1# -*- mode: perl; -*- 2# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the Apache License 2.0 (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9 10## Test version negotiation 11 12use strict; 13use warnings; 14 15package ssltests; 16use OpenSSL::Test::Utils; 17 18our $fips_mode; 19 20our @tests = ( 21 { 22 name => "cipher-server-1", 23 server => { 24 "MaxProtocol" => "TLSv1.2", 25 "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256", 26 }, 27 client => { 28 "MaxProtocol" => "TLSv1.2", 29 "CipherString" => "ECDHE-RSA-AES256-SHA384" 30 }, 31 test => { 32 "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384", 33 }, 34 }, 35 { 36 name => "cipher-server-2", 37 server => { 38 "MaxProtocol" => "TLSv1.2", 39 "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256", 40 }, 41 client => { 42 "MaxProtocol" => "TLSv1.2", 43 "CipherString" => "ECDHE-RSA-AES128-SHA256" 44 }, 45 test => { 46 "ExpectedCipher" => "ECDHE-RSA-AES128-SHA256", 47 }, 48 }, 49 { 50 name => "cipher-server-client-list", 51 server => { 52 "MaxProtocol" => "TLSv1.2", 53 "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256", 54 }, 55 client => { 56 "MaxProtocol" => "TLSv1.2", 57 "CipherString" => "ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", 58 }, 59 test => { 60 "ExpectedCipher" => "ECDHE-RSA-AES128-SHA256", 61 }, 62 }, 63 { 64 name => "cipher-server-pref-1", 65 server => { 66 "MaxProtocol" => "TLSv1.2", 67 "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256", 68 "Options" => "ServerPreference", 69 }, 70 client => { 71 "MaxProtocol" => "TLSv1.2", 72 "CipherString" => "ECDHE-RSA-AES256-SHA384" 73 }, 74 test => { 75 "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384", 76 }, 77 }, 78 { 79 name => "cipher-server-pref-2", 80 server => { 81 "MaxProtocol" => "TLSv1.2", 82 "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256", 83 "Options" => "ServerPreference", 84 }, 85 client => { 86 "MaxProtocol" => "TLSv1.2", 87 "CipherString" => "ECDHE-RSA-AES128-SHA256" 88 }, 89 test => { 90 "ExpectedCipher" => "ECDHE-RSA-AES128-SHA256", 91 }, 92 }, 93 { 94 name => "cipher-server-pref-client-list", 95 server => { 96 "MaxProtocol" => "TLSv1.2", 97 "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256", 98 "Options" => "ServerPreference", 99 }, 100 client => { 101 "MaxProtocol" => "TLSv1.2", 102 "CipherString" => "ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", 103 }, 104 test => { 105 "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384", 106 }, 107 }, 108 { 109 name => "cipher-server-pref-not-mobile", 110 server => { 111 "MaxProtocol" => "TLSv1.2", 112 "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305", 113 "Options" => "ServerPreference", 114 }, 115 client => { 116 "MaxProtocol" => "TLSv1.2", 117 "CipherString" => "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", 118 }, 119 test => { 120 "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384", 121 }, 122 }, 123 { 124 name => "cipher-server-pref-mobile", 125 server => { 126 "MaxProtocol" => "TLSv1.2", 127 "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305", 128 "Options" => "ServerPreference,PrioritizeChaCha", 129 }, 130 client => { 131 "MaxProtocol" => "TLSv1.2", 132 "CipherString" => "ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305", 133 }, 134 test => { 135 "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384", 136 }, 137 }, 138); 139 140my @tests_poly1305 = ( 141 { 142 name => "cipher-server-pref-mobile2", 143 server => { 144 "MaxProtocol" => "TLSv1.2", 145 "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305", 146 "Options" => "ServerPreference,PrioritizeChaCha", 147 }, 148 client => { 149 "MaxProtocol" => "TLSv1.2", 150 "CipherString" => "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", 151 }, 152 test => { 153 "ExpectedCipher" => "ECDHE-RSA-CHACHA20-POLY1305", 154 }, 155 }, 156); 157 158push @tests, @tests_poly1305 159 unless disabled("poly1305") || disabled("chacha") || $fips_mode; 160