1 # Generated with generate_ssl_tests.pl
5 test-0 = 0-ECDSA CipherString Selection
6 test-1 = 1-ECDSA CipherString Selection
7 test-2 = 2-ECDSA CipherString Selection
8 test-3 = 3-Ed25519 CipherString and Signature Algorithm Selection
9 test-4 = 4-Ed448 CipherString and Signature Algorithm Selection
10 test-5 = 5-ECDSA with brainpool
11 test-6 = 6-RSA CipherString Selection
12 test-7 = 7-RSA-PSS Certificate CipherString Selection
13 test-8 = 8-P-256 CipherString and Signature Algorithm Selection
14 test-9 = 9-Ed25519 CipherString and Curves Selection
15 test-10 = 10-Ed448 CipherString and Curves Selection
16 test-11 = 11-ECDSA CipherString Selection, no ECDSA certificate
17 test-12 = 12-ECDSA Signature Algorithm Selection
18 test-13 = 13-ECDSA Signature Algorithm Selection SHA384
19 test-14 = 14-ECDSA Signature Algorithm Selection SHA1
20 test-15 = 15-ECDSA Signature Algorithm Selection compressed point
21 test-16 = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate
22 test-17 = 17-RSA Signature Algorithm Selection
23 test-18 = 18-RSA-PSS Signature Algorithm Selection
24 test-19 = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection
25 test-20 = 20-RSA-PSS Certificate Unified Signature Algorithm Selection
26 test-21 = 21-Only RSA-PSS Certificate
27 test-22 = 22-RSA-PSS Certificate, no PSS signature algorithms
28 test-23 = 23-RSA key exchange with all RSA certificate types
29 test-24 = 24-RSA key exchange with only RSA-PSS certificate
30 test-25 = 25-Suite B P-256 Hash Algorithm Selection
31 test-26 = 26-Suite B P-384 Hash Algorithm Selection
32 test-27 = 27-TLS 1.2 Ed25519 Client Auth
33 test-28 = 28-TLS 1.2 Ed448 Client Auth
34 test-29 = 29-Only RSA-PSS Certificate, TLS v1.1
35 test-30 = 30-TLS 1.3 ECDSA Signature Algorithm Selection
36 test-31 = 31-TLS 1.3 ECDSA Signature Algorithm Selection compressed point
37 test-32 = 32-TLS 1.3 ECDSA Signature Algorithm Selection SHA1
38 test-33 = 33-TLS 1.3 ECDSA Signature Algorithm Selection with PSS
39 test-34 = 34-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS
40 test-35 = 35-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate
41 test-36 = 36-TLS 1.3 RSA Signature Algorithm Selection, no PSS
42 test-37 = 37-TLS 1.3 RSA-PSS Signature Algorithm Selection
43 test-38 = 38-TLS 1.3 Ed25519 Signature Algorithm Selection
44 test-39 = 39-TLS 1.3 Ed448 Signature Algorithm Selection
45 test-40 = 40-TLS 1.3 Ed25519 CipherString and Groups Selection
46 test-41 = 41-TLS 1.3 Ed448 CipherString and Groups Selection
47 test-42 = 42-TLS 1.3 RSA Client Auth Signature Algorithm Selection
48 test-43 = 43-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names
49 test-44 = 44-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection
50 test-45 = 45-TLS 1.3 Ed25519 Client Auth
51 test-46 = 46-TLS 1.3 Ed448 Client Auth
52 test-47 = 47-TLS 1.3 ECDSA with brainpool
53 test-48 = 48-TLS 1.2 DSA Certificate Test
54 test-49 = 49-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms
55 test-50 = 50-TLS 1.3 DSA Certificate Test
56 # ===========================================================
58 [0-ECDSA CipherString Selection]
59 ssl_conf = 0-ECDSA CipherString Selection-ssl
61 [0-ECDSA CipherString Selection-ssl]
62 server = 0-ECDSA CipherString Selection-server
63 client = 0-ECDSA CipherString Selection-client
65 [0-ECDSA CipherString Selection-server]
66 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
67 CipherString = DEFAULT
68 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
69 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
70 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
71 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
72 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
73 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
75 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
77 [0-ECDSA CipherString Selection-client]
80 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
81 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
85 ExpectedResult = Success
86 ExpectedServerCANames = empty
87 ExpectedServerCertType = P-256
88 ExpectedServerSignType = EC
91 # ===========================================================
93 [1-ECDSA CipherString Selection]
94 ssl_conf = 1-ECDSA CipherString Selection-ssl
96 [1-ECDSA CipherString Selection-ssl]
97 server = 1-ECDSA CipherString Selection-server
98 client = 1-ECDSA CipherString Selection-client
100 [1-ECDSA CipherString Selection-server]
101 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
102 CipherString = DEFAULT
103 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
104 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
106 MaxProtocol = TLSv1.2
107 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
109 [1-ECDSA CipherString Selection-client]
110 CipherString = aECDSA
112 MaxProtocol = TLSv1.2
113 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
114 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
118 ExpectedResult = Success
119 ExpectedServerCANames = empty
120 ExpectedServerCertType = P-256
121 ExpectedServerSignType = EC
124 # ===========================================================
126 [2-ECDSA CipherString Selection]
127 ssl_conf = 2-ECDSA CipherString Selection-ssl
129 [2-ECDSA CipherString Selection-ssl]
130 server = 2-ECDSA CipherString Selection-server
131 client = 2-ECDSA CipherString Selection-client
133 [2-ECDSA CipherString Selection-server]
134 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
135 CipherString = DEFAULT
136 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
137 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
139 MaxProtocol = TLSv1.2
140 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
142 [2-ECDSA CipherString Selection-client]
143 CipherString = aECDSA
145 MaxProtocol = TLSv1.2
146 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
147 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
151 ExpectedResult = ServerFail
154 # ===========================================================
156 [3-Ed25519 CipherString and Signature Algorithm Selection]
157 ssl_conf = 3-Ed25519 CipherString and Signature Algorithm Selection-ssl
159 [3-Ed25519 CipherString and Signature Algorithm Selection-ssl]
160 server = 3-Ed25519 CipherString and Signature Algorithm Selection-server
161 client = 3-Ed25519 CipherString and Signature Algorithm Selection-client
163 [3-Ed25519 CipherString and Signature Algorithm Selection-server]
164 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
165 CipherString = DEFAULT
166 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
167 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
168 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
169 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
170 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
171 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
172 MaxProtocol = TLSv1.2
173 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
175 [3-Ed25519 CipherString and Signature Algorithm Selection-client]
176 CipherString = aECDSA
177 MaxProtocol = TLSv1.2
178 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
179 SignatureAlgorithms = ed25519:ECDSA+SHA256
180 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
184 ExpectedResult = Success
185 ExpectedServerCANames = empty
186 ExpectedServerCertType = Ed25519
187 ExpectedServerSignType = Ed25519
190 # ===========================================================
192 [4-Ed448 CipherString and Signature Algorithm Selection]
193 ssl_conf = 4-Ed448 CipherString and Signature Algorithm Selection-ssl
195 [4-Ed448 CipherString and Signature Algorithm Selection-ssl]
196 server = 4-Ed448 CipherString and Signature Algorithm Selection-server
197 client = 4-Ed448 CipherString and Signature Algorithm Selection-client
199 [4-Ed448 CipherString and Signature Algorithm Selection-server]
200 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
201 CipherString = DEFAULT
202 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
203 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
204 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
205 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
206 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
207 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
208 MaxProtocol = TLSv1.2
209 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
211 [4-Ed448 CipherString and Signature Algorithm Selection-client]
212 CipherString = aECDSA
213 MaxProtocol = TLSv1.2
214 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
215 SignatureAlgorithms = ed448:ECDSA+SHA256
216 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
220 ExpectedResult = Success
221 ExpectedServerCANames = empty
222 ExpectedServerCertType = Ed448
223 ExpectedServerSignType = Ed448
226 # ===========================================================
228 [5-ECDSA with brainpool]
229 ssl_conf = 5-ECDSA with brainpool-ssl
231 [5-ECDSA with brainpool-ssl]
232 server = 5-ECDSA with brainpool-server
233 client = 5-ECDSA with brainpool-client
235 [5-ECDSA with brainpool-server]
236 Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
237 CipherString = DEFAULT
238 Groups = brainpoolP256r1
239 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
241 [5-ECDSA with brainpool-client]
242 CipherString = aECDSA
243 Groups = brainpoolP256r1
244 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
245 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
249 ExpectedResult = Success
250 ExpectedServerCANames = empty
251 ExpectedServerCertType = brainpoolP256r1
252 ExpectedServerSignType = EC
255 # ===========================================================
257 [6-RSA CipherString Selection]
258 ssl_conf = 6-RSA CipherString Selection-ssl
260 [6-RSA CipherString Selection-ssl]
261 server = 6-RSA CipherString Selection-server
262 client = 6-RSA CipherString Selection-client
264 [6-RSA CipherString Selection-server]
265 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
266 CipherString = DEFAULT
267 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
268 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
269 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
270 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
271 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
272 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
273 MaxProtocol = TLSv1.2
274 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
276 [6-RSA CipherString Selection-client]
278 MaxProtocol = TLSv1.2
279 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
283 ExpectedResult = Success
284 ExpectedServerCertType = RSA
285 ExpectedServerSignType = RSA-PSS
288 # ===========================================================
290 [7-RSA-PSS Certificate CipherString Selection]
291 ssl_conf = 7-RSA-PSS Certificate CipherString Selection-ssl
293 [7-RSA-PSS Certificate CipherString Selection-ssl]
294 server = 7-RSA-PSS Certificate CipherString Selection-server
295 client = 7-RSA-PSS Certificate CipherString Selection-client
297 [7-RSA-PSS Certificate CipherString Selection-server]
298 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
299 CipherString = DEFAULT
300 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
301 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
302 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
303 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
304 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
305 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
306 MaxProtocol = TLSv1.2
307 PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
308 PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
309 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
311 [7-RSA-PSS Certificate CipherString Selection-client]
313 MaxProtocol = TLSv1.2
314 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
318 ExpectedResult = Success
319 ExpectedServerCertType = RSA-PSS
320 ExpectedServerSignType = RSA-PSS
323 # ===========================================================
325 [8-P-256 CipherString and Signature Algorithm Selection]
326 ssl_conf = 8-P-256 CipherString and Signature Algorithm Selection-ssl
328 [8-P-256 CipherString and Signature Algorithm Selection-ssl]
329 server = 8-P-256 CipherString and Signature Algorithm Selection-server
330 client = 8-P-256 CipherString and Signature Algorithm Selection-client
332 [8-P-256 CipherString and Signature Algorithm Selection-server]
333 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
334 CipherString = DEFAULT
335 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
336 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
337 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
338 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
339 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
340 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
341 MaxProtocol = TLSv1.2
342 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
344 [8-P-256 CipherString and Signature Algorithm Selection-client]
345 CipherString = aECDSA
346 MaxProtocol = TLSv1.2
347 SignatureAlgorithms = ECDSA+SHA256:ed25519
348 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
352 ExpectedResult = Success
353 ExpectedServerCertType = P-256
354 ExpectedServerSignHash = SHA256
355 ExpectedServerSignType = EC
358 # ===========================================================
360 [9-Ed25519 CipherString and Curves Selection]
361 ssl_conf = 9-Ed25519 CipherString and Curves Selection-ssl
363 [9-Ed25519 CipherString and Curves Selection-ssl]
364 server = 9-Ed25519 CipherString and Curves Selection-server
365 client = 9-Ed25519 CipherString and Curves Selection-client
367 [9-Ed25519 CipherString and Curves Selection-server]
368 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
369 CipherString = DEFAULT
370 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
371 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
372 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
373 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
374 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
375 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
376 MaxProtocol = TLSv1.2
377 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
379 [9-Ed25519 CipherString and Curves Selection-client]
380 CipherString = aECDSA
382 MaxProtocol = TLSv1.2
383 SignatureAlgorithms = ECDSA+SHA256:ed25519
384 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
388 ExpectedResult = Success
389 ExpectedServerCertType = Ed25519
390 ExpectedServerSignType = Ed25519
393 # ===========================================================
395 [10-Ed448 CipherString and Curves Selection]
396 ssl_conf = 10-Ed448 CipherString and Curves Selection-ssl
398 [10-Ed448 CipherString and Curves Selection-ssl]
399 server = 10-Ed448 CipherString and Curves Selection-server
400 client = 10-Ed448 CipherString and Curves Selection-client
402 [10-Ed448 CipherString and Curves Selection-server]
403 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
404 CipherString = DEFAULT
405 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
406 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
407 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
408 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
409 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
410 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
411 MaxProtocol = TLSv1.2
412 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
414 [10-Ed448 CipherString and Curves Selection-client]
415 CipherString = aECDSA
417 MaxProtocol = TLSv1.2
418 SignatureAlgorithms = ECDSA+SHA256:ed448
419 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
423 ExpectedResult = Success
424 ExpectedServerCertType = Ed448
425 ExpectedServerSignType = Ed448
428 # ===========================================================
430 [11-ECDSA CipherString Selection, no ECDSA certificate]
431 ssl_conf = 11-ECDSA CipherString Selection, no ECDSA certificate-ssl
433 [11-ECDSA CipherString Selection, no ECDSA certificate-ssl]
434 server = 11-ECDSA CipherString Selection, no ECDSA certificate-server
435 client = 11-ECDSA CipherString Selection, no ECDSA certificate-client
437 [11-ECDSA CipherString Selection, no ECDSA certificate-server]
438 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
439 CipherString = DEFAULT
440 MaxProtocol = TLSv1.2
441 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
443 [11-ECDSA CipherString Selection, no ECDSA certificate-client]
444 CipherString = aECDSA
445 MaxProtocol = TLSv1.2
446 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
450 ExpectedResult = ServerFail
453 # ===========================================================
455 [12-ECDSA Signature Algorithm Selection]
456 ssl_conf = 12-ECDSA Signature Algorithm Selection-ssl
458 [12-ECDSA Signature Algorithm Selection-ssl]
459 server = 12-ECDSA Signature Algorithm Selection-server
460 client = 12-ECDSA Signature Algorithm Selection-client
462 [12-ECDSA Signature Algorithm Selection-server]
463 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
464 CipherString = DEFAULT
465 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
466 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
467 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
468 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
469 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
470 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
471 MaxProtocol = TLSv1.2
472 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
474 [12-ECDSA Signature Algorithm Selection-client]
475 CipherString = DEFAULT
476 SignatureAlgorithms = ECDSA+SHA256
477 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
481 ExpectedResult = Success
482 ExpectedServerCertType = P-256
483 ExpectedServerSignHash = SHA256
484 ExpectedServerSignType = EC
487 # ===========================================================
489 [13-ECDSA Signature Algorithm Selection SHA384]
490 ssl_conf = 13-ECDSA Signature Algorithm Selection SHA384-ssl
492 [13-ECDSA Signature Algorithm Selection SHA384-ssl]
493 server = 13-ECDSA Signature Algorithm Selection SHA384-server
494 client = 13-ECDSA Signature Algorithm Selection SHA384-client
496 [13-ECDSA Signature Algorithm Selection SHA384-server]
497 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
498 CipherString = DEFAULT
499 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
500 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
501 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
502 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
503 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
504 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
505 MaxProtocol = TLSv1.2
506 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
508 [13-ECDSA Signature Algorithm Selection SHA384-client]
509 CipherString = DEFAULT
510 SignatureAlgorithms = ECDSA+SHA384
511 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
515 ExpectedResult = Success
516 ExpectedServerCertType = P-256
517 ExpectedServerSignHash = SHA384
518 ExpectedServerSignType = EC
521 # ===========================================================
523 [14-ECDSA Signature Algorithm Selection SHA1]
524 ssl_conf = 14-ECDSA Signature Algorithm Selection SHA1-ssl
526 [14-ECDSA Signature Algorithm Selection SHA1-ssl]
527 server = 14-ECDSA Signature Algorithm Selection SHA1-server
528 client = 14-ECDSA Signature Algorithm Selection SHA1-client
530 [14-ECDSA Signature Algorithm Selection SHA1-server]
531 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
532 CipherString = DEFAULT
533 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
534 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
535 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
536 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
537 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
538 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
539 MaxProtocol = TLSv1.2
540 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
542 [14-ECDSA Signature Algorithm Selection SHA1-client]
543 CipherString = DEFAULT
544 SignatureAlgorithms = ECDSA+SHA1
545 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
549 ExpectedResult = Success
550 ExpectedServerCertType = P-256
551 ExpectedServerSignHash = SHA1
552 ExpectedServerSignType = EC
555 # ===========================================================
557 [15-ECDSA Signature Algorithm Selection compressed point]
558 ssl_conf = 15-ECDSA Signature Algorithm Selection compressed point-ssl
560 [15-ECDSA Signature Algorithm Selection compressed point-ssl]
561 server = 15-ECDSA Signature Algorithm Selection compressed point-server
562 client = 15-ECDSA Signature Algorithm Selection compressed point-client
564 [15-ECDSA Signature Algorithm Selection compressed point-server]
565 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
566 CipherString = DEFAULT
567 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem
568 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem
569 MaxProtocol = TLSv1.2
570 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
572 [15-ECDSA Signature Algorithm Selection compressed point-client]
573 CipherString = DEFAULT
574 SignatureAlgorithms = ECDSA+SHA256
575 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
579 ExpectedResult = Success
580 ExpectedServerCertType = P-256
581 ExpectedServerSignHash = SHA256
582 ExpectedServerSignType = EC
585 # ===========================================================
587 [16-ECDSA Signature Algorithm Selection, no ECDSA certificate]
588 ssl_conf = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl
590 [16-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
591 server = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-server
592 client = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-client
594 [16-ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
595 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
596 CipherString = DEFAULT
597 MaxProtocol = TLSv1.2
598 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
600 [16-ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
601 CipherString = DEFAULT
602 SignatureAlgorithms = ECDSA+SHA256
603 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
607 ExpectedResult = ServerFail
610 # ===========================================================
612 [17-RSA Signature Algorithm Selection]
613 ssl_conf = 17-RSA Signature Algorithm Selection-ssl
615 [17-RSA Signature Algorithm Selection-ssl]
616 server = 17-RSA Signature Algorithm Selection-server
617 client = 17-RSA Signature Algorithm Selection-client
619 [17-RSA Signature Algorithm Selection-server]
620 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
621 CipherString = DEFAULT
622 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
623 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
624 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
625 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
626 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
627 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
628 MaxProtocol = TLSv1.2
629 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
631 [17-RSA Signature Algorithm Selection-client]
632 CipherString = DEFAULT
633 SignatureAlgorithms = RSA+SHA256
634 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
638 ExpectedResult = Success
639 ExpectedServerCertType = RSA
640 ExpectedServerSignHash = SHA256
641 ExpectedServerSignType = RSA
644 # ===========================================================
646 [18-RSA-PSS Signature Algorithm Selection]
647 ssl_conf = 18-RSA-PSS Signature Algorithm Selection-ssl
649 [18-RSA-PSS Signature Algorithm Selection-ssl]
650 server = 18-RSA-PSS Signature Algorithm Selection-server
651 client = 18-RSA-PSS Signature Algorithm Selection-client
653 [18-RSA-PSS Signature Algorithm Selection-server]
654 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
655 CipherString = DEFAULT
656 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
657 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
658 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
659 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
660 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
661 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
662 MaxProtocol = TLSv1.2
663 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
665 [18-RSA-PSS Signature Algorithm Selection-client]
666 CipherString = DEFAULT
667 SignatureAlgorithms = RSA-PSS+SHA256
668 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
672 ExpectedResult = Success
673 ExpectedServerCertType = RSA
674 ExpectedServerSignHash = SHA256
675 ExpectedServerSignType = RSA-PSS
678 # ===========================================================
680 [19-RSA-PSS Certificate Legacy Signature Algorithm Selection]
681 ssl_conf = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl
683 [19-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl]
684 server = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-server
685 client = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-client
687 [19-RSA-PSS Certificate Legacy Signature Algorithm Selection-server]
688 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
689 CipherString = DEFAULT
690 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
691 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
692 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
693 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
694 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
695 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
696 MaxProtocol = TLSv1.2
697 PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
698 PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
699 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
701 [19-RSA-PSS Certificate Legacy Signature Algorithm Selection-client]
702 CipherString = DEFAULT
703 SignatureAlgorithms = RSA-PSS+SHA256
704 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
708 ExpectedResult = Success
709 ExpectedServerCertType = RSA
710 ExpectedServerSignHash = SHA256
711 ExpectedServerSignType = RSA-PSS
714 # ===========================================================
716 [20-RSA-PSS Certificate Unified Signature Algorithm Selection]
717 ssl_conf = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl
719 [20-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl]
720 server = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-server
721 client = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-client
723 [20-RSA-PSS Certificate Unified Signature Algorithm Selection-server]
724 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
725 CipherString = DEFAULT
726 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
727 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
728 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
729 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
730 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
731 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
732 MaxProtocol = TLSv1.2
733 PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
734 PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
735 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
737 [20-RSA-PSS Certificate Unified Signature Algorithm Selection-client]
738 CipherString = DEFAULT
739 SignatureAlgorithms = rsa_pss_pss_sha256
740 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
744 ExpectedResult = Success
745 ExpectedServerCertType = RSA-PSS
746 ExpectedServerSignHash = SHA256
747 ExpectedServerSignType = RSA-PSS
750 # ===========================================================
752 [21-Only RSA-PSS Certificate]
753 ssl_conf = 21-Only RSA-PSS Certificate-ssl
755 [21-Only RSA-PSS Certificate-ssl]
756 server = 21-Only RSA-PSS Certificate-server
757 client = 21-Only RSA-PSS Certificate-client
759 [21-Only RSA-PSS Certificate-server]
760 Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
761 CipherString = DEFAULT
762 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
764 [21-Only RSA-PSS Certificate-client]
765 CipherString = DEFAULT
766 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
770 ExpectedResult = Success
771 ExpectedServerCertType = RSA-PSS
772 ExpectedServerSignHash = SHA256
773 ExpectedServerSignType = RSA-PSS
776 # ===========================================================
778 [22-RSA-PSS Certificate, no PSS signature algorithms]
779 ssl_conf = 22-RSA-PSS Certificate, no PSS signature algorithms-ssl
781 [22-RSA-PSS Certificate, no PSS signature algorithms-ssl]
782 server = 22-RSA-PSS Certificate, no PSS signature algorithms-server
783 client = 22-RSA-PSS Certificate, no PSS signature algorithms-client
785 [22-RSA-PSS Certificate, no PSS signature algorithms-server]
786 Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
787 CipherString = DEFAULT
788 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
790 [22-RSA-PSS Certificate, no PSS signature algorithms-client]
791 CipherString = DEFAULT
792 SignatureAlgorithms = RSA+SHA256
793 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
797 ExpectedResult = ServerFail
800 # ===========================================================
802 [23-RSA key exchange with all RSA certificate types]
803 ssl_conf = 23-RSA key exchange with all RSA certificate types-ssl
805 [23-RSA key exchange with all RSA certificate types-ssl]
806 server = 23-RSA key exchange with all RSA certificate types-server
807 client = 23-RSA key exchange with all RSA certificate types-client
809 [23-RSA key exchange with all RSA certificate types-server]
810 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
811 CipherString = DEFAULT
812 PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
813 PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
814 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
816 [23-RSA key exchange with all RSA certificate types-client]
818 MaxProtocol = TLSv1.2
819 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
823 ExpectedResult = Success
824 ExpectedServerCertType = RSA
827 # ===========================================================
829 [24-RSA key exchange with only RSA-PSS certificate]
830 ssl_conf = 24-RSA key exchange with only RSA-PSS certificate-ssl
832 [24-RSA key exchange with only RSA-PSS certificate-ssl]
833 server = 24-RSA key exchange with only RSA-PSS certificate-server
834 client = 24-RSA key exchange with only RSA-PSS certificate-client
836 [24-RSA key exchange with only RSA-PSS certificate-server]
837 Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
838 CipherString = DEFAULT
839 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
841 [24-RSA key exchange with only RSA-PSS certificate-client]
843 MaxProtocol = TLSv1.2
844 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
848 ExpectedResult = ServerFail
851 # ===========================================================
853 [25-Suite B P-256 Hash Algorithm Selection]
854 ssl_conf = 25-Suite B P-256 Hash Algorithm Selection-ssl
856 [25-Suite B P-256 Hash Algorithm Selection-ssl]
857 server = 25-Suite B P-256 Hash Algorithm Selection-server
858 client = 25-Suite B P-256 Hash Algorithm Selection-client
860 [25-Suite B P-256 Hash Algorithm Selection-server]
861 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
862 CipherString = SUITEB128
863 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p256-server-cert.pem
864 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p256-server-key.pem
865 MaxProtocol = TLSv1.2
866 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
868 [25-Suite B P-256 Hash Algorithm Selection-client]
869 CipherString = DEFAULT
870 SignatureAlgorithms = ECDSA+SHA384:ECDSA+SHA256
871 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
875 ExpectedResult = Success
876 ExpectedServerCertType = P-256
877 ExpectedServerSignHash = SHA256
878 ExpectedServerSignType = EC
881 # ===========================================================
883 [26-Suite B P-384 Hash Algorithm Selection]
884 ssl_conf = 26-Suite B P-384 Hash Algorithm Selection-ssl
886 [26-Suite B P-384 Hash Algorithm Selection-ssl]
887 server = 26-Suite B P-384 Hash Algorithm Selection-server
888 client = 26-Suite B P-384 Hash Algorithm Selection-client
890 [26-Suite B P-384 Hash Algorithm Selection-server]
891 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
892 CipherString = SUITEB128
893 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem
894 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem
895 MaxProtocol = TLSv1.2
896 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
898 [26-Suite B P-384 Hash Algorithm Selection-client]
899 CipherString = DEFAULT
900 SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384
901 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
905 ExpectedResult = Success
906 ExpectedServerCertType = P-384
907 ExpectedServerSignHash = SHA384
908 ExpectedServerSignType = EC
911 # ===========================================================
913 [27-TLS 1.2 Ed25519 Client Auth]
914 ssl_conf = 27-TLS 1.2 Ed25519 Client Auth-ssl
916 [27-TLS 1.2 Ed25519 Client Auth-ssl]
917 server = 27-TLS 1.2 Ed25519 Client Auth-server
918 client = 27-TLS 1.2 Ed25519 Client Auth-client
920 [27-TLS 1.2 Ed25519 Client Auth-server]
921 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
922 CipherString = DEFAULT
923 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
924 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
927 [27-TLS 1.2 Ed25519 Client Auth-client]
928 CipherString = DEFAULT
929 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem
930 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem
931 MaxProtocol = TLSv1.2
932 MinProtocol = TLSv1.2
933 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
937 ExpectedClientCertType = Ed25519
938 ExpectedClientSignType = Ed25519
939 ExpectedResult = Success
942 # ===========================================================
944 [28-TLS 1.2 Ed448 Client Auth]
945 ssl_conf = 28-TLS 1.2 Ed448 Client Auth-ssl
947 [28-TLS 1.2 Ed448 Client Auth-ssl]
948 server = 28-TLS 1.2 Ed448 Client Auth-server
949 client = 28-TLS 1.2 Ed448 Client Auth-client
951 [28-TLS 1.2 Ed448 Client Auth-server]
952 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
953 CipherString = DEFAULT
954 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
955 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
958 [28-TLS 1.2 Ed448 Client Auth-client]
959 CipherString = DEFAULT
960 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem
961 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem
962 MaxProtocol = TLSv1.2
963 MinProtocol = TLSv1.2
964 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
968 ExpectedClientCertType = Ed448
969 ExpectedClientSignType = Ed448
970 ExpectedResult = Success
973 # ===========================================================
975 [29-Only RSA-PSS Certificate, TLS v1.1]
976 ssl_conf = 29-Only RSA-PSS Certificate, TLS v1.1-ssl
978 [29-Only RSA-PSS Certificate, TLS v1.1-ssl]
979 server = 29-Only RSA-PSS Certificate, TLS v1.1-server
980 client = 29-Only RSA-PSS Certificate, TLS v1.1-client
982 [29-Only RSA-PSS Certificate, TLS v1.1-server]
983 Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
984 CipherString = DEFAULT
985 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
987 [29-Only RSA-PSS Certificate, TLS v1.1-client]
988 CipherString = DEFAULT
989 MaxProtocol = TLSv1.1
990 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
994 ExpectedResult = ServerFail
997 # ===========================================================
999 [30-TLS 1.3 ECDSA Signature Algorithm Selection]
1000 ssl_conf = 30-TLS 1.3 ECDSA Signature Algorithm Selection-ssl
1002 [30-TLS 1.3 ECDSA Signature Algorithm Selection-ssl]
1003 server = 30-TLS 1.3 ECDSA Signature Algorithm Selection-server
1004 client = 30-TLS 1.3 ECDSA Signature Algorithm Selection-client
1006 [30-TLS 1.3 ECDSA Signature Algorithm Selection-server]
1007 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1008 CipherString = DEFAULT
1009 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1010 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1011 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1012 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1013 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1014 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1015 MaxProtocol = TLSv1.3
1016 MinProtocol = TLSv1.3
1017 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1019 [30-TLS 1.3 ECDSA Signature Algorithm Selection-client]
1020 CipherString = DEFAULT
1021 SignatureAlgorithms = ECDSA+SHA256
1022 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1026 ExpectedResult = Success
1027 ExpectedServerCANames = empty
1028 ExpectedServerCertType = P-256
1029 ExpectedServerSignHash = SHA256
1030 ExpectedServerSignType = EC
1033 # ===========================================================
1035 [31-TLS 1.3 ECDSA Signature Algorithm Selection compressed point]
1036 ssl_conf = 31-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl
1038 [31-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl]
1039 server = 31-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server
1040 client = 31-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client
1042 [31-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server]
1043 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1044 CipherString = DEFAULT
1045 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem
1046 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem
1047 MaxProtocol = TLSv1.3
1048 MinProtocol = TLSv1.3
1049 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1051 [31-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client]
1052 CipherString = DEFAULT
1053 SignatureAlgorithms = ECDSA+SHA256
1054 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1058 ExpectedResult = Success
1059 ExpectedServerCANames = empty
1060 ExpectedServerCertType = P-256
1061 ExpectedServerSignHash = SHA256
1062 ExpectedServerSignType = EC
1065 # ===========================================================
1067 [32-TLS 1.3 ECDSA Signature Algorithm Selection SHA1]
1068 ssl_conf = 32-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl
1070 [32-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl]
1071 server = 32-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server
1072 client = 32-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client
1074 [32-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server]
1075 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1076 CipherString = DEFAULT
1077 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1078 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1079 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1080 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1081 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1082 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1083 MaxProtocol = TLSv1.3
1084 MinProtocol = TLSv1.3
1085 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1087 [32-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client]
1088 CipherString = DEFAULT
1089 SignatureAlgorithms = ECDSA+SHA1
1090 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1094 ExpectedResult = ServerFail
1097 # ===========================================================
1099 [33-TLS 1.3 ECDSA Signature Algorithm Selection with PSS]
1100 ssl_conf = 33-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl
1102 [33-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl]
1103 server = 33-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server
1104 client = 33-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client
1106 [33-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server]
1107 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1108 CipherString = DEFAULT
1109 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1110 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1111 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1112 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1113 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1114 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1115 MaxProtocol = TLSv1.3
1116 MinProtocol = TLSv1.3
1117 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1119 [33-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client]
1120 CipherString = DEFAULT
1121 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1122 SignatureAlgorithms = ECDSA+SHA256:RSA-PSS+SHA256
1123 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1127 ExpectedResult = Success
1128 ExpectedServerCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1129 ExpectedServerCertType = P-256
1130 ExpectedServerSignHash = SHA256
1131 ExpectedServerSignType = EC
1134 # ===========================================================
1136 [34-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS]
1137 ssl_conf = 34-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl
1139 [34-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl]
1140 server = 34-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server
1141 client = 34-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client
1143 [34-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server]
1144 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1145 CipherString = DEFAULT
1146 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1147 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1148 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1149 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1150 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1151 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1152 MaxProtocol = TLSv1.3
1153 MinProtocol = TLSv1.3
1154 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1156 [34-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client]
1157 CipherString = DEFAULT
1158 SignatureAlgorithms = ECDSA+SHA384:RSA-PSS+SHA384
1159 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1163 ExpectedResult = Success
1164 ExpectedServerCertType = RSA
1165 ExpectedServerSignHash = SHA384
1166 ExpectedServerSignType = RSA-PSS
1169 # ===========================================================
1171 [35-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate]
1172 ssl_conf = 35-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl
1174 [35-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
1175 server = 35-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server
1176 client = 35-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client
1178 [35-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
1179 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1180 CipherString = DEFAULT
1181 MaxProtocol = TLSv1.3
1182 MinProtocol = TLSv1.3
1183 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1185 [35-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
1186 CipherString = DEFAULT
1187 SignatureAlgorithms = ECDSA+SHA256
1188 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1192 ExpectedResult = ServerFail
1195 # ===========================================================
1197 [36-TLS 1.3 RSA Signature Algorithm Selection, no PSS]
1198 ssl_conf = 36-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl
1200 [36-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl]
1201 server = 36-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server
1202 client = 36-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client
1204 [36-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server]
1205 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1206 CipherString = DEFAULT
1207 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1208 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1209 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1210 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1211 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1212 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1213 MaxProtocol = TLSv1.3
1214 MinProtocol = TLSv1.3
1215 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1217 [36-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client]
1218 CipherString = DEFAULT
1219 SignatureAlgorithms = RSA+SHA256
1220 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1224 ExpectedResult = ServerFail
1227 # ===========================================================
1229 [37-TLS 1.3 RSA-PSS Signature Algorithm Selection]
1230 ssl_conf = 37-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl
1232 [37-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl]
1233 server = 37-TLS 1.3 RSA-PSS Signature Algorithm Selection-server
1234 client = 37-TLS 1.3 RSA-PSS Signature Algorithm Selection-client
1236 [37-TLS 1.3 RSA-PSS Signature Algorithm Selection-server]
1237 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1238 CipherString = DEFAULT
1239 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1240 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1241 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1242 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1243 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1244 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1245 MaxProtocol = TLSv1.3
1246 MinProtocol = TLSv1.3
1247 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1249 [37-TLS 1.3 RSA-PSS Signature Algorithm Selection-client]
1250 CipherString = DEFAULT
1251 SignatureAlgorithms = RSA-PSS+SHA256
1252 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1256 ExpectedResult = Success
1257 ExpectedServerCertType = RSA
1258 ExpectedServerSignHash = SHA256
1259 ExpectedServerSignType = RSA-PSS
1262 # ===========================================================
1264 [38-TLS 1.3 Ed25519 Signature Algorithm Selection]
1265 ssl_conf = 38-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl
1267 [38-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl]
1268 server = 38-TLS 1.3 Ed25519 Signature Algorithm Selection-server
1269 client = 38-TLS 1.3 Ed25519 Signature Algorithm Selection-client
1271 [38-TLS 1.3 Ed25519 Signature Algorithm Selection-server]
1272 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1273 CipherString = DEFAULT
1274 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1275 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1276 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1277 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1278 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1279 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1280 MaxProtocol = TLSv1.3
1281 MinProtocol = TLSv1.3
1282 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1284 [38-TLS 1.3 Ed25519 Signature Algorithm Selection-client]
1285 CipherString = DEFAULT
1286 SignatureAlgorithms = ed25519
1287 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1291 ExpectedResult = Success
1292 ExpectedServerCertType = Ed25519
1293 ExpectedServerSignType = Ed25519
1296 # ===========================================================
1298 [39-TLS 1.3 Ed448 Signature Algorithm Selection]
1299 ssl_conf = 39-TLS 1.3 Ed448 Signature Algorithm Selection-ssl
1301 [39-TLS 1.3 Ed448 Signature Algorithm Selection-ssl]
1302 server = 39-TLS 1.3 Ed448 Signature Algorithm Selection-server
1303 client = 39-TLS 1.3 Ed448 Signature Algorithm Selection-client
1305 [39-TLS 1.3 Ed448 Signature Algorithm Selection-server]
1306 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1307 CipherString = DEFAULT
1308 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1309 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1310 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1311 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1312 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1313 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1314 MaxProtocol = TLSv1.3
1315 MinProtocol = TLSv1.3
1316 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1318 [39-TLS 1.3 Ed448 Signature Algorithm Selection-client]
1319 CipherString = DEFAULT
1320 SignatureAlgorithms = ed448
1321 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1325 ExpectedResult = Success
1326 ExpectedServerCertType = Ed448
1327 ExpectedServerSignType = Ed448
1330 # ===========================================================
1332 [40-TLS 1.3 Ed25519 CipherString and Groups Selection]
1333 ssl_conf = 40-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl
1335 [40-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl]
1336 server = 40-TLS 1.3 Ed25519 CipherString and Groups Selection-server
1337 client = 40-TLS 1.3 Ed25519 CipherString and Groups Selection-client
1339 [40-TLS 1.3 Ed25519 CipherString and Groups Selection-server]
1340 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1341 CipherString = DEFAULT
1342 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1343 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1344 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1345 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1346 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1347 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1348 MaxProtocol = TLSv1.3
1349 MinProtocol = TLSv1.3
1350 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1352 [40-TLS 1.3 Ed25519 CipherString and Groups Selection-client]
1353 CipherString = DEFAULT
1355 SignatureAlgorithms = ECDSA+SHA256:ed25519
1356 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1360 ExpectedResult = Success
1361 ExpectedServerCertType = P-256
1362 ExpectedServerSignType = EC
1365 # ===========================================================
1367 [41-TLS 1.3 Ed448 CipherString and Groups Selection]
1368 ssl_conf = 41-TLS 1.3 Ed448 CipherString and Groups Selection-ssl
1370 [41-TLS 1.3 Ed448 CipherString and Groups Selection-ssl]
1371 server = 41-TLS 1.3 Ed448 CipherString and Groups Selection-server
1372 client = 41-TLS 1.3 Ed448 CipherString and Groups Selection-client
1374 [41-TLS 1.3 Ed448 CipherString and Groups Selection-server]
1375 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1376 CipherString = DEFAULT
1377 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1378 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1379 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1380 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1381 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1382 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1383 MaxProtocol = TLSv1.3
1384 MinProtocol = TLSv1.3
1385 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1387 [41-TLS 1.3 Ed448 CipherString and Groups Selection-client]
1388 CipherString = DEFAULT
1390 SignatureAlgorithms = ECDSA+SHA256:ed448
1391 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1395 ExpectedResult = Success
1396 ExpectedServerCertType = P-256
1397 ExpectedServerSignType = EC
1400 # ===========================================================
1402 [42-TLS 1.3 RSA Client Auth Signature Algorithm Selection]
1403 ssl_conf = 42-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl
1405 [42-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl]
1406 server = 42-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server
1407 client = 42-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client
1409 [42-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server]
1410 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1411 CipherString = DEFAULT
1412 ClientSignatureAlgorithms = PSS+SHA256
1413 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1414 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1415 VerifyMode = Require
1417 [42-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client]
1418 CipherString = DEFAULT
1419 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
1420 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
1421 MaxProtocol = TLSv1.3
1422 MinProtocol = TLSv1.3
1423 RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1424 RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1425 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1429 ExpectedClientCANames = empty
1430 ExpectedClientCertType = RSA
1431 ExpectedClientSignHash = SHA256
1432 ExpectedClientSignType = RSA-PSS
1433 ExpectedResult = Success
1436 # ===========================================================
1438 [43-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names]
1439 ssl_conf = 43-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl
1441 [43-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl]
1442 server = 43-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server
1443 client = 43-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client
1445 [43-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server]
1446 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1447 CipherString = DEFAULT
1448 ClientSignatureAlgorithms = PSS+SHA256
1449 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1450 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1451 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1452 VerifyMode = Require
1454 [43-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client]
1455 CipherString = DEFAULT
1456 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
1457 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
1458 MaxProtocol = TLSv1.3
1459 MinProtocol = TLSv1.3
1460 RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1461 RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1462 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1466 ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1467 ExpectedClientCertType = RSA
1468 ExpectedClientSignHash = SHA256
1469 ExpectedClientSignType = RSA-PSS
1470 ExpectedResult = Success
1473 # ===========================================================
1475 [44-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection]
1476 ssl_conf = 44-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl
1478 [44-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl]
1479 server = 44-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server
1480 client = 44-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client
1482 [44-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server]
1483 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1484 CipherString = DEFAULT
1485 ClientSignatureAlgorithms = ECDSA+SHA256
1486 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1487 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1488 VerifyMode = Require
1490 [44-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client]
1491 CipherString = DEFAULT
1492 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
1493 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
1494 MaxProtocol = TLSv1.3
1495 MinProtocol = TLSv1.3
1496 RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1497 RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1498 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1502 ExpectedClientCertType = P-256
1503 ExpectedClientSignHash = SHA256
1504 ExpectedClientSignType = EC
1505 ExpectedResult = Success
1508 # ===========================================================
1510 [45-TLS 1.3 Ed25519 Client Auth]
1511 ssl_conf = 45-TLS 1.3 Ed25519 Client Auth-ssl
1513 [45-TLS 1.3 Ed25519 Client Auth-ssl]
1514 server = 45-TLS 1.3 Ed25519 Client Auth-server
1515 client = 45-TLS 1.3 Ed25519 Client Auth-client
1517 [45-TLS 1.3 Ed25519 Client Auth-server]
1518 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1519 CipherString = DEFAULT
1520 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1521 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1522 VerifyMode = Require
1524 [45-TLS 1.3 Ed25519 Client Auth-client]
1525 CipherString = DEFAULT
1526 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem
1527 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem
1528 MaxProtocol = TLSv1.3
1529 MinProtocol = TLSv1.3
1530 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1534 ExpectedClientCertType = Ed25519
1535 ExpectedClientSignType = Ed25519
1536 ExpectedResult = Success
1539 # ===========================================================
1541 [46-TLS 1.3 Ed448 Client Auth]
1542 ssl_conf = 46-TLS 1.3 Ed448 Client Auth-ssl
1544 [46-TLS 1.3 Ed448 Client Auth-ssl]
1545 server = 46-TLS 1.3 Ed448 Client Auth-server
1546 client = 46-TLS 1.3 Ed448 Client Auth-client
1548 [46-TLS 1.3 Ed448 Client Auth-server]
1549 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1550 CipherString = DEFAULT
1551 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1552 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1553 VerifyMode = Require
1555 [46-TLS 1.3 Ed448 Client Auth-client]
1556 CipherString = DEFAULT
1557 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem
1558 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem
1559 MaxProtocol = TLSv1.3
1560 MinProtocol = TLSv1.3
1561 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1565 ExpectedClientCertType = Ed448
1566 ExpectedClientSignType = Ed448
1567 ExpectedResult = Success
1570 # ===========================================================
1572 [47-TLS 1.3 ECDSA with brainpool]
1573 ssl_conf = 47-TLS 1.3 ECDSA with brainpool-ssl
1575 [47-TLS 1.3 ECDSA with brainpool-ssl]
1576 server = 47-TLS 1.3 ECDSA with brainpool-server
1577 client = 47-TLS 1.3 ECDSA with brainpool-client
1579 [47-TLS 1.3 ECDSA with brainpool-server]
1580 Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
1581 CipherString = DEFAULT
1582 Groups = brainpoolP256r1
1583 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
1585 [47-TLS 1.3 ECDSA with brainpool-client]
1586 CipherString = DEFAULT
1587 Groups = brainpoolP256r1
1588 MaxProtocol = TLSv1.3
1589 MinProtocol = TLSv1.3
1590 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1591 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1595 ExpectedResult = ServerFail
1598 # ===========================================================
1600 [48-TLS 1.2 DSA Certificate Test]
1601 ssl_conf = 48-TLS 1.2 DSA Certificate Test-ssl
1603 [48-TLS 1.2 DSA Certificate Test-ssl]
1604 server = 48-TLS 1.2 DSA Certificate Test-server
1605 client = 48-TLS 1.2 DSA Certificate Test-client
1607 [48-TLS 1.2 DSA Certificate Test-server]
1608 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1610 DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem
1611 DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem
1612 DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem
1613 MaxProtocol = TLSv1.2
1614 MinProtocol = TLSv1.2
1615 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1617 [48-TLS 1.2 DSA Certificate Test-client]
1619 SignatureAlgorithms = DSA+SHA256:DSA+SHA1
1620 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1624 ExpectedResult = Success
1627 # ===========================================================
1629 [49-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms]
1630 ssl_conf = 49-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl
1632 [49-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl]
1633 server = 49-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server
1634 client = 49-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client
1636 [49-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server]
1637 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1638 CipherString = DEFAULT
1639 ClientSignatureAlgorithms = ECDSA+SHA1:DSA+SHA256:RSA+SHA256
1640 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1641 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1642 VerifyMode = Request
1644 [49-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client]
1645 CipherString = DEFAULT
1646 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1650 ExpectedResult = ServerFail
1653 # ===========================================================
1655 [50-TLS 1.3 DSA Certificate Test]
1656 ssl_conf = 50-TLS 1.3 DSA Certificate Test-ssl
1658 [50-TLS 1.3 DSA Certificate Test-ssl]
1659 server = 50-TLS 1.3 DSA Certificate Test-server
1660 client = 50-TLS 1.3 DSA Certificate Test-client
1662 [50-TLS 1.3 DSA Certificate Test-server]
1663 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1665 DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem
1666 DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem
1667 MaxProtocol = TLSv1.3
1668 MinProtocol = TLSv1.3
1669 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1671 [50-TLS 1.3 DSA Certificate Test-client]
1673 SignatureAlgorithms = DSA+SHA1:DSA+SHA256:ECDSA+SHA256
1674 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1678 ExpectedResult = ServerFail
projects / openssl.git / blob