================== 1735 1736[53-TLS 1.2 DSA Certificate Test] 1737ssl_conf = 53-TLS 1.2 DSA Certificate Test-ssl 1738 1739[53-TLS 1.2 DSA Certificate Test-ssl] 1740server = 53-TLS 1.2 DSA Certificate Test-server 1741client = 53-TLS 1.2 DSA Certificate Test-client 1742 1743[53-TLS 1.2 DSA Certificate Test-server] 1744Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1745CipherString = ALL 1746DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem 1747DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem 1748DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem 1749MaxProtocol = TLSv1.2 1750MinProtocol = TLSv1.2 1751PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1752 1753[53-TLS 1.2 DSA Certificate Test-client] 1754CipherString = ALL 1755SignatureAlgorithms = DSA+SHA256:DSA+SHA1 1756VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1757VerifyMode = Peer 1758 1759[test-53] 1760ExpectedResult = Success 1761 1762 1763# =========================================================== 1764 1765[54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms] 1766ssl_conf = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl 1767 1768[54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl] 1769server = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server 1770client = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client 1771 1772[54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server] 1773Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1774CipherString = DEFAULT 1775ClientSignatureAlgorithms = ECDSA+SHA1:DSA+SHA256:RSA+SHA256 1776PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1777VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1778VerifyMode = Request 1779 1780[54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client] 1781CipherString = DEFAULT 1782VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1783VerifyMode = Peer 1784 1785[test-54] 1786ExpectedResult = ServerFail 1787 1788 1789# =========================================================== 1790 1791[55-TLS 1.3 DSA Certificate Test] 1792ssl_conf = 55-TLS 1.3 DSA Certificate Test-ssl 1793 1794[55-TLS 1.3 DSA Certificate Test-ssl] 1795server = 55-TLS 1.3 DSA Certificate Test-server 1796client = 55-TLS 1.3 DSA Certificate Test-client 1797 1798[55-TLS 1.3 DSA Certificate Test-server] 1799Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1800CipherString = ALL 1801DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem 1802DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem 1803MaxProtocol = TLSv1.3 1804MinProtocol = TLSv1.3 1805PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1806 1807[55-TLS 1.3 DSA Certificate Test-client] 1808CipherString = ALL 1809SignatureAlgorithms = DSA+SHA1:DSA+SHA256:ECDSA+SHA256 1810VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1811VerifyMode = Peer 1812 1813[test-55] 1814ExpectedResult = ServerFail 1815 1816 1817