3 ## SSL test configurations
10 use OpenSSL::Test::Utils;
13 "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
14 "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
15 "MaxProtocol" => "TLSv1.2"
20 name => "ECDSA CipherString Selection",
23 "CipherString" => "aECDSA",
26 "ExpectedServerCertType" =>, "P-256",
27 "ExpectedServerSignType" =>, "EC",
28 "ExpectedResult" => "Success"
32 name => "RSA CipherString Selection",
35 "CipherString" => "aRSA",
38 "ExpectedServerCertType" =>, "RSA",
39 "ExpectedServerSignType" =>, "RSA-PSS",
40 "ExpectedResult" => "Success"
44 name => "ECDSA CipherString Selection, no ECDSA certificate",
46 "MaxProtocol" => "TLSv1.2"
49 "CipherString" => "aECDSA"
52 "ExpectedResult" => "ServerFail"
56 name => "ECDSA Signature Algorithm Selection",
59 "SignatureAlgorithms" => "ECDSA+SHA256",
62 "ExpectedServerCertType" => "P-256",
63 "ExpectedServerSignHash" => "SHA256",
64 "ExpectedServerSignType" => "EC",
65 "ExpectedResult" => "Success"
69 name => "ECDSA Signature Algorithm Selection SHA384",
72 "SignatureAlgorithms" => "ECDSA+SHA384",
75 "ExpectedServerCertType" => "P-256",
76 "ExpectedServerSignHash" => "SHA384",
77 "ExpectedServerSignType" => "EC",
78 "ExpectedResult" => "Success"
82 name => "ECDSA Signature Algorithm Selection, no ECDSA certificate",
84 "MaxProtocol" => "TLSv1.2"
87 "SignatureAlgorithms" => "ECDSA+SHA256",
90 "ExpectedResult" => "ServerFail"
94 name => "RSA Signature Algorithm Selection",
97 "SignatureAlgorithms" => "RSA+SHA256",
100 "ExpectedServerCertType" => "RSA",
101 "ExpectedServerSignHash" => "SHA256",
102 "ExpectedServerSignType" => "RSA",
103 "ExpectedResult" => "Success"
107 name => "RSA-PSS Signature Algorithm Selection",
110 "SignatureAlgorithms" => "RSA-PSS+SHA256",
113 "ExpectedServerCertType" => "RSA",
114 "ExpectedServerSignHash" => "SHA256",
115 "ExpectedServerSignType" => "RSA-PSS",
116 "ExpectedResult" => "Success"
120 name => "Suite B P-256 Hash Algorithm Selection",
122 "ECDSA.Certificate" => test_pem("p256-server-cert.pem"),
123 "ECDSA.PrivateKey" => test_pem("p256-server-key.pem"),
124 "MaxProtocol" => "TLSv1.2",
125 "CipherString" => "SUITEB128"
128 "VerifyCAFile" => test_pem("p384-root.pem"),
129 "SignatureAlgorithms" => "ECDSA+SHA384:ECDSA+SHA256"
132 "ExpectedServerCertType" => "P-256",
133 "ExpectedServerSignHash" => "SHA256",
134 "ExpectedServerSignType" => "EC",
135 "ExpectedResult" => "Success"
139 name => "Suite B P-384 Hash Algorithm Selection",
141 "ECDSA.Certificate" => test_pem("p384-server-cert.pem"),
142 "ECDSA.PrivateKey" => test_pem("p384-server-key.pem"),
143 "MaxProtocol" => "TLSv1.2",
144 "CipherString" => "SUITEB128"
147 "VerifyCAFile" => test_pem("p384-root.pem"),
148 "SignatureAlgorithms" => "ECDSA+SHA256:ECDSA+SHA384"
151 "ExpectedServerCertType" => "P-384",
152 "ExpectedServerSignHash" => "SHA384",
153 "ExpectedServerSignType" => "EC",
154 "ExpectedResult" => "Success"
160 my $server_tls_1_3 = {
161 "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
162 "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
163 "MinProtocol" => "TLSv1.3",
164 "MaxProtocol" => "TLSv1.3"
167 my $client_tls_1_3 = {
168 "RSA.Certificate" => test_pem("ee-client-chain.pem"),
169 "RSA.PrivateKey" => test_pem("ee-key.pem"),
170 "ECDSA.Certificate" => test_pem("ee-ecdsa-client-chain.pem"),
171 "ECDSA.PrivateKey" => test_pem("ee-ecdsa-key.pem"),
172 "MinProtocol" => "TLSv1.3",
173 "MaxProtocol" => "TLSv1.3"
176 my @tests_tls_1_3 = (
178 name => "TLS 1.3 ECDSA Signature Algorithm Selection",
179 server => $server_tls_1_3,
181 "SignatureAlgorithms" => "ECDSA+SHA256",
184 "ExpectedServerCertType" => "P-256",
185 "ExpectedServerSignHash" => "SHA256",
186 "ExpectedServerSignType" => "EC",
187 "ExpectedResult" => "Success"
191 name => "TLS 1.3 ECDSA Signature Algorithm Selection with PSS",
192 server => $server_tls_1_3,
194 "SignatureAlgorithms" => "ECDSA+SHA256:RSA-PSS+SHA256",
197 "ExpectedServerCertType" => "P-256",
198 "ExpectedServerSignHash" => "SHA256",
199 "ExpectedServerSignType" => "EC",
200 "ExpectedResult" => "Success"
204 name => "TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS",
205 server => $server_tls_1_3,
207 "SignatureAlgorithms" => "ECDSA+SHA384:RSA-PSS+SHA384",
210 "ExpectedServerCertType" => "RSA",
211 "ExpectedServerSignHash" => "SHA384",
212 "ExpectedServerSignType" => "RSA-PSS",
213 "ExpectedResult" => "Success"
217 name => "TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate",
219 "MinProtocol" => "TLSv1.3",
220 "MaxProtocol" => "TLSv1.3"
223 "SignatureAlgorithms" => "ECDSA+SHA256",
226 "ExpectedResult" => "ServerFail"
230 name => "TLS 1.3 RSA Signature Algorithm Selection, no PSS",
231 server => $server_tls_1_3,
233 "SignatureAlgorithms" => "RSA+SHA256",
236 "ExpectedResult" => "ServerFail"
240 name => "TLS 1.3 RSA-PSS Signature Algorithm Selection",
241 server => $server_tls_1_3,
243 "SignatureAlgorithms" => "RSA-PSS+SHA256",
246 "ExpectedServerCertType" => "RSA",
247 "ExpectedServerSignHash" => "SHA256",
248 "ExpectedServerSignType" => "RSA-PSS",
249 "ExpectedResult" => "Success"
253 name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection",
255 "ClientSignatureAlgorithms" => "PSS+SHA256",
256 "VerifyCAFile" => test_pem("root-cert.pem"),
257 "VerifyMode" => "Require"
259 client => $client_tls_1_3,
261 "ExpectedClientCertType" => "RSA",
262 "ExpectedClientSignHash" => "SHA256",
263 "ExpectedClientSignType" => "RSA-PSS",
264 "ExpectedResult" => "Success"
268 name => "TLS 1.3 ECDSA Client Auth Signature Algorithm Selection",
270 "ClientSignatureAlgorithms" => "ECDSA+SHA256",
271 "VerifyCAFile" => test_pem("root-cert.pem"),
272 "VerifyMode" => "Require"
274 client => $client_tls_1_3,
276 "ExpectedClientCertType" => "P-256",
277 "ExpectedClientSignHash" => "SHA256",
278 "ExpectedClientSignType" => "EC",
279 "ExpectedResult" => "Success"
284 push @tests, @tests_tls_1_3 unless disabled("tls1_3");
286 my @tests_dsa_tls_1_2 = (
288 name => "TLS 1.2 DSA Certificate Test",
290 "DSA.Certificate" => test_pem("server-dsa-cert.pem"),
291 "DSA.PrivateKey" => test_pem("server-dsa-key.pem"),
292 "DHParameters" => test_pem("dhp2048.pem"),
293 "MinProtocol" => "TLSv1.2",
294 "MaxProtocol" => "TLSv1.2",
295 "CipherString" => "ALL",
298 "SignatureAlgorithms" => "DSA+SHA256:DSA+SHA1",
299 "CipherString" => "ALL",
302 "ExpectedResult" => "Success"
307 my @tests_dsa_tls_1_3 = (
309 name => "TLS 1.3 DSA Certificate Test",
311 "DSA.Certificate" => test_pem("server-dsa-cert.pem"),
312 "DSA.PrivateKey" => test_pem("server-dsa-key.pem"),
313 "MinProtocol" => "TLSv1.3",
314 "MaxProtocol" => "TLSv1.3",
315 "CipherString" => "ALL",
318 "SignatureAlgorithms" => "DSA+SHA1:DSA+SHA256",
319 "CipherString" => "ALL",
322 "ExpectedResult" => "ServerFail"
327 if (!disabled("dsa")) {
328 push @tests, @tests_dsa_tls_1_2 unless disabled("dh");
329 push @tests, @tests_dsa_tls_1_3 unless disabled("tls1_3");