3 ## SSL test configurations
10 use OpenSSL::Test::Utils;
13 "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
14 "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
15 "MaxProtocol" => "TLSv1.2"
20 name => "ECDSA CipherString Selection",
23 "CipherString" => "aECDSA",
26 "ExpectedServerCertType" =>, "P-256",
27 "ExpectedServerSignType" =>, "EC",
28 "ExpectedResult" => "Success"
32 name => "RSA CipherString Selection",
35 "CipherString" => "aRSA",
38 "ExpectedServerCertType" =>, "RSA",
39 "ExpectedServerSignType" =>, "RSA-PSS",
40 "ExpectedResult" => "Success"
44 name => "ECDSA CipherString Selection, no ECDSA certificate",
46 "MaxProtocol" => "TLSv1.2"
49 "CipherString" => "aECDSA"
52 "ExpectedResult" => "ServerFail"
56 name => "ECDSA Signature Algorithm Selection",
59 "SignatureAlgorithms" => "ECDSA+SHA256",
62 "ExpectedServerCertType" => "P-256",
63 "ExpectedServerSignHash" => "SHA256",
64 "ExpectedServerSignType" => "EC",
65 "ExpectedResult" => "Success"
69 name => "ECDSA Signature Algorithm Selection SHA384",
72 "SignatureAlgorithms" => "ECDSA+SHA384",
75 "ExpectedServerCertType" => "P-256",
76 "ExpectedServerSignHash" => "SHA384",
77 "ExpectedServerSignType" => "EC",
78 "ExpectedResult" => "Success"
82 name => "ECDSA Signature Algorithm Selection SHA1",
85 "SignatureAlgorithms" => "ECDSA+SHA1",
88 "ExpectedServerCertType" => "P-256",
89 "ExpectedServerSignHash" => "SHA1",
90 "ExpectedServerSignType" => "EC",
91 "ExpectedResult" => "Success"
95 name => "ECDSA Signature Algorithm Selection compressed point",
97 "ECDSA.Certificate" => test_pem("server-cecdsa-cert.pem"),
98 "ECDSA.PrivateKey" => test_pem("server-cecdsa-key.pem"),
99 "MaxProtocol" => "TLSv1.2"
102 "SignatureAlgorithms" => "ECDSA+SHA256",
105 "ExpectedServerCertType" => "P-256",
106 "ExpectedServerSignHash" => "SHA256",
107 "ExpectedServerSignType" => "EC",
108 "ExpectedResult" => "Success"
112 name => "ECDSA Signature Algorithm Selection, no ECDSA certificate",
114 "MaxProtocol" => "TLSv1.2"
117 "SignatureAlgorithms" => "ECDSA+SHA256",
120 "ExpectedResult" => "ServerFail"
124 name => "RSA Signature Algorithm Selection",
127 "SignatureAlgorithms" => "RSA+SHA256",
130 "ExpectedServerCertType" => "RSA",
131 "ExpectedServerSignHash" => "SHA256",
132 "ExpectedServerSignType" => "RSA",
133 "ExpectedResult" => "Success"
137 name => "RSA-PSS Signature Algorithm Selection",
140 "SignatureAlgorithms" => "RSA-PSS+SHA256",
143 "ExpectedServerCertType" => "RSA",
144 "ExpectedServerSignHash" => "SHA256",
145 "ExpectedServerSignType" => "RSA-PSS",
146 "ExpectedResult" => "Success"
150 name => "Suite B P-256 Hash Algorithm Selection",
152 "ECDSA.Certificate" => test_pem("p256-server-cert.pem"),
153 "ECDSA.PrivateKey" => test_pem("p256-server-key.pem"),
154 "MaxProtocol" => "TLSv1.2",
155 "CipherString" => "SUITEB128"
158 "VerifyCAFile" => test_pem("p384-root.pem"),
159 "SignatureAlgorithms" => "ECDSA+SHA384:ECDSA+SHA256"
162 "ExpectedServerCertType" => "P-256",
163 "ExpectedServerSignHash" => "SHA256",
164 "ExpectedServerSignType" => "EC",
165 "ExpectedResult" => "Success"
169 name => "Suite B P-384 Hash Algorithm Selection",
171 "ECDSA.Certificate" => test_pem("p384-server-cert.pem"),
172 "ECDSA.PrivateKey" => test_pem("p384-server-key.pem"),
173 "MaxProtocol" => "TLSv1.2",
174 "CipherString" => "SUITEB128"
177 "VerifyCAFile" => test_pem("p384-root.pem"),
178 "SignatureAlgorithms" => "ECDSA+SHA256:ECDSA+SHA384"
181 "ExpectedServerCertType" => "P-384",
182 "ExpectedServerSignHash" => "SHA384",
183 "ExpectedServerSignType" => "EC",
184 "ExpectedResult" => "Success"
190 my $server_tls_1_3 = {
191 "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
192 "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
193 "MinProtocol" => "TLSv1.3",
194 "MaxProtocol" => "TLSv1.3"
197 my $client_tls_1_3 = {
198 "RSA.Certificate" => test_pem("ee-client-chain.pem"),
199 "RSA.PrivateKey" => test_pem("ee-key.pem"),
200 "ECDSA.Certificate" => test_pem("ee-ecdsa-client-chain.pem"),
201 "ECDSA.PrivateKey" => test_pem("ee-ecdsa-key.pem"),
202 "MinProtocol" => "TLSv1.3",
203 "MaxProtocol" => "TLSv1.3"
206 my @tests_tls_1_3 = (
208 name => "TLS 1.3 ECDSA Signature Algorithm Selection",
209 server => $server_tls_1_3,
211 "SignatureAlgorithms" => "ECDSA+SHA256",
214 "ExpectedServerCertType" => "P-256",
215 "ExpectedServerSignHash" => "SHA256",
216 "ExpectedServerSignType" => "EC",
217 "ExpectedResult" => "Success"
221 name => "TLS 1.3 ECDSA Signature Algorithm Selection compressed point",
223 "ECDSA.Certificate" => test_pem("server-cecdsa-cert.pem"),
224 "ECDSA.PrivateKey" => test_pem("server-cecdsa-key.pem"),
225 "MinProtocol" => "TLSv1.3",
226 "MaxProtocol" => "TLSv1.3"
229 "SignatureAlgorithms" => "ECDSA+SHA256",
232 "ExpectedResult" => "ServerFail"
236 name => "TLS 1.3 ECDSA Signature Algorithm Selection SHA1",
237 server => $server_tls_1_3,
239 "SignatureAlgorithms" => "ECDSA+SHA1",
242 "ExpectedResult" => "ServerFail"
246 name => "TLS 1.3 ECDSA Signature Algorithm Selection with PSS",
247 server => $server_tls_1_3,
249 "SignatureAlgorithms" => "ECDSA+SHA256:RSA-PSS+SHA256",
252 "ExpectedServerCertType" => "P-256",
253 "ExpectedServerSignHash" => "SHA256",
254 "ExpectedServerSignType" => "EC",
255 "ExpectedResult" => "Success"
259 name => "TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS",
260 server => $server_tls_1_3,
262 "SignatureAlgorithms" => "ECDSA+SHA384:RSA-PSS+SHA384",
265 "ExpectedServerCertType" => "RSA",
266 "ExpectedServerSignHash" => "SHA384",
267 "ExpectedServerSignType" => "RSA-PSS",
268 "ExpectedResult" => "Success"
272 name => "TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate",
274 "MinProtocol" => "TLSv1.3",
275 "MaxProtocol" => "TLSv1.3"
278 "SignatureAlgorithms" => "ECDSA+SHA256",
281 "ExpectedResult" => "ServerFail"
285 name => "TLS 1.3 RSA Signature Algorithm Selection, no PSS",
286 server => $server_tls_1_3,
288 "SignatureAlgorithms" => "RSA+SHA256",
291 "ExpectedResult" => "ServerFail"
295 name => "TLS 1.3 RSA-PSS Signature Algorithm Selection",
296 server => $server_tls_1_3,
298 "SignatureAlgorithms" => "RSA-PSS+SHA256",
301 "ExpectedServerCertType" => "RSA",
302 "ExpectedServerSignHash" => "SHA256",
303 "ExpectedServerSignType" => "RSA-PSS",
304 "ExpectedResult" => "Success"
308 name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection",
310 "ClientSignatureAlgorithms" => "PSS+SHA256",
311 "VerifyCAFile" => test_pem("root-cert.pem"),
312 "VerifyMode" => "Require"
314 client => $client_tls_1_3,
316 "ExpectedClientCertType" => "RSA",
317 "ExpectedClientSignHash" => "SHA256",
318 "ExpectedClientSignType" => "RSA-PSS",
319 "ExpectedClientCANames" => "empty",
320 "ExpectedResult" => "Success"
324 name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names",
326 "ClientSignatureAlgorithms" => "PSS+SHA256",
327 "VerifyCAFile" => test_pem("root-cert.pem"),
328 "ClientCAFile" => test_pem("root-cert.pem"),
329 "VerifyMode" => "Require"
331 client => $client_tls_1_3,
333 "ExpectedClientCertType" => "RSA",
334 "ExpectedClientSignHash" => "SHA256",
335 "ExpectedClientSignType" => "RSA-PSS",
336 "ExpectedClientCANames" => test_pem("root-cert.pem"),
337 "ExpectedResult" => "Success"
341 name => "TLS 1.3 ECDSA Client Auth Signature Algorithm Selection",
343 "ClientSignatureAlgorithms" => "ECDSA+SHA256",
344 "VerifyCAFile" => test_pem("root-cert.pem"),
345 "VerifyMode" => "Require"
347 client => $client_tls_1_3,
349 "ExpectedClientCertType" => "P-256",
350 "ExpectedClientSignHash" => "SHA256",
351 "ExpectedClientSignType" => "EC",
352 "ExpectedResult" => "Success"
356 name => "TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms",
358 "ClientSignatureAlgorithms" => "ECDSA+SHA1:DSA+SHA256:RSA+SHA256",
359 "VerifyCAFile" => test_pem("root-cert.pem"),
360 "VerifyMode" => "Request"
364 "ExpectedResult" => "ServerFail"
369 push @tests, @tests_tls_1_3 unless disabled("tls1_3");
371 my @tests_dsa_tls_1_2 = (
373 name => "TLS 1.2 DSA Certificate Test",
375 "DSA.Certificate" => test_pem("server-dsa-cert.pem"),
376 "DSA.PrivateKey" => test_pem("server-dsa-key.pem"),
377 "DHParameters" => test_pem("dhp2048.pem"),
378 "MinProtocol" => "TLSv1.2",
379 "MaxProtocol" => "TLSv1.2",
380 "CipherString" => "ALL",
383 "SignatureAlgorithms" => "DSA+SHA256:DSA+SHA1",
384 "CipherString" => "ALL",
387 "ExpectedResult" => "Success"
392 my @tests_dsa_tls_1_3 = (
394 name => "TLS 1.3 DSA Certificate Test",
396 "DSA.Certificate" => test_pem("server-dsa-cert.pem"),
397 "DSA.PrivateKey" => test_pem("server-dsa-key.pem"),
398 "MinProtocol" => "TLSv1.3",
399 "MaxProtocol" => "TLSv1.3",
400 "CipherString" => "ALL",
403 "SignatureAlgorithms" => "DSA+SHA1:DSA+SHA256:ECDSA+SHA256",
404 "CipherString" => "ALL",
407 "ExpectedResult" => "ServerFail"
412 if (!disabled("dsa")) {
413 push @tests, @tests_dsa_tls_1_2 unless disabled("dh");
414 push @tests, @tests_dsa_tls_1_3 unless disabled("tls1_3");