3 ## SSL test configurations
10 use OpenSSL::Test::Utils;
13 "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
14 "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
15 "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"),
16 "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"),
17 "Ed448.Certificate" => test_pem("server-ed448-cert.pem"),
18 "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"),
19 "MaxProtocol" => "TLSv1.2"
23 "PSS.Certificate" => test_pem("server-pss-cert.pem"),
24 "PSS.PrivateKey" => test_pem("server-pss-key.pem"),
25 "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
26 "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
27 "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"),
28 "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"),
29 "Ed448.Certificate" => test_pem("server-ed448-cert.pem"),
30 "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"),
31 "MaxProtocol" => "TLSv1.2"
34 my $server_pss_only = {
35 "Certificate" => test_pem("server-pss-cert.pem"),
36 "PrivateKey" => test_pem("server-pss-key.pem"),
39 my $server_rsa_all = {
40 "PSS.Certificate" => test_pem("server-pss-cert.pem"),
41 "PSS.PrivateKey" => test_pem("server-pss-key.pem"),
42 "Certificate" => test_pem("servercert.pem"),
43 "PrivateKey" => test_pem("serverkey.pem"),
48 name => "ECDSA CipherString Selection",
51 "CipherString" => "aECDSA",
52 "MaxProtocol" => "TLSv1.2",
53 "RequestCAFile" => test_pem("root-cert.pem"),
56 "ExpectedServerCertType" =>, "P-256",
57 "ExpectedServerSignType" =>, "EC",
58 # Note: certificate_authorities not sent for TLS < 1.3
59 "ExpectedServerCANames" =>, "empty",
60 "ExpectedResult" => "Success"
64 name => "ECDSA CipherString Selection",
66 "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
67 "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
68 "MaxProtocol" => "TLSv1.2",
69 #Deliberately set supported_groups to one not in the cert. This
74 "CipherString" => "aECDSA",
75 "MaxProtocol" => "TLSv1.2",
76 "Groups" => "P-256:P-384",
77 "RequestCAFile" => test_pem("root-cert.pem"),
80 "ExpectedServerCertType" =>, "P-256",
81 "ExpectedServerSignType" =>, "EC",
82 # Note: certificate_authorities not sent for TLS < 1.3
83 "ExpectedServerCANames" =>, "empty",
84 "ExpectedResult" => "Success"
88 name => "ECDSA CipherString Selection",
90 "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
91 "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
92 "MaxProtocol" => "TLSv1.2",
93 "Groups" => "P-256:P-384"
96 "CipherString" => "aECDSA",
97 "MaxProtocol" => "TLSv1.2",
98 #Deliberately set groups to not include the certificate group. This
101 "RequestCAFile" => test_pem("root-cert.pem"),
104 "ExpectedResult" => "ServerFail"
108 name => "Ed25519 CipherString and Signature Algorithm Selection",
111 "CipherString" => "aECDSA",
112 "MaxProtocol" => "TLSv1.2",
113 "SignatureAlgorithms" => "ed25519:ECDSA+SHA256",
114 "RequestCAFile" => test_pem("root-cert.pem"),
117 "ExpectedServerCertType" =>, "Ed25519",
118 "ExpectedServerSignType" =>, "Ed25519",
119 # Note: certificate_authorities not sent for TLS < 1.3
120 "ExpectedServerCANames" =>, "empty",
121 "ExpectedResult" => "Success"
125 name => "Ed448 CipherString and Signature Algorithm Selection",
128 "CipherString" => "aECDSA",
129 "MaxProtocol" => "TLSv1.2",
130 "SignatureAlgorithms" => "ed448:ECDSA+SHA256",
131 "RequestCAFile" => test_pem("root-cert.pem"),
134 "ExpectedServerCertType" =>, "Ed448",
135 "ExpectedServerSignType" =>, "Ed448",
136 # Note: certificate_authorities not sent for TLS < 1.3
137 "ExpectedServerCANames" =>, "empty",
138 "ExpectedResult" => "Success"
142 name => "ECDSA with brainpool",
144 "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
145 "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
146 "Groups" => "brainpoolP256r1",
149 #We don't restrict this to TLSv1.2, although use of brainpool
150 #should force this anyway so that this should succeed
151 "CipherString" => "aECDSA",
152 "RequestCAFile" => test_pem("root-cert.pem"),
153 "Groups" => "brainpoolP256r1",
156 "ExpectedServerCertType" =>, "brainpoolP256r1",
157 "ExpectedServerSignType" =>, "EC",
158 # Note: certificate_authorities not sent for TLS < 1.3
159 "ExpectedServerCANames" =>, "empty",
160 "ExpectedResult" => "Success"
164 name => "RSA CipherString Selection",
167 "CipherString" => "aRSA",
168 "MaxProtocol" => "TLSv1.2",
171 "ExpectedServerCertType" =>, "RSA",
172 "ExpectedServerSignType" =>, "RSA-PSS",
173 "ExpectedResult" => "Success"
177 name => "RSA-PSS Certificate CipherString Selection",
178 server => $server_pss,
180 "CipherString" => "aRSA",
181 "MaxProtocol" => "TLSv1.2",
184 "ExpectedServerCertType" =>, "RSA-PSS",
185 "ExpectedServerSignType" =>, "RSA-PSS",
186 "ExpectedResult" => "Success"
190 name => "P-256 CipherString and Signature Algorithm Selection",
193 "CipherString" => "aECDSA",
194 "MaxProtocol" => "TLSv1.2",
195 "SignatureAlgorithms" => "ECDSA+SHA256:ed25519",
198 "ExpectedServerCertType" => "P-256",
199 "ExpectedServerSignHash" => "SHA256",
200 "ExpectedServerSignType" => "EC",
201 "ExpectedResult" => "Success"
205 name => "Ed25519 CipherString and Curves Selection",
208 "CipherString" => "aECDSA",
209 "MaxProtocol" => "TLSv1.2",
210 "SignatureAlgorithms" => "ECDSA+SHA256:ed25519",
211 # Excluding P-256 from the supported curves list means server
212 # certificate should be Ed25519 and not P-256
216 "ExpectedServerCertType" =>, "Ed25519",
217 "ExpectedServerSignType" =>, "Ed25519",
218 "ExpectedResult" => "Success"
222 name => "Ed448 CipherString and Curves Selection",
225 "CipherString" => "aECDSA",
226 "MaxProtocol" => "TLSv1.2",
227 "SignatureAlgorithms" => "ECDSA+SHA256:ed448",
228 # Excluding P-256 from the supported curves list means server
229 # certificate should be Ed25519 and not P-256
233 "ExpectedServerCertType" =>, "Ed448",
234 "ExpectedServerSignType" =>, "Ed448",
235 "ExpectedResult" => "Success"
239 name => "ECDSA CipherString Selection, no ECDSA certificate",
241 "MaxProtocol" => "TLSv1.2"
244 "CipherString" => "aECDSA",
245 "MaxProtocol" => "TLSv1.2"
248 "ExpectedResult" => "ServerFail"
252 name => "ECDSA Signature Algorithm Selection",
255 "SignatureAlgorithms" => "ECDSA+SHA256",
258 "ExpectedServerCertType" => "P-256",
259 "ExpectedServerSignHash" => "SHA256",
260 "ExpectedServerSignType" => "EC",
261 "ExpectedResult" => "Success"
265 name => "ECDSA Signature Algorithm Selection SHA384",
268 "SignatureAlgorithms" => "ECDSA+SHA384",
271 "ExpectedServerCertType" => "P-256",
272 "ExpectedServerSignHash" => "SHA384",
273 "ExpectedServerSignType" => "EC",
274 "ExpectedResult" => "Success"
278 name => "ECDSA Signature Algorithm Selection SHA1",
281 "SignatureAlgorithms" => "ECDSA+SHA1",
284 "ExpectedServerCertType" => "P-256",
285 "ExpectedServerSignHash" => "SHA1",
286 "ExpectedServerSignType" => "EC",
287 "ExpectedResult" => "Success"
291 name => "ECDSA Signature Algorithm Selection compressed point",
293 "ECDSA.Certificate" => test_pem("server-cecdsa-cert.pem"),
294 "ECDSA.PrivateKey" => test_pem("server-cecdsa-key.pem"),
295 "MaxProtocol" => "TLSv1.2"
298 "SignatureAlgorithms" => "ECDSA+SHA256",
301 "ExpectedServerCertType" => "P-256",
302 "ExpectedServerSignHash" => "SHA256",
303 "ExpectedServerSignType" => "EC",
304 "ExpectedResult" => "Success"
308 name => "ECDSA Signature Algorithm Selection, no ECDSA certificate",
310 "MaxProtocol" => "TLSv1.2"
313 "SignatureAlgorithms" => "ECDSA+SHA256",
316 "ExpectedResult" => "ServerFail"
320 name => "RSA Signature Algorithm Selection",
323 "SignatureAlgorithms" => "RSA+SHA256",
326 "ExpectedServerCertType" => "RSA",
327 "ExpectedServerSignHash" => "SHA256",
328 "ExpectedServerSignType" => "RSA",
329 "ExpectedResult" => "Success"
333 name => "RSA-PSS Signature Algorithm Selection",
336 "SignatureAlgorithms" => "RSA-PSS+SHA256",
339 "ExpectedServerCertType" => "RSA",
340 "ExpectedServerSignHash" => "SHA256",
341 "ExpectedServerSignType" => "RSA-PSS",
342 "ExpectedResult" => "Success"
346 name => "RSA-PSS Certificate Legacy Signature Algorithm Selection",
347 server => $server_pss,
349 "SignatureAlgorithms" => "RSA-PSS+SHA256",
352 "ExpectedServerCertType" => "RSA",
353 "ExpectedServerSignHash" => "SHA256",
354 "ExpectedServerSignType" => "RSA-PSS",
355 "ExpectedResult" => "Success"
359 name => "RSA-PSS Certificate Unified Signature Algorithm Selection",
360 server => $server_pss,
362 "SignatureAlgorithms" => "rsa_pss_pss_sha256",
365 "ExpectedServerCertType" => "RSA-PSS",
366 "ExpectedServerSignHash" => "SHA256",
367 "ExpectedServerSignType" => "RSA-PSS",
368 "ExpectedResult" => "Success"
372 name => "Only RSA-PSS Certificate",
373 server => $server_pss_only,
376 "ExpectedServerCertType" => "RSA-PSS",
377 "ExpectedServerSignHash" => "SHA256",
378 "ExpectedServerSignType" => "RSA-PSS",
379 "ExpectedResult" => "Success"
383 name => "RSA-PSS Certificate, no PSS signature algorithms",
384 server => $server_pss_only,
386 "SignatureAlgorithms" => "RSA+SHA256",
389 "ExpectedResult" => "ServerFail"
393 name => "RSA key exchange with all RSA certificate types",
394 server => $server_rsa_all,
396 "CipherString" => "kRSA",
397 "MaxProtocol" => "TLSv1.2",
400 "ExpectedServerCertType" =>, "RSA",
401 "ExpectedResult" => "Success"
405 name => "RSA key exchange with only RSA-PSS certificate",
406 server => $server_pss_only,
408 "CipherString" => "kRSA",
409 "MaxProtocol" => "TLSv1.2",
412 "ExpectedResult" => "ServerFail"
416 name => "Suite B P-256 Hash Algorithm Selection",
418 "ECDSA.Certificate" => test_pem("p256-server-cert.pem"),
419 "ECDSA.PrivateKey" => test_pem("p256-server-key.pem"),
420 "MaxProtocol" => "TLSv1.2",
421 "CipherString" => "SUITEB128"
424 "VerifyCAFile" => test_pem("p384-root.pem"),
425 "SignatureAlgorithms" => "ECDSA+SHA384:ECDSA+SHA256"
428 "ExpectedServerCertType" => "P-256",
429 "ExpectedServerSignHash" => "SHA256",
430 "ExpectedServerSignType" => "EC",
431 "ExpectedResult" => "Success"
435 name => "Suite B P-384 Hash Algorithm Selection",
437 "ECDSA.Certificate" => test_pem("p384-server-cert.pem"),
438 "ECDSA.PrivateKey" => test_pem("p384-server-key.pem"),
439 "MaxProtocol" => "TLSv1.2",
440 "CipherString" => "SUITEB128"
443 "VerifyCAFile" => test_pem("p384-root.pem"),
444 "SignatureAlgorithms" => "ECDSA+SHA256:ECDSA+SHA384"
447 "ExpectedServerCertType" => "P-384",
448 "ExpectedServerSignHash" => "SHA384",
449 "ExpectedServerSignType" => "EC",
450 "ExpectedResult" => "Success"
454 name => "TLS 1.2 Ed25519 Client Auth",
456 "VerifyCAFile" => test_pem("root-cert.pem"),
457 "VerifyMode" => "Require"
460 "Ed25519.Certificate" => test_pem("client-ed25519-cert.pem"),
461 "Ed25519.PrivateKey" => test_pem("client-ed25519-key.pem"),
462 "MinProtocol" => "TLSv1.2",
463 "MaxProtocol" => "TLSv1.2"
466 "ExpectedClientCertType" => "Ed25519",
467 "ExpectedClientSignType" => "Ed25519",
468 "ExpectedResult" => "Success"
472 name => "TLS 1.2 Ed448 Client Auth",
474 "VerifyCAFile" => test_pem("root-cert.pem"),
475 "VerifyMode" => "Require"
478 "Ed448.Certificate" => test_pem("client-ed448-cert.pem"),
479 "Ed448.PrivateKey" => test_pem("client-ed448-key.pem"),
480 "MinProtocol" => "TLSv1.2",
481 "MaxProtocol" => "TLSv1.2"
484 "ExpectedClientCertType" => "Ed448",
485 "ExpectedClientSignType" => "Ed448",
486 "ExpectedResult" => "Success"
491 my @tests_tls_1_1 = (
493 name => "Only RSA-PSS Certificate, TLS v1.1",
494 server => $server_pss_only,
496 "MaxProtocol" => "TLSv1.1",
499 "ExpectedResult" => "ServerFail"
504 push @tests, @tests_tls_1_1 unless disabled("tls1_1");
506 my $server_tls_1_3 = {
507 "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
508 "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
509 "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"),
510 "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"),
511 "Ed448.Certificate" => test_pem("server-ed448-cert.pem"),
512 "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"),
513 "MinProtocol" => "TLSv1.3",
514 "MaxProtocol" => "TLSv1.3"
517 my $server_tls_1_3_pss = {
518 "PSS.Certificate" => test_pem("server-pss-cert.pem"),
519 "PSS.PrivateKey" => test_pem("server-pss-key.pem"),
520 "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
521 "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
522 "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"),
523 "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"),
524 "Ed448.Certificate" => test_pem("server-ed448-cert.pem"),
525 "Ed448.PrivateKey" => test_pem("server-ed449-key.pem"),
526 "MinProtocol" => "TLSv1.3",
527 "MaxProtocol" => "TLSv1.3"
530 my $client_tls_1_3 = {
531 "RSA.Certificate" => test_pem("ee-client-chain.pem"),
532 "RSA.PrivateKey" => test_pem("ee-key.pem"),
533 "ECDSA.Certificate" => test_pem("ee-ecdsa-client-chain.pem"),
534 "ECDSA.PrivateKey" => test_pem("ee-ecdsa-key.pem"),
535 "MinProtocol" => "TLSv1.3",
536 "MaxProtocol" => "TLSv1.3"
539 my @tests_tls_1_3 = (
541 name => "TLS 1.3 ECDSA Signature Algorithm Selection",
542 server => $server_tls_1_3,
544 "SignatureAlgorithms" => "ECDSA+SHA256",
547 "ExpectedServerCertType" => "P-256",
548 "ExpectedServerSignHash" => "SHA256",
549 "ExpectedServerSignType" => "EC",
550 "ExpectedServerCANames" => "empty",
551 "ExpectedResult" => "Success"
555 name => "TLS 1.3 ECDSA Signature Algorithm Selection compressed point",
557 "ECDSA.Certificate" => test_pem("server-cecdsa-cert.pem"),
558 "ECDSA.PrivateKey" => test_pem("server-cecdsa-key.pem"),
559 "MinProtocol" => "TLSv1.3",
560 "MaxProtocol" => "TLSv1.3"
563 "SignatureAlgorithms" => "ECDSA+SHA256",
566 "ExpectedServerCertType" => "P-256",
567 "ExpectedServerSignHash" => "SHA256",
568 "ExpectedServerSignType" => "EC",
569 "ExpectedServerCANames" => "empty",
570 "ExpectedResult" => "Success"
574 name => "TLS 1.3 ECDSA Signature Algorithm Selection SHA1",
575 server => $server_tls_1_3,
577 "SignatureAlgorithms" => "ECDSA+SHA1",
580 "ExpectedResult" => "ServerFail"
584 name => "TLS 1.3 ECDSA Signature Algorithm Selection with PSS",
585 server => $server_tls_1_3,
587 "SignatureAlgorithms" => "ECDSA+SHA256:RSA-PSS+SHA256",
588 "RequestCAFile" => test_pem("root-cert.pem"),
591 "ExpectedServerCertType" => "P-256",
592 "ExpectedServerSignHash" => "SHA256",
593 "ExpectedServerSignType" => "EC",
594 "ExpectedServerCANames" => test_pem("root-cert.pem"),
595 "ExpectedResult" => "Success"
599 name => "TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS",
600 server => $server_tls_1_3,
602 "SignatureAlgorithms" => "ECDSA+SHA384:RSA-PSS+SHA384",
605 "ExpectedServerCertType" => "RSA",
606 "ExpectedServerSignHash" => "SHA384",
607 "ExpectedServerSignType" => "RSA-PSS",
608 "ExpectedResult" => "Success"
612 name => "TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate",
614 "MinProtocol" => "TLSv1.3",
615 "MaxProtocol" => "TLSv1.3"
618 "SignatureAlgorithms" => "ECDSA+SHA256",
621 "ExpectedResult" => "ServerFail"
625 name => "TLS 1.3 RSA Signature Algorithm Selection, no PSS",
626 server => $server_tls_1_3,
628 "SignatureAlgorithms" => "RSA+SHA256",
631 "ExpectedResult" => "ServerFail"
635 name => "TLS 1.3 RSA-PSS Signature Algorithm Selection",
636 server => $server_tls_1_3,
638 "SignatureAlgorithms" => "RSA-PSS+SHA256",
641 "ExpectedServerCertType" => "RSA",
642 "ExpectedServerSignHash" => "SHA256",
643 "ExpectedServerSignType" => "RSA-PSS",
644 "ExpectedResult" => "Success"
648 name => "TLS 1.3 Ed25519 Signature Algorithm Selection",
649 server => $server_tls_1_3,
651 "SignatureAlgorithms" => "ed25519",
654 "ExpectedServerCertType" => "Ed25519",
655 "ExpectedServerSignType" => "Ed25519",
656 "ExpectedResult" => "Success"
660 name => "TLS 1.3 Ed448 Signature Algorithm Selection",
661 server => $server_tls_1_3,
663 "SignatureAlgorithms" => "ed448",
666 "ExpectedServerCertType" => "Ed448",
667 "ExpectedServerSignType" => "Ed448",
668 "ExpectedResult" => "Success"
672 name => "TLS 1.3 Ed25519 CipherString and Groups Selection",
673 server => $server_tls_1_3,
675 "SignatureAlgorithms" => "ECDSA+SHA256:ed25519",
676 # Excluding P-256 from the supported groups list should
677 # mean server still uses a P-256 certificate because supported
678 # groups is not used in signature selection for TLS 1.3
682 "ExpectedServerCertType" =>, "P-256",
683 "ExpectedServerSignType" =>, "EC",
684 "ExpectedResult" => "Success"
688 name => "TLS 1.3 Ed448 CipherString and Groups Selection",
689 server => $server_tls_1_3,
691 "SignatureAlgorithms" => "ECDSA+SHA256:ed448",
692 # Excluding P-256 from the supported groups list should
693 # mean server still uses a P-256 certificate because supported
694 # groups is not used in signature selection for TLS 1.3
698 "ExpectedServerCertType" =>, "P-256",
699 "ExpectedServerSignType" =>, "EC",
700 "ExpectedResult" => "Success"
704 name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection",
706 "ClientSignatureAlgorithms" => "PSS+SHA256",
707 "VerifyCAFile" => test_pem("root-cert.pem"),
708 "VerifyMode" => "Require"
710 client => $client_tls_1_3,
712 "ExpectedClientCertType" => "RSA",
713 "ExpectedClientSignHash" => "SHA256",
714 "ExpectedClientSignType" => "RSA-PSS",
715 "ExpectedClientCANames" => "empty",
716 "ExpectedResult" => "Success"
720 name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names",
722 "ClientSignatureAlgorithms" => "PSS+SHA256",
723 "VerifyCAFile" => test_pem("root-cert.pem"),
724 "RequestCAFile" => test_pem("root-cert.pem"),
725 "VerifyMode" => "Require"
727 client => $client_tls_1_3,
729 "ExpectedClientCertType" => "RSA",
730 "ExpectedClientSignHash" => "SHA256",
731 "ExpectedClientSignType" => "RSA-PSS",
732 "ExpectedClientCANames" => test_pem("root-cert.pem"),
733 "ExpectedResult" => "Success"
737 name => "TLS 1.3 ECDSA Client Auth Signature Algorithm Selection",
739 "ClientSignatureAlgorithms" => "ECDSA+SHA256",
740 "VerifyCAFile" => test_pem("root-cert.pem"),
741 "VerifyMode" => "Require"
743 client => $client_tls_1_3,
745 "ExpectedClientCertType" => "P-256",
746 "ExpectedClientSignHash" => "SHA256",
747 "ExpectedClientSignType" => "EC",
748 "ExpectedResult" => "Success"
752 name => "TLS 1.3 Ed25519 Client Auth",
754 "VerifyCAFile" => test_pem("root-cert.pem"),
755 "VerifyMode" => "Require"
758 "EdDSA.Certificate" => test_pem("client-ed25519-cert.pem"),
759 "EdDSA.PrivateKey" => test_pem("client-ed25519-key.pem"),
760 "MinProtocol" => "TLSv1.3",
761 "MaxProtocol" => "TLSv1.3"
764 "ExpectedClientCertType" => "Ed25519",
765 "ExpectedClientSignType" => "Ed25519",
766 "ExpectedResult" => "Success"
770 name => "TLS 1.3 Ed448 Client Auth",
772 "VerifyCAFile" => test_pem("root-cert.pem"),
773 "VerifyMode" => "Require"
776 "EdDSA.Certificate" => test_pem("client-ed448-cert.pem"),
777 "EdDSA.PrivateKey" => test_pem("client-ed448-key.pem"),
778 "MinProtocol" => "TLSv1.3",
779 "MaxProtocol" => "TLSv1.3"
782 "ExpectedClientCertType" => "Ed448",
783 "ExpectedClientSignType" => "Ed448",
784 "ExpectedResult" => "Success"
788 name => "TLS 1.3 ECDSA with brainpool",
790 "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
791 "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
792 "Groups" => "brainpoolP256r1",
795 "RequestCAFile" => test_pem("root-cert.pem"),
796 "Groups" => "brainpoolP256r1",
797 "MinProtocol" => "TLSv1.3",
798 "MaxProtocol" => "TLSv1.3"
801 "ExpectedResult" => "ServerFail"
806 push @tests, @tests_tls_1_3 unless disabled("tls1_3");
808 my @tests_dsa_tls_1_2 = (
810 name => "TLS 1.2 DSA Certificate Test",
812 "DSA.Certificate" => test_pem("server-dsa-cert.pem"),
813 "DSA.PrivateKey" => test_pem("server-dsa-key.pem"),
814 "DHParameters" => test_pem("dhp2048.pem"),
815 "MinProtocol" => "TLSv1.2",
816 "MaxProtocol" => "TLSv1.2",
817 "CipherString" => "ALL",
820 "SignatureAlgorithms" => "DSA+SHA256:DSA+SHA1",
821 "CipherString" => "ALL",
824 "ExpectedResult" => "Success"
829 my @tests_dsa_tls_1_3 = (
831 name => "TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms",
833 "ClientSignatureAlgorithms" => "ECDSA+SHA1:DSA+SHA256:RSA+SHA256",
834 "VerifyCAFile" => test_pem("root-cert.pem"),
835 "VerifyMode" => "Request"
839 "ExpectedResult" => "ServerFail"
843 name => "TLS 1.3 DSA Certificate Test",
845 "DSA.Certificate" => test_pem("server-dsa-cert.pem"),
846 "DSA.PrivateKey" => test_pem("server-dsa-key.pem"),
847 "MinProtocol" => "TLSv1.3",
848 "MaxProtocol" => "TLSv1.3",
849 "CipherString" => "ALL",
852 "SignatureAlgorithms" => "DSA+SHA1:DSA+SHA256:ECDSA+SHA256",
853 "CipherString" => "ALL",
856 "ExpectedResult" => "ServerFail"
861 if (!disabled("dsa")) {
862 push @tests, @tests_dsa_tls_1_2 unless disabled("dh");
863 push @tests, @tests_dsa_tls_1_3 unless disabled("tls1_3");