1 # Generated with generate_ssl_tests.pl
5 test-0 = 0-renegotiate-client-no-resume
6 test-1 = 1-renegotiate-client-resume
7 test-2 = 2-renegotiate-server-no-resume
8 test-3 = 3-renegotiate-server-resume
9 test-4 = 4-renegotiate-client-auth-require
10 test-5 = 5-renegotiate-client-auth-once
11 test-6 = 6-renegotiate-client-legacy-connect
12 test-7 = 7-renegotiate-aead-to-non-aead
13 test-8 = 8-renegotiate-non-aead-to-aead
14 test-9 = 9-renegotiate-non-aead-to-non-aead
15 test-10 = 10-renegotiate-aead-to-aead
16 test-11 = 11-no-renegotiation-server-by-client
17 test-12 = 12-no-renegotiation-server-by-server
18 test-13 = 13-no-renegotiation-client-by-server
19 test-14 = 14-no-renegotiation-client-by-client
20 test-15 = 15-no-extms-on-renegotiation
21 test-16 = 16-allow-client-renegotiation
22 test-17 = 17-no-client-renegotiation
23 # ===========================================================
25 [0-renegotiate-client-no-resume]
26 ssl_conf = 0-renegotiate-client-no-resume-ssl
28 [0-renegotiate-client-no-resume-ssl]
29 server = 0-renegotiate-client-no-resume-server
30 client = 0-renegotiate-client-no-resume-client
32 [0-renegotiate-client-no-resume-server]
33 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
34 CipherString = DEFAULT
36 Options = NoResumptionOnRenegotiation
37 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
39 [0-renegotiate-client-no-resume-client]
40 CipherString = DEFAULT
41 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
45 ExpectedResult = Success
46 HandshakeMode = RenegotiateClient
48 ResumptionExpected = No
51 # ===========================================================
53 [1-renegotiate-client-resume]
54 ssl_conf = 1-renegotiate-client-resume-ssl
56 [1-renegotiate-client-resume-ssl]
57 server = 1-renegotiate-client-resume-server
58 client = 1-renegotiate-client-resume-client
60 [1-renegotiate-client-resume-server]
61 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
62 CipherString = DEFAULT
64 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
66 [1-renegotiate-client-resume-client]
67 CipherString = DEFAULT
68 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
72 ExpectedResult = Success
73 HandshakeMode = RenegotiateClient
75 ResumptionExpected = Yes
78 # ===========================================================
80 [2-renegotiate-server-no-resume]
81 ssl_conf = 2-renegotiate-server-no-resume-ssl
83 [2-renegotiate-server-no-resume-ssl]
84 server = 2-renegotiate-server-no-resume-server
85 client = 2-renegotiate-server-no-resume-client
87 [2-renegotiate-server-no-resume-server]
88 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
89 CipherString = DEFAULT
91 Options = NoResumptionOnRenegotiation
92 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
94 [2-renegotiate-server-no-resume-client]
95 CipherString = DEFAULT
96 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
100 ExpectedResult = Success
101 HandshakeMode = RenegotiateServer
103 ResumptionExpected = No
106 # ===========================================================
108 [3-renegotiate-server-resume]
109 ssl_conf = 3-renegotiate-server-resume-ssl
111 [3-renegotiate-server-resume-ssl]
112 server = 3-renegotiate-server-resume-server
113 client = 3-renegotiate-server-resume-client
115 [3-renegotiate-server-resume-server]
116 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
117 CipherString = DEFAULT
118 MaxProtocol = TLSv1.2
119 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
121 [3-renegotiate-server-resume-client]
122 CipherString = DEFAULT
123 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
127 ExpectedResult = Success
128 HandshakeMode = RenegotiateServer
130 ResumptionExpected = Yes
133 # ===========================================================
135 [4-renegotiate-client-auth-require]
136 ssl_conf = 4-renegotiate-client-auth-require-ssl
138 [4-renegotiate-client-auth-require-ssl]
139 server = 4-renegotiate-client-auth-require-server
140 client = 4-renegotiate-client-auth-require-client
142 [4-renegotiate-client-auth-require-server]
143 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
144 CipherString = DEFAULT
145 MaxProtocol = TLSv1.2
146 Options = NoResumptionOnRenegotiation
147 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
148 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
151 [4-renegotiate-client-auth-require-client]
152 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
153 CipherString = DEFAULT
154 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
155 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
159 ExpectedResult = Success
160 HandshakeMode = RenegotiateServer
162 ResumptionExpected = No
165 # ===========================================================
167 [5-renegotiate-client-auth-once]
168 ssl_conf = 5-renegotiate-client-auth-once-ssl
170 [5-renegotiate-client-auth-once-ssl]
171 server = 5-renegotiate-client-auth-once-server
172 client = 5-renegotiate-client-auth-once-client
174 [5-renegotiate-client-auth-once-server]
175 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
176 CipherString = DEFAULT
177 MaxProtocol = TLSv1.2
178 Options = NoResumptionOnRenegotiation
179 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
180 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
183 [5-renegotiate-client-auth-once-client]
184 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
185 CipherString = DEFAULT
186 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
187 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
191 ExpectedResult = Success
192 HandshakeMode = RenegotiateServer
194 ResumptionExpected = No
197 # ===========================================================
199 [6-renegotiate-client-legacy-connect]
200 ssl_conf = 6-renegotiate-client-legacy-connect-ssl
202 [6-renegotiate-client-legacy-connect-ssl]
203 server = 6-renegotiate-client-legacy-connect-server
204 client = 6-renegotiate-client-legacy-connect-client
206 [6-renegotiate-client-legacy-connect-server]
207 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
208 CipherString = DEFAULT
209 MaxProtocol = TLSv1.2
210 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
212 [6-renegotiate-client-legacy-connect-client]
213 CipherString = DEFAULT
214 Options = UnsafeLegacyServerConnect
215 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
219 ExpectedResult = Success
220 HandshakeMode = RenegotiateClient
222 ResumptionExpected = Yes
225 # ===========================================================
227 [7-renegotiate-aead-to-non-aead]
228 ssl_conf = 7-renegotiate-aead-to-non-aead-ssl
230 [7-renegotiate-aead-to-non-aead-ssl]
231 server = 7-renegotiate-aead-to-non-aead-server
232 client = 7-renegotiate-aead-to-non-aead-client
234 [7-renegotiate-aead-to-non-aead-server]
235 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
236 CipherString = DEFAULT
237 Options = NoResumptionOnRenegotiation
238 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
240 [7-renegotiate-aead-to-non-aead-client]
241 CipherString = AES128-GCM-SHA256
242 MaxProtocol = TLSv1.2
243 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
247 ExpectedResult = Success
248 HandshakeMode = RenegotiateClient
250 ResumptionExpected = No
251 client = 7-renegotiate-aead-to-non-aead-client-extra
253 [7-renegotiate-aead-to-non-aead-client-extra]
254 RenegotiateCiphers = AES128-SHA
257 # ===========================================================
259 [8-renegotiate-non-aead-to-aead]
260 ssl_conf = 8-renegotiate-non-aead-to-aead-ssl
262 [8-renegotiate-non-aead-to-aead-ssl]
263 server = 8-renegotiate-non-aead-to-aead-server
264 client = 8-renegotiate-non-aead-to-aead-client
266 [8-renegotiate-non-aead-to-aead-server]
267 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
268 CipherString = DEFAULT
269 Options = NoResumptionOnRenegotiation
270 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
272 [8-renegotiate-non-aead-to-aead-client]
273 CipherString = AES128-SHA
274 MaxProtocol = TLSv1.2
275 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
279 ExpectedResult = Success
280 HandshakeMode = RenegotiateClient
282 ResumptionExpected = No
283 client = 8-renegotiate-non-aead-to-aead-client-extra
285 [8-renegotiate-non-aead-to-aead-client-extra]
286 RenegotiateCiphers = AES128-GCM-SHA256
289 # ===========================================================
291 [9-renegotiate-non-aead-to-non-aead]
292 ssl_conf = 9-renegotiate-non-aead-to-non-aead-ssl
294 [9-renegotiate-non-aead-to-non-aead-ssl]
295 server = 9-renegotiate-non-aead-to-non-aead-server
296 client = 9-renegotiate-non-aead-to-non-aead-client
298 [9-renegotiate-non-aead-to-non-aead-server]
299 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
300 CipherString = DEFAULT
301 Options = NoResumptionOnRenegotiation
302 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
304 [9-renegotiate-non-aead-to-non-aead-client]
305 CipherString = AES128-SHA
306 MaxProtocol = TLSv1.2
307 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
311 ExpectedResult = Success
312 HandshakeMode = RenegotiateClient
314 ResumptionExpected = No
315 client = 9-renegotiate-non-aead-to-non-aead-client-extra
317 [9-renegotiate-non-aead-to-non-aead-client-extra]
318 RenegotiateCiphers = AES256-SHA
321 # ===========================================================
323 [10-renegotiate-aead-to-aead]
324 ssl_conf = 10-renegotiate-aead-to-aead-ssl
326 [10-renegotiate-aead-to-aead-ssl]
327 server = 10-renegotiate-aead-to-aead-server
328 client = 10-renegotiate-aead-to-aead-client
330 [10-renegotiate-aead-to-aead-server]
331 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
332 CipherString = DEFAULT
333 Options = NoResumptionOnRenegotiation
334 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
336 [10-renegotiate-aead-to-aead-client]
337 CipherString = AES128-GCM-SHA256
338 MaxProtocol = TLSv1.2
339 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
343 ExpectedResult = Success
344 HandshakeMode = RenegotiateClient
346 ResumptionExpected = No
347 client = 10-renegotiate-aead-to-aead-client-extra
349 [10-renegotiate-aead-to-aead-client-extra]
350 RenegotiateCiphers = AES256-GCM-SHA384
353 # ===========================================================
355 [11-no-renegotiation-server-by-client]
356 ssl_conf = 11-no-renegotiation-server-by-client-ssl
358 [11-no-renegotiation-server-by-client-ssl]
359 server = 11-no-renegotiation-server-by-client-server
360 client = 11-no-renegotiation-server-by-client-client
362 [11-no-renegotiation-server-by-client-server]
363 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
364 CipherString = DEFAULT
365 MaxProtocol = TLSv1.2
366 Options = NoRenegotiation
367 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
369 [11-no-renegotiation-server-by-client-client]
370 CipherString = DEFAULT
371 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
375 ExpectedResult = ClientFail
376 HandshakeMode = RenegotiateClient
378 ResumptionExpected = No
381 # ===========================================================
383 [12-no-renegotiation-server-by-server]
384 ssl_conf = 12-no-renegotiation-server-by-server-ssl
386 [12-no-renegotiation-server-by-server-ssl]
387 server = 12-no-renegotiation-server-by-server-server
388 client = 12-no-renegotiation-server-by-server-client
390 [12-no-renegotiation-server-by-server-server]
391 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
392 CipherString = DEFAULT
393 MaxProtocol = TLSv1.2
394 Options = NoRenegotiation
395 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
397 [12-no-renegotiation-server-by-server-client]
398 CipherString = DEFAULT
399 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
403 ExpectedResult = ServerFail
404 HandshakeMode = RenegotiateServer
406 ResumptionExpected = No
409 # ===========================================================
411 [13-no-renegotiation-client-by-server]
412 ssl_conf = 13-no-renegotiation-client-by-server-ssl
414 [13-no-renegotiation-client-by-server-ssl]
415 server = 13-no-renegotiation-client-by-server-server
416 client = 13-no-renegotiation-client-by-server-client
418 [13-no-renegotiation-client-by-server-server]
419 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
420 CipherString = DEFAULT
421 MaxProtocol = TLSv1.2
422 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
424 [13-no-renegotiation-client-by-server-client]
425 CipherString = DEFAULT
426 Options = NoRenegotiation
427 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
431 ExpectedResult = ServerFail
432 HandshakeMode = RenegotiateServer
434 ResumptionExpected = No
437 # ===========================================================
439 [14-no-renegotiation-client-by-client]
440 ssl_conf = 14-no-renegotiation-client-by-client-ssl
442 [14-no-renegotiation-client-by-client-ssl]
443 server = 14-no-renegotiation-client-by-client-server
444 client = 14-no-renegotiation-client-by-client-client
446 [14-no-renegotiation-client-by-client-server]
447 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
448 CipherString = DEFAULT
449 MaxProtocol = TLSv1.2
450 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
452 [14-no-renegotiation-client-by-client-client]
453 CipherString = DEFAULT
454 Options = NoRenegotiation
455 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
459 ExpectedResult = ClientFail
460 HandshakeMode = RenegotiateClient
462 ResumptionExpected = No
465 # ===========================================================
467 [15-no-extms-on-renegotiation]
468 ssl_conf = 15-no-extms-on-renegotiation-ssl
470 [15-no-extms-on-renegotiation-ssl]
471 server = 15-no-extms-on-renegotiation-server
472 client = 15-no-extms-on-renegotiation-client
474 [15-no-extms-on-renegotiation-server]
475 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
476 CipherString = DEFAULT
477 MaxProtocol = TLSv1.2
478 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
480 [15-no-extms-on-renegotiation-client]
481 CipherString = DEFAULT
482 MaxProtocol = TLSv1.2
483 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
487 ExpectedResult = ServerFail
488 HandshakeMode = RenegotiateClient
490 ResumptionExpected = No
491 client = 15-no-extms-on-renegotiation-client-extra
493 [15-no-extms-on-renegotiation-client-extra]
494 RenegotiateNoExtms = Yes
497 # ===========================================================
499 [16-allow-client-renegotiation]
500 ssl_conf = 16-allow-client-renegotiation-ssl
502 [16-allow-client-renegotiation-ssl]
503 server = 16-allow-client-renegotiation-server
504 client = 16-allow-client-renegotiation-client
506 [16-allow-client-renegotiation-server]
507 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
508 CipherString = DEFAULT
509 MaxProtocol = TLSv1.2
510 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
512 [16-allow-client-renegotiation-client]
513 CipherString = DEFAULT
514 MaxProtocol = TLSv1.2
515 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
519 ExpectedResult = Success
520 HandshakeMode = RenegotiateClient
522 ResumptionExpected = Yes
525 # ===========================================================
527 [17-no-client-renegotiation]
528 ssl_conf = 17-no-client-renegotiation-ssl
530 [17-no-client-renegotiation-ssl]
531 server = 17-no-client-renegotiation-server
532 client = 17-no-client-renegotiation-client
534 [17-no-client-renegotiation-server]
535 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
536 CipherString = DEFAULT
537 MaxProtocol = TLSv1.2
538 Options = -ClientRenegotiation
539 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
541 [17-no-client-renegotiation-client]
542 CipherString = DEFAULT
543 MaxProtocol = TLSv1.2
544 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
548 ExpectedResult = ClientFail
549 ExpectedServerAlert = NoRenegotiation
550 HandshakeMode = RenegotiateClient
552 ResumptionExpected = No