3 ## SSL test configurations
10 use OpenSSL::Test::Utils;
13 "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
14 "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
15 "MaxProtocol" => "TLSv1.2"
20 name => "ECDSA CipherString Selection",
23 "CipherString" => "aECDSA",
26 "ExpectedServerCertType" =>, "P-256",
27 "ExpectedServerSignType" =>, "EC",
28 "ExpectedResult" => "Success"
32 name => "RSA CipherString Selection",
35 "CipherString" => "aRSA",
38 "ExpectedServerCertType" =>, "RSA",
39 "ExpectedServerSignType" =>, "RSA-PSS",
40 "ExpectedResult" => "Success"
44 name => "ECDSA CipherString Selection, no ECDSA certificate",
46 "MaxProtocol" => "TLSv1.2"
49 "CipherString" => "aECDSA"
52 "ExpectedResult" => "ServerFail"
56 name => "ECDSA Signature Algorithm Selection",
59 "SignatureAlgorithms" => "ECDSA+SHA256",
62 "ExpectedServerCertType" => "P-256",
63 "ExpectedServerSignHash" => "SHA256",
64 "ExpectedServerSignType" => "EC",
65 "ExpectedResult" => "Success"
69 name => "ECDSA Signature Algorithm Selection SHA384",
72 "SignatureAlgorithms" => "ECDSA+SHA384",
75 "ExpectedServerCertType" => "P-256",
76 "ExpectedServerSignHash" => "SHA384",
77 "ExpectedServerSignType" => "EC",
78 "ExpectedResult" => "Success"
82 name => "ECDSA Signature Algorithm Selection, no ECDSA certificate",
84 "MaxProtocol" => "TLSv1.2"
87 "SignatureAlgorithms" => "ECDSA+SHA256",
90 "ExpectedResult" => "ServerFail"
94 name => "RSA Signature Algorithm Selection",
97 "SignatureAlgorithms" => "RSA+SHA256",
100 "ExpectedServerCertType" => "RSA",
101 "ExpectedServerSignHash" => "SHA256",
102 "ExpectedServerSignType" => "RSA",
103 "ExpectedResult" => "Success"
107 name => "RSA-PSS Signature Algorithm Selection",
110 "SignatureAlgorithms" => "RSA-PSS+SHA256",
113 "ExpectedServerCertType" => "RSA",
114 "ExpectedServerSignHash" => "SHA256",
115 "ExpectedServerSignType" => "RSA-PSS",
116 "ExpectedResult" => "Success"
122 my $server_tls_1_3 = {
123 "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
124 "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
125 "MinProtocol" => "TLSv1.3",
126 "MaxProtocol" => "TLSv1.3"
129 my $client_tls_1_3 = {
130 "RSA.Certificate" => test_pem("ee-client-chain.pem"),
131 "RSA.PrivateKey" => test_pem("ee-key.pem"),
132 "ECDSA.Certificate" => test_pem("ee-ecdsa-client-chain.pem"),
133 "ECDSA.PrivateKey" => test_pem("ee-ecdsa-key.pem"),
134 "MinProtocol" => "TLSv1.3",
135 "MaxProtocol" => "TLSv1.3"
138 my @tests_tls_1_3 = (
140 name => "TLS 1.3 ECDSA Signature Algorithm Selection",
141 server => $server_tls_1_3,
143 "SignatureAlgorithms" => "ECDSA+SHA256",
146 "ExpectedServerCertType" => "P-256",
147 "ExpectedServerSignHash" => "SHA256",
148 "ExpectedServerSignType" => "EC",
149 "ExpectedResult" => "Success"
153 name => "TLS 1.3 ECDSA Signature Algorithm Selection with PSS",
154 server => $server_tls_1_3,
156 "SignatureAlgorithms" => "ECDSA+SHA256:RSA-PSS+SHA256",
159 "ExpectedServerCertType" => "P-256",
160 "ExpectedServerSignHash" => "SHA256",
161 "ExpectedServerSignType" => "EC",
162 "ExpectedResult" => "Success"
166 name => "TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS",
167 server => $server_tls_1_3,
169 "SignatureAlgorithms" => "ECDSA+SHA384:RSA-PSS+SHA384",
172 "ExpectedServerCertType" => "RSA",
173 "ExpectedServerSignHash" => "SHA384",
174 "ExpectedServerSignType" => "RSA-PSS",
175 "ExpectedResult" => "Success"
179 name => "TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate",
181 "MinProtocol" => "TLSv1.3",
182 "MaxProtocol" => "TLSv1.3"
185 "SignatureAlgorithms" => "ECDSA+SHA256",
188 "ExpectedResult" => "ServerFail"
192 name => "TLS 1.3 RSA Signature Algorithm Selection, no PSS",
193 server => $server_tls_1_3,
195 "SignatureAlgorithms" => "RSA+SHA256",
198 "ExpectedResult" => "ServerFail"
202 name => "TLS 1.3 RSA-PSS Signature Algorithm Selection",
203 server => $server_tls_1_3,
205 "SignatureAlgorithms" => "RSA-PSS+SHA256",
208 "ExpectedServerCertType" => "RSA",
209 "ExpectedServerSignHash" => "SHA256",
210 "ExpectedServerSignType" => "RSA-PSS",
211 "ExpectedResult" => "Success"
215 name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection",
217 "ClientSignatureAlgorithms" => "PSS+SHA256",
218 "VerifyCAFile" => test_pem("root-cert.pem"),
219 "VerifyMode" => "Require"
221 client => $client_tls_1_3,
223 "ExpectedClientCertType" => "RSA",
224 "ExpectedClientSignHash" => "SHA256",
225 "ExpectedClientSignType" => "RSA-PSS",
226 "ExpectedResult" => "Success"
230 name => "TLS 1.3 ECDSA Client Auth Signature Algorithm Selection",
232 "ClientSignatureAlgorithms" => "ECDSA+SHA256",
233 "VerifyCAFile" => test_pem("root-cert.pem"),
234 "VerifyMode" => "Require"
236 client => $client_tls_1_3,
238 "ExpectedClientCertType" => "P-256",
239 "ExpectedClientSignHash" => "SHA256",
240 "ExpectedClientSignType" => "EC",
241 "ExpectedResult" => "Success"
246 push @tests, @tests_tls_1_3 unless disabled("tls1_3");