3 ## SSL test configurations
11 use OpenSSL::Test::Utils qw(anydisabled);
15 my @curves = ("prime256v1", "secp384r1", "secp521r1", "X25519",
17 #Curves *only* suitable for use in TLSv1.3
18 my @curves_tls_1_3 = ("ffdhe2048", "ffdhe3072", "ffdhe4096", "ffdhe6144",
20 my @curves_tls_1_3_no_fips = ("brainpoolP256r1tls13", "brainpoolP384r1tls13",
21 "brainpoolP512r1tls13");
23 push @curves_tls_1_3, @curves_tls_1_3_no_fips if !$fips_mode;
24 push @curves, @curves_tls_1_3;
26 my @curves_tls_1_2 = ("sect233k1", "sect233r1",
27 "sect283k1", "sect283r1", "sect409k1", "sect409r1",
28 "sect571k1", "sect571r1", "secp224r1");
30 my @curves_non_fips = ("sect163k1", "sect163r2", "prime192v1",
31 "sect163r1", "sect193r1", "sect193r2", "sect239k1",
32 "secp160k1", "secp160r1", "secp160r2", "secp192k1",
33 "secp224k1", "secp256k1", "brainpoolP256r1",
34 "brainpoolP384r1", "brainpoolP512r1");
36 push @curves_tls_1_2, @curves_non_fips if !$fips_mode;
44 if ($group =~ /ffdhe/) {
45 $keyType = "dhKeyAgreement";
53 sub generate_tests() {
54 foreach (0..$#curves) {
55 my $curve = $curves[$_];
57 name => "curve-${curve}",
60 "CipherString" => 'DEFAULT@SECLEVEL=1',
61 "MaxProtocol" => "TLSv1.3"
64 "CipherString" => 'ECDHE@SECLEVEL=1',
65 "MaxProtocol" => "TLSv1.3",
69 "ExpectedTmpKeyType" => get_key_type($curve),
70 "ExpectedProtocol" => "TLSv1.3",
71 "ExpectedResult" => "Success"
75 foreach (0..$#curves_tls_1_2) {
76 my $curve = $curves_tls_1_2[$_];
78 name => "curve-${curve}",
81 "CipherString" => 'DEFAULT@SECLEVEL=1',
82 "MaxProtocol" => "TLSv1.3"
85 "CipherString" => 'ECDHE@SECLEVEL=1',
86 "MaxProtocol" => "TLSv1.2",
90 "ExpectedTmpKeyType" => get_key_type($curve),
91 "ExpectedProtocol" => "TLSv1.2",
92 "ExpectedResult" => "Success"
96 foreach (0..$#curves_tls_1_2) {
97 my $curve = $curves_tls_1_2[$_];
99 name => "curve-${curve}-tls12-in-tls13",
101 "Curves" => "$curve:P-256",
102 "CipherString" => 'DEFAULT@SECLEVEL=1',
103 "MaxProtocol" => "TLSv1.3"
106 "CipherString" => 'ECDHE@SECLEVEL=1',
107 "MaxProtocol" => "TLSv1.3",
108 "MinProtocol" => "TLSv1.3",
109 "Curves" => "$curve:P-256"
112 #This curve is not allowed in a TLSv1.3 key_share. We should
113 #succeed but fallback to P-256
114 "ExpectedTmpKeyType" => "P-256",
115 "ExpectedProtocol" => "TLSv1.3",
116 "ExpectedResult" => "Success"
120 foreach (0..$#curves_tls_1_2) {
121 my $curve = $curves_tls_1_2[$_];
123 name => "curve-${curve}-tls13",
126 "CipherString" => 'DEFAULT@SECLEVEL=1',
127 "MaxProtocol" => "TLSv1.3"
130 "CipherString" => 'ECDHE@SECLEVEL=1',
131 "MinProtocol" => "TLSv1.3",
135 "ExpectedResult" => "ClientFail"
139 foreach (0..$#curves_tls_1_3) {
140 my $curve = $curves_tls_1_3[$_];
142 name => "curve-${curve}-tls13-in-tls12",
145 "CipherString" => 'DEFAULT@SECLEVEL=1',
146 "MaxProtocol" => "TLSv1.3"
149 "CipherString" => 'ECDHE@SECLEVEL=1',
150 "MaxProtocol" => "TLSv1.2",
154 #These curves are only suitable for TLSv1.3 so we expect the
155 #server to fail because it has no shared groups for TLSv1.2
157 "ExpectedResult" => "ServerFail"
161 name => "curve-${curve}-tls13-in-tls12-2",
164 "CipherString" => 'DEFAULT@SECLEVEL=1',
165 "MaxProtocol" => "TLSv1.2"
168 "CipherString" => 'DEFAULT@SECLEVEL=1',
169 "MaxProtocol" => "TLSv1.3",
173 #These curves are only suitable for TLSv1.3. We expect TLSv1.2
174 #negotiation to succeed because we fall back to some other
176 "ExpectedResult" => "Success"