3 ## SSL test configurations
10 use OpenSSL::Test::Utils;
13 "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
14 "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
15 "MaxProtocol" => "TLSv1.2"
20 name => "ECDSA CipherString Selection",
23 "CipherString" => "aECDSA",
24 "RequestCAFile" => test_pem("root-cert.pem"),
27 "ExpectedServerCertType" =>, "P-256",
28 "ExpectedServerSignType" =>, "EC",
29 # Note: certificate_authorities not sent for TLS < 1.3
30 "ExpectedServerCANames" =>, "empty",
31 "ExpectedResult" => "Success"
35 name => "RSA CipherString Selection",
38 "CipherString" => "aRSA",
41 "ExpectedServerCertType" =>, "RSA",
42 "ExpectedServerSignType" =>, "RSA-PSS",
43 "ExpectedResult" => "Success"
47 name => "ECDSA CipherString Selection, no ECDSA certificate",
49 "MaxProtocol" => "TLSv1.2"
52 "CipherString" => "aECDSA"
55 "ExpectedResult" => "ServerFail"
59 name => "ECDSA Signature Algorithm Selection",
62 "SignatureAlgorithms" => "ECDSA+SHA256",
65 "ExpectedServerCertType" => "P-256",
66 "ExpectedServerSignHash" => "SHA256",
67 "ExpectedServerSignType" => "EC",
68 "ExpectedResult" => "Success"
72 name => "ECDSA Signature Algorithm Selection SHA384",
75 "SignatureAlgorithms" => "ECDSA+SHA384",
78 "ExpectedServerCertType" => "P-256",
79 "ExpectedServerSignHash" => "SHA384",
80 "ExpectedServerSignType" => "EC",
81 "ExpectedResult" => "Success"
85 name => "ECDSA Signature Algorithm Selection SHA1",
88 "SignatureAlgorithms" => "ECDSA+SHA1",
91 "ExpectedServerCertType" => "P-256",
92 "ExpectedServerSignHash" => "SHA1",
93 "ExpectedServerSignType" => "EC",
94 "ExpectedResult" => "Success"
98 name => "ECDSA Signature Algorithm Selection compressed point",
100 "ECDSA.Certificate" => test_pem("server-cecdsa-cert.pem"),
101 "ECDSA.PrivateKey" => test_pem("server-cecdsa-key.pem"),
102 "MaxProtocol" => "TLSv1.2"
105 "SignatureAlgorithms" => "ECDSA+SHA256",
108 "ExpectedServerCertType" => "P-256",
109 "ExpectedServerSignHash" => "SHA256",
110 "ExpectedServerSignType" => "EC",
111 "ExpectedResult" => "Success"
115 name => "ECDSA Signature Algorithm Selection, no ECDSA certificate",
117 "MaxProtocol" => "TLSv1.2"
120 "SignatureAlgorithms" => "ECDSA+SHA256",
123 "ExpectedResult" => "ServerFail"
127 name => "RSA Signature Algorithm Selection",
130 "SignatureAlgorithms" => "RSA+SHA256",
133 "ExpectedServerCertType" => "RSA",
134 "ExpectedServerSignHash" => "SHA256",
135 "ExpectedServerSignType" => "RSA",
136 "ExpectedResult" => "Success"
140 name => "RSA-PSS Signature Algorithm Selection",
143 "SignatureAlgorithms" => "RSA-PSS+SHA256",
146 "ExpectedServerCertType" => "RSA",
147 "ExpectedServerSignHash" => "SHA256",
148 "ExpectedServerSignType" => "RSA-PSS",
149 "ExpectedResult" => "Success"
153 name => "Suite B P-256 Hash Algorithm Selection",
155 "ECDSA.Certificate" => test_pem("p256-server-cert.pem"),
156 "ECDSA.PrivateKey" => test_pem("p256-server-key.pem"),
157 "MaxProtocol" => "TLSv1.2",
158 "CipherString" => "SUITEB128"
161 "VerifyCAFile" => test_pem("p384-root.pem"),
162 "SignatureAlgorithms" => "ECDSA+SHA384:ECDSA+SHA256"
165 "ExpectedServerCertType" => "P-256",
166 "ExpectedServerSignHash" => "SHA256",
167 "ExpectedServerSignType" => "EC",
168 "ExpectedResult" => "Success"
172 name => "Suite B P-384 Hash Algorithm Selection",
174 "ECDSA.Certificate" => test_pem("p384-server-cert.pem"),
175 "ECDSA.PrivateKey" => test_pem("p384-server-key.pem"),
176 "MaxProtocol" => "TLSv1.2",
177 "CipherString" => "SUITEB128"
180 "VerifyCAFile" => test_pem("p384-root.pem"),
181 "SignatureAlgorithms" => "ECDSA+SHA256:ECDSA+SHA384"
184 "ExpectedServerCertType" => "P-384",
185 "ExpectedServerSignHash" => "SHA384",
186 "ExpectedServerSignType" => "EC",
187 "ExpectedResult" => "Success"
193 my $server_tls_1_3 = {
194 "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
195 "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
196 "MinProtocol" => "TLSv1.3",
197 "MaxProtocol" => "TLSv1.3"
200 my $client_tls_1_3 = {
201 "RSA.Certificate" => test_pem("ee-client-chain.pem"),
202 "RSA.PrivateKey" => test_pem("ee-key.pem"),
203 "ECDSA.Certificate" => test_pem("ee-ecdsa-client-chain.pem"),
204 "ECDSA.PrivateKey" => test_pem("ee-ecdsa-key.pem"),
205 "MinProtocol" => "TLSv1.3",
206 "MaxProtocol" => "TLSv1.3"
209 my @tests_tls_1_3 = (
211 name => "TLS 1.3 ECDSA Signature Algorithm Selection",
212 server => $server_tls_1_3,
214 "SignatureAlgorithms" => "ECDSA+SHA256",
217 "ExpectedServerCertType" => "P-256",
218 "ExpectedServerSignHash" => "SHA256",
219 "ExpectedServerSignType" => "EC",
220 "ExpectedServerCANames" => "empty",
221 "ExpectedResult" => "Success"
225 name => "TLS 1.3 ECDSA Signature Algorithm Selection compressed point",
227 "ECDSA.Certificate" => test_pem("server-cecdsa-cert.pem"),
228 "ECDSA.PrivateKey" => test_pem("server-cecdsa-key.pem"),
229 "MinProtocol" => "TLSv1.3",
230 "MaxProtocol" => "TLSv1.3"
233 "SignatureAlgorithms" => "ECDSA+SHA256",
236 "ExpectedResult" => "ServerFail"
240 name => "TLS 1.3 ECDSA Signature Algorithm Selection SHA1",
241 server => $server_tls_1_3,
243 "SignatureAlgorithms" => "ECDSA+SHA1",
246 "ExpectedResult" => "ServerFail"
250 name => "TLS 1.3 ECDSA Signature Algorithm Selection with PSS",
251 server => $server_tls_1_3,
253 "SignatureAlgorithms" => "ECDSA+SHA256:RSA-PSS+SHA256",
254 "RequestCAFile" => test_pem("root-cert.pem"),
257 "ExpectedServerCertType" => "P-256",
258 "ExpectedServerSignHash" => "SHA256",
259 "ExpectedServerSignType" => "EC",
260 "ExpectedServerCANames" => test_pem("root-cert.pem"),
261 "ExpectedResult" => "Success"
265 name => "TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS",
266 server => $server_tls_1_3,
268 "SignatureAlgorithms" => "ECDSA+SHA384:RSA-PSS+SHA384",
271 "ExpectedServerCertType" => "RSA",
272 "ExpectedServerSignHash" => "SHA384",
273 "ExpectedServerSignType" => "RSA-PSS",
274 "ExpectedResult" => "Success"
278 name => "TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate",
280 "MinProtocol" => "TLSv1.3",
281 "MaxProtocol" => "TLSv1.3"
284 "SignatureAlgorithms" => "ECDSA+SHA256",
287 "ExpectedResult" => "ServerFail"
291 name => "TLS 1.3 RSA Signature Algorithm Selection, no PSS",
292 server => $server_tls_1_3,
294 "SignatureAlgorithms" => "RSA+SHA256",
297 "ExpectedResult" => "ServerFail"
301 name => "TLS 1.3 RSA-PSS Signature Algorithm Selection",
302 server => $server_tls_1_3,
304 "SignatureAlgorithms" => "RSA-PSS+SHA256",
307 "ExpectedServerCertType" => "RSA",
308 "ExpectedServerSignHash" => "SHA256",
309 "ExpectedServerSignType" => "RSA-PSS",
310 "ExpectedResult" => "Success"
314 name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection",
316 "ClientSignatureAlgorithms" => "PSS+SHA256",
317 "VerifyCAFile" => test_pem("root-cert.pem"),
318 "VerifyMode" => "Require"
320 client => $client_tls_1_3,
322 "ExpectedClientCertType" => "RSA",
323 "ExpectedClientSignHash" => "SHA256",
324 "ExpectedClientSignType" => "RSA-PSS",
325 "ExpectedClientCANames" => "empty",
326 "ExpectedResult" => "Success"
330 name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names",
332 "ClientSignatureAlgorithms" => "PSS+SHA256",
333 "VerifyCAFile" => test_pem("root-cert.pem"),
334 "RequestCAFile" => test_pem("root-cert.pem"),
335 "VerifyMode" => "Require"
337 client => $client_tls_1_3,
339 "ExpectedClientCertType" => "RSA",
340 "ExpectedClientSignHash" => "SHA256",
341 "ExpectedClientSignType" => "RSA-PSS",
342 "ExpectedClientCANames" => test_pem("root-cert.pem"),
343 "ExpectedResult" => "Success"
347 name => "TLS 1.3 ECDSA Client Auth Signature Algorithm Selection",
349 "ClientSignatureAlgorithms" => "ECDSA+SHA256",
350 "VerifyCAFile" => test_pem("root-cert.pem"),
351 "VerifyMode" => "Require"
353 client => $client_tls_1_3,
355 "ExpectedClientCertType" => "P-256",
356 "ExpectedClientSignHash" => "SHA256",
357 "ExpectedClientSignType" => "EC",
358 "ExpectedResult" => "Success"
362 name => "TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms",
364 "ClientSignatureAlgorithms" => "ECDSA+SHA1:DSA+SHA256:RSA+SHA256",
365 "VerifyCAFile" => test_pem("root-cert.pem"),
366 "VerifyMode" => "Request"
370 "ExpectedResult" => "ServerFail"
375 push @tests, @tests_tls_1_3 unless disabled("tls1_3");
377 my @tests_dsa_tls_1_2 = (
379 name => "TLS 1.2 DSA Certificate Test",
381 "DSA.Certificate" => test_pem("server-dsa-cert.pem"),
382 "DSA.PrivateKey" => test_pem("server-dsa-key.pem"),
383 "DHParameters" => test_pem("dhp2048.pem"),
384 "MinProtocol" => "TLSv1.2",
385 "MaxProtocol" => "TLSv1.2",
386 "CipherString" => "ALL",
389 "SignatureAlgorithms" => "DSA+SHA256:DSA+SHA1",
390 "CipherString" => "ALL",
393 "ExpectedResult" => "Success"
398 my @tests_dsa_tls_1_3 = (
400 name => "TLS 1.3 DSA Certificate Test",
402 "DSA.Certificate" => test_pem("server-dsa-cert.pem"),
403 "DSA.PrivateKey" => test_pem("server-dsa-key.pem"),
404 "MinProtocol" => "TLSv1.3",
405 "MaxProtocol" => "TLSv1.3",
406 "CipherString" => "ALL",
409 "SignatureAlgorithms" => "DSA+SHA1:DSA+SHA256:ECDSA+SHA256",
410 "CipherString" => "ALL",
413 "ExpectedResult" => "ServerFail"
418 if (!disabled("dsa")) {
419 push @tests, @tests_dsa_tls_1_2 unless disabled("dh");
420 push @tests, @tests_dsa_tls_1_3 unless disabled("tls1_3");