3 ## SSL test configurations
10 use OpenSSL::Test::Utils;
12 my $dir_sep = $^O ne "VMS" ? "/" : "";
14 my $cert_dir = "\${ENV::TEST_CERTS_DIR}${dir_sep}";
17 "ECDSA.Certificate" => "${cert_dir}server-ecdsa-cert.pem",
18 "ECDSA.PrivateKey" => "${cert_dir}server-ecdsa-key.pem",
19 "MaxProtocol" => "TLSv1.2"
24 name => "ECDSA CipherString Selection",
27 "CipherString" => "aECDSA",
30 "ExpectedServerCertType" =>, "P-256",
31 "ExpectedServerSignType" =>, "EC",
32 "ExpectedResult" => "Success"
36 name => "RSA CipherString Selection",
39 "CipherString" => "aRSA",
42 "ExpectedServerCertType" =>, "RSA",
43 "ExpectedServerSignType" =>, "RSA-PSS",
44 "ExpectedResult" => "Success"
48 name => "ECDSA CipherString Selection, no ECDSA certificate",
50 "MaxProtocol" => "TLSv1.2"
53 "CipherString" => "aECDSA"
56 "ExpectedResult" => "ServerFail"
60 name => "ECDSA Signature Algorithm Selection",
63 "SignatureAlgorithms" => "ECDSA+SHA256",
66 "ExpectedServerCertType" => "P-256",
67 "ExpectedServerSignHash" => "SHA256",
68 "ExpectedServerSignType" => "EC",
69 "ExpectedResult" => "Success"
73 name => "ECDSA Signature Algorithm Selection SHA384",
76 "SignatureAlgorithms" => "ECDSA+SHA384",
79 "ExpectedServerCertType" => "P-256",
80 "ExpectedServerSignHash" => "SHA384",
81 "ExpectedServerSignType" => "EC",
82 "ExpectedResult" => "Success"
86 name => "ECDSA Signature Algorithm Selection, no ECDSA certificate",
88 "MaxProtocol" => "TLSv1.2"
91 "SignatureAlgorithms" => "ECDSA+SHA256",
94 "ExpectedResult" => "ServerFail"
98 name => "RSA Signature Algorithm Selection",
101 "SignatureAlgorithms" => "RSA+SHA256",
104 "ExpectedServerCertType" => "RSA",
105 "ExpectedServerSignHash" => "SHA256",
106 "ExpectedServerSignType" => "RSA",
107 "ExpectedResult" => "Success"
111 name => "RSA-PSS Signature Algorithm Selection",
114 "SignatureAlgorithms" => "RSA-PSS+SHA256",
117 "ExpectedServerCertType" => "RSA",
118 "ExpectedServerSignHash" => "SHA256",
119 "ExpectedServerSignType" => "RSA-PSS",
120 "ExpectedResult" => "Success"
126 my $server_tls_1_3 = {
127 "ECDSA.Certificate" => "${cert_dir}server-ecdsa-cert.pem",
128 "ECDSA.PrivateKey" => "${cert_dir}server-ecdsa-key.pem",
129 "MinProtocol" => "TLSv1.3",
130 "MaxProtocol" => "TLSv1.3"
133 my $client_tls_1_3 = {
134 "RSA.Certificate" => "${cert_dir}ee-client-chain.pem",
135 "RSA.PrivateKey" => "${cert_dir}ee-key.pem",
136 "ECDSA.Certificate" => "${cert_dir}ee-ecdsa-client-chain.pem",
137 "ECDSA.PrivateKey" => "${cert_dir}ee-ecdsa-key.pem",
138 "MinProtocol" => "TLSv1.3",
139 "MaxProtocol" => "TLSv1.3"
142 my @tests_tls_1_3 = (
144 name => "TLS 1.3 ECDSA Signature Algorithm Selection",
145 server => $server_tls_1_3,
147 "SignatureAlgorithms" => "ECDSA+SHA256",
150 "ExpectedServerCertType" => "P-256",
151 "ExpectedServerSignHash" => "SHA256",
152 "ExpectedServerSignType" => "EC",
153 "ExpectedResult" => "Success"
157 name => "TLS 1.3 ECDSA Signature Algorithm Selection with PSS",
158 server => $server_tls_1_3,
160 "SignatureAlgorithms" => "ECDSA+SHA256:RSA-PSS+SHA256",
163 "ExpectedServerCertType" => "P-256",
164 "ExpectedServerSignHash" => "SHA256",
165 "ExpectedServerSignType" => "EC",
166 "ExpectedResult" => "Success"
170 name => "TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS",
171 server => $server_tls_1_3,
173 "SignatureAlgorithms" => "ECDSA+SHA384:RSA-PSS+SHA384",
176 "ExpectedServerCertType" => "RSA",
177 "ExpectedServerSignHash" => "SHA384",
178 "ExpectedServerSignType" => "RSA-PSS",
179 "ExpectedResult" => "Success"
183 name => "TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate",
185 "MinProtocol" => "TLSv1.3",
186 "MaxProtocol" => "TLSv1.3"
189 "SignatureAlgorithms" => "ECDSA+SHA256",
192 "ExpectedResult" => "ServerFail"
196 name => "TLS 1.3 RSA Signature Algorithm Selection, no PSS",
197 server => $server_tls_1_3,
199 "SignatureAlgorithms" => "RSA+SHA256",
202 "ExpectedResult" => "ServerFail"
206 name => "TLS 1.3 RSA-PSS Signature Algorithm Selection",
207 server => $server_tls_1_3,
209 "SignatureAlgorithms" => "RSA-PSS+SHA256",
212 "ExpectedServerCertType" => "RSA",
213 "ExpectedServerSignHash" => "SHA256",
214 "ExpectedServerSignType" => "RSA-PSS",
215 "ExpectedResult" => "Success"
219 name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection",
221 "ClientSignatureAlgorithms" => "PSS+SHA256",
222 "VerifyCAFile" => "${cert_dir}root-cert.pem",
223 "VerifyMode" => "Require"
225 client => $client_tls_1_3,
227 "ExpectedClientCertType" => "RSA",
228 "ExpectedClientSignHash" => "SHA256",
229 "ExpectedClientSignType" => "RSA-PSS",
230 "ExpectedResult" => "Success"
234 name => "TLS 1.3 ECDSA Client Auth Signature Algorithm Selection",
236 "ClientSignatureAlgorithms" => "ECDSA+SHA256",
237 "VerifyCAFile" => "${cert_dir}root-cert.pem",
238 "VerifyMode" => "Require"
240 client => $client_tls_1_3,
242 "ExpectedClientCertType" => "P-256",
243 "ExpectedClientSignHash" => "SHA256",
244 "ExpectedClientSignType" => "EC",
245 "ExpectedResult" => "Success"
250 push @tests, @tests_tls_1_3 unless disabled("tls1_3");