test/ssl-tests/17-renegotiate.cnf

   1 # Generated with generate_ssl_tests.pl
   2
   3 num_tests = 18
   4
   5 test-0 = 0-renegotiate-client-no-resume
   6 test-1 = 1-renegotiate-client-resume
   7 test-2 = 2-renegotiate-server-no-resume
   8 test-3 = 3-renegotiate-server-resume
   9 test-4 = 4-renegotiate-client-auth-require
  10 test-5 = 5-renegotiate-client-auth-once
  11 test-6 = 6-renegotiate-client-legacy-connect
  12 test-7 = 7-renegotiate-aead-to-non-aead
  13 test-8 = 8-renegotiate-non-aead-to-aead
  14 test-9 = 9-renegotiate-non-aead-to-non-aead
  15 test-10 = 10-renegotiate-aead-to-aead
  16 test-11 = 11-no-renegotiation-server-by-client
  17 test-12 = 12-no-renegotiation-server-by-server
  18 test-13 = 13-no-renegotiation-client-by-server
  19 test-14 = 14-no-renegotiation-client-by-client
  20 test-15 = 15-no-extms-on-renegotiation
  21 test-16 = 16-allow-client-renegotiation
  22 test-17 = 17-no-client-renegotiation
  23 # ===========================================================
  24
  25 [0-renegotiate-client-no-resume]
  26 ssl_conf = 0-renegotiate-client-no-resume-ssl
  27
  28 [0-renegotiate-client-no-resume-ssl]
  29 server = 0-renegotiate-client-no-resume-server
  30 client = 0-renegotiate-client-no-resume-client
  31
  32 [0-renegotiate-client-no-resume-server]
  33 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  34 CipherString = DEFAULT
  35 MaxProtocol = TLSv1.2
  36 Options = NoResumptionOnRenegotiation
  37 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  38
  39 [0-renegotiate-client-no-resume-client]
  40 CipherString = DEFAULT
  41 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  42 VerifyMode = Peer
  43
  44 [test-0]
  45 ExpectedResult = Success
  46 HandshakeMode = RenegotiateClient
  47 Method = TLS
  48 ResumptionExpected = No
  49
  50
  51 # ===========================================================
  52
  53 [1-renegotiate-client-resume]
  54 ssl_conf = 1-renegotiate-client-resume-ssl
  55
  56 [1-renegotiate-client-resume-ssl]
  57 server = 1-renegotiate-client-resume-server
  58 client = 1-renegotiate-client-resume-client
  59
  60 [1-renegotiate-client-resume-server]
  61 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  62 CipherString = DEFAULT
  63 MaxProtocol = TLSv1.2
  64 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  65
  66 [1-renegotiate-client-resume-client]
  67 CipherString = DEFAULT
  68 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  69 VerifyMode = Peer
  70
  71 [test-1]
  72 ExpectedResult = Success
  73 HandshakeMode = RenegotiateClient
  74 Method = TLS
  75 ResumptionExpected = Yes
  76
  77
  78 # ===========================================================
  79
  80 [2-renegotiate-server-no-resume]
  81 ssl_conf = 2-renegotiate-server-no-resume-ssl
  82
  83 [2-renegotiate-server-no-resume-ssl]
  84 server = 2-renegotiate-server-no-resume-server
  85 client = 2-renegotiate-server-no-resume-client
  86
  87 [2-renegotiate-server-no-resume-server]
  88 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  89 CipherString = DEFAULT
  90 MaxProtocol = TLSv1.2
  91 Options = NoResumptionOnRenegotiation
  92 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  93
  94 [2-renegotiate-server-no-resume-client]
  95 CipherString = DEFAULT
  96 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  97 VerifyMode = Peer
  98
  99 [test-2]
 100 ExpectedResult = Success
 101 HandshakeMode = RenegotiateServer
 102 Method = TLS
 103 ResumptionExpected = No
 104
 105
 106 # ===========================================================
 107
 108 [3-renegotiate-server-resume]
 109 ssl_conf = 3-renegotiate-server-resume-ssl
 110
 111 [3-renegotiate-server-resume-ssl]
 112 server = 3-renegotiate-server-resume-server
 113 client = 3-renegotiate-server-resume-client
 114
 115 [3-renegotiate-server-resume-server]
 116 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 117 CipherString = DEFAULT
 118 MaxProtocol = TLSv1.2
 119 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 120
 121 [3-renegotiate-server-resume-client]
 122 CipherString = DEFAULT
 123 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 124 VerifyMode = Peer
 125
 126 [test-3]
 127 ExpectedResult = Success
 128 HandshakeMode = RenegotiateServer
 129 Method = TLS
 130 ResumptionExpected = Yes
 131
 132
 133 # ===========================================================
 134
 135 [4-renegotiate-client-auth-require]
 136 ssl_conf = 4-renegotiate-client-auth-require-ssl
 137
 138 [4-renegotiate-client-auth-require-ssl]
 139 server = 4-renegotiate-client-auth-require-server
 140 client = 4-renegotiate-client-auth-require-client
 141
 142 [4-renegotiate-client-auth-require-server]
 143 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 144 CipherString = DEFAULT
 145 MaxProtocol = TLSv1.2
 146 Options = NoResumptionOnRenegotiation
 147 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 148 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
 149 VerifyMode = Require
 150
 151 [4-renegotiate-client-auth-require-client]
 152 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
 153 CipherString = DEFAULT
 154 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
 155 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 156 VerifyMode = Peer
 157
 158 [test-4]
 159 ExpectedResult = Success
 160 HandshakeMode = RenegotiateServer
 161 Method = TLS
 162 ResumptionExpected = No
 163
 164
 165 # ===========================================================
 166
 167 [5-renegotiate-client-auth-once]
 168 ssl_conf = 5-renegotiate-client-auth-once-ssl
 169
 170 [5-renegotiate-client-auth-once-ssl]
 171 server = 5-renegotiate-client-auth-once-server
 172 client = 5-renegotiate-client-auth-once-client
 173
 174 [5-renegotiate-client-auth-once-server]
 175 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 176 CipherString = DEFAULT
 177 MaxProtocol = TLSv1.2
 178 Options = NoResumptionOnRenegotiation
 179 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 180 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
 181 VerifyMode = Once
 182
 183 [5-renegotiate-client-auth-once-client]
 184 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
 185 CipherString = DEFAULT
 186 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
 187 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 188 VerifyMode = Peer
 189
 190 [test-5]
 191 ExpectedResult = Success
 192 HandshakeMode = RenegotiateServer
 193 Method = TLS
 194 ResumptionExpected = No
 195
 196
 197 # ===========================================================
 198
 199 [6-renegotiate-client-legacy-connect]
 200 ssl_conf = 6-renegotiate-client-legacy-connect-ssl
 201
 202 [6-renegotiate-client-legacy-connect-ssl]
 203 server = 6-renegotiate-client-legacy-connect-server
 204 client = 6-renegotiate-client-legacy-connect-client
 205
 206 [6-renegotiate-client-legacy-connect-server]
 207 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 208 CipherString = DEFAULT
 209 MaxProtocol = TLSv1.2
 210 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 211
 212 [6-renegotiate-client-legacy-connect-client]
 213 CipherString = DEFAULT
 214 Options = UnsafeLegacyServerConnect
 215 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 216 VerifyMode = Peer
 217
 218 [test-6]
 219 ExpectedResult = Success
 220 HandshakeMode = RenegotiateClient
 221 Method = TLS
 222 ResumptionExpected = Yes
 223
 224
 225 # ===========================================================
 226
 227 [7-renegotiate-aead-to-non-aead]
 228 ssl_conf = 7-renegotiate-aead-to-non-aead-ssl
 229
 230 [7-renegotiate-aead-to-non-aead-ssl]
 231 server = 7-renegotiate-aead-to-non-aead-server
 232 client = 7-renegotiate-aead-to-non-aead-client
 233
 234 [7-renegotiate-aead-to-non-aead-server]
 235 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 236 CipherString = DEFAULT
 237 Options = NoResumptionOnRenegotiation
 238 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 239
 240 [7-renegotiate-aead-to-non-aead-client]
 241 CipherString = AES128-GCM-SHA256
 242 MaxProtocol = TLSv1.2
 243 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 244 VerifyMode = Peer
 245
 246 [test-7]
 247 ExpectedResult = Success
 248 HandshakeMode = RenegotiateClient
 249 Method = TLS
 250 ResumptionExpected = No
 251 client = 7-renegotiate-aead-to-non-aead-client-extra
 252
 253 [7-renegotiate-aead-to-non-aead-client-extra]
 254 RenegotiateCiphers = AES128-SHA
 255
 256
 257 # ===========================================================
 258
 259 [8-renegotiate-non-aead-to-aead]
 260 ssl_conf = 8-renegotiate-non-aead-to-aead-ssl
 261
 262 [8-renegotiate-non-aead-to-aead-ssl]
 263 server = 8-renegotiate-non-aead-to-aead-server
 264 client = 8-renegotiate-non-aead-to-aead-client
 265
 266 [8-renegotiate-non-aead-to-aead-server]
 267 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 268 CipherString = DEFAULT
 269 Options = NoResumptionOnRenegotiation
 270 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 271
 272 [8-renegotiate-non-aead-to-aead-client]
 273 CipherString = AES128-SHA
 274 MaxProtocol = TLSv1.2
 275 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 276 VerifyMode = Peer
 277
 278 [test-8]
 279 ExpectedResult = Success
 280 HandshakeMode = RenegotiateClient
 281 Method = TLS
 282 ResumptionExpected = No
 283 client = 8-renegotiate-non-aead-to-aead-client-extra
 284
 285 [8-renegotiate-non-aead-to-aead-client-extra]
 286 RenegotiateCiphers = AES128-GCM-SHA256
 287
 288
 289 # ===========================================================
 290
 291 [9-renegotiate-non-aead-to-non-aead]
 292 ssl_conf = 9-renegotiate-non-aead-to-non-aead-ssl
 293
 294 [9-renegotiate-non-aead-to-non-aead-ssl]
 295 server = 9-renegotiate-non-aead-to-non-aead-server
 296 client = 9-renegotiate-non-aead-to-non-aead-client
 297
 298 [9-renegotiate-non-aead-to-non-aead-server]
 299 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 300 CipherString = DEFAULT
 301 Options = NoResumptionOnRenegotiation
 302 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 303
 304 [9-renegotiate-non-aead-to-non-aead-client]
 305 CipherString = AES128-SHA
 306 MaxProtocol = TLSv1.2
 307 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 308 VerifyMode = Peer
 309
 310 [test-9]
 311 ExpectedResult = Success
 312 HandshakeMode = RenegotiateClient
 313 Method = TLS
 314 ResumptionExpected = No
 315 client = 9-renegotiate-non-aead-to-non-aead-client-extra
 316
 317 [9-renegotiate-non-aead-to-non-aead-client-extra]
 318 RenegotiateCiphers = AES256-SHA
 319
 320
 321 # ===========================================================
 322
 323 [10-renegotiate-aead-to-aead]
 324 ssl_conf = 10-renegotiate-aead-to-aead-ssl
 325
 326 [10-renegotiate-aead-to-aead-ssl]
 327 server = 10-renegotiate-aead-to-aead-server
 328 client = 10-renegotiate-aead-to-aead-client
 329
 330 [10-renegotiate-aead-to-aead-server]
 331 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 332 CipherString = DEFAULT
 333 Options = NoResumptionOnRenegotiation
 334 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 335
 336 [10-renegotiate-aead-to-aead-client]
 337 CipherString = AES128-GCM-SHA256
 338 MaxProtocol = TLSv1.2
 339 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 340 VerifyMode = Peer
 341
 342 [test-10]
 343 ExpectedResult = Success
 344 HandshakeMode = RenegotiateClient
 345 Method = TLS
 346 ResumptionExpected = No
 347 client = 10-renegotiate-aead-to-aead-client-extra
 348
 349 [10-renegotiate-aead-to-aead-client-extra]
 350 RenegotiateCiphers = AES256-GCM-SHA384
 351
 352
 353 # ===========================================================
 354
 355 [11-no-renegotiation-server-by-client]
 356 ssl_conf = 11-no-renegotiation-server-by-client-ssl
 357
 358 [11-no-renegotiation-server-by-client-ssl]
 359 server = 11-no-renegotiation-server-by-client-server
 360 client = 11-no-renegotiation-server-by-client-client
 361
 362 [11-no-renegotiation-server-by-client-server]
 363 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 364 CipherString = DEFAULT
 365 MaxProtocol = TLSv1.2
 366 Options = NoRenegotiation
 367 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 368
 369 [11-no-renegotiation-server-by-client-client]
 370 CipherString = DEFAULT
 371 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 372 VerifyMode = Peer
 373
 374 [test-11]
 375 ExpectedResult = ClientFail
 376 HandshakeMode = RenegotiateClient
 377 Method = TLS
 378 ResumptionExpected = No
 379
 380
 381 # ===========================================================
 382
 383 [12-no-renegotiation-server-by-server]
 384 ssl_conf = 12-no-renegotiation-server-by-server-ssl
 385
 386 [12-no-renegotiation-server-by-server-ssl]
 387 server = 12-no-renegotiation-server-by-server-server
 388 client = 12-no-renegotiation-server-by-server-client
 389
 390 [12-no-renegotiation-server-by-server-server]
 391 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 392 CipherString = DEFAULT
 393 MaxProtocol = TLSv1.2
 394 Options = NoRenegotiation
 395 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 396
 397 [12-no-renegotiation-server-by-server-client]
 398 CipherString = DEFAULT
 399 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 400 VerifyMode = Peer
 401
 402 [test-12]
 403 ExpectedResult = ServerFail
 404 HandshakeMode = RenegotiateServer
 405 Method = TLS
 406 ResumptionExpected = No
 407
 408
 409 # ===========================================================
 410
 411 [13-no-renegotiation-client-by-server]
 412 ssl_conf = 13-no-renegotiation-client-by-server-ssl
 413
 414 [13-no-renegotiation-client-by-server-ssl]
 415 server = 13-no-renegotiation-client-by-server-server
 416 client = 13-no-renegotiation-client-by-server-client
 417
 418 [13-no-renegotiation-client-by-server-server]
 419 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 420 CipherString = DEFAULT
 421 MaxProtocol = TLSv1.2
 422 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 423
 424 [13-no-renegotiation-client-by-server-client]
 425 CipherString = DEFAULT
 426 Options = NoRenegotiation
 427 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 428 VerifyMode = Peer
 429
 430 [test-13]
 431 ExpectedResult = ServerFail
 432 HandshakeMode = RenegotiateServer
 433 Method = TLS
 434 ResumptionExpected = No
 435
 436
 437 # ===========================================================
 438
 439 [14-no-renegotiation-client-by-client]
 440 ssl_conf = 14-no-renegotiation-client-by-client-ssl
 441
 442 [14-no-renegotiation-client-by-client-ssl]
 443 server = 14-no-renegotiation-client-by-client-server
 444 client = 14-no-renegotiation-client-by-client-client
 445
 446 [14-no-renegotiation-client-by-client-server]
 447 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 448 CipherString = DEFAULT
 449 MaxProtocol = TLSv1.2
 450 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 451
 452 [14-no-renegotiation-client-by-client-client]
 453 CipherString = DEFAULT
 454 Options = NoRenegotiation
 455 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 456 VerifyMode = Peer
 457
 458 [test-14]
 459 ExpectedResult = ClientFail
 460 HandshakeMode = RenegotiateClient
 461 Method = TLS
 462 ResumptionExpected = No
 463
 464
 465 # ===========================================================
 466
 467 [15-no-extms-on-renegotiation]
 468 ssl_conf = 15-no-extms-on-renegotiation-ssl
 469
 470 [15-no-extms-on-renegotiation-ssl]
 471 server = 15-no-extms-on-renegotiation-server
 472 client = 15-no-extms-on-renegotiation-client
 473
 474 [15-no-extms-on-renegotiation-server]
 475 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 476 CipherString = DEFAULT
 477 MaxProtocol = TLSv1.2
 478 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 479
 480 [15-no-extms-on-renegotiation-client]
 481 CipherString = DEFAULT
 482 MaxProtocol = TLSv1.2
 483 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 484 VerifyMode = Peer
 485
 486 [test-15]
 487 ExpectedResult = ServerFail
 488 HandshakeMode = RenegotiateClient
 489 Method = TLS
 490 ResumptionExpected = No
 491 client = 15-no-extms-on-renegotiation-client-extra
 492
 493 [15-no-extms-on-renegotiation-client-extra]
 494 RenegotiateNoExtms = Yes
 495
 496
 497 # ===========================================================
 498
 499 [16-allow-client-renegotiation]
 500 ssl_conf = 16-allow-client-renegotiation-ssl
 501
 502 [16-allow-client-renegotiation-ssl]
 503 server = 16-allow-client-renegotiation-server
 504 client = 16-allow-client-renegotiation-client
 505
 506 [16-allow-client-renegotiation-server]
 507 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 508 CipherString = DEFAULT
 509 MaxProtocol = TLSv1.2
 510 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 511
 512 [16-allow-client-renegotiation-client]
 513 CipherString = DEFAULT
 514 MaxProtocol = TLSv1.2
 515 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 516 VerifyMode = Peer
 517
 518 [test-16]
 519 ExpectedResult = Success
 520 HandshakeMode = RenegotiateClient
 521 Method = TLS
 522 ResumptionExpected = Yes
 523
 524
 525 # ===========================================================
 526
 527 [17-no-client-renegotiation]
 528 ssl_conf = 17-no-client-renegotiation-ssl
 529
 530 [17-no-client-renegotiation-ssl]
 531 server = 17-no-client-renegotiation-server
 532 client = 17-no-client-renegotiation-client
 533
 534 [17-no-client-renegotiation-server]
 535 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 536 CipherString = DEFAULT
 537 MaxProtocol = TLSv1.2
 538 Options = -ClientRenegotiation
 539 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 540
 541 [17-no-client-renegotiation-client]
 542 CipherString = DEFAULT
 543 MaxProtocol = TLSv1.2
 544 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 545 VerifyMode = Peer
 546
 547 [test-17]
 548 ExpectedResult = ClientFail
 549 ExpectedServerAlert = NoRenegotiation
 550 HandshakeMode = RenegotiateClient
 551 Method = TLS
 552 ResumptionExpected = No
 553
 554