1 # Generated with generate_ssl_tests.pl
5 test-0 = 0-ECDSA CipherString Selection
6 test-1 = 1-ECDSA CipherString Selection
7 test-2 = 2-ECDSA CipherString Selection
8 test-3 = 3-RSA CipherString Selection
9 test-4 = 4-P-256 CipherString and Signature Algorithm Selection
10 test-5 = 5-ECDSA CipherString Selection, no ECDSA certificate
11 test-6 = 6-ECDSA Signature Algorithm Selection
12 test-7 = 7-ECDSA Signature Algorithm Selection SHA384
13 test-8 = 8-ECDSA Signature Algorithm Selection compressed point
14 test-9 = 9-ECDSA Signature Algorithm Selection, no ECDSA certificate
15 test-10 = 10-RSA Signature Algorithm Selection
16 test-11 = 11-RSA-PSS Signature Algorithm Selection
17 test-12 = 12-RSA key exchange with all RSA certificate types
18 test-13 = 13-Suite B P-256 Hash Algorithm Selection
19 test-14 = 14-Suite B P-384 Hash Algorithm Selection
20 test-15 = 15-Ed25519 CipherString and Signature Algorithm Selection
21 test-16 = 16-Ed448 CipherString and Signature Algorithm Selection
22 test-17 = 17-Ed25519 CipherString and Curves Selection
23 test-18 = 18-Ed448 CipherString and Curves Selection
24 test-19 = 19-TLS 1.2 Ed25519 Client Auth
25 test-20 = 20-TLS 1.2 Ed448 Client Auth
26 test-21 = 21-ECDSA Signature Algorithm Selection SHA1
27 test-22 = 22-ECDSA with brainpool
28 test-23 = 23-RSA-PSS Certificate CipherString Selection
29 test-24 = 24-RSA-PSS Certificate Legacy Signature Algorithm Selection
30 test-25 = 25-RSA-PSS Certificate Unified Signature Algorithm Selection
31 test-26 = 26-Only RSA-PSS Certificate
32 test-27 = 27-Only RSA-PSS Certificate Valid Signature Algorithms
33 test-28 = 28-RSA-PSS Certificate, no PSS signature algorithms
34 test-29 = 29-Only RSA-PSS Restricted Certificate
35 test-30 = 30-RSA-PSS Restricted Certificate Valid Signature Algorithms
36 test-31 = 31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm
37 test-32 = 32-RSA-PSS Restricted Certificate Invalid Signature Algorithms
38 test-33 = 33-RSA key exchange with only RSA-PSS certificate
39 test-34 = 34-Only RSA-PSS Certificate, TLS v1.1
40 test-35 = 35-TLS 1.3 ECDSA Signature Algorithm Selection
41 test-36 = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point
42 test-37 = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1
43 test-38 = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS
44 test-39 = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS
45 test-40 = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate
46 test-41 = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS
47 test-42 = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection
48 test-43 = 43-TLS 1.3 RSA Client Auth Signature Algorithm Selection
49 test-44 = 44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names
50 test-45 = 45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection
51 test-46 = 46-TLS 1.3 Ed25519 Signature Algorithm Selection
52 test-47 = 47-TLS 1.3 Ed448 Signature Algorithm Selection
53 test-48 = 48-TLS 1.3 Ed25519 CipherString and Groups Selection
54 test-49 = 49-TLS 1.3 Ed448 CipherString and Groups Selection
55 test-50 = 50-TLS 1.3 Ed25519 Client Auth
56 test-51 = 51-TLS 1.3 Ed448 Client Auth
57 test-52 = 52-TLS 1.3 ECDSA with brainpool but no suitable groups
58 test-53 = 53-TLS 1.3 ECDSA with brainpool
59 test-54 = 54-TLS 1.2 DSA Certificate Test
60 test-55 = 55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms
61 test-56 = 56-TLS 1.3 DSA Certificate Test
62 # ===========================================================
64 [0-ECDSA CipherString Selection]
65 ssl_conf = 0-ECDSA CipherString Selection-ssl
67 [0-ECDSA CipherString Selection-ssl]
68 server = 0-ECDSA CipherString Selection-server
69 client = 0-ECDSA CipherString Selection-client
71 [0-ECDSA CipherString Selection-server]
72 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
73 CipherString = DEFAULT
74 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
75 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
76 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
77 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
78 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
79 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
81 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
83 [0-ECDSA CipherString Selection-client]
86 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
87 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
91 ExpectedResult = Success
92 ExpectedServerCANames = empty
93 ExpectedServerCertType = P-256
94 ExpectedServerSignType = EC
97 # ===========================================================
99 [1-ECDSA CipherString Selection]
100 ssl_conf = 1-ECDSA CipherString Selection-ssl
102 [1-ECDSA CipherString Selection-ssl]
103 server = 1-ECDSA CipherString Selection-server
104 client = 1-ECDSA CipherString Selection-client
106 [1-ECDSA CipherString Selection-server]
107 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
108 CipherString = DEFAULT
109 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
110 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
112 MaxProtocol = TLSv1.2
113 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
115 [1-ECDSA CipherString Selection-client]
116 CipherString = aECDSA
118 MaxProtocol = TLSv1.2
119 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
120 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
124 ExpectedResult = Success
125 ExpectedServerCANames = empty
126 ExpectedServerCertType = P-256
127 ExpectedServerSignType = EC
130 # ===========================================================
132 [2-ECDSA CipherString Selection]
133 ssl_conf = 2-ECDSA CipherString Selection-ssl
135 [2-ECDSA CipherString Selection-ssl]
136 server = 2-ECDSA CipherString Selection-server
137 client = 2-ECDSA CipherString Selection-client
139 [2-ECDSA CipherString Selection-server]
140 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
141 CipherString = DEFAULT
142 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
143 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
145 MaxProtocol = TLSv1.2
146 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
148 [2-ECDSA CipherString Selection-client]
149 CipherString = aECDSA
151 MaxProtocol = TLSv1.2
152 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
153 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
157 ExpectedResult = ServerFail
160 # ===========================================================
162 [3-RSA CipherString Selection]
163 ssl_conf = 3-RSA CipherString Selection-ssl
165 [3-RSA CipherString Selection-ssl]
166 server = 3-RSA CipherString Selection-server
167 client = 3-RSA CipherString Selection-client
169 [3-RSA CipherString Selection-server]
170 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
171 CipherString = DEFAULT
172 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
173 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
174 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
175 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
176 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
177 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
178 MaxProtocol = TLSv1.2
179 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
181 [3-RSA CipherString Selection-client]
183 MaxProtocol = TLSv1.2
184 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
188 ExpectedResult = Success
189 ExpectedServerCertType = RSA
190 ExpectedServerSignType = RSA-PSS
193 # ===========================================================
195 [4-P-256 CipherString and Signature Algorithm Selection]
196 ssl_conf = 4-P-256 CipherString and Signature Algorithm Selection-ssl
198 [4-P-256 CipherString and Signature Algorithm Selection-ssl]
199 server = 4-P-256 CipherString and Signature Algorithm Selection-server
200 client = 4-P-256 CipherString and Signature Algorithm Selection-client
202 [4-P-256 CipherString and Signature Algorithm Selection-server]
203 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
204 CipherString = DEFAULT
205 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
206 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
207 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
208 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
209 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
210 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
211 MaxProtocol = TLSv1.2
212 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
214 [4-P-256 CipherString and Signature Algorithm Selection-client]
215 CipherString = aECDSA
216 MaxProtocol = TLSv1.2
217 SignatureAlgorithms = ECDSA+SHA256:ed25519
218 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
222 ExpectedResult = Success
223 ExpectedServerCertType = P-256
224 ExpectedServerSignHash = SHA256
225 ExpectedServerSignType = EC
228 # ===========================================================
230 [5-ECDSA CipherString Selection, no ECDSA certificate]
231 ssl_conf = 5-ECDSA CipherString Selection, no ECDSA certificate-ssl
233 [5-ECDSA CipherString Selection, no ECDSA certificate-ssl]
234 server = 5-ECDSA CipherString Selection, no ECDSA certificate-server
235 client = 5-ECDSA CipherString Selection, no ECDSA certificate-client
237 [5-ECDSA CipherString Selection, no ECDSA certificate-server]
238 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
239 CipherString = DEFAULT
240 MaxProtocol = TLSv1.2
241 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
243 [5-ECDSA CipherString Selection, no ECDSA certificate-client]
244 CipherString = aECDSA
245 MaxProtocol = TLSv1.2
246 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
250 ExpectedResult = ServerFail
253 # ===========================================================
255 [6-ECDSA Signature Algorithm Selection]
256 ssl_conf = 6-ECDSA Signature Algorithm Selection-ssl
258 [6-ECDSA Signature Algorithm Selection-ssl]
259 server = 6-ECDSA Signature Algorithm Selection-server
260 client = 6-ECDSA Signature Algorithm Selection-client
262 [6-ECDSA Signature Algorithm Selection-server]
263 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
264 CipherString = DEFAULT
265 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
266 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
267 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
268 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
269 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
270 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
271 MaxProtocol = TLSv1.2
272 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
274 [6-ECDSA Signature Algorithm Selection-client]
275 CipherString = DEFAULT
276 SignatureAlgorithms = ECDSA+SHA256
277 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
281 ExpectedResult = Success
282 ExpectedServerCertType = P-256
283 ExpectedServerSignHash = SHA256
284 ExpectedServerSignType = EC
287 # ===========================================================
289 [7-ECDSA Signature Algorithm Selection SHA384]
290 ssl_conf = 7-ECDSA Signature Algorithm Selection SHA384-ssl
292 [7-ECDSA Signature Algorithm Selection SHA384-ssl]
293 server = 7-ECDSA Signature Algorithm Selection SHA384-server
294 client = 7-ECDSA Signature Algorithm Selection SHA384-client
296 [7-ECDSA Signature Algorithm Selection SHA384-server]
297 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
298 CipherString = DEFAULT
299 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
300 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
301 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
302 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
303 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
304 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
305 MaxProtocol = TLSv1.2
306 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
308 [7-ECDSA Signature Algorithm Selection SHA384-client]
309 CipherString = DEFAULT
310 SignatureAlgorithms = ECDSA+SHA384
311 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
315 ExpectedResult = Success
316 ExpectedServerCertType = P-256
317 ExpectedServerSignHash = SHA384
318 ExpectedServerSignType = EC
321 # ===========================================================
323 [8-ECDSA Signature Algorithm Selection compressed point]
324 ssl_conf = 8-ECDSA Signature Algorithm Selection compressed point-ssl
326 [8-ECDSA Signature Algorithm Selection compressed point-ssl]
327 server = 8-ECDSA Signature Algorithm Selection compressed point-server
328 client = 8-ECDSA Signature Algorithm Selection compressed point-client
330 [8-ECDSA Signature Algorithm Selection compressed point-server]
331 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
332 CipherString = DEFAULT
333 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem
334 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem
335 MaxProtocol = TLSv1.2
336 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
338 [8-ECDSA Signature Algorithm Selection compressed point-client]
339 CipherString = DEFAULT
340 SignatureAlgorithms = ECDSA+SHA256
341 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
345 ExpectedResult = Success
346 ExpectedServerCertType = P-256
347 ExpectedServerSignHash = SHA256
348 ExpectedServerSignType = EC
351 # ===========================================================
353 [9-ECDSA Signature Algorithm Selection, no ECDSA certificate]
354 ssl_conf = 9-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl
356 [9-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
357 server = 9-ECDSA Signature Algorithm Selection, no ECDSA certificate-server
358 client = 9-ECDSA Signature Algorithm Selection, no ECDSA certificate-client
360 [9-ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
361 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
362 CipherString = DEFAULT
363 MaxProtocol = TLSv1.2
364 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
366 [9-ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
367 CipherString = DEFAULT
368 SignatureAlgorithms = ECDSA+SHA256
369 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
373 ExpectedResult = ServerFail
376 # ===========================================================
378 [10-RSA Signature Algorithm Selection]
379 ssl_conf = 10-RSA Signature Algorithm Selection-ssl
381 [10-RSA Signature Algorithm Selection-ssl]
382 server = 10-RSA Signature Algorithm Selection-server
383 client = 10-RSA Signature Algorithm Selection-client
385 [10-RSA Signature Algorithm Selection-server]
386 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
387 CipherString = DEFAULT
388 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
389 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
390 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
391 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
392 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
393 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
394 MaxProtocol = TLSv1.2
395 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
397 [10-RSA Signature Algorithm Selection-client]
398 CipherString = DEFAULT
399 SignatureAlgorithms = RSA+SHA256
400 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
404 ExpectedResult = Success
405 ExpectedServerCertType = RSA
406 ExpectedServerSignHash = SHA256
407 ExpectedServerSignType = RSA
410 # ===========================================================
412 [11-RSA-PSS Signature Algorithm Selection]
413 ssl_conf = 11-RSA-PSS Signature Algorithm Selection-ssl
415 [11-RSA-PSS Signature Algorithm Selection-ssl]
416 server = 11-RSA-PSS Signature Algorithm Selection-server
417 client = 11-RSA-PSS Signature Algorithm Selection-client
419 [11-RSA-PSS Signature Algorithm Selection-server]
420 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
421 CipherString = DEFAULT
422 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
423 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
424 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
425 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
426 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
427 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
428 MaxProtocol = TLSv1.2
429 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
431 [11-RSA-PSS Signature Algorithm Selection-client]
432 CipherString = DEFAULT
433 SignatureAlgorithms = RSA-PSS+SHA256
434 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
438 ExpectedResult = Success
439 ExpectedServerCertType = RSA
440 ExpectedServerSignHash = SHA256
441 ExpectedServerSignType = RSA-PSS
444 # ===========================================================
446 [12-RSA key exchange with all RSA certificate types]
447 ssl_conf = 12-RSA key exchange with all RSA certificate types-ssl
449 [12-RSA key exchange with all RSA certificate types-ssl]
450 server = 12-RSA key exchange with all RSA certificate types-server
451 client = 12-RSA key exchange with all RSA certificate types-client
453 [12-RSA key exchange with all RSA certificate types-server]
454 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
455 CipherString = DEFAULT
456 PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
457 PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
458 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
460 [12-RSA key exchange with all RSA certificate types-client]
462 MaxProtocol = TLSv1.2
463 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
467 ExpectedResult = Success
468 ExpectedServerCertType = RSA
471 # ===========================================================
473 [13-Suite B P-256 Hash Algorithm Selection]
474 ssl_conf = 13-Suite B P-256 Hash Algorithm Selection-ssl
476 [13-Suite B P-256 Hash Algorithm Selection-ssl]
477 server = 13-Suite B P-256 Hash Algorithm Selection-server
478 client = 13-Suite B P-256 Hash Algorithm Selection-client
480 [13-Suite B P-256 Hash Algorithm Selection-server]
481 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
482 CipherString = SUITEB128
483 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p256-server-cert.pem
484 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p256-server-key.pem
485 MaxProtocol = TLSv1.2
486 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
488 [13-Suite B P-256 Hash Algorithm Selection-client]
489 CipherString = DEFAULT
490 SignatureAlgorithms = ECDSA+SHA384:ECDSA+SHA256
491 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
495 ExpectedResult = Success
496 ExpectedServerCertType = P-256
497 ExpectedServerSignHash = SHA256
498 ExpectedServerSignType = EC
501 # ===========================================================
503 [14-Suite B P-384 Hash Algorithm Selection]
504 ssl_conf = 14-Suite B P-384 Hash Algorithm Selection-ssl
506 [14-Suite B P-384 Hash Algorithm Selection-ssl]
507 server = 14-Suite B P-384 Hash Algorithm Selection-server
508 client = 14-Suite B P-384 Hash Algorithm Selection-client
510 [14-Suite B P-384 Hash Algorithm Selection-server]
511 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
512 CipherString = SUITEB128
513 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem
514 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem
515 MaxProtocol = TLSv1.2
516 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
518 [14-Suite B P-384 Hash Algorithm Selection-client]
519 CipherString = DEFAULT
520 SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384
521 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
525 ExpectedResult = Success
526 ExpectedServerCertType = P-384
527 ExpectedServerSignHash = SHA384
528 ExpectedServerSignType = EC
531 # ===========================================================
533 [15-Ed25519 CipherString and Signature Algorithm Selection]
534 ssl_conf = 15-Ed25519 CipherString and Signature Algorithm Selection-ssl
536 [15-Ed25519 CipherString and Signature Algorithm Selection-ssl]
537 server = 15-Ed25519 CipherString and Signature Algorithm Selection-server
538 client = 15-Ed25519 CipherString and Signature Algorithm Selection-client
540 [15-Ed25519 CipherString and Signature Algorithm Selection-server]
541 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
542 CipherString = DEFAULT
543 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
544 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
545 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
546 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
547 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
548 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
549 MaxProtocol = TLSv1.2
550 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
552 [15-Ed25519 CipherString and Signature Algorithm Selection-client]
553 CipherString = aECDSA
554 MaxProtocol = TLSv1.2
555 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
556 SignatureAlgorithms = ed25519:ECDSA+SHA256
557 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
561 ExpectedResult = Success
562 ExpectedServerCANames = empty
563 ExpectedServerCertType = Ed25519
564 ExpectedServerSignType = Ed25519
567 # ===========================================================
569 [16-Ed448 CipherString and Signature Algorithm Selection]
570 ssl_conf = 16-Ed448 CipherString and Signature Algorithm Selection-ssl
572 [16-Ed448 CipherString and Signature Algorithm Selection-ssl]
573 server = 16-Ed448 CipherString and Signature Algorithm Selection-server
574 client = 16-Ed448 CipherString and Signature Algorithm Selection-client
576 [16-Ed448 CipherString and Signature Algorithm Selection-server]
577 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
578 CipherString = DEFAULT
579 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
580 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
581 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
582 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
583 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
584 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
585 MaxProtocol = TLSv1.2
586 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
588 [16-Ed448 CipherString and Signature Algorithm Selection-client]
589 CipherString = aECDSA
590 MaxProtocol = TLSv1.2
591 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
592 SignatureAlgorithms = ed448:ECDSA+SHA256
593 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
597 ExpectedResult = Success
598 ExpectedServerCANames = empty
599 ExpectedServerCertType = Ed448
600 ExpectedServerSignType = Ed448
603 # ===========================================================
605 [17-Ed25519 CipherString and Curves Selection]
606 ssl_conf = 17-Ed25519 CipherString and Curves Selection-ssl
608 [17-Ed25519 CipherString and Curves Selection-ssl]
609 server = 17-Ed25519 CipherString and Curves Selection-server
610 client = 17-Ed25519 CipherString and Curves Selection-client
612 [17-Ed25519 CipherString and Curves Selection-server]
613 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
614 CipherString = DEFAULT
615 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
616 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
617 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
618 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
619 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
620 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
621 MaxProtocol = TLSv1.2
622 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
624 [17-Ed25519 CipherString and Curves Selection-client]
625 CipherString = aECDSA
627 MaxProtocol = TLSv1.2
628 SignatureAlgorithms = ECDSA+SHA256:ed25519
629 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
633 ExpectedResult = Success
634 ExpectedServerCertType = Ed25519
635 ExpectedServerSignType = Ed25519
638 # ===========================================================
640 [18-Ed448 CipherString and Curves Selection]
641 ssl_conf = 18-Ed448 CipherString and Curves Selection-ssl
643 [18-Ed448 CipherString and Curves Selection-ssl]
644 server = 18-Ed448 CipherString and Curves Selection-server
645 client = 18-Ed448 CipherString and Curves Selection-client
647 [18-Ed448 CipherString and Curves Selection-server]
648 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
649 CipherString = DEFAULT
650 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
651 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
652 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
653 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
654 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
655 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
656 MaxProtocol = TLSv1.2
657 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
659 [18-Ed448 CipherString and Curves Selection-client]
660 CipherString = aECDSA
662 MaxProtocol = TLSv1.2
663 SignatureAlgorithms = ECDSA+SHA256:ed448
664 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
668 ExpectedResult = Success
669 ExpectedServerCertType = Ed448
670 ExpectedServerSignType = Ed448
673 # ===========================================================
675 [19-TLS 1.2 Ed25519 Client Auth]
676 ssl_conf = 19-TLS 1.2 Ed25519 Client Auth-ssl
678 [19-TLS 1.2 Ed25519 Client Auth-ssl]
679 server = 19-TLS 1.2 Ed25519 Client Auth-server
680 client = 19-TLS 1.2 Ed25519 Client Auth-client
682 [19-TLS 1.2 Ed25519 Client Auth-server]
683 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
684 CipherString = DEFAULT
685 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
686 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
689 [19-TLS 1.2 Ed25519 Client Auth-client]
690 CipherString = DEFAULT
691 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem
692 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem
693 MaxProtocol = TLSv1.2
694 MinProtocol = TLSv1.2
695 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
699 ExpectedClientCertType = Ed25519
700 ExpectedClientSignType = Ed25519
701 ExpectedResult = Success
704 # ===========================================================
706 [20-TLS 1.2 Ed448 Client Auth]
707 ssl_conf = 20-TLS 1.2 Ed448 Client Auth-ssl
709 [20-TLS 1.2 Ed448 Client Auth-ssl]
710 server = 20-TLS 1.2 Ed448 Client Auth-server
711 client = 20-TLS 1.2 Ed448 Client Auth-client
713 [20-TLS 1.2 Ed448 Client Auth-server]
714 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
715 CipherString = DEFAULT
716 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
717 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
720 [20-TLS 1.2 Ed448 Client Auth-client]
721 CipherString = DEFAULT
722 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem
723 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem
724 MaxProtocol = TLSv1.2
725 MinProtocol = TLSv1.2
726 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
730 ExpectedClientCertType = Ed448
731 ExpectedClientSignType = Ed448
732 ExpectedResult = Success
735 # ===========================================================
737 [21-ECDSA Signature Algorithm Selection SHA1]
738 ssl_conf = 21-ECDSA Signature Algorithm Selection SHA1-ssl
740 [21-ECDSA Signature Algorithm Selection SHA1-ssl]
741 server = 21-ECDSA Signature Algorithm Selection SHA1-server
742 client = 21-ECDSA Signature Algorithm Selection SHA1-client
744 [21-ECDSA Signature Algorithm Selection SHA1-server]
745 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
746 CipherString = DEFAULT:@SECLEVEL=0
747 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
748 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
749 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
750 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
751 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
752 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
753 MaxProtocol = TLSv1.2
754 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
756 [21-ECDSA Signature Algorithm Selection SHA1-client]
757 CipherString = DEFAULT:@SECLEVEL=0
758 SignatureAlgorithms = ECDSA+SHA1
759 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
763 ExpectedResult = Success
764 ExpectedServerCertType = P-256
765 ExpectedServerSignHash = SHA1
766 ExpectedServerSignType = EC
769 # ===========================================================
771 [22-ECDSA with brainpool]
772 ssl_conf = 22-ECDSA with brainpool-ssl
774 [22-ECDSA with brainpool-ssl]
775 server = 22-ECDSA with brainpool-server
776 client = 22-ECDSA with brainpool-client
778 [22-ECDSA with brainpool-server]
779 Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
780 CipherString = DEFAULT
781 Groups = brainpoolP256r1
782 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
784 [22-ECDSA with brainpool-client]
785 CipherString = aECDSA
786 Groups = brainpoolP256r1
787 MaxProtocol = TLSv1.2
788 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
789 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
793 ExpectedResult = Success
794 ExpectedServerCANames = empty
795 ExpectedServerCertType = brainpoolP256r1
796 ExpectedServerSignType = EC
799 # ===========================================================
801 [23-RSA-PSS Certificate CipherString Selection]
802 ssl_conf = 23-RSA-PSS Certificate CipherString Selection-ssl
804 [23-RSA-PSS Certificate CipherString Selection-ssl]
805 server = 23-RSA-PSS Certificate CipherString Selection-server
806 client = 23-RSA-PSS Certificate CipherString Selection-client
808 [23-RSA-PSS Certificate CipherString Selection-server]
809 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
810 CipherString = DEFAULT
811 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
812 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
813 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
814 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
815 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
816 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
817 MaxProtocol = TLSv1.2
818 PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
819 PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
820 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
822 [23-RSA-PSS Certificate CipherString Selection-client]
824 MaxProtocol = TLSv1.2
825 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
829 ExpectedResult = Success
830 ExpectedServerCertType = RSA-PSS
831 ExpectedServerSignType = RSA-PSS
834 # ===========================================================
836 [24-RSA-PSS Certificate Legacy Signature Algorithm Selection]
837 ssl_conf = 24-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl
839 [24-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl]
840 server = 24-RSA-PSS Certificate Legacy Signature Algorithm Selection-server
841 client = 24-RSA-PSS Certificate Legacy Signature Algorithm Selection-client
843 [24-RSA-PSS Certificate Legacy Signature Algorithm Selection-server]
844 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
845 CipherString = DEFAULT
846 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
847 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
848 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
849 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
850 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
851 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
852 MaxProtocol = TLSv1.2
853 PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
854 PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
855 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
857 [24-RSA-PSS Certificate Legacy Signature Algorithm Selection-client]
858 CipherString = DEFAULT
859 SignatureAlgorithms = RSA-PSS+SHA256
860 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
864 ExpectedResult = Success
865 ExpectedServerCertType = RSA
866 ExpectedServerSignHash = SHA256
867 ExpectedServerSignType = RSA-PSS
870 # ===========================================================
872 [25-RSA-PSS Certificate Unified Signature Algorithm Selection]
873 ssl_conf = 25-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl
875 [25-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl]
876 server = 25-RSA-PSS Certificate Unified Signature Algorithm Selection-server
877 client = 25-RSA-PSS Certificate Unified Signature Algorithm Selection-client
879 [25-RSA-PSS Certificate Unified Signature Algorithm Selection-server]
880 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
881 CipherString = DEFAULT
882 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
883 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
884 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
885 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
886 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
887 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
888 MaxProtocol = TLSv1.2
889 PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
890 PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
891 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
893 [25-RSA-PSS Certificate Unified Signature Algorithm Selection-client]
894 CipherString = DEFAULT
895 SignatureAlgorithms = rsa_pss_pss_sha256
896 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
900 ExpectedResult = Success
901 ExpectedServerCertType = RSA-PSS
902 ExpectedServerSignHash = SHA256
903 ExpectedServerSignType = RSA-PSS
906 # ===========================================================
908 [26-Only RSA-PSS Certificate]
909 ssl_conf = 26-Only RSA-PSS Certificate-ssl
911 [26-Only RSA-PSS Certificate-ssl]
912 server = 26-Only RSA-PSS Certificate-server
913 client = 26-Only RSA-PSS Certificate-client
915 [26-Only RSA-PSS Certificate-server]
916 Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
917 CipherString = DEFAULT
918 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
920 [26-Only RSA-PSS Certificate-client]
921 CipherString = DEFAULT
922 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
926 ExpectedResult = Success
927 ExpectedServerCertType = RSA-PSS
928 ExpectedServerSignHash = SHA256
929 ExpectedServerSignType = RSA-PSS
932 # ===========================================================
934 [27-Only RSA-PSS Certificate Valid Signature Algorithms]
935 ssl_conf = 27-Only RSA-PSS Certificate Valid Signature Algorithms-ssl
937 [27-Only RSA-PSS Certificate Valid Signature Algorithms-ssl]
938 server = 27-Only RSA-PSS Certificate Valid Signature Algorithms-server
939 client = 27-Only RSA-PSS Certificate Valid Signature Algorithms-client
941 [27-Only RSA-PSS Certificate Valid Signature Algorithms-server]
942 Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
943 CipherString = DEFAULT
944 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
946 [27-Only RSA-PSS Certificate Valid Signature Algorithms-client]
947 CipherString = DEFAULT
948 SignatureAlgorithms = rsa_pss_pss_sha512
949 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
953 ExpectedResult = Success
954 ExpectedServerCertType = RSA-PSS
955 ExpectedServerSignHash = SHA512
956 ExpectedServerSignType = RSA-PSS
959 # ===========================================================
961 [28-RSA-PSS Certificate, no PSS signature algorithms]
962 ssl_conf = 28-RSA-PSS Certificate, no PSS signature algorithms-ssl
964 [28-RSA-PSS Certificate, no PSS signature algorithms-ssl]
965 server = 28-RSA-PSS Certificate, no PSS signature algorithms-server
966 client = 28-RSA-PSS Certificate, no PSS signature algorithms-client
968 [28-RSA-PSS Certificate, no PSS signature algorithms-server]
969 Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
970 CipherString = DEFAULT
971 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
973 [28-RSA-PSS Certificate, no PSS signature algorithms-client]
974 CipherString = DEFAULT
975 SignatureAlgorithms = RSA+SHA256
976 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
980 ExpectedResult = ServerFail
983 # ===========================================================
985 [29-Only RSA-PSS Restricted Certificate]
986 ssl_conf = 29-Only RSA-PSS Restricted Certificate-ssl
988 [29-Only RSA-PSS Restricted Certificate-ssl]
989 server = 29-Only RSA-PSS Restricted Certificate-server
990 client = 29-Only RSA-PSS Restricted Certificate-client
992 [29-Only RSA-PSS Restricted Certificate-server]
993 Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem
994 CipherString = DEFAULT
995 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem
997 [29-Only RSA-PSS Restricted Certificate-client]
998 CipherString = DEFAULT
999 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1003 ExpectedResult = Success
1004 ExpectedServerCertType = RSA-PSS
1005 ExpectedServerSignHash = SHA256
1006 ExpectedServerSignType = RSA-PSS
1009 # ===========================================================
1011 [30-RSA-PSS Restricted Certificate Valid Signature Algorithms]
1012 ssl_conf = 30-RSA-PSS Restricted Certificate Valid Signature Algorithms-ssl
1014 [30-RSA-PSS Restricted Certificate Valid Signature Algorithms-ssl]
1015 server = 30-RSA-PSS Restricted Certificate Valid Signature Algorithms-server
1016 client = 30-RSA-PSS Restricted Certificate Valid Signature Algorithms-client
1018 [30-RSA-PSS Restricted Certificate Valid Signature Algorithms-server]
1019 Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem
1020 CipherString = DEFAULT
1021 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem
1023 [30-RSA-PSS Restricted Certificate Valid Signature Algorithms-client]
1024 CipherString = DEFAULT
1025 SignatureAlgorithms = rsa_pss_pss_sha256:rsa_pss_pss_sha512
1026 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1030 ExpectedResult = Success
1031 ExpectedServerCertType = RSA-PSS
1032 ExpectedServerSignHash = SHA256
1033 ExpectedServerSignType = RSA-PSS
1036 # ===========================================================
1038 [31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm]
1039 ssl_conf = 31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-ssl
1041 [31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-ssl]
1042 server = 31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-server
1043 client = 31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-client
1045 [31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-server]
1046 Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem
1047 CipherString = DEFAULT
1048 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem
1050 [31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-client]
1051 CipherString = DEFAULT
1052 SignatureAlgorithms = rsa_pss_pss_sha512:rsa_pss_pss_sha256
1053 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1057 ExpectedResult = Success
1058 ExpectedServerCertType = RSA-PSS
1059 ExpectedServerSignHash = SHA256
1060 ExpectedServerSignType = RSA-PSS
1063 # ===========================================================
1065 [32-RSA-PSS Restricted Certificate Invalid Signature Algorithms]
1066 ssl_conf = 32-RSA-PSS Restricted Certificate Invalid Signature Algorithms-ssl
1068 [32-RSA-PSS Restricted Certificate Invalid Signature Algorithms-ssl]
1069 server = 32-RSA-PSS Restricted Certificate Invalid Signature Algorithms-server
1070 client = 32-RSA-PSS Restricted Certificate Invalid Signature Algorithms-client
1072 [32-RSA-PSS Restricted Certificate Invalid Signature Algorithms-server]
1073 Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem
1074 CipherString = DEFAULT
1075 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem
1077 [32-RSA-PSS Restricted Certificate Invalid Signature Algorithms-client]
1078 CipherString = DEFAULT
1079 SignatureAlgorithms = rsa_pss_pss_sha512
1080 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1084 ExpectedResult = ServerFail
1087 # ===========================================================
1089 [33-RSA key exchange with only RSA-PSS certificate]
1090 ssl_conf = 33-RSA key exchange with only RSA-PSS certificate-ssl
1092 [33-RSA key exchange with only RSA-PSS certificate-ssl]
1093 server = 33-RSA key exchange with only RSA-PSS certificate-server
1094 client = 33-RSA key exchange with only RSA-PSS certificate-client
1096 [33-RSA key exchange with only RSA-PSS certificate-server]
1097 Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
1098 CipherString = DEFAULT
1099 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
1101 [33-RSA key exchange with only RSA-PSS certificate-client]
1103 MaxProtocol = TLSv1.2
1104 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1108 ExpectedResult = ServerFail
1111 # ===========================================================
1113 [34-Only RSA-PSS Certificate, TLS v1.1]
1114 ssl_conf = 34-Only RSA-PSS Certificate, TLS v1.1-ssl
1116 [34-Only RSA-PSS Certificate, TLS v1.1-ssl]
1117 server = 34-Only RSA-PSS Certificate, TLS v1.1-server
1118 client = 34-Only RSA-PSS Certificate, TLS v1.1-client
1120 [34-Only RSA-PSS Certificate, TLS v1.1-server]
1121 Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
1122 CipherString = DEFAULT
1123 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
1125 [34-Only RSA-PSS Certificate, TLS v1.1-client]
1126 CipherString = DEFAULT
1127 MaxProtocol = TLSv1.1
1128 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1132 ExpectedResult = ServerFail
1135 # ===========================================================
1137 [35-TLS 1.3 ECDSA Signature Algorithm Selection]
1138 ssl_conf = 35-TLS 1.3 ECDSA Signature Algorithm Selection-ssl
1140 [35-TLS 1.3 ECDSA Signature Algorithm Selection-ssl]
1141 server = 35-TLS 1.3 ECDSA Signature Algorithm Selection-server
1142 client = 35-TLS 1.3 ECDSA Signature Algorithm Selection-client
1144 [35-TLS 1.3 ECDSA Signature Algorithm Selection-server]
1145 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1146 CipherString = DEFAULT
1147 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1148 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1149 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1150 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1151 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1152 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1153 MaxProtocol = TLSv1.3
1154 MinProtocol = TLSv1.3
1155 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1157 [35-TLS 1.3 ECDSA Signature Algorithm Selection-client]
1158 CipherString = DEFAULT
1159 SignatureAlgorithms = ECDSA+SHA256
1160 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1164 ExpectedResult = Success
1165 ExpectedServerCANames = empty
1166 ExpectedServerCertType = P-256
1167 ExpectedServerSignHash = SHA256
1168 ExpectedServerSignType = EC
1171 # ===========================================================
1173 [36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point]
1174 ssl_conf = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl
1176 [36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl]
1177 server = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server
1178 client = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client
1180 [36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server]
1181 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1182 CipherString = DEFAULT
1183 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem
1184 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem
1185 MaxProtocol = TLSv1.3
1186 MinProtocol = TLSv1.3
1187 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1189 [36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client]
1190 CipherString = DEFAULT
1191 SignatureAlgorithms = ECDSA+SHA256
1192 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1196 ExpectedResult = Success
1197 ExpectedServerCANames = empty
1198 ExpectedServerCertType = P-256
1199 ExpectedServerSignHash = SHA256
1200 ExpectedServerSignType = EC
1203 # ===========================================================
1205 [37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1]
1206 ssl_conf = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl
1208 [37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl]
1209 server = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server
1210 client = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client
1212 [37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server]
1213 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1214 CipherString = DEFAULT:@SECLEVEL=0
1215 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1216 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1217 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1218 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1219 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1220 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1221 MaxProtocol = TLSv1.3
1222 MinProtocol = TLSv1.3
1223 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1225 [37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client]
1226 CipherString = DEFAULT:@SECLEVEL=0
1227 SignatureAlgorithms = ECDSA+SHA1
1228 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1232 ExpectedResult = ServerFail
1235 # ===========================================================
1237 [38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS]
1238 ssl_conf = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl
1240 [38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl]
1241 server = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server
1242 client = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client
1244 [38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server]
1245 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1246 CipherString = DEFAULT
1247 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1248 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1249 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1250 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1251 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1252 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1253 MaxProtocol = TLSv1.3
1254 MinProtocol = TLSv1.3
1255 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1257 [38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client]
1258 CipherString = DEFAULT
1259 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1260 SignatureAlgorithms = ECDSA+SHA256:RSA-PSS+SHA256
1261 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1265 ExpectedResult = Success
1266 ExpectedServerCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1267 ExpectedServerCertType = P-256
1268 ExpectedServerSignHash = SHA256
1269 ExpectedServerSignType = EC
1272 # ===========================================================
1274 [39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS]
1275 ssl_conf = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl
1277 [39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl]
1278 server = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server
1279 client = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client
1281 [39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server]
1282 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1283 CipherString = DEFAULT
1284 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1285 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1286 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1287 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1288 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1289 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1290 MaxProtocol = TLSv1.3
1291 MinProtocol = TLSv1.3
1292 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1294 [39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client]
1295 CipherString = DEFAULT
1296 SignatureAlgorithms = ECDSA+SHA384:RSA-PSS+SHA384
1297 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1301 ExpectedResult = Success
1302 ExpectedServerCertType = RSA
1303 ExpectedServerSignHash = SHA384
1304 ExpectedServerSignType = RSA-PSS
1307 # ===========================================================
1309 [40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate]
1310 ssl_conf = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl
1312 [40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
1313 server = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server
1314 client = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client
1316 [40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
1317 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1318 CipherString = DEFAULT
1319 MaxProtocol = TLSv1.3
1320 MinProtocol = TLSv1.3
1321 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1323 [40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
1324 CipherString = DEFAULT
1325 SignatureAlgorithms = ECDSA+SHA256
1326 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1330 ExpectedResult = ServerFail
1333 # ===========================================================
1335 [41-TLS 1.3 RSA Signature Algorithm Selection, no PSS]
1336 ssl_conf = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl
1338 [41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl]
1339 server = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server
1340 client = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client
1342 [41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server]
1343 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1344 CipherString = DEFAULT
1345 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1346 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1347 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1348 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1349 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1350 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1351 MaxProtocol = TLSv1.3
1352 MinProtocol = TLSv1.3
1353 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1355 [41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client]
1356 CipherString = DEFAULT
1357 SignatureAlgorithms = RSA+SHA256
1358 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1362 ExpectedResult = ServerFail
1365 # ===========================================================
1367 [42-TLS 1.3 RSA-PSS Signature Algorithm Selection]
1368 ssl_conf = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl
1370 [42-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl]
1371 server = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-server
1372 client = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-client
1374 [42-TLS 1.3 RSA-PSS Signature Algorithm Selection-server]
1375 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1376 CipherString = DEFAULT
1377 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1378 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1379 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1380 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1381 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1382 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1383 MaxProtocol = TLSv1.3
1384 MinProtocol = TLSv1.3
1385 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1387 [42-TLS 1.3 RSA-PSS Signature Algorithm Selection-client]
1388 CipherString = DEFAULT
1389 SignatureAlgorithms = RSA-PSS+SHA256
1390 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1394 ExpectedResult = Success
1395 ExpectedServerCertType = RSA
1396 ExpectedServerSignHash = SHA256
1397 ExpectedServerSignType = RSA-PSS
1400 # ===========================================================
1402 [43-TLS 1.3 RSA Client Auth Signature Algorithm Selection]
1403 ssl_conf = 43-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl
1405 [43-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl]
1406 server = 43-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server
1407 client = 43-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client
1409 [43-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server]
1410 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1411 CipherString = DEFAULT
1412 ClientSignatureAlgorithms = PSS+SHA256
1413 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1414 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1415 VerifyMode = Require
1417 [43-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client]
1418 CipherString = DEFAULT
1419 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
1420 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
1421 MaxProtocol = TLSv1.3
1422 MinProtocol = TLSv1.3
1423 RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1424 RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1425 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1429 ExpectedClientCANames = empty
1430 ExpectedClientCertType = RSA
1431 ExpectedClientSignHash = SHA256
1432 ExpectedClientSignType = RSA-PSS
1433 ExpectedResult = Success
1436 # ===========================================================
1438 [44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names]
1439 ssl_conf = 44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl
1441 [44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl]
1442 server = 44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server
1443 client = 44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client
1445 [44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server]
1446 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1447 CipherString = DEFAULT
1448 ClientSignatureAlgorithms = PSS+SHA256
1449 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1450 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1451 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1452 VerifyMode = Require
1454 [44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client]
1455 CipherString = DEFAULT
1456 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
1457 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
1458 MaxProtocol = TLSv1.3
1459 MinProtocol = TLSv1.3
1460 RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1461 RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1462 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1466 ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1467 ExpectedClientCertType = RSA
1468 ExpectedClientSignHash = SHA256
1469 ExpectedClientSignType = RSA-PSS
1470 ExpectedResult = Success
1473 # ===========================================================
1475 [45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection]
1476 ssl_conf = 45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl
1478 [45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl]
1479 server = 45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server
1480 client = 45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client
1482 [45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server]
1483 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1484 CipherString = DEFAULT
1485 ClientSignatureAlgorithms = ECDSA+SHA256
1486 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1487 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1488 VerifyMode = Require
1490 [45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client]
1491 CipherString = DEFAULT
1492 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
1493 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
1494 MaxProtocol = TLSv1.3
1495 MinProtocol = TLSv1.3
1496 RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1497 RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1498 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1502 ExpectedClientCertType = P-256
1503 ExpectedClientSignHash = SHA256
1504 ExpectedClientSignType = EC
1505 ExpectedResult = Success
1508 # ===========================================================
1510 [46-TLS 1.3 Ed25519 Signature Algorithm Selection]
1511 ssl_conf = 46-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl
1513 [46-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl]
1514 server = 46-TLS 1.3 Ed25519 Signature Algorithm Selection-server
1515 client = 46-TLS 1.3 Ed25519 Signature Algorithm Selection-client
1517 [46-TLS 1.3 Ed25519 Signature Algorithm Selection-server]
1518 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1519 CipherString = DEFAULT
1520 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1521 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1522 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1523 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1524 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1525 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1526 MaxProtocol = TLSv1.3
1527 MinProtocol = TLSv1.3
1528 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1530 [46-TLS 1.3 Ed25519 Signature Algorithm Selection-client]
1531 CipherString = DEFAULT
1532 SignatureAlgorithms = ed25519
1533 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1537 ExpectedResult = Success
1538 ExpectedServerCertType = Ed25519
1539 ExpectedServerSignType = Ed25519
1542 # ===========================================================
1544 [47-TLS 1.3 Ed448 Signature Algorithm Selection]
1545 ssl_conf = 47-TLS 1.3 Ed448 Signature Algorithm Selection-ssl
1547 [47-TLS 1.3 Ed448 Signature Algorithm Selection-ssl]
1548 server = 47-TLS 1.3 Ed448 Signature Algorithm Selection-server
1549 client = 47-TLS 1.3 Ed448 Signature Algorithm Selection-client
1551 [47-TLS 1.3 Ed448 Signature Algorithm Selection-server]
1552 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1553 CipherString = DEFAULT
1554 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1555 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1556 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1557 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1558 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1559 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1560 MaxProtocol = TLSv1.3
1561 MinProtocol = TLSv1.3
1562 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1564 [47-TLS 1.3 Ed448 Signature Algorithm Selection-client]
1565 CipherString = DEFAULT
1566 SignatureAlgorithms = ed448
1567 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
1571 ExpectedResult = Success
1572 ExpectedServerCertType = Ed448
1573 ExpectedServerSignType = Ed448
1576 # ===========================================================
1578 [48-TLS 1.3 Ed25519 CipherString and Groups Selection]
1579 ssl_conf = 48-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl
1581 [48-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl]
1582 server = 48-TLS 1.3 Ed25519 CipherString and Groups Selection-server
1583 client = 48-TLS 1.3 Ed25519 CipherString and Groups Selection-client
1585 [48-TLS 1.3 Ed25519 CipherString and Groups Selection-server]
1586 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1587 CipherString = DEFAULT
1588 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1589 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1590 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1591 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1592 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1593 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1594 MaxProtocol = TLSv1.3
1595 MinProtocol = TLSv1.3
1596 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1598 [48-TLS 1.3 Ed25519 CipherString and Groups Selection-client]
1599 CipherString = DEFAULT
1601 SignatureAlgorithms = ECDSA+SHA256:ed25519
1602 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1606 ExpectedResult = Success
1607 ExpectedServerCertType = P-256
1608 ExpectedServerSignType = EC
1611 # ===========================================================
1613 [49-TLS 1.3 Ed448 CipherString and Groups Selection]
1614 ssl_conf = 49-TLS 1.3 Ed448 CipherString and Groups Selection-ssl
1616 [49-TLS 1.3 Ed448 CipherString and Groups Selection-ssl]
1617 server = 49-TLS 1.3 Ed448 CipherString and Groups Selection-server
1618 client = 49-TLS 1.3 Ed448 CipherString and Groups Selection-client
1620 [49-TLS 1.3 Ed448 CipherString and Groups Selection-server]
1621 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1622 CipherString = DEFAULT
1623 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1624 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1625 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1626 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1627 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1628 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1629 MaxProtocol = TLSv1.3
1630 MinProtocol = TLSv1.3
1631 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1633 [49-TLS 1.3 Ed448 CipherString and Groups Selection-client]
1634 CipherString = DEFAULT
1636 SignatureAlgorithms = ECDSA+SHA256:ed448
1637 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1641 ExpectedResult = Success
1642 ExpectedServerCertType = P-256
1643 ExpectedServerSignType = EC
1646 # ===========================================================
1648 [50-TLS 1.3 Ed25519 Client Auth]
1649 ssl_conf = 50-TLS 1.3 Ed25519 Client Auth-ssl
1651 [50-TLS 1.3 Ed25519 Client Auth-ssl]
1652 server = 50-TLS 1.3 Ed25519 Client Auth-server
1653 client = 50-TLS 1.3 Ed25519 Client Auth-client
1655 [50-TLS 1.3 Ed25519 Client Auth-server]
1656 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1657 CipherString = DEFAULT
1658 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1659 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1660 VerifyMode = Require
1662 [50-TLS 1.3 Ed25519 Client Auth-client]
1663 CipherString = DEFAULT
1664 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem
1665 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem
1666 MaxProtocol = TLSv1.3
1667 MinProtocol = TLSv1.3
1668 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1672 ExpectedClientCertType = Ed25519
1673 ExpectedClientSignType = Ed25519
1674 ExpectedResult = Success
1677 # ===========================================================
1679 [51-TLS 1.3 Ed448 Client Auth]
1680 ssl_conf = 51-TLS 1.3 Ed448 Client Auth-ssl
1682 [51-TLS 1.3 Ed448 Client Auth-ssl]
1683 server = 51-TLS 1.3 Ed448 Client Auth-server
1684 client = 51-TLS 1.3 Ed448 Client Auth-client
1686 [51-TLS 1.3 Ed448 Client Auth-server]
1687 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1688 CipherString = DEFAULT
1689 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1690 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1691 VerifyMode = Require
1693 [51-TLS 1.3 Ed448 Client Auth-client]
1694 CipherString = DEFAULT
1695 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem
1696 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem
1697 MaxProtocol = TLSv1.3
1698 MinProtocol = TLSv1.3
1699 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1703 ExpectedClientCertType = Ed448
1704 ExpectedClientSignType = Ed448
1705 ExpectedResult = Success
1708 # ===========================================================
1710 [52-TLS 1.3 ECDSA with brainpool but no suitable groups]
1711 ssl_conf = 52-TLS 1.3 ECDSA with brainpool but no suitable groups-ssl
1713 [52-TLS 1.3 ECDSA with brainpool but no suitable groups-ssl]
1714 server = 52-TLS 1.3 ECDSA with brainpool but no suitable groups-server
1715 client = 52-TLS 1.3 ECDSA with brainpool but no suitable groups-client
1717 [52-TLS 1.3 ECDSA with brainpool but no suitable groups-server]
1718 Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
1719 CipherString = DEFAULT
1720 Groups = brainpoolP256r1
1721 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
1723 [52-TLS 1.3 ECDSA with brainpool but no suitable groups-client]
1724 CipherString = aECDSA
1725 Groups = brainpoolP256r1
1726 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1727 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1731 ExpectedResult = ClientFail
1734 # ===========================================================
1736 [53-TLS 1.3 ECDSA with brainpool]
1737 ssl_conf = 53-TLS 1.3 ECDSA with brainpool-ssl
1739 [53-TLS 1.3 ECDSA with brainpool-ssl]
1740 server = 53-TLS 1.3 ECDSA with brainpool-server
1741 client = 53-TLS 1.3 ECDSA with brainpool-client
1743 [53-TLS 1.3 ECDSA with brainpool-server]
1744 Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
1745 CipherString = DEFAULT
1746 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
1748 [53-TLS 1.3 ECDSA with brainpool-client]
1749 CipherString = DEFAULT
1750 MaxProtocol = TLSv1.3
1751 MinProtocol = TLSv1.3
1752 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1753 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1757 ExpectedResult = ServerFail
1760 # ===========================================================
1762 [54-TLS 1.2 DSA Certificate Test]
1763 ssl_conf = 54-TLS 1.2 DSA Certificate Test-ssl
1765 [54-TLS 1.2 DSA Certificate Test-ssl]
1766 server = 54-TLS 1.2 DSA Certificate Test-server
1767 client = 54-TLS 1.2 DSA Certificate Test-client
1769 [54-TLS 1.2 DSA Certificate Test-server]
1770 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1772 DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem
1773 DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem
1774 DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem
1775 MaxProtocol = TLSv1.2
1776 MinProtocol = TLSv1.2
1777 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1779 [54-TLS 1.2 DSA Certificate Test-client]
1781 SignatureAlgorithms = DSA+SHA256:DSA+SHA1
1782 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1786 ExpectedResult = Success
1789 # ===========================================================
1791 [55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms]
1792 ssl_conf = 55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl
1794 [55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl]
1795 server = 55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server
1796 client = 55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client
1798 [55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server]
1799 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1800 CipherString = DEFAULT
1801 ClientSignatureAlgorithms = ECDSA+SHA1:DSA+SHA256:RSA+SHA256
1802 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1803 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1804 VerifyMode = Request
1806 [55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client]
1807 CipherString = DEFAULT
1808 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1812 ExpectedResult = ServerFail
1815 # ===========================================================
1817 [56-TLS 1.3 DSA Certificate Test]
1818 ssl_conf = 56-TLS 1.3 DSA Certificate Test-ssl
1820 [56-TLS 1.3 DSA Certificate Test-ssl]
1821 server = 56-TLS 1.3 DSA Certificate Test-server
1822 client = 56-TLS 1.3 DSA Certificate Test-client
1824 [56-TLS 1.3 DSA Certificate Test-server]
1825 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1827 DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem
1828 DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem
1829 MaxProtocol = TLSv1.3
1830 MinProtocol = TLSv1.3
1831 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1833 [56-TLS 1.3 DSA Certificate Test-client]
1835 SignatureAlgorithms = DSA+SHA1:DSA+SHA256:ECDSA+SHA256
1836 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1840 ExpectedResult = ServerFail