test/ssl-tests/17-renegotiate.cnf.in

   1 # -*- mode: perl; -*-
   2 # Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
   3 #
   4 # Licensed under the Apache License 2.0 (the "License").  You may not use
   5 # this file except in compliance with the License.  You can obtain a copy
   6 # in the file LICENSE in the source distribution or at
   7 # https://www.openssl.org/source/license.html
   8
   9
  10 ## Test Renegotiation
  11
  12 use strict;
  13 use warnings;
  14
  15 package ssltests;
  16 use OpenSSL::Test::Utils;
  17
  18 our @tests = (
  19     {
  20         name => "renegotiate-client-no-resume",
  21         server => {
  22             "Options" => "NoResumptionOnRenegotiation",
  23             "MaxProtocol" => "TLSv1.2"
  24         },
  25         client => {},
  26         test => {
  27             "Method" => "TLS",
  28             "HandshakeMode" => "RenegotiateClient",
  29             "ResumptionExpected" => "No",
  30             "ExpectedResult" => "Success"
  31         }
  32     },
  33     {
  34         name => "renegotiate-client-resume",
  35         server => {
  36             "MaxProtocol" => "TLSv1.2"
  37         },
  38         client => {},
  39         test => {
  40             "Method" => "TLS",
  41             "HandshakeMode" => "RenegotiateClient",
  42             "ResumptionExpected" => "Yes",
  43             "ExpectedResult" => "Success"
  44         }
  45     },
  46     {
  47         name => "renegotiate-server-no-resume",
  48         server => {
  49             "Options" => "NoResumptionOnRenegotiation",
  50             "MaxProtocol" => "TLSv1.2"
  51         },
  52         client => {},
  53         test => {
  54             "Method" => "TLS",
  55             "HandshakeMode" => "RenegotiateServer",
  56             "ResumptionExpected" => "No",
  57             "ExpectedResult" => "Success"
  58         }
  59     },
  60     {
  61         name => "renegotiate-server-resume",
  62         server => {
  63             "MaxProtocol" => "TLSv1.2"
  64         },
  65         client => {},
  66         test => {
  67             "Method" => "TLS",
  68             "HandshakeMode" => "RenegotiateServer",
  69             "ResumptionExpected" => "Yes",
  70             "ExpectedResult" => "Success"
  71         }
  72     },
  73     {
  74         name => "renegotiate-client-auth-require",
  75         server => {
  76             "Options" => "NoResumptionOnRenegotiation",
  77             "MaxProtocol" => "TLSv1.2",
  78             "VerifyCAFile" => test_pem("root-cert.pem"),
  79             "VerifyMode" => "Require",
  80         },
  81         client => {
  82             "Certificate" => test_pem("ee-client-chain.pem"),
  83             "PrivateKey"  => test_pem("ee-key.pem"),
  84         },
  85         test => {
  86             "Method" => "TLS",
  87             "HandshakeMode" => "RenegotiateServer",
  88             "ResumptionExpected" => "No",
  89             "ExpectedResult" => "Success"
  90         }
  91     },
  92     {
  93         name => "renegotiate-client-auth-once",
  94         server => {
  95             "Options" => "NoResumptionOnRenegotiation",
  96             "MaxProtocol" => "TLSv1.2",
  97             "VerifyCAFile" => test_pem("root-cert.pem"),
  98             "VerifyMode" => "Once",
  99         },
 100         client => {
 101             "Certificate" => test_pem("ee-client-chain.pem"),
 102             "PrivateKey"  => test_pem("ee-key.pem"),
 103         },
 104         test => {
 105             "Method" => "TLS",
 106             "HandshakeMode" => "RenegotiateServer",
 107             "ResumptionExpected" => "No",
 108             "ExpectedResult" => "Success"
 109         }
 110     },
 111     {
 112 #       Just test that UnsafeLegacyServerConnect option
 113 #       exists, it won't have any real effect here
 114         name => "renegotiate-client-legacy-connect",
 115         server => {
 116             "MaxProtocol" => "TLSv1.2"
 117         },
 118         client => {
 119             "Options" => "UnsafeLegacyServerConnect",
 120         },
 121         test => {
 122             "Method" => "TLS",
 123             "HandshakeMode" => "RenegotiateClient",
 124             "ResumptionExpected" => "Yes",
 125             "ExpectedResult" => "Success"
 126         }
 127     },
 128 );
 129 our @tests_tls1_2 = (
 130     {
 131         name => "renegotiate-aead-to-non-aead",
 132         server => {
 133             "Options" => "NoResumptionOnRenegotiation",
 134         },
 135         client => {
 136             "CipherString" => "AES128-GCM-SHA256",
 137             "MaxProtocol" => "TLSv1.2",
 138             extra => {
 139                 "RenegotiateCiphers" => "AES128-SHA"
 140             }
 141         },
 142         test => {
 143             "Method" => "TLS",
 144             "HandshakeMode" => "RenegotiateClient",
 145             "ResumptionExpected" => "No",
 146             "ExpectedResult" => "Success"
 147         }
 148     },
 149     {
 150         name => "renegotiate-non-aead-to-aead",
 151         server => {
 152             "Options" => "NoResumptionOnRenegotiation",
 153         },
 154         client => {
 155             "CipherString" => "AES128-SHA",
 156             "MaxProtocol" => "TLSv1.2",
 157             extra => {
 158                 "RenegotiateCiphers" => "AES128-GCM-SHA256"
 159             }
 160         },
 161         test => {
 162             "Method" => "TLS",
 163             "HandshakeMode" => "RenegotiateClient",
 164             "ResumptionExpected" => "No",
 165             "ExpectedResult" => "Success"
 166         }
 167     },
 168     {
 169         name => "renegotiate-non-aead-to-non-aead",
 170         server => {
 171             "Options" => "NoResumptionOnRenegotiation",
 172         },
 173         client => {
 174             "CipherString" => "AES128-SHA",
 175             "MaxProtocol" => "TLSv1.2",
 176             extra => {
 177                 "RenegotiateCiphers" => "AES256-SHA"
 178             }
 179         },
 180         test => {
 181             "Method" => "TLS",
 182             "HandshakeMode" => "RenegotiateClient",
 183             "ResumptionExpected" => "No",
 184             "ExpectedResult" => "Success"
 185         }
 186     },
 187     {
 188         name => "renegotiate-aead-to-aead",
 189         server => {
 190             "Options" => "NoResumptionOnRenegotiation",
 191         },
 192         client => {
 193             "CipherString" => "AES128-GCM-SHA256",
 194             "MaxProtocol" => "TLSv1.2",
 195             extra => {
 196                 "RenegotiateCiphers" => "AES256-GCM-SHA384"
 197             }
 198         },
 199         test => {
 200             "Method" => "TLS",
 201             "HandshakeMode" => "RenegotiateClient",
 202             "ResumptionExpected" => "No",
 203             "ExpectedResult" => "Success"
 204         }
 205     },
 206     {
 207         name => "no-renegotiation-server-by-client",
 208         server => {
 209             "Options" => "NoRenegotiation",
 210             "MaxProtocol" => "TLSv1.2"
 211         },
 212         client => { },
 213         test => {
 214             "Method" => "TLS",
 215             "HandshakeMode" => "RenegotiateClient",
 216             "ResumptionExpected" => "No",
 217             "ExpectedResult" => "ClientFail"
 218         }
 219     },
 220     {
 221         name => "no-renegotiation-server-by-server",
 222         server => {
 223             "Options" => "NoRenegotiation",
 224             "MaxProtocol" => "TLSv1.2"
 225         },
 226         client => { },
 227         test => {
 228             "Method" => "TLS",
 229             "HandshakeMode" => "RenegotiateServer",
 230             "ResumptionExpected" => "No",
 231             "ExpectedResult" => "ServerFail"
 232         }
 233     },
 234     {
 235         name => "no-renegotiation-client-by-server",
 236         server => {
 237             "MaxProtocol" => "TLSv1.2"
 238         },
 239         client => {
 240             "Options" => "NoRenegotiation",
 241         },
 242         test => {
 243             "Method" => "TLS",
 244             "HandshakeMode" => "RenegotiateServer",
 245             "ResumptionExpected" => "No",
 246             "ExpectedResult" => "ServerFail"
 247         }
 248     },
 249     {
 250         name => "no-renegotiation-client-by-client",
 251         server => {
 252             "MaxProtocol" => "TLSv1.2"
 253         },
 254         client => {
 255             "Options" => "NoRenegotiation",
 256         },
 257         test => {
 258             "Method" => "TLS",
 259             "HandshakeMode" => "RenegotiateClient",
 260             "ResumptionExpected" => "No",
 261             "ExpectedResult" => "ClientFail"
 262         }
 263     },
 264     {
 265         name => "no-extms-on-renegotiation",
 266         server => {
 267             "MaxProtocol" => "TLSv1.2"
 268         },
 269         client => {
 270             "MaxProtocol" => "TLSv1.2",
 271             extra => {
 272                 "RenegotiateNoExtms" => "Yes"
 273             }
 274         },
 275         test => {
 276             "Method" => "TLS",
 277             "HandshakeMode" => "RenegotiateClient",
 278             "ResumptionExpected" => "No",
 279             "ExpectedResult" => "ServerFail"
 280         }
 281     },
 282     {
 283         name => "allow-client-renegotiation",
 284         server => {
 285             "MaxProtocol" => "TLSv1.2",
 286         },
 287         client => {
 288             "MaxProtocol" => "TLSv1.2"
 289         },
 290         test => {
 291             "Method" => "TLS",
 292             "HandshakeMode" => "RenegotiateClient",
 293             "ResumptionExpected" => "Yes",
 294             "ExpectedResult" => "Success"
 295         }
 296     },
 297     {
 298         name => "no-client-renegotiation",
 299         server => {
 300             "MaxProtocol" => "TLSv1.2",
 301             "Options" => "-ClientRenegotiation"
 302         },
 303         client => {
 304             "MaxProtocol" => "TLSv1.2",
 305         },
 306         test => {
 307             "Method" => "TLS",
 308             "HandshakeMode" => "RenegotiateClient",
 309             "ResumptionExpected" => "No",
 310             "ExpectedResult" => "ClientFail",
 311             "ExpectedServerAlert" => "NoRenegotiation"
 312         }
 313     }
 314 );
 315
 316 push @tests, @tests_tls1_2 unless disabled("tls1_2");