1 # Generated with generate_ssl_tests.pl
5 test-0 = 0-ECDSA CipherString Selection
6 test-1 = 1-Ed25519 CipherString and Signature Algorithm Selection
7 test-2 = 2-RSA CipherString Selection
8 test-3 = 3-ECDSA CipherString Selection, no ECDSA certificate
9 test-4 = 4-ECDSA Signature Algorithm Selection
10 test-5 = 5-ECDSA Signature Algorithm Selection SHA384
11 test-6 = 6-ECDSA Signature Algorithm Selection SHA1
12 test-7 = 7-ECDSA Signature Algorithm Selection compressed point
13 test-8 = 8-ECDSA Signature Algorithm Selection, no ECDSA certificate
14 test-9 = 9-RSA Signature Algorithm Selection
15 test-10 = 10-RSA-PSS Signature Algorithm Selection
16 test-11 = 11-Suite B P-256 Hash Algorithm Selection
17 test-12 = 12-Suite B P-384 Hash Algorithm Selection
18 test-13 = 13-TLS 1.2 Ed25519 Client Auth
19 test-14 = 14-TLS 1.2 DSA Certificate Test
20 # ===========================================================
22 [0-ECDSA CipherString Selection]
23 ssl_conf = 0-ECDSA CipherString Selection-ssl
25 [0-ECDSA CipherString Selection-ssl]
26 server = 0-ECDSA CipherString Selection-server
27 client = 0-ECDSA CipherString Selection-client
29 [0-ECDSA CipherString Selection-server]
30 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
31 CipherString = DEFAULT
32 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
33 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
34 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
35 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
37 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
39 [0-ECDSA CipherString Selection-client]
42 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
43 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
47 ExpectedResult = Success
48 ExpectedServerCANames = empty
49 ExpectedServerCertType = P-256
50 ExpectedServerSignType = EC
53 # ===========================================================
55 [1-Ed25519 CipherString and Signature Algorithm Selection]
56 ssl_conf = 1-Ed25519 CipherString and Signature Algorithm Selection-ssl
58 [1-Ed25519 CipherString and Signature Algorithm Selection-ssl]
59 server = 1-Ed25519 CipherString and Signature Algorithm Selection-server
60 client = 1-Ed25519 CipherString and Signature Algorithm Selection-client
62 [1-Ed25519 CipherString and Signature Algorithm Selection-server]
63 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
64 CipherString = DEFAULT
65 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
66 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
67 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
68 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
70 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
72 [1-Ed25519 CipherString and Signature Algorithm Selection-client]
75 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
76 SignatureAlgorithms = ed25519:ECDSA+SHA256
77 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
81 ExpectedResult = Success
82 ExpectedServerCANames = empty
83 ExpectedServerCertType = Ed25519
84 ExpectedServerSignType = Ed25519
87 # ===========================================================
89 [2-RSA CipherString Selection]
90 ssl_conf = 2-RSA CipherString Selection-ssl
92 [2-RSA CipherString Selection-ssl]
93 server = 2-RSA CipherString Selection-server
94 client = 2-RSA CipherString Selection-client
96 [2-RSA CipherString Selection-server]
97 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
98 CipherString = DEFAULT
99 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
100 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
101 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
102 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
103 MaxProtocol = TLSv1.2
104 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
106 [2-RSA CipherString Selection-client]
108 MaxProtocol = TLSv1.2
109 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
113 ExpectedResult = Success
114 ExpectedServerCertType = RSA
115 ExpectedServerSignType = RSA-PSS
118 # ===========================================================
120 [3-ECDSA CipherString Selection, no ECDSA certificate]
121 ssl_conf = 3-ECDSA CipherString Selection, no ECDSA certificate-ssl
123 [3-ECDSA CipherString Selection, no ECDSA certificate-ssl]
124 server = 3-ECDSA CipherString Selection, no ECDSA certificate-server
125 client = 3-ECDSA CipherString Selection, no ECDSA certificate-client
127 [3-ECDSA CipherString Selection, no ECDSA certificate-server]
128 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
129 CipherString = DEFAULT
130 MaxProtocol = TLSv1.2
131 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
133 [3-ECDSA CipherString Selection, no ECDSA certificate-client]
134 CipherString = aECDSA
135 MaxProtocol = TLSv1.2
136 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
140 ExpectedResult = ServerFail
143 # ===========================================================
145 [4-ECDSA Signature Algorithm Selection]
146 ssl_conf = 4-ECDSA Signature Algorithm Selection-ssl
148 [4-ECDSA Signature Algorithm Selection-ssl]
149 server = 4-ECDSA Signature Algorithm Selection-server
150 client = 4-ECDSA Signature Algorithm Selection-client
152 [4-ECDSA Signature Algorithm Selection-server]
153 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
154 CipherString = DEFAULT
155 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
156 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
157 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
158 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
159 MaxProtocol = TLSv1.2
160 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
162 [4-ECDSA Signature Algorithm Selection-client]
163 CipherString = DEFAULT
164 SignatureAlgorithms = ECDSA+SHA256
165 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
169 ExpectedResult = Success
170 ExpectedServerCertType = P-256
171 ExpectedServerSignHash = SHA256
172 ExpectedServerSignType = EC
175 # ===========================================================
177 [5-ECDSA Signature Algorithm Selection SHA384]
178 ssl_conf = 5-ECDSA Signature Algorithm Selection SHA384-ssl
180 [5-ECDSA Signature Algorithm Selection SHA384-ssl]
181 server = 5-ECDSA Signature Algorithm Selection SHA384-server
182 client = 5-ECDSA Signature Algorithm Selection SHA384-client
184 [5-ECDSA Signature Algorithm Selection SHA384-server]
185 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
186 CipherString = DEFAULT
187 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
188 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
189 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
190 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
191 MaxProtocol = TLSv1.2
192 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
194 [5-ECDSA Signature Algorithm Selection SHA384-client]
195 CipherString = DEFAULT
196 SignatureAlgorithms = ECDSA+SHA384
197 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
201 ExpectedResult = Success
202 ExpectedServerCertType = P-256
203 ExpectedServerSignHash = SHA384
204 ExpectedServerSignType = EC
207 # ===========================================================
209 [6-ECDSA Signature Algorithm Selection SHA1]
210 ssl_conf = 6-ECDSA Signature Algorithm Selection SHA1-ssl
212 [6-ECDSA Signature Algorithm Selection SHA1-ssl]
213 server = 6-ECDSA Signature Algorithm Selection SHA1-server
214 client = 6-ECDSA Signature Algorithm Selection SHA1-client
216 [6-ECDSA Signature Algorithm Selection SHA1-server]
217 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
218 CipherString = DEFAULT
219 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
220 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
221 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
222 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
223 MaxProtocol = TLSv1.2
224 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
226 [6-ECDSA Signature Algorithm Selection SHA1-client]
227 CipherString = DEFAULT
228 SignatureAlgorithms = ECDSA+SHA1
229 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
233 ExpectedResult = Success
234 ExpectedServerCertType = P-256
235 ExpectedServerSignHash = SHA1
236 ExpectedServerSignType = EC
239 # ===========================================================
241 [7-ECDSA Signature Algorithm Selection compressed point]
242 ssl_conf = 7-ECDSA Signature Algorithm Selection compressed point-ssl
244 [7-ECDSA Signature Algorithm Selection compressed point-ssl]
245 server = 7-ECDSA Signature Algorithm Selection compressed point-server
246 client = 7-ECDSA Signature Algorithm Selection compressed point-client
248 [7-ECDSA Signature Algorithm Selection compressed point-server]
249 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
250 CipherString = DEFAULT
251 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem
252 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem
253 MaxProtocol = TLSv1.2
254 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
256 [7-ECDSA Signature Algorithm Selection compressed point-client]
257 CipherString = DEFAULT
258 SignatureAlgorithms = ECDSA+SHA256
259 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
263 ExpectedResult = Success
264 ExpectedServerCertType = P-256
265 ExpectedServerSignHash = SHA256
266 ExpectedServerSignType = EC
269 # ===========================================================
271 [8-ECDSA Signature Algorithm Selection, no ECDSA certificate]
272 ssl_conf = 8-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl
274 [8-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
275 server = 8-ECDSA Signature Algorithm Selection, no ECDSA certificate-server
276 client = 8-ECDSA Signature Algorithm Selection, no ECDSA certificate-client
278 [8-ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
279 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
280 CipherString = DEFAULT
281 MaxProtocol = TLSv1.2
282 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
284 [8-ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
285 CipherString = DEFAULT
286 SignatureAlgorithms = ECDSA+SHA256
287 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
291 ExpectedResult = ServerFail
294 # ===========================================================
296 [9-RSA Signature Algorithm Selection]
297 ssl_conf = 9-RSA Signature Algorithm Selection-ssl
299 [9-RSA Signature Algorithm Selection-ssl]
300 server = 9-RSA Signature Algorithm Selection-server
301 client = 9-RSA Signature Algorithm Selection-client
303 [9-RSA Signature Algorithm Selection-server]
304 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
305 CipherString = DEFAULT
306 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
307 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
308 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
309 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
310 MaxProtocol = TLSv1.2
311 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
313 [9-RSA Signature Algorithm Selection-client]
314 CipherString = DEFAULT
315 SignatureAlgorithms = RSA+SHA256
316 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
320 ExpectedResult = Success
321 ExpectedServerCertType = RSA
322 ExpectedServerSignHash = SHA256
323 ExpectedServerSignType = RSA
326 # ===========================================================
328 [10-RSA-PSS Signature Algorithm Selection]
329 ssl_conf = 10-RSA-PSS Signature Algorithm Selection-ssl
331 [10-RSA-PSS Signature Algorithm Selection-ssl]
332 server = 10-RSA-PSS Signature Algorithm Selection-server
333 client = 10-RSA-PSS Signature Algorithm Selection-client
335 [10-RSA-PSS Signature Algorithm Selection-server]
336 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
337 CipherString = DEFAULT
338 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
339 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
340 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
341 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
342 MaxProtocol = TLSv1.2
343 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
345 [10-RSA-PSS Signature Algorithm Selection-client]
346 CipherString = DEFAULT
347 SignatureAlgorithms = RSA-PSS+SHA256
348 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
352 ExpectedResult = Success
353 ExpectedServerCertType = RSA
354 ExpectedServerSignHash = SHA256
355 ExpectedServerSignType = RSA-PSS
358 # ===========================================================
360 [11-Suite B P-256 Hash Algorithm Selection]
361 ssl_conf = 11-Suite B P-256 Hash Algorithm Selection-ssl
363 [11-Suite B P-256 Hash Algorithm Selection-ssl]
364 server = 11-Suite B P-256 Hash Algorithm Selection-server
365 client = 11-Suite B P-256 Hash Algorithm Selection-client
367 [11-Suite B P-256 Hash Algorithm Selection-server]
368 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
369 CipherString = SUITEB128
370 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p256-server-cert.pem
371 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p256-server-key.pem
372 MaxProtocol = TLSv1.2
373 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
375 [11-Suite B P-256 Hash Algorithm Selection-client]
376 CipherString = DEFAULT
377 SignatureAlgorithms = ECDSA+SHA384:ECDSA+SHA256
378 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
382 ExpectedResult = Success
383 ExpectedServerCertType = P-256
384 ExpectedServerSignHash = SHA256
385 ExpectedServerSignType = EC
388 # ===========================================================
390 [12-Suite B P-384 Hash Algorithm Selection]
391 ssl_conf = 12-Suite B P-384 Hash Algorithm Selection-ssl
393 [12-Suite B P-384 Hash Algorithm Selection-ssl]
394 server = 12-Suite B P-384 Hash Algorithm Selection-server
395 client = 12-Suite B P-384 Hash Algorithm Selection-client
397 [12-Suite B P-384 Hash Algorithm Selection-server]
398 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
399 CipherString = SUITEB128
400 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem
401 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem
402 MaxProtocol = TLSv1.2
403 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
405 [12-Suite B P-384 Hash Algorithm Selection-client]
406 CipherString = DEFAULT
407 SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384
408 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
412 ExpectedResult = Success
413 ExpectedServerCertType = P-384
414 ExpectedServerSignHash = SHA384
415 ExpectedServerSignType = EC
418 # ===========================================================
420 [13-TLS 1.2 Ed25519 Client Auth]
421 ssl_conf = 13-TLS 1.2 Ed25519 Client Auth-ssl
423 [13-TLS 1.2 Ed25519 Client Auth-ssl]
424 server = 13-TLS 1.2 Ed25519 Client Auth-server
425 client = 13-TLS 1.2 Ed25519 Client Auth-client
427 [13-TLS 1.2 Ed25519 Client Auth-server]
428 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
429 CipherString = DEFAULT
430 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
431 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
434 [13-TLS 1.2 Ed25519 Client Auth-client]
435 CipherString = DEFAULT
436 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem
437 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem
438 MaxProtocol = TLSv1.2
439 MinProtocol = TLSv1.2
440 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
444 ExpectedClientCertType = Ed25519
445 ExpectedClientSignType = Ed25519
446 ExpectedResult = Success
449 # ===========================================================
451 [14-TLS 1.2 DSA Certificate Test]
452 ssl_conf = 14-TLS 1.2 DSA Certificate Test-ssl
454 [14-TLS 1.2 DSA Certificate Test-ssl]
455 server = 14-TLS 1.2 DSA Certificate Test-server
456 client = 14-TLS 1.2 DSA Certificate Test-client
458 [14-TLS 1.2 DSA Certificate Test-server]
459 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
461 DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem
462 DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem
463 DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem
464 MaxProtocol = TLSv1.2
465 MinProtocol = TLSv1.2
466 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
468 [14-TLS 1.2 DSA Certificate Test-client]
470 SignatureAlgorithms = DSA+SHA256:DSA+SHA1
471 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
475 ExpectedResult = Success