test/ssl-tests/18-dtls-renegotiate.conf.in

   1 # -*- mode: perl; -*-
   2 # Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
   3 #
   4 # Licensed under the OpenSSL license (the "License").  You may not use
   5 # this file except in compliance with the License.  You can obtain a copy
   6 # in the file LICENSE in the source distribution or at
   7 # https://www.openssl.org/source/license.html
   8
   9
  10 ## Test Renegotiation
  11
  12 use strict;
  13 use warnings;
  14
  15 package ssltests;
  16
  17 our @tests = (
  18     {
  19         name => "renegotiate-client-no-resume",
  20         server => {
  21             "Options" => "NoResumptionOnRenegotiation"
  22         },
  23         client => {},
  24         test => {
  25             "Method" => "DTLS",
  26             "HandshakeMode" => "RenegotiateClient",
  27             "ResumptionExpected" => "No",
  28             "ExpectedResult" => "Success"
  29         }
  30     },
  31     {
  32         name => "renegotiate-client-resume",
  33         server => {},
  34         client => {},
  35         test => {
  36             "Method" => "DTLS",
  37             "HandshakeMode" => "RenegotiateClient",
  38             "ResumptionExpected" => "Yes",
  39             "ExpectedResult" => "Success"
  40         }
  41     },
  42 # Note: Unlike the TLS tests, we will never do resumption with server
  43 # initiated reneg. This is because an OpenSSL DTLS client will always do a full
  44 # handshake (i.e. it doesn't supply a session id) when it receives a
  45 # HelloRequest. This is different to the OpenSSL TLS implementation where an
  46 # OpenSSL client will always try an abbreviated handshake (i.e. it will supply
  47 # the session id). This goes all the way to commit 48ae85b6f when abbreviated
  48 # handshake support was first added. Neither behaviour is wrong, but the
  49 # discrepancy is strange. TODO: Should we harmonise the TLS and DTLS behaviour,
  50 # and if so, what to?
  51     {
  52         name => "renegotiate-server-resume",
  53         server => {},
  54         client => {},
  55         test => {
  56             "Method" => "DTLS",
  57             "HandshakeMode" => "RenegotiateServer",
  58             "ResumptionExpected" => "No",
  59             "ExpectedResult" => "Success"
  60         }
  61     },
  62     {
  63         name => "renegotiate-client-auth-require",
  64         server => {
  65             "VerifyCAFile" => test_pem("root-cert.pem"),
  66             "VerifyMode" => "Require",
  67         },
  68         client => {
  69             "Certificate" => test_pem("ee-client-chain.pem"),
  70             "PrivateKey"  => test_pem("ee-key.pem"),
  71         },
  72         test => {
  73             "Method" => "DTLS",
  74             "HandshakeMode" => "RenegotiateServer",
  75             "ResumptionExpected" => "No",
  76             "ExpectedResult" => "Success"
  77         }
  78     },
  79     {
  80         name => "renegotiate-client-auth-once",
  81         server => {
  82             "VerifyCAFile" => test_pem("root-cert.pem"),
  83             "VerifyMode" => "Once",
  84         },
  85         client => {
  86             "Certificate" => test_pem("ee-client-chain.pem"),
  87             "PrivateKey"  => test_pem("ee-key.pem"),
  88         },
  89         test => {
  90             "Method" => "DTLS",
  91             "HandshakeMode" => "RenegotiateServer",
  92             "ResumptionExpected" => "No",
  93             "ExpectedResult" => "Success"
  94         }
  95     },
  96     {
  97         name => "renegotiate-aead-to-non-aead",
  98         server => {
  99             "Options" => "NoResumptionOnRenegotiation"
 100         },
 101         client => {
 102             "CipherString" => "AES128-GCM-SHA256",
 103             extra => {
 104                 "RenegotiateCiphers" => "AES128-SHA"
 105             }
 106         },
 107         test => {
 108             "Method" => "DTLS",
 109             "HandshakeMode" => "RenegotiateClient",
 110             "ResumptionExpected" => "No",
 111             "ExpectedResult" => "Success"
 112         }
 113     },
 114     {
 115         name => "renegotiate-non-aead-to-aead",
 116         server => {
 117             "Options" => "NoResumptionOnRenegotiation"
 118         },
 119         client => {
 120             "CipherString" => "AES128-SHA",
 121             extra => {
 122                 "RenegotiateCiphers" => "AES128-GCM-SHA256"
 123             }
 124         },
 125         test => {
 126             "Method" => "DTLS",
 127             "HandshakeMode" => "RenegotiateClient",
 128             "ResumptionExpected" => "No",
 129             "ExpectedResult" => "Success"
 130         }
 131     },
 132     {
 133         name => "renegotiate-non-aead-to-non-aead",
 134         server => {
 135             "Options" => "NoResumptionOnRenegotiation"
 136         },
 137         client => {
 138             "CipherString" => "AES128-SHA",
 139             extra => {
 140                 "RenegotiateCiphers" => "AES256-SHA"
 141             }
 142         },
 143         test => {
 144             "Method" => "DTLS",
 145             "HandshakeMode" => "RenegotiateClient",
 146             "ResumptionExpected" => "No",
 147             "ExpectedResult" => "Success"
 148         }
 149     },
 150     {
 151         name => "renegotiate-aead-to-aead",
 152         server => {
 153             "Options" => "NoResumptionOnRenegotiation"
 154         },
 155         client => {
 156             "CipherString" => "AES128-GCM-SHA256",
 157             extra => {
 158                 "RenegotiateCiphers" => "AES256-GCM-SHA384"
 159             }
 160         },
 161         test => {
 162             "Method" => "DTLS",
 163             "HandshakeMode" => "RenegotiateClient",
 164             "ResumptionExpected" => "No",
 165             "ExpectedResult" => "Success"
 166         }
 167     },
 168 );