3 ## SSL test configurations
10 use OpenSSL::Test::Utils;
13 "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
14 "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
15 "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"),
16 "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"),
17 "Ed448.Certificate" => test_pem("server-ed448-cert.pem"),
18 "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"),
19 "MaxProtocol" => "TLSv1.2"
23 "PSS.Certificate" => test_pem("server-pss-cert.pem"),
24 "PSS.PrivateKey" => test_pem("server-pss-key.pem"),
25 "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
26 "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
27 "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"),
28 "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"),
29 "Ed448.Certificate" => test_pem("server-ed448-cert.pem"),
30 "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"),
31 "MaxProtocol" => "TLSv1.2"
34 my $server_pss_only = {
35 "Certificate" => test_pem("server-pss-cert.pem"),
36 "PrivateKey" => test_pem("server-pss-key.pem"),
39 my $server_rsa_all = {
40 "PSS.Certificate" => test_pem("server-pss-cert.pem"),
41 "PSS.PrivateKey" => test_pem("server-pss-key.pem"),
42 "Certificate" => test_pem("servercert.pem"),
43 "PrivateKey" => test_pem("serverkey.pem"),
48 name => "ECDSA CipherString Selection",
51 "CipherString" => "aECDSA",
52 "MaxProtocol" => "TLSv1.2",
53 "RequestCAFile" => test_pem("root-cert.pem"),
56 "ExpectedServerCertType" =>, "P-256",
57 "ExpectedServerSignType" =>, "EC",
58 # Note: certificate_authorities not sent for TLS < 1.3
59 "ExpectedServerCANames" =>, "empty",
60 "ExpectedResult" => "Success"
64 name => "ECDSA CipherString Selection",
66 "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
67 "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
68 "MaxProtocol" => "TLSv1.2",
69 #Deliberately set supported_groups to one not in the cert. This
74 "CipherString" => "aECDSA",
75 "MaxProtocol" => "TLSv1.2",
76 "Groups" => "P-256:P-384",
77 "RequestCAFile" => test_pem("root-cert.pem"),
80 "ExpectedServerCertType" =>, "P-256",
81 "ExpectedServerSignType" =>, "EC",
82 # Note: certificate_authorities not sent for TLS < 1.3
83 "ExpectedServerCANames" =>, "empty",
84 "ExpectedResult" => "Success"
88 name => "ECDSA CipherString Selection",
90 "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
91 "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
92 "MaxProtocol" => "TLSv1.2",
93 "Groups" => "P-256:P-384"
96 "CipherString" => "aECDSA",
97 "MaxProtocol" => "TLSv1.2",
98 #Deliberately set groups to not include the certificate group. This
101 "RequestCAFile" => test_pem("root-cert.pem"),
104 "ExpectedResult" => "ServerFail"
108 name => "Ed25519 CipherString and Signature Algorithm Selection",
111 "CipherString" => "aECDSA",
112 "MaxProtocol" => "TLSv1.2",
113 "SignatureAlgorithms" => "ed25519:ECDSA+SHA256",
114 "RequestCAFile" => test_pem("root-cert.pem"),
117 "ExpectedServerCertType" =>, "Ed25519",
118 "ExpectedServerSignType" =>, "Ed25519",
119 # Note: certificate_authorities not sent for TLS < 1.3
120 "ExpectedServerCANames" =>, "empty",
121 "ExpectedResult" => "Success"
125 name => "Ed448 CipherString and Signature Algorithm Selection",
128 "CipherString" => "aECDSA",
129 "MaxProtocol" => "TLSv1.2",
130 "SignatureAlgorithms" => "ed448:ECDSA+SHA256",
131 "RequestCAFile" => test_pem("root-cert.pem"),
134 "ExpectedServerCertType" =>, "Ed448",
135 "ExpectedServerSignType" =>, "Ed448",
136 # Note: certificate_authorities not sent for TLS < 1.3
137 "ExpectedServerCANames" =>, "empty",
138 "ExpectedResult" => "Success"
142 name => "RSA CipherString Selection",
145 "CipherString" => "aRSA",
146 "MaxProtocol" => "TLSv1.2",
149 "ExpectedServerCertType" =>, "RSA",
150 "ExpectedServerSignType" =>, "RSA-PSS",
151 "ExpectedResult" => "Success"
155 name => "RSA-PSS Certificate CipherString Selection",
156 server => $server_pss,
158 "CipherString" => "aRSA",
159 "MaxProtocol" => "TLSv1.2",
162 "ExpectedServerCertType" =>, "RSA-PSS",
163 "ExpectedServerSignType" =>, "RSA-PSS",
164 "ExpectedResult" => "Success"
168 name => "P-256 CipherString and Signature Algorithm Selection",
171 "CipherString" => "aECDSA",
172 "MaxProtocol" => "TLSv1.2",
173 "SignatureAlgorithms" => "ECDSA+SHA256:ed25519",
176 "ExpectedServerCertType" => "P-256",
177 "ExpectedServerSignHash" => "SHA256",
178 "ExpectedServerSignType" => "EC",
179 "ExpectedResult" => "Success"
183 name => "Ed25519 CipherString and Curves Selection",
186 "CipherString" => "aECDSA",
187 "MaxProtocol" => "TLSv1.2",
188 "SignatureAlgorithms" => "ECDSA+SHA256:ed25519",
189 # Excluding P-256 from the supported curves list means server
190 # certificate should be Ed25519 and not P-256
194 "ExpectedServerCertType" =>, "Ed25519",
195 "ExpectedServerSignType" =>, "Ed25519",
196 "ExpectedResult" => "Success"
200 name => "Ed448 CipherString and Curves Selection",
203 "CipherString" => "aECDSA",
204 "MaxProtocol" => "TLSv1.2",
205 "SignatureAlgorithms" => "ECDSA+SHA256:ed448",
206 # Excluding P-256 from the supported curves list means server
207 # certificate should be Ed25519 and not P-256
211 "ExpectedServerCertType" =>, "Ed448",
212 "ExpectedServerSignType" =>, "Ed448",
213 "ExpectedResult" => "Success"
217 name => "ECDSA CipherString Selection, no ECDSA certificate",
219 "MaxProtocol" => "TLSv1.2"
222 "CipherString" => "aECDSA",
223 "MaxProtocol" => "TLSv1.2"
226 "ExpectedResult" => "ServerFail"
230 name => "ECDSA Signature Algorithm Selection",
233 "SignatureAlgorithms" => "ECDSA+SHA256",
236 "ExpectedServerCertType" => "P-256",
237 "ExpectedServerSignHash" => "SHA256",
238 "ExpectedServerSignType" => "EC",
239 "ExpectedResult" => "Success"
243 name => "ECDSA Signature Algorithm Selection SHA384",
246 "SignatureAlgorithms" => "ECDSA+SHA384",
249 "ExpectedServerCertType" => "P-256",
250 "ExpectedServerSignHash" => "SHA384",
251 "ExpectedServerSignType" => "EC",
252 "ExpectedResult" => "Success"
256 name => "ECDSA Signature Algorithm Selection SHA1",
259 "SignatureAlgorithms" => "ECDSA+SHA1",
262 "ExpectedServerCertType" => "P-256",
263 "ExpectedServerSignHash" => "SHA1",
264 "ExpectedServerSignType" => "EC",
265 "ExpectedResult" => "Success"
269 name => "ECDSA Signature Algorithm Selection compressed point",
271 "ECDSA.Certificate" => test_pem("server-cecdsa-cert.pem"),
272 "ECDSA.PrivateKey" => test_pem("server-cecdsa-key.pem"),
273 "MaxProtocol" => "TLSv1.2"
276 "SignatureAlgorithms" => "ECDSA+SHA256",
279 "ExpectedServerCertType" => "P-256",
280 "ExpectedServerSignHash" => "SHA256",
281 "ExpectedServerSignType" => "EC",
282 "ExpectedResult" => "Success"
286 name => "ECDSA Signature Algorithm Selection, no ECDSA certificate",
288 "MaxProtocol" => "TLSv1.2"
291 "SignatureAlgorithms" => "ECDSA+SHA256",
294 "ExpectedResult" => "ServerFail"
298 name => "RSA Signature Algorithm Selection",
301 "SignatureAlgorithms" => "RSA+SHA256",
304 "ExpectedServerCertType" => "RSA",
305 "ExpectedServerSignHash" => "SHA256",
306 "ExpectedServerSignType" => "RSA",
307 "ExpectedResult" => "Success"
311 name => "RSA-PSS Signature Algorithm Selection",
314 "SignatureAlgorithms" => "RSA-PSS+SHA256",
317 "ExpectedServerCertType" => "RSA",
318 "ExpectedServerSignHash" => "SHA256",
319 "ExpectedServerSignType" => "RSA-PSS",
320 "ExpectedResult" => "Success"
324 name => "RSA-PSS Certificate Legacy Signature Algorithm Selection",
325 server => $server_pss,
327 "SignatureAlgorithms" => "RSA-PSS+SHA256",
330 "ExpectedServerCertType" => "RSA",
331 "ExpectedServerSignHash" => "SHA256",
332 "ExpectedServerSignType" => "RSA-PSS",
333 "ExpectedResult" => "Success"
337 name => "RSA-PSS Certificate Unified Signature Algorithm Selection",
338 server => $server_pss,
340 "SignatureAlgorithms" => "rsa_pss_pss_sha256",
343 "ExpectedServerCertType" => "RSA-PSS",
344 "ExpectedServerSignHash" => "SHA256",
345 "ExpectedServerSignType" => "RSA-PSS",
346 "ExpectedResult" => "Success"
350 name => "Only RSA-PSS Certificate",
351 server => $server_pss_only,
354 "ExpectedServerCertType" => "RSA-PSS",
355 "ExpectedServerSignHash" => "SHA256",
356 "ExpectedServerSignType" => "RSA-PSS",
357 "ExpectedResult" => "Success"
361 name => "RSA-PSS Certificate, no PSS signature algorithms",
362 server => $server_pss_only,
364 "SignatureAlgorithms" => "RSA+SHA256",
367 "ExpectedResult" => "ServerFail"
371 name => "RSA key exchange with all RSA certificate types",
372 server => $server_rsa_all,
374 "CipherString" => "kRSA",
375 "MaxProtocol" => "TLSv1.2",
378 "ExpectedServerCertType" =>, "RSA",
379 "ExpectedResult" => "Success"
383 name => "RSA key exchange with only RSA-PSS certificate",
384 server => $server_pss_only,
386 "CipherString" => "kRSA",
387 "MaxProtocol" => "TLSv1.2",
390 "ExpectedResult" => "ServerFail"
394 name => "Suite B P-256 Hash Algorithm Selection",
396 "ECDSA.Certificate" => test_pem("p256-server-cert.pem"),
397 "ECDSA.PrivateKey" => test_pem("p256-server-key.pem"),
398 "MaxProtocol" => "TLSv1.2",
399 "CipherString" => "SUITEB128"
402 "VerifyCAFile" => test_pem("p384-root.pem"),
403 "SignatureAlgorithms" => "ECDSA+SHA384:ECDSA+SHA256"
406 "ExpectedServerCertType" => "P-256",
407 "ExpectedServerSignHash" => "SHA256",
408 "ExpectedServerSignType" => "EC",
409 "ExpectedResult" => "Success"
413 name => "Suite B P-384 Hash Algorithm Selection",
415 "ECDSA.Certificate" => test_pem("p384-server-cert.pem"),
416 "ECDSA.PrivateKey" => test_pem("p384-server-key.pem"),
417 "MaxProtocol" => "TLSv1.2",
418 "CipherString" => "SUITEB128"
421 "VerifyCAFile" => test_pem("p384-root.pem"),
422 "SignatureAlgorithms" => "ECDSA+SHA256:ECDSA+SHA384"
425 "ExpectedServerCertType" => "P-384",
426 "ExpectedServerSignHash" => "SHA384",
427 "ExpectedServerSignType" => "EC",
428 "ExpectedResult" => "Success"
432 name => "TLS 1.2 Ed25519 Client Auth",
434 "VerifyCAFile" => test_pem("root-cert.pem"),
435 "VerifyMode" => "Require"
438 "Ed25519.Certificate" => test_pem("client-ed25519-cert.pem"),
439 "Ed25519.PrivateKey" => test_pem("client-ed25519-key.pem"),
440 "MinProtocol" => "TLSv1.2",
441 "MaxProtocol" => "TLSv1.2"
444 "ExpectedClientCertType" => "Ed25519",
445 "ExpectedClientSignType" => "Ed25519",
446 "ExpectedResult" => "Success"
450 name => "TLS 1.2 Ed448 Client Auth",
452 "VerifyCAFile" => test_pem("root-cert.pem"),
453 "VerifyMode" => "Require"
456 "Ed448.Certificate" => test_pem("client-ed448-cert.pem"),
457 "Ed448.PrivateKey" => test_pem("client-ed448-key.pem"),
458 "MinProtocol" => "TLSv1.2",
459 "MaxProtocol" => "TLSv1.2"
462 "ExpectedClientCertType" => "Ed448",
463 "ExpectedClientSignType" => "Ed448",
464 "ExpectedResult" => "Success"
469 my @tests_tls_1_1 = (
471 name => "Only RSA-PSS Certificate, TLS v1.1",
472 server => $server_pss_only,
474 "MaxProtocol" => "TLSv1.1",
477 "ExpectedResult" => "ServerFail"
482 push @tests, @tests_tls_1_1 unless disabled("tls1_1");
484 my $server_tls_1_3 = {
485 "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
486 "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
487 "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"),
488 "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"),
489 "Ed448.Certificate" => test_pem("server-ed448-cert.pem"),
490 "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"),
491 "MinProtocol" => "TLSv1.3",
492 "MaxProtocol" => "TLSv1.3"
495 my $server_tls_1_3_pss = {
496 "PSS.Certificate" => test_pem("server-pss-cert.pem"),
497 "PSS.PrivateKey" => test_pem("server-pss-key.pem"),
498 "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
499 "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
500 "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"),
501 "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"),
502 "Ed448.Certificate" => test_pem("server-ed448-cert.pem"),
503 "Ed448.PrivateKey" => test_pem("server-ed449-key.pem"),
504 "MinProtocol" => "TLSv1.3",
505 "MaxProtocol" => "TLSv1.3"
508 my $client_tls_1_3 = {
509 "RSA.Certificate" => test_pem("ee-client-chain.pem"),
510 "RSA.PrivateKey" => test_pem("ee-key.pem"),
511 "ECDSA.Certificate" => test_pem("ee-ecdsa-client-chain.pem"),
512 "ECDSA.PrivateKey" => test_pem("ee-ecdsa-key.pem"),
513 "MinProtocol" => "TLSv1.3",
514 "MaxProtocol" => "TLSv1.3"
517 my @tests_tls_1_3 = (
519 name => "TLS 1.3 ECDSA Signature Algorithm Selection",
520 server => $server_tls_1_3,
522 "SignatureAlgorithms" => "ECDSA+SHA256",
525 "ExpectedServerCertType" => "P-256",
526 "ExpectedServerSignHash" => "SHA256",
527 "ExpectedServerSignType" => "EC",
528 "ExpectedServerCANames" => "empty",
529 "ExpectedResult" => "Success"
533 name => "TLS 1.3 ECDSA Signature Algorithm Selection compressed point",
535 "ECDSA.Certificate" => test_pem("server-cecdsa-cert.pem"),
536 "ECDSA.PrivateKey" => test_pem("server-cecdsa-key.pem"),
537 "MinProtocol" => "TLSv1.3",
538 "MaxProtocol" => "TLSv1.3"
541 "SignatureAlgorithms" => "ECDSA+SHA256",
544 "ExpectedServerCertType" => "P-256",
545 "ExpectedServerSignHash" => "SHA256",
546 "ExpectedServerSignType" => "EC",
547 "ExpectedServerCANames" => "empty",
548 "ExpectedResult" => "Success"
552 name => "TLS 1.3 ECDSA Signature Algorithm Selection SHA1",
553 server => $server_tls_1_3,
555 "SignatureAlgorithms" => "ECDSA+SHA1",
558 "ExpectedResult" => "ServerFail"
562 name => "TLS 1.3 ECDSA Signature Algorithm Selection with PSS",
563 server => $server_tls_1_3,
565 "SignatureAlgorithms" => "ECDSA+SHA256:RSA-PSS+SHA256",
566 "RequestCAFile" => test_pem("root-cert.pem"),
569 "ExpectedServerCertType" => "P-256",
570 "ExpectedServerSignHash" => "SHA256",
571 "ExpectedServerSignType" => "EC",
572 "ExpectedServerCANames" => test_pem("root-cert.pem"),
573 "ExpectedResult" => "Success"
577 name => "TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS",
578 server => $server_tls_1_3,
580 "SignatureAlgorithms" => "ECDSA+SHA384:RSA-PSS+SHA384",
583 "ExpectedServerCertType" => "RSA",
584 "ExpectedServerSignHash" => "SHA384",
585 "ExpectedServerSignType" => "RSA-PSS",
586 "ExpectedResult" => "Success"
590 name => "TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate",
592 "MinProtocol" => "TLSv1.3",
593 "MaxProtocol" => "TLSv1.3"
596 "SignatureAlgorithms" => "ECDSA+SHA256",
599 "ExpectedResult" => "ServerFail"
603 name => "TLS 1.3 RSA Signature Algorithm Selection, no PSS",
604 server => $server_tls_1_3,
606 "SignatureAlgorithms" => "RSA+SHA256",
609 "ExpectedResult" => "ServerFail"
613 name => "TLS 1.3 RSA-PSS Signature Algorithm Selection",
614 server => $server_tls_1_3,
616 "SignatureAlgorithms" => "RSA-PSS+SHA256",
619 "ExpectedServerCertType" => "RSA",
620 "ExpectedServerSignHash" => "SHA256",
621 "ExpectedServerSignType" => "RSA-PSS",
622 "ExpectedResult" => "Success"
626 name => "TLS 1.3 Ed25519 Signature Algorithm Selection",
627 server => $server_tls_1_3,
629 "SignatureAlgorithms" => "ed25519",
632 "ExpectedServerCertType" => "Ed25519",
633 "ExpectedServerSignType" => "Ed25519",
634 "ExpectedResult" => "Success"
638 name => "TLS 1.3 Ed448 Signature Algorithm Selection",
639 server => $server_tls_1_3,
641 "SignatureAlgorithms" => "ed448",
644 "ExpectedServerCertType" => "Ed448",
645 "ExpectedServerSignType" => "Ed448",
646 "ExpectedResult" => "Success"
650 name => "TLS 1.3 Ed25519 CipherString and Groups Selection",
651 server => $server_tls_1_3,
653 "SignatureAlgorithms" => "ECDSA+SHA256:ed25519",
654 # Excluding P-256 from the supported groups list should
655 # mean server still uses a P-256 certificate because supported
656 # groups is not used in signature selection for TLS 1.3
660 "ExpectedServerCertType" =>, "P-256",
661 "ExpectedServerSignType" =>, "EC",
662 "ExpectedResult" => "Success"
666 name => "TLS 1.3 Ed448 CipherString and Groups Selection",
667 server => $server_tls_1_3,
669 "SignatureAlgorithms" => "ECDSA+SHA256:ed448",
670 # Excluding P-256 from the supported groups list should
671 # mean server still uses a P-256 certificate because supported
672 # groups is not used in signature selection for TLS 1.3
676 "ExpectedServerCertType" =>, "P-256",
677 "ExpectedServerSignType" =>, "EC",
678 "ExpectedResult" => "Success"
682 name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection",
684 "ClientSignatureAlgorithms" => "PSS+SHA256",
685 "VerifyCAFile" => test_pem("root-cert.pem"),
686 "VerifyMode" => "Require"
688 client => $client_tls_1_3,
690 "ExpectedClientCertType" => "RSA",
691 "ExpectedClientSignHash" => "SHA256",
692 "ExpectedClientSignType" => "RSA-PSS",
693 "ExpectedClientCANames" => "empty",
694 "ExpectedResult" => "Success"
698 name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names",
700 "ClientSignatureAlgorithms" => "PSS+SHA256",
701 "VerifyCAFile" => test_pem("root-cert.pem"),
702 "RequestCAFile" => test_pem("root-cert.pem"),
703 "VerifyMode" => "Require"
705 client => $client_tls_1_3,
707 "ExpectedClientCertType" => "RSA",
708 "ExpectedClientSignHash" => "SHA256",
709 "ExpectedClientSignType" => "RSA-PSS",
710 "ExpectedClientCANames" => test_pem("root-cert.pem"),
711 "ExpectedResult" => "Success"
715 name => "TLS 1.3 ECDSA Client Auth Signature Algorithm Selection",
717 "ClientSignatureAlgorithms" => "ECDSA+SHA256",
718 "VerifyCAFile" => test_pem("root-cert.pem"),
719 "VerifyMode" => "Require"
721 client => $client_tls_1_3,
723 "ExpectedClientCertType" => "P-256",
724 "ExpectedClientSignHash" => "SHA256",
725 "ExpectedClientSignType" => "EC",
726 "ExpectedResult" => "Success"
730 name => "TLS 1.3 Ed25519 Client Auth",
732 "VerifyCAFile" => test_pem("root-cert.pem"),
733 "VerifyMode" => "Require"
736 "EdDSA.Certificate" => test_pem("client-ed25519-cert.pem"),
737 "EdDSA.PrivateKey" => test_pem("client-ed25519-key.pem"),
738 "MinProtocol" => "TLSv1.3",
739 "MaxProtocol" => "TLSv1.3"
742 "ExpectedClientCertType" => "Ed25519",
743 "ExpectedClientSignType" => "Ed25519",
744 "ExpectedResult" => "Success"
748 name => "TLS 1.3 Ed448 Client Auth",
750 "VerifyCAFile" => test_pem("root-cert.pem"),
751 "VerifyMode" => "Require"
754 "EdDSA.Certificate" => test_pem("client-ed448-cert.pem"),
755 "EdDSA.PrivateKey" => test_pem("client-ed448-key.pem"),
756 "MinProtocol" => "TLSv1.3",
757 "MaxProtocol" => "TLSv1.3"
760 "ExpectedClientCertType" => "Ed448",
761 "ExpectedClientSignType" => "Ed448",
762 "ExpectedResult" => "Success"
767 push @tests, @tests_tls_1_3 unless disabled("tls1_3");
769 my @tests_dsa_tls_1_2 = (
771 name => "TLS 1.2 DSA Certificate Test",
773 "DSA.Certificate" => test_pem("server-dsa-cert.pem"),
774 "DSA.PrivateKey" => test_pem("server-dsa-key.pem"),
775 "DHParameters" => test_pem("dhp2048.pem"),
776 "MinProtocol" => "TLSv1.2",
777 "MaxProtocol" => "TLSv1.2",
778 "CipherString" => "ALL",
781 "SignatureAlgorithms" => "DSA+SHA256:DSA+SHA1",
782 "CipherString" => "ALL",
785 "ExpectedResult" => "Success"
790 my @tests_dsa_tls_1_3 = (
792 name => "TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms",
794 "ClientSignatureAlgorithms" => "ECDSA+SHA1:DSA+SHA256:RSA+SHA256",
795 "VerifyCAFile" => test_pem("root-cert.pem"),
796 "VerifyMode" => "Request"
800 "ExpectedResult" => "ServerFail"
804 name => "TLS 1.3 DSA Certificate Test",
806 "DSA.Certificate" => test_pem("server-dsa-cert.pem"),
807 "DSA.PrivateKey" => test_pem("server-dsa-key.pem"),
808 "MinProtocol" => "TLSv1.3",
809 "MaxProtocol" => "TLSv1.3",
810 "CipherString" => "ALL",
813 "SignatureAlgorithms" => "DSA+SHA1:DSA+SHA256:ECDSA+SHA256",
814 "CipherString" => "ALL",
817 "ExpectedResult" => "ServerFail"
822 if (!disabled("dsa")) {
823 push @tests, @tests_dsa_tls_1_2 unless disabled("dh");
824 push @tests, @tests_dsa_tls_1_3 unless disabled("tls1_3");