2 # Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the Apache License 2.0 (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
16 use OpenSSL::Test::Utils;
20 name => "renegotiate-client-no-resume",
22 "Options" => "NoResumptionOnRenegotiation",
23 "MaxProtocol" => "TLSv1.2"
28 "HandshakeMode" => "RenegotiateClient",
29 "ResumptionExpected" => "No",
30 "ExpectedResult" => "Success"
34 name => "renegotiate-client-resume",
36 "MaxProtocol" => "TLSv1.2"
41 "HandshakeMode" => "RenegotiateClient",
42 "ResumptionExpected" => "Yes",
43 "ExpectedResult" => "Success"
47 name => "renegotiate-server-no-resume",
49 "Options" => "NoResumptionOnRenegotiation",
50 "MaxProtocol" => "TLSv1.2"
55 "HandshakeMode" => "RenegotiateServer",
56 "ResumptionExpected" => "No",
57 "ExpectedResult" => "Success"
61 name => "renegotiate-server-resume",
63 "MaxProtocol" => "TLSv1.2"
68 "HandshakeMode" => "RenegotiateServer",
69 "ResumptionExpected" => "Yes",
70 "ExpectedResult" => "Success"
74 name => "renegotiate-client-auth-require",
76 "Options" => "NoResumptionOnRenegotiation",
77 "MaxProtocol" => "TLSv1.2",
78 "VerifyCAFile" => test_pem("root-cert.pem"),
79 "VerifyMode" => "Require",
82 "Certificate" => test_pem("ee-client-chain.pem"),
83 "PrivateKey" => test_pem("ee-key.pem"),
87 "HandshakeMode" => "RenegotiateServer",
88 "ResumptionExpected" => "No",
89 "ExpectedResult" => "Success"
93 name => "renegotiate-client-auth-once",
95 "Options" => "NoResumptionOnRenegotiation",
96 "MaxProtocol" => "TLSv1.2",
97 "VerifyCAFile" => test_pem("root-cert.pem"),
98 "VerifyMode" => "Once",
101 "Certificate" => test_pem("ee-client-chain.pem"),
102 "PrivateKey" => test_pem("ee-key.pem"),
106 "HandshakeMode" => "RenegotiateServer",
107 "ResumptionExpected" => "No",
108 "ExpectedResult" => "Success"
112 # Just test that UnsafeLegacyServerConnect option
113 # exists, it won't have any real effect here
114 name => "renegotiate-client-legacy-connect",
116 "MaxProtocol" => "TLSv1.2"
119 "Options" => "UnsafeLegacyServerConnect",
123 "HandshakeMode" => "RenegotiateClient",
124 "ResumptionExpected" => "Yes",
125 "ExpectedResult" => "Success"
129 our @tests_tls1_2 = (
131 name => "renegotiate-aead-to-non-aead",
133 "Options" => "NoResumptionOnRenegotiation",
136 "CipherString" => "AES128-GCM-SHA256",
137 "MaxProtocol" => "TLSv1.2",
139 "RenegotiateCiphers" => "AES128-SHA"
144 "HandshakeMode" => "RenegotiateClient",
145 "ResumptionExpected" => "No",
146 "ExpectedResult" => "Success"
150 name => "renegotiate-non-aead-to-aead",
152 "Options" => "NoResumptionOnRenegotiation",
155 "CipherString" => "AES128-SHA",
156 "MaxProtocol" => "TLSv1.2",
158 "RenegotiateCiphers" => "AES128-GCM-SHA256"
163 "HandshakeMode" => "RenegotiateClient",
164 "ResumptionExpected" => "No",
165 "ExpectedResult" => "Success"
169 name => "renegotiate-non-aead-to-non-aead",
171 "Options" => "NoResumptionOnRenegotiation",
174 "CipherString" => "AES128-SHA",
175 "MaxProtocol" => "TLSv1.2",
177 "RenegotiateCiphers" => "AES256-SHA"
182 "HandshakeMode" => "RenegotiateClient",
183 "ResumptionExpected" => "No",
184 "ExpectedResult" => "Success"
188 name => "renegotiate-aead-to-aead",
190 "Options" => "NoResumptionOnRenegotiation",
193 "CipherString" => "AES128-GCM-SHA256",
194 "MaxProtocol" => "TLSv1.2",
196 "RenegotiateCiphers" => "AES256-GCM-SHA384"
201 "HandshakeMode" => "RenegotiateClient",
202 "ResumptionExpected" => "No",
203 "ExpectedResult" => "Success"
207 name => "no-renegotiation-server-by-client",
209 "Options" => "NoRenegotiation",
210 "MaxProtocol" => "TLSv1.2"
215 "HandshakeMode" => "RenegotiateClient",
216 "ResumptionExpected" => "No",
217 "ExpectedResult" => "ClientFail"
221 name => "no-renegotiation-server-by-server",
223 "Options" => "NoRenegotiation",
224 "MaxProtocol" => "TLSv1.2"
229 "HandshakeMode" => "RenegotiateServer",
230 "ResumptionExpected" => "No",
231 "ExpectedResult" => "ServerFail"
235 name => "no-renegotiation-client-by-server",
237 "MaxProtocol" => "TLSv1.2"
240 "Options" => "NoRenegotiation",
244 "HandshakeMode" => "RenegotiateServer",
245 "ResumptionExpected" => "No",
246 "ExpectedResult" => "ServerFail"
250 name => "no-renegotiation-client-by-client",
252 "MaxProtocol" => "TLSv1.2"
255 "Options" => "NoRenegotiation",
259 "HandshakeMode" => "RenegotiateClient",
260 "ResumptionExpected" => "No",
261 "ExpectedResult" => "ClientFail"
265 name => "no-extms-on-renegotiation",
267 "MaxProtocol" => "TLSv1.2"
270 "MaxProtocol" => "TLSv1.2",
272 "RenegotiateNoExtms" => "Yes"
277 "HandshakeMode" => "RenegotiateClient",
278 "ResumptionExpected" => "No",
279 "ExpectedResult" => "ServerFail"
283 name => "allow-client-renegotiation",
285 "MaxProtocol" => "TLSv1.2",
288 "MaxProtocol" => "TLSv1.2"
292 "HandshakeMode" => "RenegotiateClient",
293 "ResumptionExpected" => "Yes",
294 "ExpectedResult" => "Success"
298 name => "no-client-renegotiation",
300 "MaxProtocol" => "TLSv1.2",
301 "Options" => "-ClientRenegotiation"
304 "MaxProtocol" => "TLSv1.2",
308 "HandshakeMode" => "RenegotiateClient",
309 "ResumptionExpected" => "No",
310 "ExpectedResult" => "ClientFail",
311 "ExpectedServerAlert" => "NoRenegotiation"
316 push @tests, @tests_tls1_2 unless disabled("tls1_2");